buildroot.git
5 years agopackage/alsa-lib: bump to version 1.2.1.1
Pierre-Jean Texier [Fri, 29 Nov 2019 13:51:44 +0000 (14:51 +0100)]
package/alsa-lib: bump to version 1.2.1.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/alsa-utils: bump to version 1.2.1
Pierre-Jean Texier [Fri, 29 Nov 2019 13:51:15 +0000 (14:51 +0100)]
package/alsa-utils: bump to version 1.2.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoconfigs/nanopi_neo: update kernel to 5.3 and u-boot to 2019.10
Viktar Palstsiuk [Wed, 27 Nov 2019 11:12:56 +0000 (14:12 +0300)]
configs/nanopi_neo: update kernel to 5.3 and u-boot to 2019.10

Signed-off-by: Viktar Palstsiuk <viktar.palstsiuk@promwad.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoconfigs/nanopi_neo: remove custom post-build/post-image script
Viktar Palstsiuk [Wed, 27 Nov 2019 06:36:46 +0000 (09:36 +0300)]
configs/nanopi_neo: remove custom post-build/post-image script

Instead use the generic infrastructure for u-boot scripts and genimage.

Signed-off-by: Viktar Palstsiuk <viktar.palstsiuk@promwad.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/cmocka: fix build on riscv64
Fabrice Fontaine [Tue, 19 Nov 2019 18:02:59 +0000 (19:02 +0100)]
package/cmocka: fix build on riscv64

Fixes:
 - http://autobuild.buildroot.org/results/30922c18150ea62aefe123d1b7cd1444efab963f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/nss-mdns: disable tests
Fabrice Fontaine [Mon, 2 Dec 2019 20:20:06 +0000 (21:20 +0100)]
package/nss-mdns: disable tests

Disable tests that depend on check and have been added in version 0.11
with
https://github.com/lathiat/nss-mdns/commit/7b649a32836af3578a2bb60aa713588f0d9f9a83

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/nss-mdns: bump to version 0.14.1
Fabrice Fontaine [Mon, 2 Dec 2019 20:20:05 +0000 (21:20 +0100)]
package/nss-mdns: bump to version 0.14.1

Switch site to https://github.com/lathiat/nss-mdns to retrieve latest
version

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/kyua: bump to version 0.13
Fabrice Fontaine [Mon, 2 Dec 2019 19:22:52 +0000 (20:22 +0100)]
package/kyua: bump to version 0.13

COPYING was renamed into LICENSE since version 0.12 and
https://github.com/jmmv/kyua/commit/db509f9d9ece719bf8452d6ddbc842ae311b1bc2

So update KYUA_LICENSE_FILES and add hash for LICENSE file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoconfigs/warp7: Bump the kernel version
Pierre-Jean Texier [Mon, 2 Dec 2019 19:18:19 +0000 (20:18 +0100)]
configs/warp7: Bump the kernel version

Bump the kernel to version 5.4.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/moarvm: bump to version 2019.11
Francois Perrad [Mon, 2 Dec 2019 18:22:15 +0000 (19:22 +0100)]
package/moarvm: bump to version 2019.11

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/gr-osmosdr: bump to version 0.1.5
Fabrice Fontaine [Mon, 2 Dec 2019 18:17:27 +0000 (19:17 +0100)]
package/gr-osmosdr: bump to version 0.1.5

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/rabbitmq-c: security bump to version 0.10.0
Fabrice Fontaine [Mon, 2 Dec 2019 17:55:47 +0000 (18:55 +0100)]
package/rabbitmq-c: security bump to version 0.10.0

Add additional input validation to prevent integer overflow when parsing
a frame header. This addresses CVE-2019-18609.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-django: security bump to version 2.2.8
Peter Korsgaard [Mon, 2 Dec 2019 12:23:54 +0000 (13:23 +0100)]
package/python-django: security bump to version 2.2.8

Fixes the following security vulnerabilities:

- CVE-2019-19118: Privilege escalation in the Django admin

Additionally, 2.2.8 (and 2.2.7) fixes a number of bugs and adds python 3.8
support.

