Matt Weber [Wed, 7 Oct 2020 13:20:51 +0000 (08:20 -0500)]
defconfigs: use BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT_
For defconfigs that create a boot script, add the host package
uboot-tools and update the script variable names.
Add BR2_PACKAGE_HOST_UBOOT_TOOLS=y just before the existing
BR2_TARGET_UBOOT_BOOT_SCRIPT option. Note that for the defconfigs that
are not manually formatted (i.e. just the result of 'make
savedefconfig'), this puts them in the wrong place. However, it's easier
this way, and it's more consistent in general to have the definition of
the script close to BR2_TARGET_UBOOT itself.
Special cases:
- nanopi_* had the definition of the _SCRIPT variable in a weird place.
These are moved to close to BR2_TARGET_UBOOT.
- Same for orangepi_plus.
- orangpi_pc_* already had BR2_PACKAGE_HOST_UBOOT_TOOLS=y so it's not
added there.
Peter Korsgaard [Tue, 6 Oct 2020 20:46:20 +0000 (22:46 +0200)]
support/scripts/apply-patches.sh: do not blindly remove *.orig files
apply-patches currently blindly removes *.orig / .*.orig files as GNU patch
by default writes these as backup files when patches only apply with fuzz.
This is unfortunate as package sources may contain files ending in .orig as
well, breaking the build. Luckily GNU patch can be told to not write these
backup files using the --no-backup-if-mismatch option, so used that instead
of the .orig removal step.
--no-backup-if-mismatch is supported since GNU patch 2.3.8 (1997-06-17) and
busybox patch if built with CONFIG_DESKTOP, but E.G. isn't supported by the
BSD patch, so add logic to dependencies.sh to error out if patch doesn't
support the flag.
Matt Weber [Thu, 24 Sep 2020 19:29:12 +0000 (14:29 -0500)]
genrandconfig: uboot-tools env/scr creation test files
Normally the kconfig stings would end up empty and cause a build
error. This patch provides test files to allow testing the creation
of uboot environment and script bin files from user provided txt files.
Matt Weber [Thu, 24 Sep 2020 19:29:11 +0000 (14:29 -0500)]
package/uboot-tools: migrate BR2_TARGET_UBOOT_BOOT_SCRIPT from U-Boot pkg
For consistancy and dependencies between uboot and uboot-tools,
this patch migrates the script creation over in a similar way as
the env image creation.
Matt Weber [Thu, 24 Sep 2020 19:29:10 +0000 (14:29 -0500)]
package/uboot-tools: migrate BR2_TARGET_UBOOT_ENVIMAGE from U-Boot pkg
Migrating the support for this feature to uboot-tools to gain the
ability to build env files when BR2_TARGET_UBOOT isn't selected.
When _ENVIMAGE_SOURCE is not set, we generate a default environment.
However, this default depends on the U-Boot configuration. Therefore,
this can only be done if uboot itself is built as well, and
host-uboot-tools needs to depend on uboot.
For the same reason, the commands for creating the environment have to
be adapted a little. Take this occasion to drastically simplify them.
Note: This patch creates a circular dependency with uboot until the
similar migration patch is merged for uboot scripts
Damien Le Moal [Tue, 8 Sep 2020 11:33:19 +0000 (20:33 +0900)]
toolchain/toolchain-buildroot: allow uclibc-ng for riscv
uclibc-ng supports the RISC-V architecture since version 1.0.31, so
let's allow selecting this C library when RISC-V is used.
There was a previous attempt in commit bd9810e176273914eca1208bcba23f0de9e446b3, which was reverted in e7d631c0df1698b4edc94f148e7247869430e108, due to uClibc-ng not
implementing the __riscv_flush_icache() which is needed by
gcc. However this function has been implemented in upstream uClibc-ng
as of 1.0.35, so we can now safely re-enable uClibc-ng on RISC-V.
Antoine Tenart [Tue, 6 Oct 2020 15:44:30 +0000 (17:44 +0200)]
package/libselinux: fix the selinuxfs mount point
For 9 years the recommended mount point for selinuxfs has been
/sys/fs/selinux, as stated in Linux kernel commit 7a627e3b9a2b:
"""
For selinuxfs, this mount point should be in /sys/fs/selinux/
"""
As other projects follow this convention, not doing so result in
potential issues. One of them is the refpolicy not correctly labelling
and supporting the mount point.
Fix this by using /sys/fs/selinux as of now in Buildroot.
That dependency would introduce a "recursive dependency" chain in
Kconfig.
