Peter Korsgaard [Fri, 7 May 2021 06:28:21 +0000 (08:28 +0200)]
package/go: security bump to version 1.16.4
Fixes the following security issues:
- CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
unrecoverable panic when reading a very large header (over 7MB on 64-bit
architectures, or over 4MB on 32-bit ones). Transport and Client are
vulnerable and the program can be made to crash by a malicious server.
Server is not vulnerable by default, but can be if the default max header
of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
in which case the program can be made to crash by a malicious client.
https://github.com/golang/go/issues/45710
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 7 May 2021 06:15:35 +0000 (08:15 +0200)]
package/python3: security bump to version 3.9.5
Fixes the following security issues:
- bpo-43434: Creating a sqlite3.Connection object now also produces a
sqlite3.connect auditing event. Previously this event was only produced
by sqlite3.connect() calls. Patch by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing
such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
cpython.PyInterpreterState_New event when called through the
_xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notatation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
https://www.python.org/downloads/release/python-395/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Tue, 4 May 2021 20:51:38 +0000 (22:51 +0200)]
configs/beaglev: enable building of low-level firmware
This commit extends the beaglev_defconfig and its documentation to
build the low-level firmware, and to explain how to reflash it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr: use typoed-name for beaglev-ddrlnit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 4 May 2021 20:51:37 +0000 (22:51 +0200)]
boot/beaglev-secondboot: new package
This packages allows to build the first stage bootloader used on the
BeagleV, which is used even before the DDR initialization and
OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first
stage bootloader, but that's the upstream name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- add hash file
- commit is HEAD only right now, so don't reference HEAD
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 4 May 2021 20:51:36 +0000 (22:51 +0200)]
boot/beaglev-ddrlnit: new package
This commit adds a package for the DDR initialization code used on the
BeagleV platform.
The typo in the package name is upstream's typo, and we just keep it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- upstream name is beaglev_ddrlnit, not *init (keep their typo)
- rename package and variables accordingly
- the referenced commit is no longer the HEAD of said branch
- add a hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 4 May 2021 20:51:35 +0000 (22:51 +0200)]
package/riscv64-elf-toolchain: new package
This commit adds a new package for a prebuilt bare-metal toolchain for
RISC-V 64-bit. Indeed, some bootloader/firmware for the BeagleV (and
potentially later for other platforms?) do not build with a
Linux-capable toolchain.
This uses a pre-built toolchain from SiFive, precompiled for x86-64,
so all packages using this toolchain must have the appropriate
BR2_HOSTARCH dependency.
This package is modeled after package/arm-gnu-a-toolchain/, which
package a pre-built ARM32 bare-metal toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 4 May 2021 20:51:34 +0000 (22:51 +0200)]
configs/beaglev_defconfig: new defconfig
This commit introduces support for the RISC-V based BeagleV platform,
which uses a Starfive JH7100.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr: use: eval $(make printvars)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 4 May 2021 20:51:33 +0000 (22:51 +0200)]
boot/opensbi: add options to enable/disable image installation
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified,
opensbi.mk was assuming that both fw_jump and fw_dynamic would be
produced. However, this is not the case: the OpenSBI per-platform
config.mk can decide which image to build.
As an example, the config.mk for VIC7100-based BeagleV only enables
producing the fw_payload image.
This commit adds three options to enable the installation of images:
one for fw_jump, one for fw_dynamic, one for fw_payload.
The options for fw_jump and fw_dynamic are "default y" when
BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior.
The option for fw_payload is forcefully selected when either Linux or
U-Boot are selected as payloads.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 10 May 2020 08:52:17 +0000 (10:52 +0200)]
package/cegui: add libfribidi optional dependency
libfribidi is an optional dependency (enabled by default) since version
0.8.0 and
https://github.com/cegui/cegui/commit/
17974582e6b6a7d8f5853b0272433f130f82e52a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Bartosz Bilas<b.bilas@grinn-global.com>
Reviewed-by: Bartosz Bilas<b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 7 May 2021 19:39:29 +0000 (21:39 +0200)]
package/cifs-utils: security bump to version 6.13
Fix CVE-2021-20208: A flaw was found in cifs-utils in versions before
6.13. A user when mounting a krb5 CIFS file system from within a
container can use Kerberos credentials of the host. The highest threat
from this vulnerability is to data confidentiality and integrity.
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Thu, 6 May 2021 19:48:25 +0000 (21:48 +0200)]
package/openjdk: fully switch to Github, commonalise version scheme
Commit
057e27029c98 (package/openjdk{, -bin}: bump latest to version
16.0.1+9) partially switched over to using the Github repository (which
is the new official publication channel for OpenJDK).
However, only the JDK16 was switched, because of concerns about a change
in the hash of Github-generated archives for the JDK11, due to a missing
Hg-related file on Github.
But as Arnout put it:
There's a trivial workaround: drop OPENJDK_SOURCE = .... That way,
the tarball name becomes openjdk-... instead of jdk-... and it's a
different file.
There is indeed no good reason to force a non-default filename for the
archive, so we do drop it.
As a consequence, we can fully switch over to Github for openjdk, using
the new version scheme. Of course the hash changes, but it is a new
file, so that's OK.
The filename for the JDK16 changes, but the content does not change, so
the hash does not change.
