buildroot.git
3 years agopackage/python-flask-babel: bump version to 2.0.0
Peter Seiderer [Mon, 8 Mar 2021 19:59:11 +0000 (20:59 +0100)]
package/python-flask-babel: bump version to 2.0.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-jinja2: bump version to 2.11.3
Peter Seiderer [Mon, 8 Mar 2021 19:59:10 +0000 (20:59 +0100)]
package/python-jinja2: bump version to 2.11.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-click: bump version to 7.1.2
Peter Seiderer [Mon, 8 Mar 2021 19:59:09 +0000 (20:59 +0100)]
package/python-click: bump version to 7.1.2

- bump version to 7.1.2
- update license hash ('standardize license' [0] to the exact text as
  SPDX provides [1])

[0] https://github.com/pallets/click/commit/d64eddae7d59cebd24b5100d72147fcf2e7cd1dc
[1] https://spdx.org/licenses/BSD-3-Clause.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/upmpdcli: bump to version 1.5.10
Jörg Krause [Wed, 10 Mar 2021 10:59:53 +0000 (11:59 +0100)]
package/upmpdcli: bump to version 1.5.10

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libubox: bump version to 551d75b
Peter Seiderer [Wed, 10 Mar 2021 20:50:02 +0000 (21:50 +0100)]
package/libubox: bump version to 551d75b

Changelog:

  2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)
  870acee tests: cram: test_base64: fix failing tests
  4d8995e tests: cram: test_base64: really fix failing tests
  551d75b libubox: tests: add more blobmsg/json test cases

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-periphery: bump to version 2.3.0
Pierre-Jean Texier [Sun, 14 Mar 2021 16:03:27 +0000 (17:03 +0100)]
package/python-periphery: bump to version 2.3.0

See changelog https://github.com/vsergeev/python-periphery/blob/master/CHANGELOG.md

Update the license hash for a change in copyright years:
-Copyright (c) 2015-2020 vsergeev / Ivan (Vanya) A. Sergeev
+Copyright (c) 2015-2021 vsergeev / Ivan (Vanya) A. Sergeev

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mongoose: security bump to version 7.2
Pierre-Jean Texier [Sun, 14 Mar 2021 16:01:48 +0000 (17:01 +0100)]
package/mongoose: security bump to version 7.2

- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  (compiled with OpenSSL support) is vulnerable to remote OOB write attack via
  connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write
  attack via connection request after exhausting memory pool.
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta Mongoose HTTP server
  7.0 is vulnerable to remote OOB write attack via connection request after exhausting
  memory pool.

See https://github.com/cesanta/mongoose/releases/tag/7.2

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libnet: bump to version 1.2
Fabrice Fontaine [Wed, 10 Mar 2021 19:21:39 +0000 (20:21 +0100)]
package/libnet: bump to version 1.2

- As stated in https://sourceforge.net/projects/libnet-dev/, "this
  project no longer uses sourceforge", so switch site to
  https://github.com/libnet/libnet
- Drop patch (already in version)
- Use the new LICENSE file, same as previous but with updated copyright
  years:
  https://github.com/libnet/libnet/commit/e4fb7e9a1ac7b1695235519ac81bfda616776504
- Update indentation in hash file (two spaces)

https://github.com/libnet/libnet/releases/tag/v1.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libnet: add LIBNET_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 10 Mar 2021 19:21:38 +0000 (20:21 +0100)]
package/libnet: add LIBNET_CPE_ID_VENDOR

cpe:2.3:a:libnet_project:libnet is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibnet_project%3Alibnet

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/docker-engine: bump version to 20.10.5
Christian Stewart [Fri, 12 Mar 2021 22:48:33 +0000 (14:48 -0800)]
package/docker-engine: bump version to 20.10.5

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/docker-cli: bump version to 20.10.5
Christian Stewart [Fri, 12 Mar 2021 22:48:32 +0000 (14:48 -0800)]
package/docker-cli: bump version to 20.10.5

https://docs.docker.com/engine/release-notes/

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/docker-containerd: security bump to 1.4.4
Christian Stewart [Fri, 12 Mar 2021 22:48:31 +0000 (14:48 -0800)]
package/docker-containerd: security bump to 1.4.4

Security fix for CVE-2021-21334:

https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4

Other changes:

 - Fix container create in CRI to prevent possible environment variable leak between containers
 - Update shim server to return grpc NotFound error
 - Add bounds on max oom_score_adj value for shim's AdjustOOMScore
 - Update task manager to use fresh context when calling shim shutdown
 - Update Docker resolver to avoid possible concurrent map access panic
 - Update shim's log file open flags to avoid containerd hang on syscall open
 - Fix incorrect usage calculation

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/rsync: bump version to 3.2.3
Peter Seiderer [Sat, 13 Mar 2021 22:42:11 +0000 (23:42 +0100)]
package/rsync: bump version to 3.2.3

- disable simd, openssl, xxhash, zstd, lz4, asm options

- update COPYING hash (add openssl and xxhash license
  enhancement):

  In addition, as a special exception, the copyright holders give
  permission to dynamically link rsync with the OpenSSL and xxhash
  libraries when those libraries are being distributed in compliance
  with their license terms, and to distribute a dynamically linked
  combination of rsync and these libraries.  This is also considered
  to be covered under the GPL's System Libraries exception.

For details see [1].

