git.libre-soc.org Git - buildroot.git/log

package/pixz: bump version to v1.0.7

- Update the hash accordingly.
- Remove a patch, as its fix is in this new version of pixz.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-backports: bump version to 5.8

Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:

Generating local configuration database from kernel ...Kernel version parse failed!

Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.

Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.

License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76

Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Merge branch 'master' into next

* master: (125 commits)
  package/jpeg-turbo: security bump to version 2.0.5
  package/modem-manager: bump to version 1.14.8
  package/c-ares: security bump to version 1.17.0
  docs/website: update for 2020.02.8
  Update for 2020.02.8
  docs/website: update for 2020.08.2
  Update for 2020.08.2
  package/qemu: fix build with 64 bits time_t
  package/harfbuzz: fix build without threads
  boot/uboot: fix custom repo error message
  package/numactl: needs -fPIC
  package/dovecot-pigeonhole: fix build with per-package directories
  package/libpam-tacplus: remove duplicate LIBPAM_TACPLUS_AUTORECONF
  package/openntpd: needs host-bison
  package/xorriso: fix host option
  DEVELOPERS: drop Trent Piepho
  package/postgresql: security bump to version 12.5
  package/redis: security bump to version 6.0.9
  Revert "package/linux-backports: bump version to 5.8"
  package/linux-backports: bump version to 5.8
  ...

package/jpeg-turbo: security bump to version 2.0.5

Fixes the following security issue:

- CVE-2020-13790: ibjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based
buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input
file

For more details, see the release notes:
https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
[Peter: mark as security bump / extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/radvd: bump to version 2.19

Drop patch (already in version) and so autoreconf

http://www.litech.org/radvd/CHANGES.txt:w

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{protobuf, python-protobuf}: bump to version 3.14.0

python-protobuf: drop patch 0001 as it is applied upstream

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mbuffer: bump to version 20200929

Signed-off-by: Mircea GLIGA <mgliga@bitdefender.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/modem-manager: bump to version 1.14.8

There should be no longer any need for the ac_cv_prog_XSLTPROC_CHECK
hack, this release already removes xsltproc from being a build
dependency when building from dist tarballs.

https://lists.freedesktop.org/archives/modemmanager-devel/2020-November/008279.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/spdlog: bump to version 1.8.1

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{libuv, uvw}: bump to versions 1.40.0, 2.8.0_libuv_v1.40

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bctoolbox: drop GIT_EXECUTABLE

GIT_EXECUTABLE is not needed since version 4.3.0 and
https://github.com/BelledonneCommunications/bctoolbox/commit/a92ea8672fc0a736c9018de31588aeeeef4a4157
https://github.com/BelledonneCommunications/bctoolbox/commit/6c2e02ffb16f999e270c5de29bbf4dd13b9e986d

CMake Warning:
  Manually-specified variables were not used by the project:

    BUILD_DOC
    BUILD_DOCS
    BUILD_EXAMPLE
    BUILD_EXAMPLES
    BUILD_TEST
    BUILD_TESTING
    BUILD_TESTS
    GIT_EXECUTABLE

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/c-ares: security bump to version 1.17.0

- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access
- ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in

https://c-ares.haxx.se/changelog.html#1_17_0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2020.02.8

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.02.8

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a4832641bcab4e3487a986ac31110fb2c006b2c0)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2020.08.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.08.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a90d87d331aa440cd024c7269a0673d94792896)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qemu: fix build with 64 bits time_t

Fix build of qemu 5.0.0 and above with 64 bites time_t

Fixes:
- http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/harfbuzz: fix build without threads

Fixes:
- http://autobuild.buildroot.org/results/70c98e89b1d5e5b651d1f6928dc53f465103f57a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

boot/uboot: fix custom repo error message

When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.

Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/numactl: needs -fPIC

This will avoid the following build failure with qemu 5.0.0 and above:

/srv/storage/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-2/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/../lib64/libnuma.a(libnuma.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIC

Fixes:
- http://autobuild.buildroot.org/results/616dff216a215dc0494c846d337e03e0795b2fb2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dovecot-pigeonhole: fix build with per-package directories

Fix wrong path in usr/lib/dovecot-config which was copied from the
dovecot staging dir.