For consistency, the version scheme is also applied to openjdk-bin. Even
though it was already using Github, using that new version scheme also
allows to commonalise the variables too. The archives are the exact
same: no change in filename or content, so no hash to fixup.
Reported-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
cc: Adam Duskett <aduskett@gmail.com>
Tested-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Thu, 6 May 2021 21:25:40 +0000 (23:25 +0200)]
package/python-django: security bump to version 3.2.2
Django 3.0.x is EOL, so move to 3.2.x which is the new LTS release. For
details of the changes and update instructions, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/django-32-released/
Fixes the following security issues:
- CVE-2021-30459 - SQL Injection via Select, Explain and Analyze forms of
the SQLPanel for Django Debug Toolbar >= 0.10.0
With Django Debug Toolbar 0.10.0 and above, attackers are able to execute
SQL by changing the raw_sql input of the SQL explain, analyze or select
forms and submitting the form. This is a high severity issue for anyone
using the toolbar in a production environment. Generally the Django Debug
Toolbar team only maintains the latest version of django-debug-toolbar,
but an exception was made because of the high severity of this issue.
The GitHub Security Advisory can be found here:
https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj
- CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal
via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is
now applied. Specifically, empty file names and paths with dot segments
will be rejected.
This issue has low severity, according to the Django security policy.
- CVE-2021-32052: Header injection possibility since URLValidator accepted
newlines in input on Python 3.9.5+
On Python 3.9.5+, URLValidator didn't prohibit newlines and tabs. If you
used values with newlines in HTTP response, you could suffer from header
injection attacks. Django itself wasn't vulnerable because HttpResponse
prohibits newlines in HTTP headers.
Moreover, the URLField form field which uses URLValidator silently removes
newlines and tabs on Python 3.9.5+, so the possibility of newlines
entering your data only existed if you are using this validator outside of
the form fields.
This issue was introduced by the bpo-43882 fix.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 6 May 2021 21:25:39 +0000 (23:25 +0200)]
package/python-asgiref: bump version to 3.3.4
Needed by django 3.2.x
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Tue, 4 May 2021 20:51:32 +0000 (22:51 +0200)]
package/Makefile.in: expose CONFIG_DIR to post-build/post-image scripts
Sometimes, post-build or post-image scripts need to reinvoke
Buildroot's make, for example to execute "make printvars".
However, so far post-build/image/fakeroot can't trivially run printvars
in a way that worked for both in-tree and out-of-tree builds. Indeed:
* "make printvars" would work for in-tree builds, but not out of tree
builds
* "make -C ${O} printvars" would work for out-of-tree builds, but not
in-tree builds
* "make -C ${BR2_CONFIG%/*} printvars" works in both cases, but it is
a bit cryptic, and two maintainers did not even immediately think of
it
In order to solve this, this commit exposes $(CONFIG_DIR) to
post-build/image/fakeroot scripts, through the EXTRA_ENV variable.
The documentation is updated accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- reference BR2_CONFIG as an exemple
- slightly reword the commit log accordingly
- move the doc for CONFIG_DIR next to that of BR2_CONFIG
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matthew Weber [Thu, 6 May 2021 16:29:23 +0000 (11:29 -0500)]
DEVELOPERS: transition rockwellcollins.com to collins.com
Email addresses are all live and some of us will start contributing
with the new collins.com domain.
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Tue, 4 May 2021 21:00:25 +0000 (14:00 -0700)]
package/openjdk{, -bin}: bump latest to version 16.0.1+9
When introducing OpenJDK to buildroot, the OpenJDK project did not put
releases on their GitHub page. Since then, the OpenJDK developers have
not only added OpenJDK releases to Github, they are starting to phase
out adding releases to their public-facing mercurial repository.
Compare the following URLs:
https://wiki.openjdk.java.net/display/JDKUpdates/JDK+14u
https://wiki.openjdk.java.net/display/JDKUpdates/JDK+15u
https://wiki.openjdk.java.net/display/JDKUpdates/JDK+16u
With JDK14, only the mercurial repository is listed. With OpenJDK15,
both the GitHub and mercurial repository are listed. Finally, with
OpenJDK16, only the GitHub repository is listed.
For consistency's sake, and for the version bump of JDK latest from 14
to 16 do the following:
- Change the repository for OpenJDK14 to point to the official GitHub
repository,
- In order to simplify and reuse the GitHub URL, modify the
OPENJDK_VERSION_MAJOR and OPENJDK_VERSION_MINOR definitions to only
include a single number for the MAJOR definition.
- Change openjdk-bin.mk to also use the same format as the openjdk.mk
file
Unfortunately, we can't yet do the switch for OpenJDK11: the Github
repository is missing a Mercurial-related file, so that the archive
for OpenJDK11 11.0.11+9 would change from the one we already have on
s.b.o and that people would alreay have locally, and we'd have a hash
mismatch, either on master, or on all pur previous relases. OpenJDK11
just got a new release mere hours ago (as of this writing), but it
hasn't yet trickled down to AdoptOpenJDK/openjdk11-binaries, so we
can't do the bump just yet...
Add a note to the OpenJDK11 case, to prepare the migration to Github
with the next version bump.
