Thomas Petazzoni [Sun, 24 Dec 2023 16:16:19 +0000 (17:16 +0100)]
package/onevpl-intel-gpu: add missing dependency on BR2_x86_64
BR2_PACKAGE_ONEVPL_INTEL_GPU selects BR2_PACKAGE_INTEL_MEDIADRIVER,
but it forgets to replicate all its dependencies, in particular
BR2_x86_64, causing:
- Drop no longer needed
0001-mainline-version-gcc-13-cannot-use-uintptr_t-via-inc.patch as
it was a backport from upstream
- Updated license hash due to numerous additions of licenses, and
updated copyright years. The LICENSE variable was updated
accordingly, and clarified
- zlib is now a mandatory dependency, it is not checked at configure
time, but <zlib.h> is uncondtionnally included, and libzlib is
linked in unconditionnally. See
https://chromium.googlesource.com/breakpad/breakpad/+/de086a98595f68715c1dce9860f77014a2a1b187
- explicitly disable zstd support, which was added in upstream commit
https://chromium.googlesource.com/breakpad/breakpad/+/9ea5b228f560580f85df895c2f117d7e43340935. This
requires adding AUTORECONF = YES because the pre-generated
configure/Makefile.in available in the Git repository is out of
date, and links unconditionnally with -lzstd, even when
--disable-zstd is passed.
Signed-off-by: Adam Duskett <[email protected]>
[Thomas: handle zlib dependency, handle zstd option, fix LICENSE variable] Signed-off-by: Thomas Petazzoni <[email protected]>
Julien Olivain [Sat, 23 Dec 2023 20:30:32 +0000 (21:30 +0100)]
boot/grub2: needs host-gawk
grub2 build is failing, when compiled on host system not including
gawk and host-gawk is not built by another package before. This can
be the the case on current Buildroot Docker image, based on Debian,
which includes mawk.
grub2 was updated in commit 5baf1ffe7e "boot/grub2: bump to version
2.12". This version includes the commit [1], which introduced the use
of the asorti() awk function. This function is a specific gawk
builtin extension. See [2].
This commit fixes this issue by adding host-gawk as a dependency.
Bernd Kuhls [Mon, 4 Dec 2023 21:16:21 +0000 (22:16 +0100)]
package/xmlstarlet: fix build with libxml2-2.12
Signed-off-by: Bernd Kuhls <[email protected]>
[Thomas: improved with a more complete patch provided by upstream
developer.] Signed-off-by: Thomas Petazzoni <[email protected]>
Adam Duskett [Wed, 29 Nov 2023 18:04:29 +0000 (11:04 -0700)]
package/openrc: bump version to 0.52.1
The runscript and rc binaries have been removed in this release. However,
Buildroot does not use those binaries, so only a simple version bump is
necessary.
Fixes:
- cgroups being inconsistent
- Start-stop-daemon did not work correctly on Linux 6.6
Tested on Debian 11 and Fedora 39 with the following command:
./support/testing/run-tests tests.init.test_openrc
Commit d344ffe6245b (configs/rock5b: add hash for custom uboot)
explicitly noted that the kernel was retrieved from a git-clone, so the
sha1 of the commit was enough to get what we expect.
However, that does not account for the fact that the upstream repository
can disapear or be temporarily unavailable (maliciously or not). In that
case, the kernel archive will be looked up on the backup mirror.
In that case, the download is via wget over https, which protects the
transport, but does not guarantee that the remote server serves the
expected archive.
The hash file was dropped when d344ffe6245b was applied; restore it.
Since the defconfig now has hashes for all its downloads, enforce
checking hashes.
The defconfig uses a custom uboot version, downloaded with wget, so we
weant to be sure that it does not get modified on the server, so we add
a hash for it.
The kernel we get from a git clone, so the sha1 of the commit is enough
to be sure that what we get is what we expect (because we do a local
tarball out of a git clone).
Since we only get a hash for uboot and not for the kernel, we don't
enable BR2_DOWNLOAD_FORCE_CHECK_HASHES.