For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.2.8/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/bubblewrap: new package
Adrian Perez de Castro [Fri, 20 Sep 2019 15:31:04 +0000 (18:31 +0300)]
package/bubblewrap: new package

Bubblewrap is a sandboxing tool based on kernel namespaces, typically
used as lower-level infastructure by other end-user tools e.g. Flatpak.

https://github.com/containers/bubblewrap

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Peter: needs mmu and !musl toolchain]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/binutils: remove version 2.30
Romain Naour [Sat, 30 Nov 2019 15:17:52 +0000 (16:17 +0100)]
package/binutils: remove version 2.30

Now that binutils 2.33.1 has been introduced, and we have moved to
2.32 as the default version, it is time to drop support for binutils
2.30.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/binutils: switch to use 2.32 as the default version
Romain Naour [Sat, 30 Nov 2019 15:17:51 +0000 (16:17 +0100)]
package/binutils: switch to use 2.32 as the default version

Now that binutils 2.33.1 has been released, it is time to move to
binutils 2.32 as the default binutils version, instead of 2.31.1.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/binutils: add binutils 2.33.1
Romain Naour [Sat, 30 Nov 2019 15:17:50 +0000 (16:17 +0100)]
package/binutils: add binutils 2.33.1

Keep sh-conf and poison-system-directories patches.
Remove xtensa patches already in this version [1] [2] [3].

Revert an upstream patch since it prevent booting a sh4 system under
Qemu as reported on the Binutils mailing list [5] [6].
This commit is not related to sh4, it's weird that it is the
only affected architecture.

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=2487ef07c28b961c6e2b8c51161f88f93b181d07
[2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=403b0b61f6d4358aee8493cb1d11814e368942c9
[3] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=548791769dc737f05cb12e5ee4190b7e853beac9
[4] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=ebd2263ba9a9124d93bbc0ece63d7e0fae89b40e
[5] https://sourceware.org/ml/binutils/2019-10/msg00105.html
[6] https://sourceware.org/ml/binutils/2019-11/msg00407.html

See:
https://www.sourceware.org/ml/binutils/2019-10/msg00103.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/jasper: Apply fix for CVE-2018-19540
Michael Vetter [Mon, 2 Dec 2019 11:59:34 +0000 (12:59 +0100)]
package/jasper: Apply fix for CVE-2018-19540

Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/jasper: Apply fix for CVE-2018-19542
Michael Vetter [Mon, 2 Dec 2019 11:59:33 +0000 (12:59 +0100)]
package/jasper: Apply fix for CVE-2018-19542

Add 0002-check-null-in-jp2_decode.patch:

Patch was proposed upstream[1] but upstream is very inactive.
Linux distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/200
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/jasper: Apply fix for CVE-2018-19541
Michael Vetter [Mon, 2 Dec 2019 11:59:32 +0000 (12:59 +0100)]
package/jasper: Apply fix for CVE-2018-19541

Add 0001-verify-data-range-CVE-2018-19541.patch:
We need to verify the data is in the expected range. Otherwise we get
problems later.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/211
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoboard/pc/post-image-efi.sh: fail on any error
Carlos Santos [Mon, 2 Dec 2019 11:18:59 +0000 (08:18 -0300)]
board/pc/post-image-efi.sh: fail on any error

As already done in post-build.sh, to prevent hiding errors.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoDEVELOPERS: add Michael Vetter for libstrophe
Michael Vetter [Mon, 2 Dec 2019 11:22:44 +0000 (12:22 +0100)]
DEVELOPERS: add Michael Vetter for libstrophe

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoDEVELOPERS: change email address for Alexander Lukichev
Alexander Lukichev [Sun, 1 Dec 2019 13:33:03 +0000 (15:33 +0200)]
DEVELOPERS: change email address for Alexander Lukichev

Signed-off-by: Alexander Lukichev <alexander.lukichev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/openpgm: drop release- prefix to match release-monitoring.org
Alexander Lukichev [Sun, 1 Dec 2019 12:49:13 +0000 (14:49 +0200)]
package/openpgm: drop release- prefix to match release-monitoring.org

Autobuild has a "version bump" checker that sends message to a package
maintainer if its declared version does not match the latest one on
release-monitoring.org.  In case of openpgm the version _is_ the latest one,
but a mismatch is caused by including a "release-" prefix into tags on
upstream and excluding them on other websites when referring to the
package's version.