Finally, remove upstreamed patch 0001-fix-gcc-10-support.patch as it's
no longer needed.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- meld the github switch and 14->16 bump together
- drop the github switch for 11 9because hash mismatch)
- expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 8 Apr 2021 16:54:06 +0000 (18:54 +0200)]
package/coremark-pro: disable parallel build
Disable parallel build as it seems to be totally broken:
/bin/bash: line 0: cd: /home/buildroot/autobuild/instance-2/output-1/build/coremark-pro-1.1.2743/builds/linux64/gcc64/obj/bench/core: No such file or directory
/bin/sh: 1: cd: can't cd to /home/buildroot/autobuild/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/bench/fp/loops/SP
Fixes:
- http://autobuild.buildroot.org/results/
7ba5e209772af7037fc735ea174d3fc3eaf46f4b
- http://autobuild.buildroot.org/results/
32b51bb9eda7899b6cc331f10a860644bd6004fa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Mon, 26 Apr 2021 21:53:58 +0000 (23:53 +0200)]
package/monkey: bump to latest git commit
This will fix a build failure with gcc 10
- Update indentation in hash file (two spaces)
- Drop INSTALL_SYSCONFDIR, INSTALL_WEBROOTDIR and WITH_SYSTEM_MALLOC
(not available since
https://github.com/monkey/monkey/commit/
df145932e33fca0d4a1dcd9d7675f996c8e6a73b)
- Set WITHOUT_HEADERS to ON because headers are not needed and to avoid
the following build failure:
CMake Error at include/cmake_install.cmake:46 (file):
file INSTALL cannot find
"/home/fabrice/buildroot/output/build/monkey-
f54856ce250c4e25735434dc75717a4b7fbfc45b/include/mk_core.h":
No such file or directory.
Call Stack (most recent call first):
cmake_install.cmake:69 (include)
Upstream is aware than the lack of release is an issue but no comments
since 2018: https://github.com/monkey/monkey/issues/276
Fixes:
- http://autobuild.buildroot.org/results/
0b723937ca048228082d040100f6e6324ac8300b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 27 Apr 2021 06:52:01 +0000 (08:52 +0200)]
package/pipewire: needs gcc >= 5
spa (i.e. plugins which can be disabled but also tools which can't be
disabled) fails to build on gcc 4.8 since bump to version 0.3.26 in
commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9:
In file included from ../spa/include/spa/pod/builder.h:34:0,
from ../spa/include/spa/param/audio/format-utils.h:34,
from ../spa/plugins/audioconvert/test-audioadapter.c:36:
../spa/include/spa/utils/hook.h:57:50: error: initializer element is not constant
#define SPA_CALLBACKS_INIT(_funcs,_data) (struct spa_callbacks){ _funcs, _data, }
^
Fixes:
- http://autobuild.buildroot.org/results/
e7a36ec7166a287667572e5140685e6371a9f107
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adam Duskett [Tue, 4 May 2021 21:00:24 +0000 (14:00 -0700)]
testing/tests/package/test_openjdk.py: bump kernel version to 5.10.34
Kernel 4.16.7 is old enough to produce the "multiple definition of `yylloc'"
error which is fixed in newer versions.
Bump the test kernel version from 4.16.7 to 5.10.34 to prevent this error wwhen
building the test image.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Christian Stewart [Mon, 3 May 2021 03:12:50 +0000 (20:12 -0700)]
package/docker-containerd: rename package to containerd
containerd is now an independent project from Docker.
This commit renames the Buildroot package from docker-containerd to containerd,
adding a entry in Config.in.legacy accordingly.
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
https://containerd.io
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- fix alphabetical ordering in package/Config.in
- also do rename in DEVELOPERS
- squash in second patch
]
Bernd Kuhls [Tue, 4 May 2021 20:21:59 +0000 (22:21 +0200)]
package/exim: security bump version to 4.94.2
Release announcement:
https://lists.exim.org/lurker/message/
20210421.123632.
08bb711a.en.html
According to
http://www.exim.org/static/doc/security/CVE-2020-qualys/21nails.txt
this version bump fixes
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary file creation and clobbering
- CVE-2021-27216: Arbitrary file deletion
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 4 May 2021 20:09:11 +0000 (22:09 +0200)]
Config.in: put back legacy comment for BR2_ENABLE_SSP
Put back legacy comment for BR2_ENABLE_SSP which was dropped with commit
810ba387bec3c5b6904e8893fb4cb6f9d3717466
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sébastien Szymanski [Thu, 29 Apr 2021 18:51:38 +0000 (20:51 +0200)]
package/freescale-imx/imx-gpu-viv: select libdrm
Some libraries (libGL.so, vivante_dri.so, libEGL.so, libgbm_viv.so) are
linked against libdrm so select libdrm package.
Fixes: 8283e838f040 ("package/freescale-imx/imx-gpu-viv: bump to version 6.4.3.p1.2")
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Tested-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Fri, 30 Apr 2021 06:05:45 +0000 (08:05 +0200)]
package/bullet: fix build
Since bump to version 3.09 in commit
28b4947ed8f53c4edfbf8fef9304dc76480c01ca, build fails on:
[100%] Linking CXX shared library libBulletRoboticsGUI.so
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: cannot find -lBulletExampleBrowserLib
Upstream is aware of this issue and recommends to avoid changing any
options: https://github.com/bulletphysics/bullet3/issues/3143
So don't disable bullet3 and demos apps ...