Giulio Benetti [Mon, 18 Dec 2023 22:47:47 +0000 (23:47 +0100)]
package/swupdate: bump version to 2023.12
* make json-c mandatory according to [0]
* make libubootenv mandatory according to [1]
* drop local patch that has been upstreamed [2]
* libconfig is not mandatory anymore if no lua parser is enabled
* adjust Config.in comment according to json-c and libubootenv
Adam Duskett [Thu, 21 Dec 2023 15:36:10 +0000 (08:36 -0700)]
package/wlroots: add hwdata and hwdata_pnp_ids as a dependency
Since upstream commit eec95e3d5e1a4f2e13b1f6b34cc287475ca57daf ("backend/drm: use pnp.ids to
fetch EDID data"), the pnp.ids file from hwdata is parsed at build
time to generate a C source file. As per backend/drm/meson.build:
The issue was not caught in the autobuilders because the last
successful build of a configuration that includes wlroots dates back
from 2022-05-05, at which time Buildroot had wlroots 0.15.1.
This change in wlroots was introduced in wlroots 0.16.0, which means
that it's only since Buildroot bumped from 0.15.1 to 0.16.2 in d6279bc82c02b43c9a2f28c36639e092b9e9e08b ("package/wlroots: bump to
version 0.16.2") that the issue occurs. This commit is not yet in any
tagged release, so there is no need to backport this fix.
It should be noted that the proposed patch also installs pnp.ids to
the target filesystem, while it is in practice not needed at runtime
by wlroots. However, our current hwdata packaging doesn't allow
installing it only in staging, and since wlroots anyway implies we're
building a fairly heavy graphics stack, the size overhead of hwdata is
deemed to be an acceptable trade-off.
Signed-off-by: Adam Duskett <[email protected]>
[Thomas: further extend the commit log, with details gathered by Yann
and myself.] Signed-off-by: Thomas Petazzoni <[email protected]>
- CVE-2023-6918: Avoid potential use of weak keys in low memory conditions
by systematically checking return values of MD functions.
https://www.libssh.org/security/advisories/CVE-2023-6918.txt
Peter Korsgaard [Thu, 21 Dec 2023 14:00:39 +0000 (15:00 +0100)]
package/putty: security bump to version 0.80
As described in the announcement, this fixes a security issue:
There is one security fix in this release:
- Fix for a newly discovered security issue known as the 'Terrapin'
attack, also numbered CVE-2023-48795. The issue affects widely-used
OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
cipher system, and 'encrypt-then-MAC' mode.
In order to benefit from the fix, you must be using a fixed version
of PuTTY _and_ a server with the fix, so that they can agree to
adopt a modified version of the protocol. Alternatively, you may be
able to reconfigure PuTTY to avoid selecting any of the affected
modes.
If PuTTY 0.80 connects to an SSH server without the fix, it will
warn you if the initial protocol negotiation chooses an insecure
mode to run the connection in, so that you can abandon the
connection. If it's possible to alter PuTTY's configuration to
avoid the problem, then the warning message will tell you how to do
it.
Julien Olivain [Fri, 22 Dec 2023 10:56:55 +0000 (11:56 +0100)]
boot/edk2: add support for RISC-V 64bit architecture
RISC-V 64bit qemu virt machine support has been added in edk2
version "stable202302". See [1].
Since edk2-stable202308, introduced in buildroot in commit 5c9f310
"boot/edk2: bump to version edk2-stable202308", it is now possible
to boot the edk2 UEFI shell in qemu.
This commit adds this early RISC-V support to edk2.
The RISC-V edk2 UEFI shell can be booted in Buildroot with the
following commands:
# Build EDK2 images
cat > .config <<EOF
BR2_riscv=y
BR2_RISCV_64=y
BR2_PACKAGE_HOST_QEMU=y
BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y
BR2_TARGET_EDK2=y
EOF
make olddefconfig
make
# edk2 image size should fit the 32MB of qemu pflash memories
truncate -s 32M output/images/RISCV_VIRT_CODE.fd
truncate -s 32M output/images/RISCV_VIRT_VARS.fd
Note: a Qemu version >= 8.0.0 is needed to properly start edk2. A qemu
version on the host system might not be sufficient. This is why the
Buildroot host-qemu is built in this config example.
Grant Nichol [Sat, 23 Dec 2023 07:07:30 +0000 (01:07 -0600)]
package/libopenssl: use riscv-specific configure target
Adds BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH for riscv32 and riscv64.