This also fixes sha256 value for the downloaded archive.

Signed-off-by: Alexander Lukichev <alexander.lukichev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/gcc: bump to version 7.5.0
Romain Naour [Sun, 1 Dec 2019 18:37:41 +0000 (19:37 +0100)]
package/gcc: bump to version 7.5.0

Remove upstream patch [1]
1002-xtensa-backport-fix-for-PR-target-90922.patch

[1] https://github.com/gcc-mirror/gcc/commit/0110ab63c006fe8f1a86142cd6e86d5534f8bc8e

See:
https://gcc.gnu.org/ml/gcc/2019-11/msg00099.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years ago{linux, linux-headers}: bump 5.4 series to 5.4.1
Peter Korsgaard [Mon, 2 Dec 2019 11:14:10 +0000 (12:14 +0100)]
{linux, linux-headers}: bump 5.4 series to 5.4.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years ago{linux, linux-headers}: add version 5.4
Marcus Folkesson [Mon, 2 Dec 2019 10:47:43 +0000 (11:47 +0100)]
{linux, linux-headers}: add version 5.4

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoMerge branch 'next'
Peter Korsgaard [Mon, 2 Dec 2019 08:39:41 +0000 (09:39 +0100)]
Merge branch 'next'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoKickoff 2020.02 cycle
Peter Korsgaard [Mon, 2 Dec 2019 07:57:02 +0000 (08:57 +0100)]
Kickoff 2020.02 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agodocs/website/news.html: add 2019.11 announcement link
Peter Korsgaard [Sun, 1 Dec 2019 22:05:50 +0000 (23:05 +0100)]
docs/website/news.html: add 2019.11 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoUpdate for 2019.11
Peter Korsgaard [Sun, 1 Dec 2019 21:39:47 +0000 (22:39 +0100)]
Update for 2019.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/{pkg-generic, python, python3}: rename .py file exclusion variable to not...
Peter Korsgaard [Sun, 1 Dec 2019 20:55:37 +0000 (21:55 +0100)]
package/{pkg-generic, python, python3}: rename .py file exclusion variable to not conflict

Fixes:
http://autobuild.buildroot.net/results/3b6/3b6280b0b7a9634b747db2865b21c6266007c725/

The PYTHON_KEEP_PY_FILES global variable conflicts with the per-package
<pkg>_KEEP_PY_FILES variable for the python package, causing make to
complain:

package/zlib/zlib.mk:7: *** Recursive variable 'PYTHON_KEEP_PY_FILES' references itself (eventually).  Stop.

As a workaround, rename the global variable to KEEP_PYTHON_PY_FILES so it
cannot conflict with the per-package variable.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/musl-fts: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 17:53:02 +0000 (17:53 +0000)]
package/musl-fts: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/mp4v2: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 16:55:22 +0000 (16:55 +0000)]
package/mp4v2: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-startup-monitor: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:58 +0000 (16:00 +0000)]
package/matchbox-startup-monitor: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-panel: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:57 +0000 (16:00 +0000)]
package/matchbox-panel: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-lib: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:56 +0000 (16:00 +0000)]
package/matchbox-lib: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-keyboard: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:55 +0000 (16:00 +0000)]
package/matchbox-keyboard: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-fakekey: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:54 +0000 (16:00 +0000)]
package/matchbox-fakekey: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-desktop: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:53 +0000 (16:00 +0000)]
package/matchbox-desktop: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/matchbox-common: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:00:52 +0000 (16:00 +0000)]
package/matchbox-common: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/linux-fusion: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 14:14:05 +0000 (14:14 +0000)]
package/linux-fusion: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/luasql-sqlite3: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 14:33:12 +0000 (14:33 +0000)]
package/luasql-sqlite3: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/luasyslog: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 14:49:32 +0000 (14:49 +0000)]
package/luasyslog: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/jasper: bump to 2.0.16
Michael Vetter [Wed, 27 Nov 2019 09:40:55 +0000 (10:40 +0100)]
package/jasper: bump to 2.0.16