Fixes:
http://autobuild.buildroot.net/results/5fb/5fb1cd57bc3fdf4f75019c7b25d65ef887eea539/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/samba4: bump version to 4.11.16

Release notes: https://www.samba.org/samba/history/samba-4.11.16.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libpam-tacplus: remove duplicate LIBPAM_TACPLUS_AUTORECONF

The commit [1] added a second LIBPAM_TACPLUS_AUTORECONF
because we are now patching configure.ac.
But LIBPAM_TACPLUS_AUTORECONF was already used because the
package is fetched from github.

[1] bd85d82f61af0578a64e74e1cfb56c3c1bf46fe1

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/849509860

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openntpd: needs host-bison

Build fails when no yacc alternative is installed.

Fixes:
http://autobuild.buildroot.net/results/1ba8e339cbb5646663d0bf4e158d89e54433b242/
http://autobuild.buildroot.net/results/a00a53d6635c64e72c50d4841658155de5380110/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/xorriso: fix host option

--disable-bzip2 is not a recognized option so replace it by
--disable-libbz2 to match the target logic.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: drop Trent Piepho

We change Trent's e-mail address in commit
1c20802d4b5de5836b2ab6000a4c5e273711a8aa, but it turns out the new one
also doesn't work:

<trent.piepho@synapse.com>: host
    synapse-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.4.1
    Recipient address rejected: Access denied. AS(201806281)
    [DM6NAM11FT063.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO
    command)

So let's drop Trent entirely, which orphans the libp11 package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/postgresql: security bump to version 12.5

Fix the following CVEs:
- CVE-2020-25695: Multiple features escape "security restricted
  operation" sandbox
- CVE-2020-25694: Reconnection can downgrade connection security
  settings
- CVE-2020-25696: psql's \gset allows overwriting specially treated
  variables

https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/redis: security bump to version 6.0.9

This release fixes a potential heap overflow when using a heap allocator
other than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963

https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "package/linux-backports: bump version to 5.8"

This reverts commit d2159da6a034b8287984f738974f9f8738bac1e6.
which should not have been applied to master, but to next...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-backports: bump version to 5.8

Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:

Generating local configuration database from kernel ...Kernel version parse failed!

Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.

Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.

License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76

Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Update for 2020.11-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rauc: disable systemd for host build

Since there is not necessary to have support of systemd within the host
variant let's disable it unconditionally to solve the following errors:

/usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system'
/usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied
/usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no'
make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1
make[4]: *** Waiting for unfinished jobs....

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain/toolchain-external/toolchain-external-arm-arm: add dependency on NEON

While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we
found out that a system generated with the ARM toolchain from Arm
didn't boot. It turns out that this ARM toolchain is built with:

--with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb

So, it uses NEON as its FPU, which means it can only work on CPU cores
that have NEON support. This commit adds the appropriate dependency to
the toolchain-external-arm-arm package, and adjusts the Config.in help
text accordingly.

While at it, it also drops the part of the Config.in help text that
says the code is tuned for Cortex-A9, as it is not the case: it was
the case for the Linaro toolchain (built with --with-tune=cortex-a9),
but not for the ARM toolchain, for which no specific --with-tune is
passed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tcpdump: fix CVE-2020-8037

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
large amount of memory.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libpam-tacplus: disable -Werror

Fixes:
- http://autobuild.buildroot.org/results/5c17226f12eba104d907693ec37fc101cc6d447f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mp4v2: fix build with gcc 10

Fixes:
- http://autobuild.buildroot.org/results/4655626f1827245648a566a7223f247a130714c5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptsetup: really break circular dependency

The commit [1] should fix a circular dependency by
using util-linux-libs instead of util-linux if
BR2_PACKAGE_UTIL_LINUX_LIBS is set.

But util-linux is still in CRYPTSETUP_DEPENDENCIES.
Remove it to really break the circular dependency.

[1] e3c86f5c9e466ed5135e824d6dcebcfd7f5ac1ab

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-backports: fix kernel version check

The commit 05fea6e4a60a38a797d9bacbf318a2cd7dbd435f "infra/pkg-kconfig:
do not rely on package's .config as a timestamp" broke the kernel
version check of this linux-backports package (it was no longer
executed). Since linux-4.19, the kernel's build system internally
touches its .config file, so it can no longer be used as a stamp file.
The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of
pkg-kconfig infra need to be used instead.

This commit fixes the kernel version check.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/luajit: drop static build handling

Static build of luajit is disabled since commit b2e8f28efac
("package/luajit: disable for static build"). Remove the related
BUILDMODE handling as well.

Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/quota: bump to version 4.06

- Drop patch (already in version) and so autoreconf
- Update hash of COPYING (mailing address updated:
https://sourceforge.net/p/linuxquota/code/ci/b6bb53e1124e6b813fe4de5682b9d9a9f8a1fba8)
- Update indentation in hash file (two spaces)

https://sourceforge.net/p/linuxquota/code/ci/v4.06/tree/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-thrift: bump to version 0.13.0

Updated through scanpypi

https://github.com/apache/thrift/blob/v0.13.0/CHANGES.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-yatl: bump to version 20200711.1

https://github.com/web2py/yatl/compare/v20200430.1...master

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sshfs: bump to version 3.7.1

Drop patch (already in version)

https://github.com/libfuse/sshfs/blob/sshfs-3.7.1/ChangeLog.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain/toolchain-buildroot: only riscv64 is supported by uClibc-ng

The commit [1] enabled riscv32 and riscv64 for uClibc-ng
internal toolchain backend but only riscv64 is curently
supported by uClibc-ng.

The initial patch [2] from Mark Corbin is only about riscv64.

Remove riscv32 from uClibc-ng supported architecture list.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981656

[1] 209a082478fca143394512bb9a6c0822f12cfe2c
[2] bd9810e176273914eca1208bcba23f0de9e446b3

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perf: if zstd is enabled, depend on it

Enables the "-z" flag.

Signed-off-by: Václav Kubernát <sir.venceslas@gmail.com>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perf: if audit is enabled, depend on it

Enables the `perf trace` command.

Signed-off-by: Václav Kubernát <sir.venceslas@gmail.com>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/suricata: link with libatomic if needed

Fix build of suricata 6.0.0 with mips32r6

app-layer-ftp.o: In function `FTPCheckMemcap':
app-layer-ftp.c:(.text+0x284): undefined reference to `__atomic_load_8'
app-layer-ftp.c:(.text+0x2d8): undefined reference to `__atomic_fetch_add_8'

Fixes:
- http://autobuild.buildroot.org/results/f574005204905250702df32b61c85d427ab4feda

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rauc: prevent occurring the error when directory exists

Add -p argument that ignore that specified directory already exists.

Fixes:
mkdir: cannot create directory ‘/home/bartekk/buildroot-2020.11-rc1/output/target/usr/lib/systemd/system/rauc.service.d’: File exists

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/go: security bump to 1.15.5

Fixes the following security issues:

- math/big: panic during recursive division of very large numbers

  A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod,
  ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted
  large inputs.  For the panic to happen, the divisor or modulo argument
  must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on
  64-bit architectures).  Multiple math/big.Rat methods are similarly affected.

  crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may
  panic when provided crafted public keys and signatures.  crypto/ecdsa and
  crypto/elliptic operations may only be affected if custom CurveParams with
  unusually large field sizes (several times larger than the largest
  supported curve, P-521) are in use.  Using crypto/x509.Verify on a crafted
  X.509 certificate chain can lead to a panic, even if the certificates
  don’t chain to a trusted root.  The chain can be delivered via a
  crypto/tls connection to a client, or to a server that accepts and
  verifies client certificates.  net/http clients can be made to crash by an
  HTTPS server, while net/http servers that accept client certificates will
  recover the panic and are unaffected.

  Moreover, an application might crash invoking
  crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
  request or during a golang.org/x/crypto/otr conversation.  Parsing a
  golang.org/x/crypto/openpgp Entity or verifying a signature may crash.
  Finally, a golang.org/x/crypto/ssh client can panic due to a malformed
  host key, while a server could panic if either PublicKeyCallback accepts a
  malformed public key, or if IsUserAuthority accepts a certificate with a
  malformed public key.

  Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting
  this.  Thanks to Rémy Oudompheng and Robert Griesemer for their help
  developing and validating the fix.

  This issue is CVE-2020-28362 and Go issue golang.org/issue/42552.

- cmd/go: arbitrary code execution at build time through cgo

  The go command may execute arbitrary code at build time when cgo is in
  use.  This may occur when running go get on a malicious package, or any
  other command that builds untrusted code.

  This can be caused by malicious gcc flags specified via a #cgo directive,
  or by a malicious symbol name in a linked object file.

  Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for
  reporting these issues.