However, r100 is only available on i386 and x86-64, and they both have
sync4, which means libdrm's HAS_ATOMICS is always 'y' when r100 is
available.
So, like we did in 00c1a8c34f7 (package/mesa3d: propagate missing
libdrm-freedreno deps), we just add a fat comment that explains why the
dependency is not propagated.
This bump will also fix the following build failure with bison 3.7.1
thanks to
https://github.com/ColinIanKing/fwts/commit/cfd5f5870751a796462cdd2f7e41f5f0dabb67b8:
Ryan Barnett [Mon, 27 Apr 2020 21:26:53 +0000 (16:26 -0500)]
package/ebtables: select bash when installing ebtables-legacy-save
To allow easier installation of ebtables-legacy-save from the config
menu, select BR2_PACKAGE_BASH. All dependencies of bash are met
already by ebtables depending on BR2_USE_MMU.
Ryan Barnett [Mon, 27 Apr 2020 21:26:52 +0000 (16:26 -0500)]
package/ebtables: bump to version 2.0.11
With the version bump to 2.0.11, ebtables switch to autotools build
system. In addition, ebtables-{restore/save} moved to being installed
as ebtables-legacy-{restore/save}.
Changes to support this version bump include:
* Remove dependency on !BR2_STATIC_LIBS for ebtables-restore as the
switch to autotools supports compiling with static libraries.
* Update ebtables-save script patch to use /usr/sbin/ebtables-legacy
* Remove 0001-*-ethernetdb*.patch as it was merged with commit:
http://git.netfilter.org/ebtables/commit/?id=f8079671326e9fd079391d24911a9a8a77f1d6fd
* Remove 0002-*-musl-*.patch as support was added with commit:
http://git.netfilter.org/ebtables/commit/?id=9fff3d5f9da00255463d28b38d688c25025b7fb1
Tested with test-pkg with BR2_PACKAGE_EBTABLES=y:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Yann E. MORIN [Sun, 3 May 2020 13:10:01 +0000 (15:10 +0200)]
package/kmod: add compression support for the host variant
The kernel may install compressed modules. At the end of the build, we
then run depmod, to generate modules.dep and a few assorted files, so
that loading modules works properly on the target (loading by alias,
loading dependencies...)
However, depmod needs support for compressed modules, or it would
generate empty modules.dep et al.
Uconditionally adding support for gz and xz, and the required deps,
was deemed too much of a burden [0], so we add options to enable
either or both compression.
Yann E. MORIN [Sun, 3 May 2020 13:10:00 +0000 (15:10 +0200)]
package/kmod: add option for host variant
Curently, host-kmod has no option to enable it, because only
the kernel depends on it, and this is unconditional (because
we can't know if modules will be enabled in the kernel config).
But we're soon to add options to enable various features of
kmod, so we'll need a place where to show those features.
Shyam Saini [Tue, 5 May 2020 13:22:43 +0000 (09:22 -0400)]
package/cukinia: new package
Cukinia is a test framework designed to help Linux-based embedded
systems developers run simple system-level validation tests on their
firmware.
It is designed to integrate well with embedded Linux systems
generation tools, and can be run manually (providing a quick
colourized summary to eye-catch regressions), or any of continuous
available integration framework, by generating Junit-XML or CSV test
reports.
Romain Naour [Fri, 2 Oct 2020 16:01:54 +0000 (18:01 +0200)]
package/efl: bump to version 1.25.0
Remove 0001-doc-meson.build-add-single-quote-for-env.patch superseeded
by https://git.enlightenment.org/core/efl.git/commit/?id=e2a1cdfda76dd0061ef8e0ab25aee4e042304366
Rename luajit bindings to lua after upstream rework to support lua interpreter
(non-luajit):
Yann E. MORIN [Mon, 5 Oct 2020 20:48:25 +0000 (22:48 +0200)]
support/scripts/generate-gitlab-ci-yml: rework generation of pipelines
Currently, we handle three kinds of tests: basic, defconfig, and
runtime, and we treat them totally independently ones from the others.
Except for the basic tests that are ignored when defconfig or runtime
tests are explicitly requested.
The basic tests are also run systematically on all our reference
branches: master, next (when it exists), and the maintenance branches:
YYYY.MM.x.
Furthermore, we can see that the conditions to run each set of tests
are very similar, with only the explicit queries differing by name.
Rework the script so that the conditions are expressed only once, and
each set of tests is decided for each condition. This makes it easier
to decide what tests should run under what conditions.