[1] https://download.samba.org/pub/rsync/NEWS#3.2.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Cc: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: add 'with exception' to _LICENSE (Baruch)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mc: fix build with ncurses
Fabrice Fontaine [Wed, 10 Mar 2021 19:44:31 +0000 (20:44 +0100)]
package/mc: fix build with ncurses

wchar support in ncurses is needed since version 4.8.26 and
https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e

Fixes:
 - http://autobuild.buildroot.org/results/446eb0a15a728e2fe7a58312bb7329983b2df647

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/meson: bump version to 0.57.1
Peter Seiderer [Sat, 13 Mar 2021 22:24:21 +0000 (23:24 +0100)]
package/meson: bump version to 0.57.1

- update patch 0001-Prefer-ext-static-libs-when-default-library-static.patch
  (use get_option(OptionKey()) instead of get_builtin_option())

- rebase patch 0002-mesonbuild-dependencies-base.py-add-pkg_config_stati.patch

For details see [1].

[1] https://mesonbuild.com/Release-notes-for-0-57-0.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/janet: fix static build
Fabrice Fontaine [Sat, 13 Mar 2021 09:59:09 +0000 (10:59 +0100)]
package/janet: fix static build

Fixes:
 - http://autobuild.buildroot.org/results/a4f927f73a7b80e65408c992d7b6023609a1eacc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/janet: defaults to c99 for build.c_std
Fabrice Fontaine [Sat, 13 Mar 2021 09:59:08 +0000 (10:59 +0100)]
package/janet: defaults to c99 for build.c_std

Fixes:
 - http://autobuild.buildroot.org/results/d5e46e094b27f40e12b32624d1431bfeeb617be3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoRevert "package/janet: add -std=c99 to CFLAGS"
Fabrice Fontaine [Sat, 13 Mar 2021 09:59:07 +0000 (10:59 +0100)]
Revert "package/janet: add -std=c99 to CFLAGS"

This reverts commit b5e8f1c1475b46c8d9b7159aafe983e72d329d29. Indeed,
this commit does not fix the build failure as c_std=c99 is already set
in default_options in meson.build.

The issue is that this parameter is not used for native executables
since meson 0.51.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-rpi-ws281x: bump to version 4.2.6
Grzegorz Blach [Wed, 10 Mar 2021 22:58:10 +0000 (23:58 +0100)]
package/python-rpi-ws281x: bump to version 4.2.6

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: move license fix to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-rpi-ws281x: set proper license
Grzegorz Blach [Wed, 10 Mar 2021 22:58:10 +0000 (23:58 +0100)]
package/python-rpi-ws281x: set proper license

The license is BSD-2-Clause, not MIT.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/kodi-pvr-iptvsimple: bump version to 7.5.0-Matrix
Bernd Kuhls [Fri, 12 Mar 2021 06:18:53 +0000 (07:18 +0100)]
package/kodi-pvr-iptvsimple: bump version to 7.5.0-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/kodi-pvr-zattoo: bump version to 19.7.8-Matrix
Bernd Kuhls [Fri, 12 Mar 2021 06:18:27 +0000 (07:18 +0100)]
package/kodi-pvr-zattoo: bump version to 19.7.8-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/luasec: bump to version 1.0
Francois Perrad [Sat, 13 Mar 2021 07:11:45 +0000 (08:11 +0100)]
package/luasec: bump to version 1.0

diff LICENSE:
-LuaSec 0.9 license
-Copyright (C) 2006-2019 Bruno Silvestre, UFG
+LuaSec 1.0 license
+Copyright (C) 2006-2021 Bruno Silvestre, UFG

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lua-curl: bump to version 0.3.13
Francois Perrad [Sat, 13 Mar 2021 07:11:44 +0000 (08:11 +0100)]
package/lua-curl: bump to version 0.3.13

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/rng-tools: bump to version 6.12
Fabrice Fontaine [Thu, 11 Mar 2021 17:44:01 +0000 (18:44 +0100)]
package/rng-tools: bump to version 6.12

libsysfs is not needed since
https://github.com/nhorman/rng-tools/commit/46b4e8fd8955e25ef0d5e89d26c8cf1543d2fa8a

https://github.com/nhorman/rng-tools/releases/tag/v6.12

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libsigc: bump to version 2.10.6
Fabrice Fontaine [Thu, 11 Mar 2021 17:36:53 +0000 (18:36 +0100)]
package/libsigc: bump to version 2.10.6

- Switch to meson-package as configure is not shipped in the official
  tarball anymore
- Drop host-m4 dependency (only needed in maintainer mode)
- Disable examples and XML validation (enabled by default)
- Drop LIBSIGC_INSTALL_TARGET_FIXUP as documentation is disabled by
  default
- Update web page in Config.in
- Update indentation in hash file (two spaces)

https://github.com/libsigcplusplus/libsigcplusplus/blob/2.10.6/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/sane-backends: bump version to 1.0.32
Peter Seiderer [Sat, 13 Mar 2021 23:00:45 +0000 (00:00 +0100)]
package/sane-backends: bump version to 1.0.32

- change from '--enable-avahi' to '--with-avahi' as advised in the
  1.0.31 release description ([1])

- add optional libcurl dependency (--with-libcurl)

- add optional poppler/libglib2 dependency (--with-poppler-glib)

- add optional libxml2 dependency (--with-usb-record-replay)

- change COPYING hash (editoral changes)

For details see [1].

[1] https://gitlab.com/sane-project/backends/-/releases

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/hwdata: bump version to 0.345
Peter Seiderer [Sat, 13 Mar 2021 22:40:49 +0000 (23:40 +0100)]
package/hwdata: bump version to 0.345

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/cjson: bump version to 1.7.14
Peter Seiderer [Sat, 13 Mar 2021 22:39:20 +0000 (23:39 +0100)]
package/cjson: bump version to 1.7.14

Changelog ([1]):

  1.7.14 (Sep 3, 2020)
  Fixes:
    optimize the way to find tail node, see #503
    Fix WError error on macosx because NAN is a float. Thanks @sappo, see #484
    Fix some bugs in detach and replace. Thanks @miaoerduo, see #456

[1] https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wget: bump version to 1.12.1
Peter Seiderer [Sat, 13 Mar 2021 22:34:19 +0000 (23:34 +0100)]
package/wget: bump version to 1.12.1

- update/fix signing key hash

For details see [1], [2].

