The AC_HEADER_STDBOOL macro used in configure.ac is expanded in the
shipped ./configure by a fairly old version, which misdetects our
<stdbool.h> as being not usable. Consequently, the code defines its
own bool type, with true/false, clashing with GCC 15.x.
Doing a pass of autoreconf addresses the problem.
The autoreconf needs pkg.m4, which comes from host-pkgconf, added as a
dependency.
Note that host-pkgconf was already a dependency for one of the
optional dependencies of p11-kit, and we're keeping it there even
though host-pkgconf is now also an unconditional dependency as we
expect this unconditional host-pkgconf dependency to be removed when
we drop autoreconf.
Fixes:
https://autobuild.buildroot.net/results/760df1a8c21afa893ade5181ce797e14c1f6bdce/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add simple patch, submitted upstream, to fix the build with GCC 15.x:
userloc_formatter.c: In function 'userloc_format':
userloc_formatter.c:30:5: error: implicit declaration of function 'sd_debug' [-Wimplicit-function-declaration]
30 | sd_debug("Formatter s13_userloc checking location info for userdata %X",a_event->evt_loc->loc_data);
| ^~~~~~~~
make[4]: *** [Makefile:519: userloc_formatter.lo] Error 1
Fixes:
https://autobuild.buildroot.org/results/dab64025e6a1688d5fadc2b9bd3738a2c886aa9c/
Considering the level of upstream maintenance, we did hesitate with
dropping the package, but as the fix was quite simple, we did the fix
instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The source code contains a number of variables named 'bool', which conflicts
with the C23 keyword. This is fixed upstream in 1.3.9 with
61be7eb14f
but that unfortunately does not cleanly backport to 1.3.8, so instead use
-std=gnu18 when building with GCC >= 15 to fix the following issues:
table.c:1280:31: error: ‘bool’ cannot be used here
1280 | int table_handling_signal(int bool) {
| ^~~~
table.c:1280:31: note: ‘bool’ is a keyword with ‘-std=c23’ onwards
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing the following issues:
1.3.8d - Released 14-Mar-2025
--------------------------------
- Issue 1855 - Use of HideNoAccess for SFTP sessions can lead to segfault
and/or unexpected behavior.
- Issue 1876 - SFTP channel allocations can lead to high memory utilization
over time.
1.3.8c - Released 11-Dec-2024
--------------------------------
- Issue 1770 - Using FTPS after upgrading from 1.3.8a to 1.3.8b leads to crash.
- Issue 1785 - Bad handling of lack of extended attributes leads to SFTP out of
memory error.
- Issue 1529 - mod_sftp_sql logs "header value too long" due to unexpected key
header text.
- Issue 1839 - SSH ECDSA host key algorithms not be used as expected despite
configuring appropriate key.
- Issue 1840 - RADIUS Message-Authenticator verification failed with ProFTPD
mod_radius.
- Issue 1830 - Supplemental group inheritance grants unintended access to
GID 0 due to lack of supplemental groups from mod_sql.
https://github.com/proftpd/proftpd/blob/1.3.8/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes https://autobuild.buildroot.org/results/dbf55d0fd8d779f408e7ccca4c2a9083e7a11f6a/
GCC-15 has gained a new warning about non-NUL terminated strings and
dump1090 is built with -Werror leading to build errors like:
interactive.c:143:23: error: initializer-string for array of 'char' truncates
NUL terminator but destination lacks 'nonstring' attribute (5 chars into 4
available) [-Werror=unterminated-string-initialization]
143 | char spinner[4] = "|/-\\";
Add a patch from an upstream pull request to fix this by zero terminating
the strings.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
imx6ull is compatible with VFPV4. Update it from VFPV3
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Ever since upstream commit 01dd6da ("Rework the entire API"), first
introduced as part of release v3.0.0, openssl is a hard requirement for
building libjwt. As such, "-DWITH_OPENSSL=ON" also has become a no-op.
In Buildroot, this has been masked somewhat by the implicit select when
gnutls is disabled, but a failure can be reproduced using test-pkg with
a config like:
BR2_PACKAGE_GNUTLS=y
BR2_PACKAGE_LIBJWT=y
Fix this by requiring openssl. Furthermore, building against libressl
does not work because libjwt requires API surface that is not present
there[1], so we need to force libopenssl.
[1] https://autobuild.buildroot.org/results/463/4638a7d46c149ca0f46d3fe5f5f90dc5ee9d1e03
Signed-off-by: Florian Larysch <fl@n621.de>
[Peter: drop gnutls logic support for simplicity]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerability:
- CVE-2025-54874
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and
earlier, a call to opj_jp2_read_header may lead to OOB heap memory
write when the data stream p_stream is too short and p_image is not
initialized.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-54874
- f809b80c67
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch brings the entire stack of Debian patches on grub2 titled
"cve-2025-jan" and available at:
https://salsa.debian.org/grub-team/grub/-/tree/debian/2.12-9/debian/patches/cve-2025-jan?ref_type=tags
As of this exact Debian grub2 version 2.12-9. Some minor conflicts had
to be fixed. All patches are in upstream Grub master, but mixed with
hundreds of other changes, which is why Debian's effort to backport
them has been leveraged here.