Fixes:
- http://autobuild.buildroot.org/results/
1721df8b0859656f7420b0b166d1ca635e5ddc74
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the options instead of setting to ON]
Fabrice Fontaine [Sun, 2 May 2021 21:00:01 +0000 (23:00 +0200)]
package/pipewire: fix build with NLS
Fix build failure with NLS which is raised since bump to version 0.3.26
in commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9
Fixes:
- http://autobuild.buildroot.org/results/
4ed680dc91519c02db4fbfb396d75c5f74207d9b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Sun, 2 May 2021 10:50:38 +0000 (12:50 +0200)]
package/libtomcrypt: compile with -fPIC to enable linking to dynamic libraries/exectuables
Fixes:
.../x86_64-buildroot-linux-gnu/bin/ld: .../host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libtomcrypt.a(md5.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
when building a shared library that links with libtomcrypt. Our only
internal user dropbear doesn't do this, so there are no autobuilder
failures.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Vincent Stehlé [Fri, 23 Apr 2021 08:28:33 +0000 (10:28 +0200)]
configs/aarch64_efi: bump kernel version and update
- Bump kernel to version 5.11.16.
We remove the hardcoded ttyAMA0 and rely on the firmware to discover our
console. This enables serial console on systems, which do not have an Arm
pl011 UART.
We switch to GPT disklabel and discover our root filesystem using its
PARTLABEL. This enables booting from more media, such as HDD, SD card or
USB.
We update the readme, which hinted that ACPI was mandatory. This is not
strictly the case as we can also boot with a dtb and/or a U-Boot based
firmware, with no ACPI. While at it, mention EBBR, SystemReady and explain
how to build and use a U-Boot-based qemu firmware.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Erico Nunes <nunes.erico@gmail.com>
Reviewed-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Christian Stewart [Mon, 3 May 2021 02:29:55 +0000 (19:29 -0700)]
package/libfuse3: bump version to 3.10.3
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dick Olsson [Sun, 2 May 2021 08:17:32 +0000 (08:17 +0000)]
support/testing: add s6-networking tests
Test that the TAICLOCK and TCP servers are working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Dick Olsson [Sun, 2 May 2021 08:17:26 +0000 (08:17 +0000)]
support/testing: add s6-rc tests
Test that s6-rc service database compilation is working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Dick Olsson [Sun, 2 May 2021 08:17:19 +0000 (08:17 +0000)]
support/testing: add s6-portable-utils tests
Test that a few basis utilities are working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Dick Olsson [Sun, 2 May 2021 08:17:12 +0000 (08:17 +0000)]
support/testing: add s6 tests
Test that directory scanning and supervision is working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: properly indent, and use textwrap to dedent again.]
Dick Olsson [Sun, 2 May 2021 08:17:06 +0000 (08:17 +0000)]
support/testing: add execline tests
Test that the interpreter can run a basic command.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Dick Olsson [Sat, 1 May 2021 19:00:20 +0000 (19:00 +0000)]
package/{skalibs, execline, s6*, mdevd}: root prefix
The skaware packages are frequently used as the init system and service
management for machines. Therefore it is more logical to install these
packages to the root prefix.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sun, 25 Apr 2021 13:38:45 +0000 (15:38 +0200)]
package/libopenssl: fix performance issue in static build
Revert commit
8c2c959b028d44f5518d4445f864aedae3d90406 as no-dso has
been added back to openssl since version 1.1.1e and
https://github.com/openssl/openssl/commit/
8dcd57461972dceaaf014b71d173d0a8758e7054
and because gcc no-asm has performance issue
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13751
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Federico Pellegrin [Mon, 3 May 2021 08:22:52 +0000 (10:22 +0200)]
package/kexec: bump to version 2.0.22
https://www.spinics.net/lists/kexec/msg26864.html
Signed-off-by: Federico Pellegrin <fede@evolware.org>
[yann.morin.1998@free.fr: two-spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Norbert Lange [Tue, 4 May 2021 12:33:19 +0000 (14:33 +0200)]
package/kmod: create zstd option for host
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Norbert Lange [Tue, 4 May 2021 12:33:18 +0000 (14:33 +0200)]
package/kmod: support zstd compression if available
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 3 May 2021 18:22:41 +0000 (20:22 +0200)]
Config.in: enable FORTIFY_SOURCE, PIC/PIE, RELRO, SSP by default
Enhance security by enabling FORTIFY_SOURCE, PIC/PIE, RELRO and SSP by
default.
For SSP, SSP-all can have a significant impact on performance, so we do
not want to enable that unconditionally; instead we use SSP-strong if
available (since gcc-4.9), and resort to SSP-regular otherwise. People
who really, like really-really want to use SSP-all will still have to
enable it explicitly.
For FORTIFY, level 2 may change the behaviour of some glibc functions,
so may crash conforming programs, so may have adverse effects. As such,
we choose level 1 as the default, as it does not change the behaviour
of any function.