  These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues
  golang.org/issue/42556 and golang.org/issue/42559 respectively.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard-linux-compat: bump version to 1.0.20201112

Fixes a build issue with linux 5.4.76+. For details, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-November/005997.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series

Including the fix for CVE-2020-8694:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tor: security bump version to 0.4.4.6

Release notes: https://blog.torproject.org/node/1952

Fixes TROVE-2020-005.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/rock64_defconfig: remove defconfig

The rock64 defconfig is currently broken [1][2] since a while due to
incompatibility between uboot-2017.09-rockchip-ayufan fork and pylibfdt.
Even with the latest uboot-2017.09-rockchip-ayufan fork version [3],
it doesn't build.

The original submitter tried the uboot upstream rock64-rk3328_defconfig
but the board doesn't boot [4].

In order to not release 2020.05 with a broken defconfig, let's remove
it. It can be re-added later once the uboot issue has been resolved.

[1] 2020.05-rc2: https://gitlab.com/buildroot.org/buildroot/-/jobs/563613273
[2] 2020.02: https://gitlab.com/buildroot.org/buildroot/-/jobs/548596102
[3] https://github.com/ayufan-rock64/linux-u-boot/releases/tag/2017.09-rockchip-ayufan-1065-g95f6152134
[4] http://lists.busybox.net/pipermail/buildroot/2020-May/282164.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-lmdb: bump to version 0.99

This version fix the runtime issue with python 3.9 since _Py_ForgetReference()
was removed from the limited C API [1].

$ python sample_python_crossbar.py
/usr/bin/python3.9: symbol '_Py_ForgetReference': can't resolve symbol

python-lmbd 0.99 contain a refactoring removing _Py_ForgetReference()
from the code.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979

[1] https://docs.python.org/3/whatsnew/3.9.html#id3
[2] https://github.com/jnwatson/py-lmdb/commit/22a3724bdcda62853e8a250094f512eb20abe01f

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python3: uClibc-ng doesn't set errno when encryption method is not available

Since commit [1] in cpython, an exception is raised when an encryption method
is not available. This eception is handled only if errno is set to EINVAL by
crypt() but uClibc-ng doesn't set errno in crypt() [2].

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979

[1] https://github.com/python/cpython/commit/0d3fe8ae4961bf551e7d5e42559e2ede1a08fd7c
[2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libcrypt/crypt.c?h=v1.0.36#n29

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wpewebkit: fix compile without video support

Fixes:

  - https://bugs.busybox.net/show_bug.cgi?id=13306

      .../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’?
                   page->settings().setGenericCueAPIEnabled(enabled);
                                    ^~~~~~~~~~~~~~~~~~~~~~~
                                    setBeaconAPIEnabled

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-backports: use flex and bison to generate kconfig parser

Upstream backports package does not define the LEX/YACC Makefile
variables, contrary to the Kernel which is defining those in [1]. The
default "lex" and "yacc" are then used. On some systems, "yacc" is
Berkeley Yacc. Kconfig parser files are using non-Posix Bison
constructs.

Attempting to generate the parser with byacc fails with error:

    yacc: e - line 97 of "zconf.y", syntax error
    %destructor {
    ^

This patch defines the LEX and YACC Makefile variable to use flex and
bison, to fix this issue. The host-bison and host-flex dependencies are
added only if the host does not have them, following the same logic of
the Kernel.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434

Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/busybox: Fix hwclock for glibc 2.31+

Pick the below patch from upstream, in order to fix
'settimeofday: Invalid argument' introduced by using glibc v2.31+.
(busybox hasn't tagged a new version since).

See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info.

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/asterisk: security bump to version 16.14.1

Fixes the following security issues:

- AST-2020-001: Remote crash in res_pjsip_session
  Upon receiving a new SIP Invite, Asterisk did not return the created
  dialog locked or referenced.

- AST-2020-002: Outbound INVITE loop on challenge with different nonce
  If Asterisk is challenged on an outbound INVITE and the nonce is changed
  in each response, Asterisk will continually send INVITEs in a loop.  This
  causes Asterisk to consume more and more memory since the transaction will
  never terminate (even if the call is hung up), ultimately leading to a
  restart or shutdown of Asterisk.  Outbound authentication must be
  configured on the endpoint for this to occur.