Otherwise, riscv targets fall back to the linux-generic libopenssl
configs. This exacerbates the issue partially addressed in
openssl/openssl#22871 which causes build failures.
Fixes a mispelling in upstream causing 0builds for riscv32 to fail when
linking.
Thomas Petazzoni [Wed, 20 Dec 2023 20:01:08 +0000 (21:01 +0100)]
package/glibc: ignore CVEs not considered as security issues by upstream
5 CVEs affecting glibc according to the NVD database are considered as
not being security issues by upstream glibc developers:
* CVE-2010-4756: The glob implementation in the GNU C Library (aka
glibc or libc6) allows remote authenticated users to cause a denial
of service (CPU and memory consumption) via crafted glob expressions
that do not match any pathnames. glibc maintainers position: "That's
standard POSIX behaviour implemented by (e)glibc. Applications using
glob need to impose limits for themselves"
* CVE-2019-1010022: GNU Libc current is affected by: Mitigation
bypass. The impact is: Attacker may bypass stack guard
protection. The component is: nptl. The attack vector is: Exploit
stack buffer overflow vulnerability and use this bypass
vulnerability to bypass stack guard. NOTE: Upstream comments
indicate "this is being treated as a non-security bug and no real
threat. glibc maintainers position: "Not treated as a security issue
by upstream https://sourceware.org/bugzilla/show_bug.cgi?id=22850"
* CVE-2019-1010023: GNU Libc current is affected by: Re-mapping
current loaded library with malicious ELF file. The impact is: In
worst case attacker may evaluate privileges. The component is:
libld. The attack vector is: Attacker sends 2 ELF files to victim
and asks to run ldd on it. ldd execute code. NOTE: Upstream comments
indicate "this is being treated as a non-security bug and no real
threat. glibc maintainers position: "Not treated as a security issue
by upstream https://sourceware.org/bugzilla/show_bug.cgi?id=22851"
* CVE-2019-1010024: GNU Libc current is affected by: Mitigation
bypass. The impact is: Attacker may bypass ASLR using cache of
thread stack and heap. The component is: glibc. NOTE: Upstream
comments indicate "this is being treated as a non-security bug and
no real threat. glibc maintainers position: "Not treated as a
security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22852"
* CVE-2019-1010025: GNU Libc current is affected by: Mitigation
bypass. The impact is: Attacker may guess the heap addresses of
pthread_created thread. The component is: glibc. NOTE: the vendor's
position is "ASLR bypass itself is not a vulnerability. Glibc
maintainers position: "Not treated as a security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22853"
Thomas Petazzoni [Wed, 20 Dec 2023 20:01:07 +0000 (21:01 +0100)]
package/glibc: add proper CPE ID version detail
As reported in bug 15895, the GLIBC_VERSION field having a value
looking like 2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701, it
prevents the CPE/CVE matching with the NVD database to work correctly.
This commit fixes that by defining GLIBC_CPE_ID_VERSION, derived from
GLIBC_VERSION, by extracting the base version.
Thomas Petazzoni [Wed, 20 Dec 2023 22:38:19 +0000 (23:38 +0100)]
package/libutempter: fix license information
According to the source file:
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
Yann E. MORIN [Mon, 18 Dec 2023 08:19:03 +0000 (09:19 +0100)]
editorconfig: fix wildcard expansion
It turns out that wildcard expansion, * and ?, is not performed in
matching lists {...}, at least in the vim plugin. The spec is not clear
about that, but refer to "pattern matching through Unix shell-style
wildcards" [0].
So, let's consider that this is not supported. Expand the patterns into
one section each, rather than use a list.
This release contains fixes for a newly-discovered weakness in the
SSH transport protocol (the "Terrapin" attack), a logic error relating
to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for
programs that invoke ssh(1) with user or hostnames containing invalid
characters.