This could help making IoT more secure and fight against the assumption
that buildroot does not support binary hardening (see
https://cyber-itl.org/2019/08/26/iot-data-writeup.html)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- relax SSP to strong when available, regular otherwise
- extend commit log to explain why SSP-all is not used
- extend commit log to explain why FORTIFY level 2 is not used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 1 May 2021 19:51:26 +0000 (21:51 +0200)]
package/iostat: drop package
This package is not maintained anymore and even upstream site is dead.
As iostat can also be provided by sysstat, just drop the package.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mario Fink [Sun, 2 May 2021 19:28:51 +0000 (21:28 +0200)]
package/docker-cli: bump version to 20.10.6
Signed-off-by: Mario Fink <mario.fink@record-evolution.de>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mario Fink [Mon, 19 Apr 2021 10:47:51 +0000 (12:47 +0200)]
package/docker-engine: bump version to 20.10.6
Fixes various networking issues:
- Fix a regression in docker 20.10, causing IPv6 addresses no longer to be
bound by default when mapping ports moby/moby#42205
- Fix implicit IPv6 port-mappings not included in API response. Before
docker 20.10, published ports were accessible through both IPv4 and IPv6
by default, but the API only included information about the IPv4 (0.0.0.0)
mapping moby/moby#42205
- Fix a regression in docker 20.10, causing the docker-proxy to not be
terminated in all cases moby/moby#42205
- Fix iptables forwarding rules not being cleaned up upon container removal
moby/moby#42205
For more details, see the release notes:
https://docs.docker.com/engine/release-notes/#20106
Signed-off-by: Mario Fink <knif.oiram@gmail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 1 May 2021 16:50:37 +0000 (18:50 +0200)]
Config.in.legacy: fix BR2_PACKAGE_SCONESERVER_HTTP_SCONESITE_IMAGE
Commit
fdb6fc2b4a5be747e7695f594cbbb1a941ceb05b forgot to select
BR2_LEGACY
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dick Olsson [Tue, 27 Apr 2021 22:43:09 +0000 (22:43 +0000)]
package/mdevd: bump to version 0.1.4.0
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:43:02 +0000 (22:43 +0000)]
package/s6-linux-init: bump to version 1.0.6.3
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:55 +0000 (22:42 +0000)]
package/s6-networking: bump to version 2.4.1.1
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:49 +0000 (22:42 +0000)]
package/s6-dns: bump to version 2.3.5.1
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:42 +0000 (22:42 +0000)]
package/s6-linux-utils: bump to version 2.5.1.5
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:35 +0000 (22:42 +0000)]
package/s6-portable-utils: bump to version 2.2.3.2
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:29 +0000 (22:42 +0000)]
package/s6-rc: bump to version 0.5.2.2
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:22 +0000 (22:42 +0000)]
package/s6: bump to version 2.10.0.3
Change hash file indentation to 2 spaces.
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:42:15 +0000 (22:42 +0000)]
package/execline: bump to version 2.8.0.1
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 27 Apr 2021 22:41:52 +0000 (22:41 +0000)]
package/skalibs: bump to version 2.10.0.3
- Remove upstream patch that has been committed
- Change hash file indentation to 2 spaces
https://www.mail-archive.com/skaware@list.skarnet.org/msg01579.html
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 22:47:22 +0000 (22:47 +0000)]
package/s6-networking: support building with bearssl
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Charles Hardin [Mon, 26 Apr 2021 23:39:54 +0000 (16:39 -0700)]
package/imx-uuc: bump version and enable for i.MX8 architecture
The imx-uuc package was only selectable on 32-bit arm targets; this
patch allows aarch64 targets such as i.MX8 to select the package
and use the ufb for fastboot support against the mfgtools "uuu".
Also bumping to latest upstream commit before uuc is removed from the
standard build, from
https://github.com/NXPmicro/imx-uuc
Tested on i.MX8QXP.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Mon, 12 Apr 2021 19:55:27 +0000 (21:55 +0200)]
package/libtomcrypt: update home page URL to https
- update home page URL to https
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sat, 17 Apr 2021 10:49:19 +0000 (12:49 +0200)]
package/dmalloc: needs -fPIC
Drop first patch and pass -fPIC to configure to fix the following build
failure on ARC:
ERROR: architecture for "/usr/lib/libdmalloc.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocth.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocthcxx.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocxx.so" is "ARCompact", should be "ARCv2"
This build failure is due to the following configure error:
checking shared library link args... ./configure: line 4467: 10229 Segmentation fault ( ${LD-ld} -shared --whole-archive -soname conftest.so -o conftest.so.t conftest.a ) 2>&5
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
This configure error is due to missing -fPIC:
configure:4392: checking shared library link args
configure:4398: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-gcc -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
configure:4404: $? = 0
configure:4408: test -z
|| test ! -s conftest.err
configure:4411: $? = 0
configure:4414: test -s conftest.o
configure:4417: $? = 0
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: conftest.a(conftest.o): relocation R_ARC_32_ME against `__stack_chk_guard' can not be used when making a shared object; recompile with -fPIC
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: BFD (GNU Binutils) 2.33.50.