Changes:
  * Fix assertion failure JPC_NOMINALGAIN (CVE-2016-9396) (#50)
  * Fix build on Windows 10 (#162)
  * Improve README
  * Fix build with CMake 2.x
  * Add missing dereference operators (#178, #157)
  * Check data in jas_image (CVE-2018-19539) (#196)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/openvmtools: only try to start vmtoolsd on vmware
Pascal de Bruijn [Thu, 28 Nov 2019 15:52:30 +0000 (16:52 +0100)]
package/openvmtools: only try to start vmtoolsd on vmware

adds ConditionVirtualization=vmware to vmtoolsd.service

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/openvmtools: use correct variable in udev rule RUN+=
Pascal de Bruijn [Fri, 29 Nov 2019 14:22:56 +0000 (15:22 +0100)]
package/openvmtools: use correct variable in udev rule RUN+=

DEVPATH is not a valid substitution in a RUN+=, devpath is:
https://mirrors.edge.kernel.org/pub/linux/utils/kernel/hotplug/udev/udev.html

So use that to get rid of the following warning:

Invalid value "/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'" for RUN
(char 27: invalid substitution type), ignoring, but please fix

Source: https://github.com/vmware/open-vm-tools/pull/376

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Acked-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[Peter: extend description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/openvmtools: udev rules files should not be executable
Pascal de Bruijn [Fri, 29 Nov 2019 14:22:48 +0000 (15:22 +0100)]
package/openvmtools: udev rules files should not be executable

/usr/lib/udev/rules.d/99-vmware-scsi-udev.rules is marked executable,
causing systemd to complain.

Source: https://github.com/vmware/open-vm-tools/pull/376

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/prosody: bump to bugfix version 0.11.3
Michael Vetter [Fri, 29 Nov 2019 10:28:05 +0000 (11:28 +0100)]
package/prosody: bump to bugfix version 0.11.3

This is a bugfix release for the stable 0.11 branch. It is recommended
for all users of 0.11.x to upgrade.

Important note for those upgrading: Previous releases did not
automatically expire messages from group chat (MUC) archives, so if
mod_muc_mam was loaded and enabled for a MUC, archives would grow
indefinitely. This is not what most deployments want, therefore
automatic expiry is now implemented and enabled with a default 7 day
retention. You can configure this with the muc_log_expires_after
configuration option, which can be set to "never" to restore the old
behaviour and preserve any existing logs older than 7 days.

For details see:
https://prosody.im/doc/release/0.11.3

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/mxsldr: update the upstream URL in Config.in
Mark Corbin [Fri, 29 Nov 2019 15:20:25 +0000 (15:20 +0000)]
package/mxsldr: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/opentyrian-data: update the upstream URL in Config.in
Mark Corbin [Fri, 29 Nov 2019 15:48:15 +0000 (15:48 +0000)]
package/opentyrian-data: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/netperf: update the upstream URL in Config.in
Mark Corbin [Fri, 29 Nov 2019 15:26:44 +0000 (15:26 +0000)]
package/netperf: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/oprofile: add an upstream URL to Config.in
Mark Corbin [Fri, 29 Nov 2019 16:06:44 +0000 (16:06 +0000)]
package/oprofile: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/ortp: update the upstream URL in Config.in
Mark Corbin [Fri, 29 Nov 2019 16:14:00 +0000 (16:14 +0000)]
package/ortp: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/opkg: update the upstream URL in Config.in
Mark Corbin [Fri, 29 Nov 2019 16:01:14 +0000 (16:01 +0000)]
package/opkg: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/network-manager: add missing dependency on libglib2
Thomas Petazzoni [Wed, 27 Nov 2019 22:27:23 +0000 (23:27 +0100)]
package/network-manager: add missing dependency on libglib2

Commit 7643ab05de860011e749aa720c92d5de150bee0a
("package/network-manager: drop obsolete dependencies") was a bit too
brutal in its dependency removal, as it forgot that removing dbus-glib
as a dependency would make libglib2 no longer part of the dependencies
of network-manager.