For details, see the announcement:
https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/apparmor: fix permission bits for apparmor.service

Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
  Configuration file ../target/usr/lib/systemd/system/apparmor.service
  is marked executable. Please remove executable permission bits.
  Proceeding anyway.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/waf: add license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/fbset: add license file

Use fbset.c as the license file and, while at it, also update
indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bandwidthd: add license file

Use README as the license file until upstream provides one:
https://github.com/nroach44/bandwidthd/issues/2

While at it, also update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/argp-standalone: add license file

Use argp.h as the license file and, while at it, update indentation in
hash file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tmux: add upstream security fix for CVE-2020-27347

Fixes CVE-2020-27347: The function input_csi_dispatch_sgr_colon() in file
input.c contained a stack-based buffer-overflow that can be exploited by
terminal output.

For details, see:
https://www.openwall.com/lists/oss-security/2020/11/05/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcap: fix regression for static linking issue

9c13e02c35c74eca56e69f2bbfde452b51860f5e already fixed the static linking
issue for host-libcap on some distros (e.g. on Fedora32 and openSUSE).

This regression was introduced by 8d38eb052e7006b6e74e9453351d7f245144481e.

An upstream patch [1] is added to address this problem [2].

Fixes:
Bug 13296

[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=9b1c003748d4df78416d50fce139f0875224440b
[2] https://bugzilla.kernel.org/show_bug.cgi?id=210135

Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Ian Ormshaw <ian_ormshaw@waters.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-firmware: Add new option for Qualcomm/Atheros 10k (QCA9377)

Initial Atheros ath10k QCA9377 support was introduced in Kernel v4.4
[1]. More recently, in v5.7 [2], the SDIO support was also added. This
patch adds a new option to install firmware files for this device.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a226b519d43a2a6b37267fea051aacb4a79c9614
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6e51b0e4913ca2c93059f73ca477ca30ea95b6a0

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

docs/manual: add some minimal documentation about show-info and pkg-stats

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Makefile: add pkg-stats target

Now that pkg-stats is not just a maintainer-oriented tool, but a tool
generally useful to users, introduce a make target to run
pkg-stats. Of course, it is run with the newly introduced -c option,
which produces a pkg-stats output for just the selection of packages
of the currently defined configuration.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/cve-checker: remove script

Now that pkg-stats is able to generate its output based on the list of
packages enabled in the current configuration, cve-checker doesn't
serve any purpose.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/pkg-stats: support generating stats based on configured packages

pkg-stats was initially a Buildroot maintenance oriented tool: it was
designed to examine all Buildroot packages and provide
statistics/details about them.

However, it turns out that a number of details provided by pkg-stats,
especially CVEs, are relevant also for Buildroot users, who would like
to check regularly if their specific Buildroot configuration is
affected by CVEs or not, and possibly check if all packages have
license information, license files, etc.

The cve-checker script was recently introduced to provide an output
relatively similar to pkg-stats, but focused on CVEs only.

But in fact, its main difference is on the set of packages that we
consider: pkg-stats considers all packages, while cve-checker uses
"make show-info" to only consider packages enabled in the current
configuration.

So, this commit introduces a -c option to pkg-stats, to tell pkg-stats
to generate its output based on the list of configured packages. -c is
mutually exclusive with the -p option (explicit list of packages) and
-n option (a number of packages, picked randomly).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/pkg-stats: allow to run script outside of the top-level directory

Currently, pkg-stats expects being executed from Buildroot's top-level
source directory. As we are going to extend pkg-stats to cover only
the packages available in the current configuration, it makes sense to
be able to run it from the output directory, which can be anywhere
compared to Buildroot's top-level directory.

This commit adjusts pkg-stats to this, by inferring all Buildroot
paths based on the location of the pkg-stats script itself.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mesa3d: Add xcb-fixes to loader when using x11 and dri3

"loader_dr3_helper.c uses xcb_xfixes_create_region() that requires dep_xcb_xfixes to link.
This is dependent on with_platform_x11 and with_dri3.
But the source meson file does not set this up dependent on with_dri3."

i686-buildroot-linux-gnu/bin/ld: src/loader/libloader_dri3_helper.a(loader_dri3_helper.c.o): in function `loader_dri3_swap_buffers_msc':
loader_dri3_helper.c:(.text.loader_dri3_swap_buffers_msc+0x33e): undefined reference to `xcb_xfixes_create_region'

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981830

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnetfilter_conntrack: add libmnl to Libs.Private

This will fix a static build failure with dnsmasq on latest
libnetfilter_conntrack

Fixes:
- http://autobuild.buildroot.org/results/3fdc2cba20162eb86eaa5c49a056fb40fb18a392

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Baruch Siach <baruch@tkos.co.il>
[Peter: adjust upstream status as pointed out by Baruch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing/tests/init/test_systemd: update to BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE

The commit [1] moved systemd-journal-gatewayd into systemd-journal-remote
option. Update to BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE in the testsuite
when BR2_PACKAGE_SYSTEMD_JOURNAL_GATEWAY is used.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981805
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981811

[1] e46fe9a6f2b7cef9789f5172332067cac5ff03bd

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/slirp: add libglib2 mandatory dependency

slirp depends on libglib2, don't update xen as it already depends on it

Fixes:
- http://autobuild.buildroot.org/results/0b9cff1bc650876a6fff6102b2cb31dcdf4c5e8f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/slirp: switch official tarball

Other "official" tarballs don't ship .tarball-version resulting in a build
failure: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/24

Fixes:
- http://autobuild.buildroot.org/results/0b9cff1bc650876a6fff6102b2cb31dcdf4c5e8f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/s390-tools: fix zkey build

Linking of libekmfweb fails when zkey-ekmfweb.so build is enabled.

Fixes:
- http://autobuild.buildroot.net/results/d41bca3be35d1a48f962be03920f2b81c3e9bb9f

Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing: update to the new text representation of capabilities

Since libcap 2.41, the text representation of capabilities now use
the '=' instead of '+' [1].

This break our capabilities tests since we still use the old
representation.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/commit/?id=177cd418031b1acfcf73fe3b1af9f3279828681c

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981737

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing/test_hardening: add missing Kconfig symbol

BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y is needed to use the
custom external toolchain x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2

Otherwise the symbol BR2_TOOLCHAIN_EXTERNAL_URL is lost.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981738
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981739
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981740
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981741
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981742
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981743

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/systemd: fix update-done service for read-only filesystem

Backport an upstream patch to fix a regresion introduced in
246.5 by [1].

[1] https://github.com/systemd/systemd-stable/commit/8019995e9af9c6d7b5985198cedccd24eda3e26e

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981805

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/guile: disable jit for host and target gcc < 5

jit also raises build failures with host gcc 4.9.2 and x86_64 so disable
it if host gcc < 5 and update workaround added by commit
d8dad069c861468b17397f01875b95e7375891d7 to apply it for all
architectures and not only ARM

Fixes:
- http://autobuild.buildroot.org/results/c2c/c2c31ff5c206bd3791d64d953dc1574546644b05

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bitcoin: set BITCOIN_GENBUILD_NO_GIT

Set BITCOIN_GENBUILD_NO_GIT to not include (Buildroot) git version info in
build, which is available since version 0.15.0 and
https://github.com/bitcoin/bitcoin/commit/e98e3dde6a976a2c8f266ee963d6931fd4b37262

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/s390-tools: fix license

Fix license file name in hash file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing/test_syslinux: add missing Kconfig symbol

BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y is needed to use the
custom external toolchain x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2

Otherwise the symbol BR2_TOOLCHAIN_EXTERNAL_URL is lost.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981734
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981733

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wpewebkit: add optional systemd dependency

WPE WebKit 2.30.0 added an USE_SYSTEMD buil option, which needs to
be set to avoid CMake from trying to use systemd unconditionally.

Based on a similar patch for package/webkitgtk by Peter Seiderer.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cups-filters: fix daemon path for cups service

Fix a typo in service location, the right location is indeed /usr/sbin.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/webkitgtk: add optional systemd dependency

- systemd support/USE_SYSTEMD option was added since 2.30.0,
  so add an optional dependency

Fixes:

  -- Could NOT find Systemd (missing: Systemd_LIBRARY Systemd_INCLUDE_DIR)
  CMake Error at Source/cmake/OptionsGTK.cmake:425 (message):
    libsystemd is needed for USE_SYSTEMD

Reported-by: C Larbi <pkl2000us@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/webkitgtk: fix opengl configure option

- option was renamed from ENABLE_OPENGL to ENABLE_GRAPHICS_CONTEXT_GL
since 2.30.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/qemu_arm_vexpress_defconfig: increase SD card image size to 64MiB

Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).

qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed

From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."

The qemu_arm_vexpress_tz_defconfig doesn't trigger such issue since
it doesn't use the same filesystem support (i.e doesn't use
-drive file=output/images/rootfs.ext2,if=sd,format=raw).

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935

[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "configs/qemu_arm_versatile_defconfig: increase SD card image size to 64MiB"

qemu_arm_versatile doesn't use SD card interface but SCSI, so there is no
need to increase the image size.
The change was for qemu_arm_vexpress_defconfig instead (notice the
name of the defconfig used in gitlab).