[1] https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00013.html
[2] https://lists.gnu.org/archive/html/info-gnu/2021-01/msg00007.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/psmisc: bump version to 23.4
Peter Seiderer [Sat, 13 Mar 2021 22:30:32 +0000 (23:30 +0100)]
package/psmisc: bump version to 23.4

Changelog ([1]):

  Changes in 23.4
  ===============
    * killall: Dynamically link to selinux and use security attributes
    * pstree: Do not crash on missing processes !21
    * pstree: fix layout when using -C !24
    * pstree: add time namespace !25
    * pstree: Dynamically link to selinux and use attr
    * fuser: Get less confused about duplicate dev_id !10
    * fuser: Only check pathname on non-block devices !31

  Changes in 23.3
  ===============
    * killall: check also truncated 16 char comm names Debian #912748
    * fuser: Return early if have nulls !18
    * peekfd: Add support for ARM64 !19
    * pstree: Add color by age #21
    * fuser: Use larger inode sizes #16

[1] https://gitlab.com/psmisc/psmisc/-/blob/master/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/dos2unix: bump version to 7.4.2
Peter Seiderer [Sat, 13 Mar 2021 22:27:37 +0000 (23:27 +0100)]
package/dos2unix: bump version to 7.4.2

- update COPYING.txt hash (update copyright year)

Changelog ([1]):

  2020-10-12: Version 7.4.2
    * New Friulian translation of the messages.
    * Updated Dutch, German, Serbian, Traditional Chinese, and Ukrainian
      translations.

[1] https://sourceforge.net/projects/dos2unix/files/dos2unix/7.4.2/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/btrfs-progs: bump version to 5.11
Peter Seiderer [Sat, 13 Mar 2021 22:26:31 +0000 (23:26 +0100)]
package/btrfs-progs: bump version to 5.11

For details see [1].

[1] https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.11_.28Mar_2021.29

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/avrdude: fix build with kernel < 4.6
Fabrice Fontaine [Sun, 14 Mar 2021 09:46:41 +0000 (10:46 +0100)]
package/avrdude: fix build with kernel < 4.6

Commit 03fa36df7e6a (package/avrdude: Switch to upstream)
unconditionally enabled linuxspi on the assumption that it is available
since linux-2.6.22.

However, avrdude unconditionally uses GPIO and includes linux/gpio.h,
which is only available since kernel 4.6 and:
    https://github.com/torvalds/linux/commit/3c702e9987e261042a07e43460a8148be254412e

Add a Kconfig option, enabled by default for backward compatibility, to
drive whether to enable or disable SPI support.

Fixes:
 - http://autobuild.buildroot.org/results/962a7fcff1e54a0550eafa0cbca780ba8bc8409e

Note: weirdly enough, GPIO support does not use linux/gpio.h; rather it
uses sysfs.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add a Kconfig option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboot/grub2: Backport 2021/03/02 securify fixes
Stefan Sørensen [Thu, 11 Mar 2021 09:53:06 +0000 (10:53 +0100)]
boot/grub2: Backport 2021/03/02 securify fixes

Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

As detailed in commit 7e64a050fbd9add07ed84d48054ffee1b659d079, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.

In addition to the security fixes, these required patches has been
backported:

  f76a27996 efi: Make shim_lock GUID and protocol type public
  04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
  ac5c93675 efi: Add a function to read EFI variables with attributes
  d7e54b2e5 efi: Add secure boot detection

The following security issues are fixed:

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri
*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)
*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)
*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)
*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed
*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)
*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)
*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)
*******************************************************************************

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboot/uboot: fix kconfig with per-package directories and host-make
Nicolas Toromanoff [Wed, 10 Mar 2021 16:16:46 +0000 (17:16 +0100)]
boot/uboot: fix kconfig with per-package directories and host-make

If PER_PACKAGE_DIRECTORIES=Y and using host-make package (because
BR2_FORCE_HOST_BUILD=Y or local make is too old) .stamp_dotconfig
target needs per-package/uboot/host/bin/host-make that doesn't
exist yet.

Add host-make into UBOOT_KCONFIG_DEPENDENCIES.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/opkg-utils: add missing dependencies for host build
Ryan Barnett [Fri, 12 Mar 2021 20:05:32 +0000 (14:05 -0600)]
package/opkg-utils: add missing dependencies for host build

opkg-utils is a collection of bash and python scripts which require
additional commands/tools be available for the bash scripts. The full
list of dependencies that the opkg-util scripts require is:

  bash
  binutils
  bzip2
  coreutils
  diffutils
  findutils
  grep
  gzip
  lz4
  python3
  sed
  tar
  xz

The Buildroot manual requires a few packages (bash, binutils, bzip2,
gzip, sed and tar) to be installed on the host system, so we need not
add those. Additionally, and even though they are not in that list,
that grep and find are also required (we already make extensive use of
both everywhere, so it is as good as them being in the list).

We have a host variant for coreutils, but only for systems that do not
already have a recent-enough one, i.e. that provides 'realpath' and
'ln --relative'. opkg-utils uses neither, so can rely on the ones on the
system.

Only add dependencies on the remaining host tools: diffutils, lz4, and
xz.