20191002 assertion fail elf32-arc.c:1805
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: unrecognized option '-all'
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: use the --help option for usage information
configure:4475: result: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
Fixes:
- http://autobuild.buildroot.org/results/
65677d889c27649e1f3ca1f3b6c70df7c89779f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Gleb Mazovetskiy [Tue, 13 Apr 2021 06:26:14 +0000 (07:26 +0100)]
Fix -latomic for CMake packages
The poppler package failed to build for me with errors such as this one:
host/aarch64-buildroot-linux-gnu/include/c++/10.3.0/cstdlib:75:15: fatal error: stdlib.h: No such file or directory
75 | #include_next <stdlib.h>
| ^~~~~~~~~~
Changing the CMake option to a link-specific one fixes the issue.
Also change other packages with the same issue: cutelyst, gerbera,
kf5-modemmanager-qt, kodi and wampcc.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Sat, 1 May 2021 11:02:59 +0000 (13:02 +0200)]
package/bind: security bump to version 9.11.31
Fixes the following security issues:
- A malformed incoming IXFR transfer could trigger an assertion failure in
named, causing it to quit abnormally. (CVE-2021-25214)
- named crashed when a DNAME record placed in the ANSWER section during
DNAME chasing turned out to be the final answer to a client query.
(CVE-2021-25215)
- When a server's configuration set the tkey-gssapi-keytab or
tkey-gssapi-credential option, a specially crafted GSS-TSIG query could
cause a buffer overflow in the ISC implementation of SPNEGO (a protocol
enabling negotiation of the security mechanism used for GSSAPI
authentication). This flaw could be exploited to crash named binaries
compiled for 64-bit platforms, and could enable remote code execution when
named was compiled for 32-bit platforms. (CVE-2021-25216)
For more details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Charles Hardin [Fri, 30 Apr 2021 18:09:33 +0000 (11:09 -0700)]
package/imx-seco: use the c0 revision for the imx8qxp ahab image
Update the selection of the ahab container image to use based upon
a choice in the Config.in - there are multiple ASIC revisions that
use AHAB and the firmware images need to match. This extends the
support beyond a default image for just the imx8 amd imx8x based
upon the current contents of the imx-seco firmware extraction.
Files from 3.7.4:
mx8dxla0-ahab-container.img
mx8dxla1-ahab-container.img
mx8qmb0-ahab-container.img
mx8qxb0-ahab-container.img
mx8qxc0-ahab-container.img
The original defaults prior to this patch were mx8qmb0 for IMX8
and mx8qxb0 for the IMX8X selections. However, this patch will
change the default selection of the IMX8X from the B0 option to
C0 because the IMX8X C0 HW variant is widespread and the current
release of hardware silicon. Because there are still B0's in
circulation an option is being kept for that as well.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
[yann.morin.1998@free.fr: 1 minor code style]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 12 Apr 2021 19:32:28 +0000 (21:32 +0200)]
package/sane-backends: poppler-glib needs cairo
- poppler-glib depends on cairo (see poppler-0.84.0/CMakeLists.txt):
185 else()
186 set(CAIRO_FEATURE "#undef POPPLER_HAS_CAIRO")
187 set(ENABLE_GLIB OFF)
188 endif()
Fixes:
- http://autobuild.buildroot.net/results/
9a345f82c7a010f6b2a3361f25b14caefa9dcbef
checking for POPPLER_GLIB... no
configure: error: poppler-glib requested but not found
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sat, 3 Apr 2021 12:36:13 +0000 (14:36 +0200)]
package/python-rpi-ws281w: fix build with gcc 4.8
Fix build failure with gcc 4.8 which is raised since bump to version
4.2.6 in commit
f21d46bf99e2c3a86a86586bc3e82b214104cd30
Fixes:
- http://autobuild.buildroot.org/results/
3d037922484bfc45d0f985f87b38f20c5a4ab064
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Fri, 2 Apr 2021 16:35:17 +0000 (18:35 +0200)]
package/nginx: add libxcrypt optional dependency
Fix build failure on uclibc with libxcrypt which has been added in
commit
464bbe26ff5fb9e5bfe26a26ea65c700b90598f5
Fixes:
- http://autobuild.buildroot.org/results/
79a51b0d348e756517b5c9ce815a67f5c657e7e6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 23 Mar 2021 06:50:50 +0000 (07:50 +0100)]
package/sox: fix static build with magic and bzip2
Update patch added by commit
183d583fb5f19eb11637873d73e13fe14536efa6 to
use pkg-config instead of linking with zlib to fix the following static
build failure with a bzip2-enabled libmagic:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
Fixes:
- http://autobuild.buildroot.org/results/
4c511c02e4c63b35ecf77a2658f88e8a0d9dbb4d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Yann E. MORIN [Fri, 30 Apr 2021 20:36:35 +0000 (22:36 +0200)]
package/openjdk: drop patch left over after last bump
Commit
5871e278f873 (package/openjdk{, -bin}: security bump to version
11.0.11_9) forgot to account for the openjdk patch in the versioned
directory.
That patch was a collection of backports from upstream ,that are now all
present in 11.0.11+9, so drop that patch.