Using GitLab-CI's schedules, with a variable expressing the actual test
to run, would seem the obvious choice to trigger the pipelines. However,
a schedule is configured for a specific branch, which means we would
need one schedule per branch we want to build per test cases we want to
run, *and* that we update those schedules when we add/remove branches
(e.g. when we open/close 'next', or a maintenance branch). This is not
very nice, as it requires some manual tweaking and twiddling on the web
UI.
Instead, we resort to using triggers, that will be triggered from a
cronjob on some server. Using a cronjiob allows us to more easily manage
the branches we want to test and test cases we want to run, to more
easily spread the load over the week, etc...
Note: triggering a pipeline can be done with a simple curl invocation:
Antoine Tenart [Mon, 28 Sep 2020 14:54:24 +0000 (16:54 +0200)]
support/testing/tests/core/test_selinux: new tests for the packages SELinux functionalities
Add tests to ensure the packages SELinux functionalities (being able to
select an extra SELinux module in the refpolicy, and being able to
provide a custom SELinux module) are working as expected.
We use a BR2_EXTERNAL folder, provided in the tests, to use a custom
SELinux enabled package.
Antoine Tenart [Mon, 28 Sep 2020 14:54:23 +0000 (16:54 +0200)]
support/testing/tests/core/test_selinux: new test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT
Add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT (which allows to select
a custom location for the SELinux refpolicy). The test uses the official
refpolicy as a test (we only want to test the functionality is working,
not that another refpolicy is correctly building; that is an user
problematic).
Antoine Tenart [Mon, 28 Sep 2020 14:54:21 +0000 (16:54 +0200)]
support/testing/tests/core/test_selinux.py: new test for BR2_REFPOLICY_EXTRA_MODULES
This patch adds a test for the BR2_REFPOLICY_EXTRA_MODULES
functionality (which allows to select extra modules within the SELinux
refpolicy using Kconfig).
Antoine Tenart [Mon, 28 Sep 2020 14:54:20 +0000 (16:54 +0200)]
support/testing/tests/init/test_systemd_selinux: new SELinuxSystemdSquashfs test
Add a test called 'SELinuxSystemdSquashfs' which will perform the same
tests as the Ext4 version, but using a Squashfs filesystem. Thanks to
this, we'll have a test on a real only filesystem.
Antoine Tenart [Mon, 28 Sep 2020 14:54:19 +0000 (16:54 +0200)]
support/testing/tests/init/test_systemd_selinux: new SELinuxSystemdExt4 test
This adds a test called 'SELinuxSystemdExt4'. This test will build an
SELinux enabled image with systemd, boot it, and perform a few runtime
tests to check SELinux related capabilities.
package/refpolicy: test REFPOLICY_EXTRA_MODULES_DIR differently
REFPOLICY_EXTRA_MODULES_DIRS contains
$(PACKAGES_SELINUX_EXTRA_MODULES_DIRS) which is filled in by
package/pkg-generic.mk with the list of packages that have a selinux/
sub-directory. Due to how variable expansion works, if there is an
ifeq/ifneq test of REFPOLICY_EXTRA_MODULES_DIRS, it will only see the
value of REFPOLICY_EXTRA_MODULES_DIRS with the list of packages
*before* refpolicy in alphabetic ordering. This means that packages
after refpolicy in alphabetic ordering would not be taken into
account.
To fix this, we switch to an $(if ...) test, which allows the variable
to really be evaluated during the refpolicy build. This makes sures
the expansion is correct.
The buildroot custom bareboxenv compile command misses the additional
include path 'scripts/include' to gain access to the local copy of the
kernel header files (which leads to compile error when using an older
toolchain).
This could be fixed by enhancing the custom bareboxenv compile command
(see [1]) or by using the barebox build system by simply enabling the
CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2])
instead (as suggested by Yann E. MORIN).
Note: a user who would previously provide a barebox config file which
had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did
not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target
built, but it would not be installed in the target. Now, and unset
BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a
regression: it was anyway previously not installed.
Romain Naour [Sat, 3 Oct 2020 23:22:56 +0000 (01:22 +0200)]
package/supertux: build squirrel builtin library with fPIC
Ensure that squirrel is compiled with -fPIC to allow linking the static
libraries with dynamically linked programs. This is not a requirement
for most architectures but is mandatory for ARM.
- Update hash of GPL-2.0 file because spdx tags have been updated by
https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/commit/?id=c7498b6911d03f2bd7f74e9f9862d8d5fbd5b5da
- Drop third patch (already in version)
- Update indentation in hash file (two spaces)
- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with
openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the
IV is actually used. This can lead to both decreased security and
incorrect encryption data.
- Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP
cookie values, the cookie names are url-decoded. This may lead to
cookies with prefixes like __Host confused with cookies that decode to
such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. See also CVE-2020-8184 for more
information.
Commit 9e4ffdc8cfdf4c73f4fa8c66259a5aadaee4ae88 modified the output of
'setlocalversion' so that the Buildroot version tag is included in the
output, the version part was added in Makefile.
Due to differences in behavior of the used git and Mercurial commands, this
caused different output for the Mercurial case, in BR2_VERSION_FULL and thus
/etc/os-release and 'make print-version'. Assuming the official Buildroot
releases are tagged and no project-specific tags are present, the output
after commit 9e4ffdc8cfdf4c73f4fa8c66259a5aadaee4ae88 is:
-hg<commit>
whereas it is expected to be something like:
2020.02.6-hg<commit>
Change the Mercurial case in setlocalversion to behave similar to git,
looking up the latest tag if the current revision is not itself tagged.
The number of commits after the latest tag is not added, unlike in git, as
this value is not commonly present in Mercurial output, and its added value
can be disputed in this context. Even one commit could bring a huge change
to the sources, so in order to interpret the number one has to look at the
repository anyhow, in which case the commit ID can just be used.
Romain Naour [Fri, 2 Oct 2020 16:01:22 +0000 (18:01 +0200)]
board/qemu/riscv64-virt: update qemu cmdline for Qemu >= 5.1
Since 52f188140cd28e90103edf67db6c2cabb979f5d6 (qemu version bump to 5.1),
the image generated by qemu_riscv64_virt_defconfig doesn't boot anyore with
the following error:
rom: requested regions overlap (rom phdr #0: [...]/images//fw_jump.elf. free=0x000000008000e240, addr=0x0000000080000000)
qemu-system-riscv64: rom check and register reset failed
Update the qemu command line as described in the Qemu wiki for riscv64 [1]
Romain Naour [Fri, 2 Oct 2020 16:00:36 +0000 (18:00 +0200)]
configs/qemu_arm_versatile_defconfig: increase SD card image size to 64MiB
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
aenum has conditional logic to load python 3.x code located in test_v3.py:
if pyver >= 3.0:
from aenum.test_v3 import TestEnumV3, TestOrderV3, TestNamedTupleV3
And contains logic in setup.py to drop that file during setup.py install if
building for python 2.x:
py3_only = ('aenum/test_v3.py', )
..
if __name__ == '__main__':
if 'install' in sys.argv:
import os, sys
..
if sys.version_info[0] != 3:
for file in py3_only:
try:
os.unlink(file)
But this doesn't work in Buildroot as pkg-python.dk first does setup.py
build (which copies test_v3.py to the build directory) before setup.py
install, so test_v3.py gets installed, leading to errors from pycompile:
error: File "/usr/lib/python2.7/site-packages/aenum/test_v3.py", line 12
class MagicAutoNumberEnum(Enum, settings=AutoNumber):
^
SyntaxError: invalid syntax
As a workaround, add a hook to drop it from the target directory when
building for python 2.x.
Commit 939e714393e9d7f60f3a198d831608b08a25662e added an optional
harfbuzz dependency to freetype but this creates a circular dependency
so unconditionally disable it
Update the license hash for the addition of a note stating that the examples
and documentation is now dual licensed under the PSF and a Zero-Clause BSD
license since:
brotli is an optional dependency (enabled by default) since version
2.10.2 and
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9443a1bc3e6cfa315db976ff80f6c5e91b12b387
harfbuzz is an optional dependency (enabled by default) since version
2.5.3 and
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=86026a47b345a8c254dd5e6be77bf116737cdafb
Peter Korsgaard [Thu, 1 Oct 2020 18:49:22 +0000 (20:49 +0200)]
package/nodejs: security bump to version 12.18.4
Fixes the following security issues:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
Affected Node.js versions converted carriage returns in HTTP request
headers to a hyphen before parsing. This can lead to HTTP Request
Smuggling as it is a non-standard interpretation of the header.
Impacts:
All versions of the 14.x and 12.x releases line
- CVE-2020-8252: fs.realpath.native may cause buffer overflow
libuv's realpath implementation incorrectly determined the buffer size
which can result in a buffer overflow if the resolved path is longer than
256 bytes.
Impacts:
All versions of the 10.x release line
All versions of the 12.x release line
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
projects / buildroot-mgba.git / log