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - drop excessive dependencies,
  - reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/diffutils: add host package
Ryan Barnett [Fri, 12 Mar 2021 20:05:29 +0000 (14:05 -0600)]
package/diffutils: add host package

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/opkg-utils: remove build step
Ryan Barnett [Fri, 12 Mar 2021 20:05:27 +0000 (14:05 -0600)]
package/opkg-utils: remove build step

opkg-utils is a package that only provides bash and python scripts.
Upon further inspection of the Makefile for the package, invoking
`make` only ever builds the manpage. The previous commit dropped the
installation of the manpage. This makes the build step unnecessary so
remove it.

Add a comment to explain the situation

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/opkg-utils: install only utility scripts
Ryan Barnett [Fri, 12 Mar 2021 20:05:28 +0000 (14:05 -0600)]
package/opkg-utils: install only utility scripts

When `make install` is run to install the opkg-utils scripts, it also
invokes building of the man page for opkg-build. The generation of the
man page requires `pod2man` executable which is a part of perl.

Since buildroot does not support man pages in the host directory,
patch the opkg-utils Makefile to separate the installation of man
pages and utility scripts.

With the options to install man pages and utils separately, only
install the opkg-utils scripts.

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoDEVELOPERS: remove myself for aufs
Christian Stewart [Fri, 12 Mar 2021 22:08:14 +0000 (14:08 -0800)]
DEVELOPERS: remove myself for aufs

Aufs has been deprecated for the purposes of Docker/containers since overlay2
became the mainline kernel module of choice.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/sysvinit: bump version to 2.99
Peter Seiderer [Fri, 12 Mar 2021 22:17:04 +0000 (23:17 +0100)]
package/sysvinit: bump version to 2.99

Changelog according to [1]:

  sysvinit (2.99) released; urgency=low
    * Fixed typos and missing underlines in shutdown manual page.
      Corrections provided by Helge Kreutzmann.

[1] https://fossies.org/linux/sysvinit/doc/Changelog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bison: bump version to 3.7.6
Peter Seiderer [Fri, 12 Mar 2021 21:58:28 +0000 (22:58 +0100)]
package/bison: bump version to 3.7.6

- update COPYING file hash (URL update from http to https)

For details see [1].

[1] https://fossies.org/linux/bison/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/dosfstools: bump version to 4.2
Peter Seiderer [Fri, 12 Mar 2021 21:56:35 +0000 (22:56 +0100)]
package/dosfstools: bump version to 4.2

Upstream has not released an xz-compressed tarball this time,
so switch back to the gz-compressed one...

For details see [1].

[1] https://github.com/dosfstools/dosfstools/releases/tag/v4.2

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/e2fsprogs: bump version to 1.46.2
Peter Seiderer [Fri, 12 Mar 2021 21:55:04 +0000 (22:55 +0100)]
package/e2fsprogs: bump version to 1.46.2

- removed 0001-create_inode-set-xattrs-to-the-root-directory-as-wel.patch
  (upstream [1])

[1] 0001-create_inode-set-xattrs-to-the-root-directory-as-wel.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/go: security bump to 1.16.2
Christian Stewart [Fri, 12 Mar 2021 20:56:59 +0000 (12:56 -0800)]
package/go: security bump to 1.16.2

go1.16.1 (released 2021/03/10) includes security fixes to the archive/zip and
encoding/xml packages.

go1.16.2 (released 2021/03/11) includes fixes to cgo, the compiler, linker, the
go command, and the syscall and time packages.

https://golang.org/doc/devel/release.html#go1.16

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mbedtls: security bump to version 2.6.10
Fabrice Fontaine [Fri, 12 Mar 2021 20:21:33 +0000 (21:21 +0100)]
package/mbedtls: security bump to version 2.6.10

- Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
  |A| - |B| where |B| is larger than |A| and has more limbs (so the
  function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
  applications calling mbedtls_mpi_sub_abs() directly are affected:
  all calls inside the library were safe since this function is
  only called with |A| >= |B|.
- Fix an errorneous estimation for an internal buffer in
  mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
  value the function might fail to write a private RSA keys of the
  largest supported size.
- Fix a stack buffer overflow with mbedtls_net_poll() and
  mbedtls_net_recv_timeout() when given a file descriptor that is
  beyond FD_SETSIZE.
- Guard against strong local side channel attack against base64 tables
  by making access aceess to them use constant flow code.

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix the hash after upstream mess-up]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agodocs/website: adjust link to Buildroot training course
Thomas Petazzoni [Fri, 12 Mar 2021 10:50:24 +0000 (11:50 +0100)]
docs/website: adjust link to Buildroot training course

The previous course has ended, announce the next one.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bash: fix seventh patch
Fabrice Fontaine [Fri, 12 Mar 2021 07:08:03 +0000 (08:08 +0100)]
package/bash: fix seventh patch

Since bump to version 5.1 in commit
9e778b044c949d165207150cc9e79fdcfbafcb9d, seventh patch wrongly defines
wcdequote_pathname as static which will result in the following build
failure:

smatch.c:(.text+0x22f0): undefined reference to `wcdequote_pathname'

Fixes:
 - http://autobuild.buildroot.org/results/d83f5d260dccd38984ec6fdb340835ca928bb687

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/transmission: fix sysv init script (name vs. exec)
Peter Seiderer [Wed, 10 Mar 2021 22:41:55 +0000 (23:41 +0100)]
package/transmission: fix sysv init script (name vs. exec)

With the start-stop-daemon enabled (instead of the busybox applet),
stopping transmission emits spurious warnings:

  $ /etc/init.d/S92transmission stop
  Stopping bittorrent client transmission-daemon...
  start-stop-daemon: warning: this system is not able to track process names
  longer than 15 characters, please use --exec instead of --name.