This reverts commit cb62a8e0a2b88b6c1b3ffe74e9eb370bf686fa62.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pillow: bump to version 8.0.1

Bumping the package requires two fixes:
* pillow looks for header files in paths returned by pkg-config.
  On buildroot, pkg-config returns nothing if PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
  is disabled.
* png is the default pillow image format and png format is working only
  if python zlib module is available.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/xen: add slirp dependency for tools

Build of xen tools fails if slirp is built before xen because xen is not
compatible with spice slirp which does not provide libslirp.h:

/home/buildroot/autobuild/instance-2/output-1/build/xen-4.13.0/tools/qemu-xen/net/slirp.c:40:10: fatal error: libslirp.h: No such file or directory
#include <libslirp.h>
^~~~~~~~~~~~

Indeed, xen prefers a system-provided slirp over its internal one

So add slirp as a mandatory dependency (now that we switched to the up
to date https://gitlab.freedesktop.org/slirp/libslirp)

This build failure is raised since, at least, version 4.13.0

Fixes:
- http://autobuild.buildroot.org/results/b80b33ed558518f7bbb0a3c8586bf2d0b8acc36f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/slirp: security bump to version 4.3.1

- Use an up to date fork (spice slirp is archived and has not been
  updated since 2012)
- Add COPYRIGHT as the license file
- BSD-4-Clause has been replaced by BSD-3-Clause since
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3bac39137a652b24b89d5b9e2a39600619fbe1d3
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f9f6e69c4e1d9a43af30bfe791b31789ffa04954
- Add hash file
- Switch to meson-package
- Fix multiple security vulnerabilities: CVE-2014-3640, CVE-2017-11434,
  CVE-2019-6778, CVE-2019-9824, CVE-2019-14378 and CVE-2020-10756

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/domoticz: fix build with python 3.9

Fixes:
- http://autobuild.buildroot.org/results/994c95b2e3635c30e4a575fcf707eaa57b89e198

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gstreamer1/gst1-plugins-bad: explicitly enable _GNU_SOURCE for festival/glibc 2.18

festival fails to built with glibc 2.18 due to fopen and the h_addr field in
struct hostent:

../gst/festival/gstfestival.c: In function 'gst_festival_chain':
../gst/festival/gstfestival.c:273:3: warning: implicit declaration of function 'fdopen' [-Wimplicit-function-declaration]
   fd = fdopen (f, "wb");
   ^
../gst/festival/gstfestival.c:273:6: warning: assignment makes pointer from integer without a cast [enabled by default]
   fd = fdopen (f, "wb");
      ^
../gst/festival/gstfestival.c: In function 'festival_socket_open':
../gst/festival/gstfestival.c:367:45: error: 'struct hostent' has no member named 'h_addr'
     memmove (&serv_addr.sin_addr, serverhost->h_addr, serverhost->h_length);
                                             ^

Both of which are hidden behind _GNU_SOURCE in glibc 2.18, so enable that to
fix this build issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gstreamer1/gst1-plugins-bad: explicitly enable C99 for dvbsubenc/gcc 4.8

dvbsubenc fails to build with gcc 4.8 due to restrict keyword and for
loop declarations:

../gst/dvbsubenc/libimagequant/blur.c:10:46: error: expected ';', ',' or ')' before 'src'
transposing_1d_blur (unsigned char *restrict src, unsigned char *restrict dst,
                                              ^
../gst/dvbsubenc/libimagequant/blur.c: In function 'liq_min3':
../gst/dvbsubenc/libimagequant/blur.c:101:5: error: 'for' loop initial declarations are only allowed in C99 mode
     for (unsigned int i = 0; i < width - 1; i++) {
     ^
../gst/dvbsubenc/libimagequant/blur.c:101:5: note: use option -std=c99 or -std=gnu99 to compile your code

Fixes:
- http://autobuild.buildroot.org/results/183e876d63340b5c204f47a4653cbfebb0523277

Both of which are C99 features, so explicitly enable C99 support to fix
that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump CIP RT kernel to version 4.19.152-cip37-rt16

This patch bumps Linux CIP RT to version 4.19.152-cip37-rt16

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump CIP kernel to version 4.19.152-cip37

This patch bumps Linux CIP to version 4.19.152-cip37

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 8, 9}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>