There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94 ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
No patches affected by this update.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
KERNEL_MAKEOPTS will get expanded when it is used and not when it is
defined in the kernel.mk file now. This fixes problems finding dependent
kernel modules when it is used by a kernel module package.
Without this change the build of packages which depend on other out of
tree modules failed when they used KERNEL_MAKE because some symbols could
not be found. This happened because KERNEL_MAKE_FLAGS which contains a
"if $(__package_mk)" was evaluated where KERNEL_MAKEOPTS was defined
and not when the KERNEL_MAKE was used. For packages which included
kernel.mk before package.mk we saw this problem. One workaround
was to use the correct include order and the other one was to not
use KERNEL_MAKE_FLAGS, but copy its content.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Starting from version 2.39 binutils now warns about sections with rwx
permissions. While this is generally desirable it breaks building
ARM TrustedFirmware-A bl2 which treats warnings as errors.
Disable the warning/error for now to fix build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Call 'mkdir -p $(STAGING_DIR_IMAGE)' before trying to store files in
this potentially non-existing folder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Manually rebased: ath79/patches-5.10/910-unaligned_access_hacks.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
Instead of manually overriding every cmake package that uses iconv or
gettext's paths, add the prefix in here so that at least FindIconv.cmake
works. Fixes compilation with BUILD_NLS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.
Signed-off-by: David Bauer <mail@david-bauer.net>
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Manually rebased:
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
All patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Move gro_skip in 680-NET-skip-GRO-for-foreign-MAC-addresses.patch to old position]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
c3e31b6a9b and 5f8e587240 disable stack validation when the build
host is not running Linux, as the objtool kernel build tool required for
stack validation is not portable to other build host environments. This
was achieved by setting CONFIG_STACK_VALIDATION= in KERNEL_MAKEOPTS, and
by setting SKIP_STACK_VALIDATION=1 in the environment. KERNEL_MAKEOPTS
only has effect for the kernel build, not for external module builds,
but through kernel 5.14, SKIP_STACK_VALIDATION worked to disable this
feature too, so stack validation was disabled for external module builds
as well. Since kernel 0d989ac2c90b, the kernel build no longer considers
SKIP_STACK_VALIDATION, so the feature will be disabled for the kernel
build, but not for external module builds.
When building OpenWrt on a non-Linux build host targeting x86 (the only
target architecture for which OpenWrt enables the kernel
CONFIG_STACK_VALIDATION) and using kernel 5.15 (such as via
CONFIG_TESTING_KERNEL), this caused a build failure during any external
module build, such as kmod-button-hotplug. This manifested as build
errors such as:
make[4]: *** No rule to make target
'.../build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.o',
needed by
'.../build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.mod'.
Stop.
Although button-hotplug.c was present, the implicit rule to make
$(obj)/%.o from $(src)/%.c in the kernel's scripts/Makefile.build could
not be satisfied in this case, as it also depends on $(objtool_dep),
non-empty as a result of the failure to propagate disabling of stack
validation to external module builds, in a configuration where it is not
possible to build objtool.
KERNEL_MAKEOPTS is used for just the kernel build itself, while
KERNEL_MAKE_FLAGS is used for both the kernel build and for external
module builds. This restores the ability to build OpenWrt in such
configurations by moving the CONFIG_STACK_VALIDATION= make argument from
KERNEL_MAKEOPTS to KERNEL_MAKE_FLAGS where it is able to affect external
module builds properly.
Note that the kernel's objtool and related configuration have seen a
major overhaul since kernel 5.15, and may need more attention again
after 22922deae13f, in kernel 5.19.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Introduce a new option in the "Advanced configuration options" to
configure a custom download tool.
By declaring a string in "Use custom download tool" an user can force
what command to use to download package. With the string empty the
default tool used is curl, with wget as a fallback if not available.
download.pl supports 3 tools officially aria2c, curl and wget.
If one of the tool is used in this config, download.pl will use the
default args to make use of them.
If the provided string is different than aria2c, curl or wget, the command
is used as is and the download url will be appended at the end of such command.
While at it also tweak the tool selection logic and chose the tool only
once when the script is called and move aria2c specific variables in the
relevant section.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
To use from the following devices in ath79 target, move edimax-header to
image-commands.mk.
- ELECOM WRC-300GHBK2-I
- ELECOM WRC-1750GHBK2-I/C
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Kernel loaders like the lzma-loader currently don't track changes to
their sources. This can lead to an old version of a loader to be used
when a build tree is not clean between builds.
As the loaders are tiny and the build times are insignificant, simply
force rebuilding them on every build to avoid this problem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix syntax error on macos, for substr is undefined results according to
the POSIX standard.
From expr on macos:
According to the POSIX standard, the use of string arguments length,
substr, index, or match produces undefined results. In this version of
expr, these arguments are treated just as their respective string values.
By a simple test Makefile:
define ModelNameLimit16
$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
endef
define ModelNameLimit16_2
$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
endef
hello:
echo $(call ModelNameLimit16, technicolor_tg582n-telecom-italia)
echo $(call ModelNameLimit16_2, technicolor_tg582n-telecom-italia)
The same output is produced.
echo tg582n-telecom-i
tg582n-telecom-i
echo tg582n-telecom-i
tg582n-telecom-i
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
[ wrap commit description to 80 columns and improve it ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Move DOWNLOAD_CHECK_CERTIFICATE to include/download.mk as it's a better
place than exporting it in the global rules.mk makefile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Some OS may have the true bin to a different location than /bin/true.
BSD based system and macos have true on /usr/bin/true.
Fix this by checking both location and take the one available in the
system.
Reported-by: Sergey V. Lobanov <sergey@lobanov.in>
Suggested-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>