Update our startup script to match what was done upstream 9 years ago:
    https://trac.transmissionbt.com/ticket/4724
    https://trac.transmissionbt.com/wiki/Scripts/initd?action=diff&version=24&old_version=23

Partially fixes:
  - https://bugs.busybox.net/show_bug.cgi?id=13576

Reported-by: ingineru_de_sistem@yahoo.com
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - reword commit log
  - add reference to upstream ticket and changeset
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/sysvinit: add patch to fix compile without stack-protector support
Peter Seiderer [Wed, 10 Mar 2021 22:08:12 +0000 (23:08 +0100)]
package/sysvinit: add patch to fix compile without stack-protector support

In Buildroot, the SSP flags are passed via the wrapper, and only flags
supported by the toolchain will be used.

Add patch to remove '-fstack-protector-strong' compile flag.

Fixes:
  .../aarch64-buildroot-linux-uclibc/bin/ld: runlevel.o: in function `main':
  runlevel.c:(.text.startup+0x4): undefined reference to `__stack_chk_guard'
  .../aarch64-buildroot-linux-uclibc/bin/ld: cannot find -lssp_nonshared
  .../aarch64-buildroot-linux-uclibc/bin/ld: cannot find -lssp

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wine: bump to version 6.0
André Hentschel [Thu, 11 Mar 2021 20:18:41 +0000 (21:18 +0100)]
package/wine: bump to version 6.0

Starting with this Wine version many things changed.
zlib, ncurses and GLU are no longer used.
I also explicitly disabled mingw, as otherwise my host mingw-w64 was picked up.
The build system was refactored, so now we have to build the host tools in their
directories instead of asking for them to be built.

Signed-off-by: André Hentschel <nerv@dawncrow.de>
[yann.morin.1998@free.fr: slightly rework the build of the host tools]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bash-completion: bump version to 2.11
Peter Seiderer [Thu, 11 Mar 2021 20:49:21 +0000 (21:49 +0100)]
package/bash-completion: bump version to 2.11

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bash: bump version to 5.1
Peter Seiderer [Thu, 11 Mar 2021 20:44:48 +0000 (21:44 +0100)]
package/bash: bump version to 5.1

- removed 0001-bash50-001.patch to 0018-bash50-018.patch

- added 0001-bash51-001.patch, 0002-bash51-002.patch, 0003-bash51-003.patch,
  0004-bash51-004.patch

- moved 0019-input.h-add-missing-include-on-stdio.h.patch to
  0005-input.h-add-missing-include-on-stdio.h.patch

- removed 0020-locale.c-fix-build-without-wchar.patch
  (superseded by upstream commit)

- added 0006-locale-fix-typo-local_shiftstates-vs.-locale_shiftst.patch
  to fix typo from upstream commit (see previous patch)

- added 0007-glob-fix-dequote_pathname-vs.-udequote_pathname.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/strace: fix build for no-MMU targets
Baruch Siach [Thu, 11 Mar 2021 04:59:27 +0000 (06:59 +0200)]
package/strace: fix build for no-MMU targets

Add patch to disable fork() calling code on !HAVE_FORK.

Fixes:
    http://autobuild.buildroot.net/results/3d506e2f6337327c0783cf3cc12a8b5fb78521e4/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/download: make the svn backend more reproducible
Yann E. MORIN [Wed, 10 Mar 2021 22:59:37 +0000 (23:59 +0100)]
support/download: make the svn backend more reproducible

Since c043ecb20ce6 (support/download: change format of archives
generated from svn), the svn backend uses the generic helper to
create reproducible archives.

That helper really does its job as expected, but the svn backend
is flawed in two ways:

  - the first, most obvious breakage happens with versions older
    than 1.9, as they do not support the '--show-item' option
    for the 'info' action;

  - the second is more involved, in that svn will by default
    expand the old, legacy, deprecated, cumbersome CVS-style
    keywords, in the form of revision marks like '$Date$' in a
    C-style comment in a source file. These replacements are
    done on checkout as well as on export, and they use local
    settings, like the local locale and timezone.

    This means that two people with different settings, will get
    different sources when the svn-checkout or svn-export the same
    revision from the same tree...

    Needless to say that this is not very reproducible...

While the first is easily solved, the second is more involved.

We need to ensure that what source is used initially to compute
the hash, will also be the source that are used to check the hash.

There are basically two solutions:

 1. we ensure the same environment, by forcing the timezone and
    the locale to arbitrary values

 2. we disable keyword expansion

For the first solution, this still leaves the possibility that we
miss some environment settings that have an impact on the keyword
expansion. It would mean that Yann's settings be used, as he did
introduce the hash for the only svn-downloaded package we have,
avrdude, settings which are:
    TZ=Europe/Paris
    LC_TIME="en_US.UTF-8"
    LC_COLLATE="en_GB.UTF-8"
    LC_MONETARY="fr_FR.utf8"
    LC_NUMERIC="fr_FR.utf8"

The second option means that the generated archives change. That
means we'd have to bump the archive version for svn downloads, and
that we update the hashes for all the svn-downloaded packages.

We chose to go with the second option, because this is what really
makes more sense, rather than hard-coding arbitrary values in the
environment. And we also have only one svn-downloaded package,
avrdude.