In addition to those patches, 2 extra patches are added:
0073-net-drivers-ieee1275-ofnet-Add-missing-grub_malloc.patch
0074-Constant-time-grub_crypto_memcmp.patch
The first one fixes an issue in one of the earlier patches. The fix is
not in Debian, but is in upstream Grub.
The second one fixes another CVE, not fixed in Debian, but fixed in
OpenSUSE. This fix is not upstream as upstream has decided to move to
libgcrypt instead to avoid the problem, but that's a fairly large
change.
Overall, this patch fixes all CVEs currently reported by pkg-stats
against our grub2 package, namely:
CVE-2024-45777
CVE-2024-45778
CVE-2024-45779
CVE-2024-45780
CVE-2024-45782
CVE-2024-56737
CVE-2024-56738
CVE-2025-0678
CVE-2025-0684
CVE-2025-0685
CVE-2025-0686
CVE-2025-0689
CVE-2025-1125
With the previous fixes on runtime tests added (to use glibc
toolchains to build grub2 tests), this commit successfully passes all
tests:
- The ISO9660 tests that use grub2:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1985234563
- The grub2 tests:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1985234685
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: also tested by building and booting
- qemu_aarch64_sbsa_defconfig
- qemu_arm_ebbr_defconfig
- qemu_loongarch64_virt_efi_defconfig
- qemu_riscv64_virt_efi_defconfig
- pc_x86_64_bios_defconfig
- pc_x86_64_efi_defconfig
]
Tested-by: Julien Olivain <ju.o@free.fr>
[Julien:
- fix patch #72 upstream link to point to the initial patch
sumbission rather than a reply
- merge two _IGNORE_CVES blocks for patch #50 into a single one
- order _IGNORE_CVES blocks by numerical patch order
- order numerically the CVE list in commit log
- add a "Fixes:" tag in patch #74 since its commit log does not
mention the CVE.
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Suniel's e-mail address at Amarula Solutions is bouncing, so let's
drop this stale entry:
<sunil@amarulasolutions.com>: host aspmx.l.google.com[142.250.27.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
try 550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. For more information, go to 550 5.1.1
https://support.google.com/mail/?p=NoSuchUser
a640c23a62f3a-afcdce6d5e1si493680166b.9 - gsmtp (in reply to RCPT TO
command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The original commit (aaa2b660a9 ("setserial: convert to autotargets
and fix manpages install") wasn't entirely clear why we went for a
removal of a patch from the tarball we get from Debian.
It is assumed the original patch mainly only wanted to remove the strip
and make sure the directories are created before files are installed in
there. But doing only that made my build fail because the linker doesn't
find @CXXFLAGS@. After undoing the addition of this variable (and its
use) from 01_makefile.patch it now compiles just fine.
Therefore, instead of removing the patch from the tarball we get from
Debian, simply update the patch we carry in the tree to remove what's
necessary and simplify the patching logic.
This could also help identify notable differences between the
01_makefile.patch from two different versions whenever we upgrade.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Debian has a newer setserial which compiles on newer toolchains, so
let's update to it.
Noteworthy is the change from a big diff to a tarball containing the
whole debian directory. The series file which contains all patches to
apply is named properly so no need to rename 00list anymore. The patches
file extension is now .patch instead of .dpatch.
This fixes the build with BR2_TOOLCHAIN_EXTERNAL_ARM_AARCH64 external
toolchain (14.2.rel1).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Newer toolchains silently fail during configure step. After some
investigation, it is because -Wimplicit-int is returned for one of the
simplest test from the in-package configure file and thus fail the
configure step early, when checking if the compiler can produce an
executable.
Let's fix this by simply regenerating the configure file, similarly to
what Debian is doing, c.f. debian/rules.
Fixes:
https://autobuild.buildroot.net/results/ff7a9c3c42f11a2ab71fb04ff0f6d593ac9ee327/
(but there are more build failures later, fixed in a follow-up commit)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since 64ac719952 ("apply-patches.sh: add recursivity when scanning
patchdir"), patches with the .dpatch file extension are simply ignored.
Unfortunately, setserial package stopped applying the patches after that
commit.
Sadly, 0002-tiocghayesesp-build-fix.patch is breaking the patch context
for patch 18 in the debian diff because we are currently applying
patches from within Buildroot tree before applying the ones we download
from Debian. Instead of doing some hacks, let's apply Debian patches
before Buildroot's. However, this requires a few changes. First, we need
to migrate away from the SETSERIAL_PATCH mechanism because currently
_PRE_PATCH_HOOKS runs before this is applied and _POST_PATCH_HOOKS runs
after the Buildroot patches are applied.
Instead, let's use an _EXTRA_DOWNLOADS we manually extract à-la
package/android-tools/android-tools.mk. Then in the _PRE_PATCH_HOOKS, we
apply the big diff the _EXTRA_DOWNLOADS contains so that the patches
from within can be applied afterwards.