Fixes: 5871e278f873
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tian Yuanhao [Fri, 30 Apr 2021 09:16:27 +0000 (17:16 +0800)]
package/e2fsprogs: add option for e2scrub
The e2scrib tool has various requirements:
- e2scrub and its associated helpers, are bash scripts
- e2scrub_all depends on coreutils' readlink; busybox readlink is
missing some options:
readlink: invalid option -- 'e'
- by design, e2scrub only works on an LVM volume
Add an option to enable e2scrub. This is probably seldom used, so it
does not warrant the usual dance about BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
and selecting the tools; we can just depend on the required tools.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- add a kconfig option like for other tools
- move the conditions to that new option
- reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Fri, 30 Apr 2021 12:29:24 +0000 (14:29 +0200)]
package/php: security bump version to 7.4.18
Changelog: https://www.php.net/ChangeLog-7.php#7.4.18
Release notes: https://www.php.net/releases/7_4_18.php
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Petr Vorel [Thu, 29 Apr 2021 19:05:56 +0000 (21:05 +0200)]
package/feh: bump version to 3.6.3
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 29 Apr 2021 20:19:52 +0000 (22:19 +0200)]
package/samba4: security bump version to 4.14.4
Fixes CVE-2021-20254:
https://www.samba.org/samba/security/CVE-2021-20254.html
Release notes: https://www.samba.org/samba/history/samba-4.14.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 29 Apr 2021 20:17:58 +0000 (22:17 +0200)]
package/fetchmail: bump version to 6.4.19
Updated license hash due to upstream typo fix:
https://sourceforge.net/p/fetchmail/git/ci/
2409d4f0baa90c6303d1e600772e500fc397a561/
Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/
37267719/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 29 Apr 2021 07:46:33 +0000 (09:46 +0200)]
boot/opensbi: allow using U-Boot as a payload
The opensbi package already allows to use Linux as a payload for
OpenSBI, but in some cases, U-Boot as payload is useful. This commit
adds a BR2_TARGET_OPENSBI_UBOOT_PAYLOAD option, modeled after the
existing BR2_TARGET_OPENSBI_LINUX_PAYLOAD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 29 Apr 2021 07:46:32 +0000 (09:46 +0200)]
boot/opensbi: add support for version configuration
OpenSBI contains platform-specific code, so very much like Linux,
U-Boot or other bootloaders, using the upstream version of OpenSBI
will very often not be sufficient.
This commit therefore adds the possibility of specifying a custom
version of OpenSBI, either custom from upstream, custom tarball, or
custom from Git. Support for other version control systems has not
been implemented for now, but could be added later if needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 28 Apr 2021 05:48:50 +0000 (07:48 +0200)]
package/kodi-pvr-nextpvr: bump version to 8.2.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.nextpvr/blob/Matrix/pvr.nextpvr/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 29 Apr 2021 08:33:01 +0000 (10:33 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 10, 11}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 21:50:17 +0000 (23:50 +0200)]
package/bullet: bump to version 3.09
See:
https://github.com/bulletphysics/bullet3/releases/tag/3.09
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 21:50:18 +0000 (23:50 +0200)]
package/clinfo: bump to version 3.0.21.02.21
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 21:50:19 +0000 (23:50 +0200)]
package/terminology: bump to version 1.9.0
See:
https://www.enlightenment.org/news/2021-01-18-terminology-1.9.0
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 21:50:20 +0000 (23:50 +0200)]
package/enet: bump to version 1.3.17
See:
https://github.com/lsalzman/enet/blob/v1.3.17/ChangeLog
Update file hash due to update license dates:
https://github.com/lsalzman/enet/commit/
5b93d08fa5e30fce3e3b1d922de6035dadd9e9af
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 21:51:32 +0000 (23:51 +0200)]
package/minetest{-game}: bump to version 5.4.1
See Changelog [1]
Update minetest-game licence file hash for:
mods/player_api/license.txt [2]
Update minetest license file hash for:
LICENSE.txt [3][4]
[1] https://dev.minetest.net/Changelog#5.3.0_.E2.86.92_5.4.0
[2] https://github.com/minetest/minetest_game/commit/
63cffc4bd1851af2acd145f09dbd462287c76068
[3] https://github.com/minetest/minetest/commit/
5066fe75830b98f592717b593099a757337c952d
[4] https://github.com/minetest/minetest/commit/
92aac69b36d37ace8d2e06721cfa5e488427dcdf
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 22:52:53 +0000 (00:52 +0200)]
package/efl: bump to version 1.25.1
See:
https://www.enlightenment.org/news/efl-1.25.1
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Wed, 28 Apr 2021 22:17:52 +0000 (00:17 +0200)]
package/solarus: bump to version 1.6.5
See:
https://www.solarus-games.org/en/news/2021-04-06-solarus-1-6-5-bugfix-release
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:46:28 +0000 (23:46 +0200)]
package/mkpimage: define extract step to allow patching
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpimage where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:46:27 +0000 (23:46 +0200)]
package/mkpaswd: define extract step to allow patching
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpasswd where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source files to the
build directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:46:26 +0000 (23:46 +0200)]
package/makedevs: define extract step to allow patching
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like makedevs where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Tue, 27 Apr 2021 18:19:32 +0000 (20:19 +0200)]
package/fmt: get rid of extra space
Commit
32c10f256bbc3dd09a72d45107682afb4448f07b