And thus, we're reaching the trigger for this change: avrdude is
impacted by the CVS-keyword expansion issue:

    https://svn.savannah.gnu.org/viewvc/avrdude/trunk/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js?revision=1396&view=markup

which would give two different files when checked out on different
machines:

    diff -durN foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js
    --- foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
    +++ bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
    @@ -1,6 +1,6 @@
     /**
      * @preserve jquery.layout 1.3.0 - Release Candidate 30.51
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      * $Rev: 303005 $
      *
      * Copyright (c) 2012
    @@ -4718,7 +4718,7 @@

     /**
      * jquery.layout.state 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2010
      *   Kevin Dalman (http://allpro.net)
    @@ -5074,7 +5074,7 @@

     /**
      * jquery.layout.buttons 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2010
      *   Kevin Dalman (http://allpro.net)
    @@ -5356,7 +5356,7 @@

     /**
      * jquery.layout.browserZoom 1.0
    - * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
    + * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
      *
      * Copyright (c) 2012
      *   Kevin Dalman (http://allpro.net)

So we also update the hash for avrdude.

Fixes:
    http://autobuild.buildroot.org/results/e3b/e3b0508047f32008ebfa83c5255ec5994b6af120/ (time issue)
    http://autobuild.buildroot.org/results/48e/48e78e84b425e79cdb98c16ab40247a0fa7e9676/ (keyword expansion issue)

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/runc: cleanup the CPE_ID variables
Yann E. MORIN [Sat, 6 Mar 2021 21:50:27 +0000 (22:50 +0100)]
package/runc: cleanup the CPE_ID variables

The CPE variables are derived from the package upstream values, so they
must be set from the package values, not the other way around.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Christian Stewart <christian@paral.in>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoRevert "package/libopenssl does not support riscv32"
Yann E. MORIN [Tue, 9 Mar 2021 21:37:18 +0000 (22:37 +0100)]
Revert "package/libopenssl does not support riscv32"

Now that we have a backport from upstream with a proper fix for the
build on riscv32 *and* a proper implementationfor 64-bit time structs,
we can re-activate the build on riscv32.

This partially reverts commit c72be5dd2f5aef9162a0ec90465d9220b3546887.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libopenssl: fix build wrt. 64-bit time-related syscalls & structs
Yann E. MORIN [Tue, 9 Mar 2021 21:37:17 +0000 (22:37 +0100)]
package/libopenssl: fix build wrt. 64-bit time-related syscalls & structs

riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.

Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves.

Backport two cumulative patches from the upstream openssl development
branch that will eventually be openssl 3.0, but has not yet been
backported to the 1.1.1 stable branch.

Fixes:
    http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
    ...
    http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/optee-client: fix gid_t build issue in OP-TEE 3.12 libckteec
Etienne Carriere [Tue, 9 Mar 2021 11:33:48 +0000 (12:33 +0100)]
package/optee-client: fix gid_t build issue in OP-TEE 3.12 libckteec

Include missing unistd.h to support type gid_t in ckteec library
of optee-client 3.12.0. This change fixes [1]. The fix has been
posted to optee-client forum, see [2].

Link: [1] http://autobuild.buildroot.net/results/34b9946e6d59112a7eead304933534ad4739a84c/build-end.log
Link: [2] https://github.com/OP-TEE/optee_client/pull/262

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[yann.morin.1998@free.fr:
  - use an actual backport now that upstream applied it
  - fix typo in title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/linux-firmware: fix build failure when no firmware item selected
Andreas Ziegler [Tue, 9 Mar 2021 18:25:17 +0000 (18:25 +0000)]
package/linux-firmware: fix build failure when no firmware item selected

The latest change in Linux firmware handling breaks the build if no
specific firmware item is selected below BR2_PACKAGE_LINUX_FIRMWARE.

The firmware archive is only created if at least one firmware
sub-category is selected; the installation step wants to unpack the
archive unconditionally.

Use the same condition to control install command definition as in the
build step.

Signed-off-by: Andreas Ziegler <br015@umbiko.net>
[yann.morin.1998@free.fr: use a single conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/avrdude: Switch to upstream
Alexander Sverdlin [Mon, 22 Feb 2021 02:26:06 +0000 (03:26 +0100)]
package/avrdude: Switch to upstream

In the meanwhile "linuxspi" programmer was merged upstream, therefore
it's possible to switch to latest upstream tree instead of the old fork
without losing any functionality.

The fork we were using did auto-detection of kernel headers to detect
whether spidev.h was present or not, and thus whether to enable or
disable its linuxspi 'driver'. As spidev.h has been present since
linux-2.6.22, we can quite easily conclude that spidev support was
always enabled in the fork.

But upstream went a slightly different route, and added a configure
option (and they do no validity check).

So, to keep backward behaviour, we unconditionally enable it  now that
we switched back to use upstream.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
[yann.morin.1998@free.fr:
  - clarify why we forcibly use --enable-linuxspi
  - fix the hash to adapt to the new svn tarball format (c043ecb20ce6)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/zyre: bump version to 2.0.1
Jack Cripps [Mon, 8 Mar 2021 12:27:33 +0000 (12:27 +0000)]
package/zyre: bump version to 2.0.1

Version bump required due to python setup.py missing from v2.0.0 python bindings

Signed-off-by: Jack Cripps <jack.cripps@disguise.one>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/inih: bump version to 53
Bernd Kuhls [Mon, 8 Mar 2021 12:17:59 +0000 (13:17 +0100)]
package/inih: bump version to 53

Removed patch which was applied upstream, fixed upper-case package name.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoDEVELOPERS: adopt package/sysklogd
Joachim Wiberg [Mon, 8 Mar 2021 13:27:41 +0000 (14:27 +0100)]
DEVELOPERS: adopt package/sysklogd

Since I'm the upstream maintainer and we use it for $DAYJOB, I'll adopt.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/sysklogd: bump to version 2.2.2
Joachim Wiberg [Mon, 8 Mar 2021 13:27:40 +0000 (14:27 +0100)]
package/sysklogd: bump to version 2.2.2

https://github.com/troglobit/sysklogd/releases/tag/v2.2.2

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-bluezero: bump to version 0.6.0
Grzegorz Blach [Mon, 8 Mar 2021 17:30:00 +0000 (18:30 +0100)]
package/python-bluezero: bump to version 0.6.0