Because the big diff still contains only patches with the *.dpatch
extensions that are not supported anymore, we need to either rename all
patches or use the 00list file that lists all patches in the order they
need to be applied. Fortunately, Buildroot already supports applying
patches with `patch` regardless of their extension if they are within
such a file. Unfortunately, it needs to be called "series", hence the
renaming.
Because patch 18 from the big diff is now applied before
0002-tiocghayesesp-build-fix.patch from Buildroot tree, the latter will
fail if left unmodified, so this commit also rebases it.
Finally, we keep the removal of 01_makefile.dpatch for now even though
it only exists because it generates a conflict with
0001-build-system-fix.patch from Buildroot tree. It'll be rebased in a
later commit though.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For the first, unconditional assignment, there is no reason to use
append-assignment; it can even be misleading.
Fixes: b367ca32e5
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch force the usage of `-std=gnu18` for GCC15 toolchains to fix
the following issues:
- The boolean issue with C23
```
In file included from ../../src/i_sound.h:38,
from i_sound.c:58:
../../src/doomtype.h:48:15: error: cannot use keyword ‘false’ as enumeration constant
48 | typedef enum {false, true} boolean;
| ^~~~~
../../src/doomtype.h:48:15: note: ‘false’ is a keyword with ‘-std=c23’ onwards
```
- The usage of `usleep` & `struct timezone` require usage of GNU
extensions.
```
i_system.c:58:3: error: implicit declaration of function ‘usleep’; did you mean ‘sleep’? [-Wimplicit-function-declaration]
58 | usleep(usecs);
| ^~~~~~
| sleep
i_system.c: In function ‘I_GetTime_RealTime’:
i_system.c:78:19: error: storage size of ‘tz’ isn’t known
78 | struct timezone tz;
| ^~
i_system.c: In function ‘I_GetRandomTimeSeed’:
i_system.c:105:19: error: storage size of ‘tz’ isn’t known
105 | struct timezone tz;
| ^~
```
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building prboom with gcc-14 the following error appeared on the
autobuilder:
```
i_main.c: In function 'main':
i_main.c:359:10: error: assignment to 'const char * const*' from incompatible pointer type 'char **' [-Wincompatible-pointer-types]
359 | myargv = argv;
| ^
```
While this package did not receive any update for a while on the
sourceforge mirror, I backported the fix from a fork. For more
information see [1].
[1] 92d44b6383
Fixes: https://autobuild.buildroot.org/results/888/88846e3cb267b04da58bc17d92fd5dd385b65b5d
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using gcc-14 the compilation fails with the following error
message:
```
close.c: In function 'EIBClose':
close.c:38:3: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
38 | close (con->fd);
| ^~~~~
| pclose
openlocal.c: In function 'EIBSocketLocal':
openlocal.c:57:7: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
57 | close (con->fd);
| ^~~~~
| pclose
make[6]: *** [Makefile:611: close.lo] Error 1
```
This patch include <unistd.h> to include the declaration of close.
Fixes: https://autobuild.buildroot.org/results/483/483fc4584815507c3798eb972e22e51f70f52c23/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Unlike glibc and uClibc, musl doesn't play tricks with transparent
unions for the second argument to bind() to accept the various sockaddr
variants, but rather just defines it as "struct sockaddr*". As GCC 14 no
longer allows arbitrary implicit pointer casts, this results in a build
error. Import the upstream patch that adds the cast.
Fixes: https://autobuild.buildroot.org/results/00b/00b42a35a80c2deb61f2cd40aedd231597bbb290
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
List of commits between 1.2.7..1.2.8:
f979f1b8fa202cd0d6c352de0f2b64361ce5ea33 (HEAD -> master, tag: rpcbind-1_2_8, origin/master, origin/HEAD) Release: 1.2.8
a9ecbb81940b23a4bb9814e126c1c1ae1db93b69 (tag: rpcbind-1_2_8-rc3) rpcinfo: Removed a number of "old-style function definition" warnings
8cc10d038c361f296b0a8e068c173acc33568997 rpcbind: Add -v flag to print version and config
8ef2e504df6e5ec3321c0804a8c6684d781e7a84 man/rpcbind: Update list of options
74da58dde5b1a1a7e54df1fb16315845195a69c0 (tag: rpcbind-1_2_8-rc2) Comment out ListenStream=@/run/rpcbind.sock
b78689b8f1df42eb593dc3412698aa1b8aaa3532 [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc()
fd1d5387de8078530d51eccf876afe6e6182b975 (tag: rpcbind-1_2_8-rc1) Move rpbind's default configuration to /run verses /var/run
7a6b1c58eee2e5fa74e3e4045c4950fbb4f8af0a Move rpcbind.lock to /run
be63348bd3dd9e69e151ff83f08f09e1a9df82bf systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup
626fd801a13cecd8eb79ac6e979c248d7214aad4 systemd/rpcbind.service.in: Add various hardenings options
511fc4f4bc5ca7b7c8dac877d590d0634e570e6d man/rpcbind: Add Files section to manpage
31157ba6e60b0a8c4989010df8b1cf2aa673a86c systemd/rpcbind.service.in: Add few default EnvironmentFile
So really not much.
While we're at it, let's add a sha1 hash provided directly by
Sourceforge, in addition to the locally calculated sha256.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