introduced extra space so let's remove that in
order to be consistent with other variables.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 27 Apr 2021 16:54:40 +0000 (18:54 +0200)]
package/moarvm: bump to version 2021.04
zstd is a new dependency (since 2021.03)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 25 Apr 2021 08:49:13 +0000 (10:49 +0200)]
package/python-typepy: bump to version 1.1.5
- python-dateutil and python-pytz are optional since version 0.0.20 and
https://github.com/thombashi/typepy/commit/
a54dc97598d9d69e5f6092cf918d7889b9a31f61
- python 2 and python-six dependency have been dropped in version 1.0.0 and
https://github.com/thombashi/typepy/commit/
764812d01d831d149b19a871a695ae3a9e39485b
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gary Bisson [Tue, 27 Apr 2021 09:49:20 +0000 (11:49 +0200)]
board/boundarydevices: update readme.txt for nitrogen8mp
Add mention about nitrogen8mp_defconfig which is meant for our
Nitrogen8MPlus SOM device.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Apr 2021 12:59:02 +0000 (14:59 +0200)]
package/openjdk{, -bin}: security bump to version 11.0.11_9
Fixes the following security issues:
CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792,
CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803,
CVE-2021-2161, CVE-2021-2163
For details. see the advisories:
https://openjdk.java.net/groups/vulnerability/advisories/2020-10-20
https://openjdk.java.net/groups/vulnerability/advisories/2021-01-19
https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Tue, 27 Apr 2021 19:45:44 +0000 (21:45 +0200)]
support/download/hg: fix broken method
Commit
54d3d94b6e3846447b5796ef8587b08b537cd348 broke the 'hg' download
method, in a similar way as it broke the 'git' download method (later fixed
with commit
b70ce5665126246bd6b6bf804c6d9eea1fc599cf), by introducing extra
output on stdout in a case where the output is redirected.
In the case of 'hg', the 'hg archive' step uses shell redirection rather
than directly letting hg write the output file, since commit
76b51f90c0e393349dd0c71d7e6cf82fbc094282.
As a result, the extra print added by the _hg function is prepended to the
actual archive, causing an invalid archive.
Fix by using the _plain_hg function instead. The disadvantage is that the
command for 'hg archive' is no longer printed.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 27 Apr 2021 05:54:02 +0000 (07:54 +0200)]
package/lxc: bump to version 4.0.6
"The LXC 4.0 branch is supported until June 2025. Only bugfixes and
securitiy issues get included into the stable bugfix releases, so it's
always safe and recommended to keep up and run the latest bugfix
release."
https://discuss.linuxcontainers.org/t/lxc-4-0-6-lts-has-been-released/9926
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 26 Apr 2021 22:08:15 +0000 (00:08 +0200)]
package/uftrace: add missing dependency to comment
Commit
f06d79255fbf0607200f1cc50a5dd87839295be3 forgot to add
BR2_PACKAGE_UFTRACE_ARCH_SUPPORTS dependency to threads comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:55:53 +0000 (23:55 +0200)]
package/wpa_supplicant: add upstream patch to fix CVE-2021-30004
Fixes the following security issue for the internal TLS backend:
- CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may
occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c
and tls/x509v3.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:55:52 +0000 (23:55 +0200)]
package/hostapd: add upstream patch to fix CVE-2021-30004
Fixes the following security issue for the internal TLS backend:
- CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may
occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c
and tls/x509v3.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 26 Apr 2021 21:25:45 +0000 (23:25 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 10, 11}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 26 Apr 2021 20:15:19 +0000 (22:15 +0200)]
package/postgis: add missing || in Config.in
This was forgotten in commit
72eba37e520ede9277a7a84cde82be992eb5639d.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 21 Mar 2021 11:47:12 +0000 (12:47 +0100)]
package/sconeserver: disable image
Build of http::sconesite::image module was silently broken until commit
d3b818c3cf0990117a8b59fcfc6c212f310ae6ec
However, sconeserver fails to build with ImageMagick because:
- it checks for ImageMagick++.pc instead of ImageMagick.pc
- it uses the transform function which has been removed from the public
API since version 7.0.1-0 and
https://github.com/ImageMagick/ImageMagick/commit/
06f590165f0505d42005264893fe14a9e8a79986
As sconeserver does not seem to be maintained anymore, drop
BR2_PACKAGE_SCONESERVER_HTTP_SCONESITE_IMAGE.
Fixes:
- http://autobuild.buildroot.org/results/
895ab582d1140f7677fc1c6934fa2e0c47c49f20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: add legacy symbol. It costs us exactly nothing, and if someone
actually had that selected, they know what's going on.]
Giulio Benetti [Wed, 17 Mar 2021 17:00:32 +0000 (18:00 +0100)]
package/libcamera: disable package affected by binutils bug 27597
This package is affected by binutils bug 27597 and no work around has
been found, so let's disable it if
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597=y.
Fixes:
http://autobuild.buildroot.net/results/8ac/
8ac599392f773eecff4773393ef0d0232a22f372/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Giulio Benetti [Wed, 17 Mar 2021 16:43:46 +0000 (17:43 +0100)]
package/kf5-kcoreaddons: disable package affected by binutils bug 27597
This package is affected by binutils bug 27597 and no work around has
been found, so let's disable it if
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597=y.
Fixes:
http://autobuild.buildroot.net/results/0c1/
0c1e7e094b0990970f28cda2be0e3fe7d82ce6a2/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>