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libinput: bump version to 1.17.0
Peter Seiderer [Mon, 8 Mar 2021 19:33:54 +0000 (20:33 +0100)]
package/libinput: bump version to 1.17.0

For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-February/041733.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMerge branch 'next'
Peter Korsgaard [Mon, 8 Mar 2021 07:06:00 +0000 (08:06 +0100)]
Merge branch 'next'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/nano: bump to version 5.6.1
Francois Perrad [Sun, 7 Mar 2021 16:32:27 +0000 (17:32 +0100)]
package/nano: bump to version 5.6.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/frotz: Update to version 2.53
Thomas Huth [Sun, 7 Mar 2021 15:21:47 +0000 (16:21 +0100)]
package/frotz: Update to version 2.53

This version should now also compile fine on systems without pthreads,
so we can remove the dependency on BR2_TOOLCHAIN_HAS_THREADS again.

While we're at it, also fix a typo in the description (replace "can not"
with "cannot").

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libuhttpd: bump version to 3.10.1
Jianhui Zhao [Sun, 7 Mar 2021 14:19:33 +0000 (22:19 +0800)]
package/libuhttpd: bump version to 3.10.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboot/at91bootstrap3: fix checksum of license
Edgar Bonet [Sun, 7 Mar 2021 19:45:33 +0000 (20:45 +0100)]
boot/at91bootstrap3: fix checksum of license

Commit ca1604388a86d73c548c6e65eadd13f424685838 updated the checksum of
the tarball, but failed to update the one of main.c, which serves as a
license file.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/ruby: update hashes
Bartosz Bilas [Sun, 7 Mar 2021 16:34:55 +0000 (17:34 +0100)]
package/ruby: update hashes

Commit af5226f2fd1292a26f2dfda32f41cbbad7aa4cc6 forgot to update
hash of LEGAL and BSDL files.

Those two files have mostly undergone reoraganizing. A few new files
have also been listed. The resulting licensing does not change
fundamentally, especially sine we already list 'others' in the list of
licenses applicable to Ruby.

Fixes:
 - http://autobuild.buildroot.net/results/448/4484fcce51dd2556156631d20b35bbba44abc171/build-end.log
 ..
 - http://autobuild.buildroot.net/results/c60/c60e5923159b3d66b422eb988f5d49e1c73e8710/build-end.log

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: explain what changed]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoKickoff 2021.05 cycle
Peter Korsgaard [Sun, 7 Mar 2021 12:02:09 +0000 (13:02 +0100)]
Kickoff 2021.05 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agodocs/website/news.html: add 2021.02 announcement link
Peter Korsgaard [Sun, 7 Mar 2021 12:01:02 +0000 (13:01 +0100)]
docs/website/news.html: add 2021.02 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/optee-test: add deps on openssl when enabled
Etienne Carriere [Fri, 30 Oct 2020 07:50:44 +0000 (08:50 +0100)]
package/optee-test: add deps on openssl when enabled

Add a dependency on openssl upon BR2_PACKAGE_LIBOPENSSL=y to
enable some for OP-TEE embedded tests.

Building with libressl makes the optee-test test tool fail on a
certificate test; so we explicitly depend on libopenssl.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[yann.morin.1998@free.fr:
  - match the depenency to libopenssl, since that's is what is used in
    the condition (BR2_PACKAGE_LIBOPENSSL)
  - add a blurb to explain why libopenssl is used, not the virutal
    openssl
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/optee-client: disable -Werror
Fabrice Fontaine [Sun, 1 Nov 2020 20:43:49 +0000 (21:43 +0100)]
package/optee-client: disable -Werror

Disable -Werror thanks to CFG_WERROR which is available since version
3.3.0 and
https://github.com/OP-TEE/optee_client/commit/5355fdb841bce4f7cce3dd37fc31fa91bd625c98
to fix the following build failure with optee-client 3.11.0:

/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c: In function 'ck_create_object':
/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c:22:9: error: missing initializer for field 'buffer' of 'struct serializer' [-Werror=missing-field-initializers]
  struct serializer obj = { };
         ^

Fixes:
 - http://autobuild.buildroot.org/results/a3d663adb943aee814180f01d6e153b3309be962

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/optee-test: bump to version 3.12.0
Etienne Carriere [Thu, 25 Feb 2021 15:33:45 +0000 (16:33 +0100)]
package/optee-test: bump to version 3.12.0

Bump OP-TEE Test package version to OP-TEE release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/optee-examples: bump to version 3.12.0
Etienne Carriere [Thu, 25 Feb 2021 15:33:44 +0000 (16:33 +0100)]
package/optee-examples: bump to version 3.12.0

Bump OP-TEE Examples package version to OP-TEE release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/optee-client: bump to version 3.12.0
Etienne Carriere [Thu, 25 Feb 2021 15:33:43 +0000 (16:33 +0100)]
package/optee-client: bump to version 3.12.0

Remove local patch file since issue addressed in OP-TEE mainline
since 3.12.0 and bump OP-TEE Client package version to OP-TEE
release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/optee-benchmark: bump to version 3.12.0
Etienne Carriere [Thu, 25 Feb 2021 15:33:42 +0000 (16:33 +0100)]
package/optee-benchmark: bump to version 3.12.0

Remove main-fix-typo patch since merged in OP-TEE OS 3.12.0 and
bump OP-TEE Benchmark package version to OP-TEE release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoboot/optee-os: bump to version 3.12.0
Etienne Carriere [Thu, 25 Feb 2021 15:33:41 +0000 (16:33 +0100)]
boot/optee-os: bump to version 3.12.0