Ben Wolsieffer (3):
fork: generate stub on no-MMU systems
arm: elf-fdpic.h: avoid void pointer subtraction
libpthread/nptl: make default stack size configurable
Greg Ungerer (1):
elf: support ELF binaries in noMMU
Marcus Haehnel (3):
fnmatch: fix possible access beyond of parameter string
getaddrinfo.c: Avoid misleading indentation warning
linuxthreads: Avoid unused variable warning
Marcus Hähnel (1):
setjmp.h: Fix C++ build and avoid duplicate throw declaration
Max Filippov (1):
daemon.c: make _fork_parent static inline again
Paul Iannetta (1):
kvx: fix asm syntax
Pavel Kozlov (6):
setrlimit/getrlimit: fix prlimit64 syscall use for 32-bit CPUs
Fix -Warray-parameter warning for __sigsetjmp
prlimit: add name redirection and fix incorrect parameters to syscall
arc: add acq/rel variants for atomic cmpxchg/xchg
arc: remove read ahead in asm strcmp code for ARCHS
rlimit: fix 64-bit RLIM64_INFINITY macro
Waldemar Brodkorb (8):
aarch64: add hwcap header file
fcntl.h: declare f_owner_ex for all architectures
arm: add hwcap header file
lm32: disable ctor/dtor
aarch64: disable lazy relocations
riscv64: define __NR_riscv_flush_icache if not available
depend on __UCLIBC_HAVE_STATX__
bump version for 1.0.45 release
Yann Sionneau (9):
fstatat64: define it as a wrapper of statx if the kernel does not support fstatat64 syscall
fstat: add missing return value statement for the statx wrapping case
add support for systems without legacy setrlimit/getrlimit syscalls
fstatat: add wrapper that uses statx for non-legacy arch
kvx: add support for kv3-2 (Coolidge v2 SoC)
kvx: atomic: rework using compiler builtins
kvx: align specification of user regs
kvx: define that kvx port supports statx syscall
kvx: use a custom stat.h header
lordrasmus (8):
add vsdo support
fix file permissions
fix getauxval() on aarch64 gcc 11
vdso support missing file
c6x compile fix vdso support
gettimeofday() only include ldso.h if vdso support is activated
vdso support for x86_64
gitignore
Bernd Kuhls [Sun, 17 Dec 2023 17:18:20 +0000 (18:18 +0100)]
package/linux-headers: drop 6.5.x option
The 6.5.x series is now EOL upstream, so drop the linux-headers option
and add legacy handling for it.
Signed-off-by: Bernd Kuhls <[email protected]>
[Peter: drop option from linux-headers/Config.host.in] Signed-off-by: Peter Korsgaard <[email protected]>
Ralf Dragon [Tue, 12 Dec 2023 16:01:11 +0000 (17:01 +0100)]
python-sip: fix compile error
Since the update of Python to version 3.11 in commit 738500c296c8b1206f20e94ca3e7c5932a6a0486 ("package/python3: bump to
version 3.11.0"), python-sip fails to compile with:
siplib.c: In function ‘sip_api_get_frame’:
siplib.c:13750:22: error: invalid use of undefined type ‘struct _frame’
13750 | frame = frame->f_back;
This is due to a change in the Python C API, which is fixed by a new
patch. The patch can't be upstreamed, as SIP 4.x is no longer
maintained upstream.
The current TREE_SITE URL doesn't work anymore.
Moreover the README states:
"
The main distribution site for tree is here:
http://oldmanprogrammer.net/source.php?dir=projects/tree
Neal Frager [Wed, 13 Dec 2023 13:48:49 +0000 (13:48 +0000)]
configs/zynqmp_kria_kd240_defconfig: new defconfig
This patch adds support for Xilinx Kria KD240 starter kit.
KD240 features can be found here:
https://www.xilinx.com/products/som/kria/kd240-drives-starter-kit.html
While the Kria SOM is based on a ZynqMP SoC, there are some key
boot config differences from the other ZynqMP evaluation boards.
1. There are no boot switches on Kria SOMs. The boot mode is thus
hard configured for QSPI flash. A pre-programmed boot.bin comes
with every Starter Kit. U-Boot can then find the Linux kernel and
file system on the SD card.
Optional instructions for updating the boot.bin in the QSPI flash
can be found in the readme.txt file and the link below.
2. Kria SOMs use UART1 for the console instead of UART0. For this
reason, Kria Starter Kits will use a separate extlinux.conf file
from other ZynqMP evaluation boards.
3. The KD240 has a USB to SD card bridge, so the Linux kernel
and file system are found on /dev/sda1 and /dev/sda2.
4. The following patches have been submitted upstream to u-boot.
Without these patches, the usb, sd card and ethernet peripherals
do not work correctly.
projects / buildroot-mgba.git / log