Bump OP-TEE OS package version to OP-TEE release 3.12.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/lttng-tools: set rundir to /run/lttng unconditionally
Norbert Lange [Wed, 24 Feb 2021 10:31:53 +0000 (11:31 +0100)]
package/lttng-tools: set rundir to /run/lttng unconditionally

Buildroot ensures that all init-systems have a /run directory,
this should be the preferred location.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/lttng-libust: set rundir to /run/lttng unconditionally
Norbert Lange [Wed, 24 Feb 2021 10:31:52 +0000 (11:31 +0100)]
package/lttng-libust: set rundir to /run/lttng unconditionally

Buildroot ensures that all init-systems have a /run directory,
this should be the preferred location.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/lttng-libust: bump to version 2.12.1
Norbert Lange [Wed, 24 Feb 2021 10:31:51 +0000 (11:31 +0100)]
package/lttng-libust: bump to version 2.12.1

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/lttng-tools: bump version to 2.12.3
Norbert Lange [Wed, 24 Feb 2021 10:31:50 +0000 (11:31 +0100)]
package/lttng-tools: bump version to 2.12.3

Remove patch 001 as it has been fixed upstream.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mawk: new package
Ismael Luceno [Thu, 4 Mar 2021 13:40:49 +0000 (14:40 +0100)]
package/mawk: new package

Interpreter for the AWK Programming Language.

Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agotoolchain: disable gcc bug 60620 if gcc version >= 10.x
Giulio Benetti [Fri, 5 Mar 2021 15:41:39 +0000 (16:41 +0100)]
toolchain: disable gcc bug 60620 if gcc version >= 10.x

Since gcc version 10.x bug 60620 doesn't show anymore, so let's make it
enabled up to versino 10.x excluded.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libnss: bump version to 3.62
Giulio Benetti [Mon, 22 Feb 2021 17:52:02 +0000 (18:52 +0100)]
package/libnss: bump version to 3.62

Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.62_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/timescaledb: bump version to 2.1.0
Maxim Kochetkov [Thu, 4 Mar 2021 08:47:21 +0000 (11:47 +0300)]
package/timescaledb: bump version to 2.1.0

Remove all PG13 upstream patches.

Release notes: https://github.com/timescale/timescaledb/releases/tag/2.1.0

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/strace: bump to version 5.11
Baruch Siach [Thu, 4 Mar 2021 12:39:11 +0000 (14:39 +0200)]
package/strace: bump to version 5.11

Update COPYING: copyright year update, and added note about the bundled
Linux UAPI headers. Upstream commit 5bd8364f4202d ("Introduce bundled
directory") says:

   According to analysis made by Kent Gibson at [1], we are allowed to
   re-distribute unmodified Linux kernel UAPI headers under the same
   terms as they are provided by the Linux kernel, and such
   re-distribution does not affect the license of strace itself.

   [1] https://lore.kernel.org/linux-gpio/20210128032641.GA11655@sol/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-aioblescan: bump to version 0.2.7
Grzegorz Blach [Tue, 2 Mar 2021 16:57:52 +0000 (17:57 +0100)]
package/python-aioblescan: bump to version 0.2.7

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/pigpio: bump to version 79
Grzegorz Blach [Wed, 3 Mar 2021 22:07:30 +0000 (23:07 +0100)]
package/pigpio: bump to version 79

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-platform: remove package
Bernd Kuhls [Tue, 2 Mar 2021 07:07:49 +0000 (08:07 +0100)]
package/kodi-platform: remove package

This package is not used by kodi addons anymore.
No legacy handling needed because this package was never selectable.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-visualisation-matrix: new package
Bernd Kuhls [Tue, 2 Mar 2021 07:07:48 +0000 (08:07 +0100)]
package/kodi-visualisation-matrix: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-visualisation-waveform: bump version to 4.4.0-Matrix
Bernd Kuhls [Tue, 2 Mar 2021 07:07:47 +0000 (08:07 +0100)]
package/kodi-visualisation-waveform: bump version to 4.4.0-Matrix

Add dependency to glm due to upstream commit:
https://github.com/xbmc/visualization.waveform/commit/18e32dd2416fc58e91c977d3c3a4c27b6ca59c3b

Switch license file to LICENSE.md.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-visualisation-starburst: bump version to 2.4.0-Matrix
Bernd Kuhls [Tue, 2 Mar 2021 07:07:46 +0000 (08:07 +0100)]
package/kodi-visualisation-starburst: bump version to 2.4.0-Matrix

Switch license file to LICENSE.md.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-visualisation-spectrum: bump version to 3.4.0-Matrix
Bernd Kuhls [Tue, 2 Mar 2021 07:07:45 +0000 (08:07 +0100)]
package/kodi-visualisation-spectrum: bump version to 3.4.0-Matrix

Removed patch applied upstream:
https://github.com/xbmc/visualization.spectrum/commit/46b605516b057823855c7f76dbc3f622dcf5983b

Add dependency to glm due to upstream commit:
https://github.com/xbmc/visualization.spectrum/commit/0a3e3885b87f61e9a511ec942b3c01679e4b3414

Switch license file to LICENSE.md.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kodi-visualisation-shadertoy: bump version to 2.3.0-Matrix
Bernd Kuhls [Tue, 2 Mar 2021 07:07:44 +0000 (08:07 +0100)]
package/kodi-visualisation-shadertoy: bump version to 2.3.0-Matrix

Switch dependency to kodi after upstream removed the dependency to
kodi-platform:
https://github.com/xbmc/visualization.shadertoy/commit/3fa4d118dcee2025620eb342d1a22a956beb06e5

Switch license file to LICENSE.md.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>