However, network-manager does require libglib2. From configure.ac:

PKG_CHECK_MODULES(GLIB, [gio-unix-2.0 >= 2.37.6 gmodule-2.0],
                  [AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/tap-driver.sh')
                   AC_SUBST(AM_TESTS_FD_REDIRECT, '--tap')],
                  [PKG_CHECK_MODULES(GLIB, gio-unix-2.0 >= 2.40 gmodule-2.0)
                   AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/test-driver')])

So this commit re-adds libglib2 as a dependency, and propagates the
appropriate "depends on". Nothing selects BR2_PACKAGE_NETWORK_MANAGER,
so we don't have to propagate these additional "depends on" anywhere.

Fixes:

  http://autobuild.buildroot.net/results/2025b1bd721bb5c5fa6638ccf389d2fd8fd10339/
  https://bugs.busybox.net/show_bug.cgi?id=12326

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Lubomir Rintel <lkundrak@v3.sk>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years ago{linux, linux-headers}: bump 4.{14, 19}.x series
Bernd Kuhls [Sun, 1 Dec 2019 09:54:23 +0000 (10:54 +0100)]
{linux, linux-headers}: bump 4.{14, 19}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libglib2: bump to 2.62.3
Adam Duskett [Sat, 30 Nov 2019 00:51:23 +0000 (16:51 -0800)]
package/libglib2: bump to 2.62.3

Changes include:
 - Rename 0002-add-option-to-build-tests.patch to
   0002-allow-explicit-disabling-of-tests.patch to work with 2.62.3.

   Upstream now has an option called "installed_tests," which can be used to
   prevent the unit tests from being built. However, the check only works for
   cross-compiling and not host builds, which would mean that the tests still
   build when compiling the host variant.

   This conditional causes an error on older systems such as Debian8 or Centos7
   because the command `objcopy --add-symbol` is used when building the test
   "test_resources2," which is not available with the older version of objcopy
   provided by those distributions.

   Removing the conditionals and checking for just the installed_tests_enabled
   option allows for a much simpler patch.

 - Change -Dtests=false to -Dinstalled_tests=false in libglib2.mk as per the
   above comment.

           br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
 br-arm-cortex-m4-full [3/6]: SKIPPED
        br-x86-64-musl [4/6]: OK
    br-arm-full-static [5/6]: OK
          sourcery-arm [6/6]: OK

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/go: bump to 1.13.4
Christian Stewart [Sat, 30 Nov 2019 19:30:31 +0000 (11:30 -0800)]
package/go: bump to 1.13.4

go1.13.4 (released 2019/10/31) with fixes to the net/http and syscall packages.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/opencv3: ensure the python module works when BR2_PACKAGE_PYTHON{, 3}_PYC_ONLY=y
Thomas Petazzoni [Fri, 29 Nov 2019 19:07:06 +0000 (20:07 +0100)]
package/opencv3: ensure the python module works when BR2_PACKAGE_PYTHON{, 3}_PYC_ONLY=y

The OpenCV Python module does a fairly strange thing to read a few
configuration details: it uses Python's execfile() to execute two .py
files and access a few variables. However, execfile() only works with
.py files and not .pyc files.

When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, the .py files are all removed,
causing the OpenCV Python module to not work:

  File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 89, in <module>
  File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 58, in bootstrap
  File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 56, in load_first_config
ImportError: OpenCV loader: missing configuration file: ['config.py']. Check OpenCV installation.

To fix this problem, this commit uses the newly introduced
<pkg>_KEEP_PY_FILES mechanism, to ensure the important config*.py
files are kept.

Fixes:

  https://bugs.busybox.net/show_bug.cgi?id=12171

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/{pkg-generic, python, python3}: add mechanism to exclude .py files from removal
Thomas Petazzoni [Fri, 29 Nov 2019 19:07:05 +0000 (20:07 +0100)]
package/{pkg-generic, python, python3}: add mechanism to exclude .py files from removal

When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, we force remove all .py files
from the system, as they have all been byte-compiled into their .pyc
variants.

However, it turns out that some packages (e.g: OpenCV) do some funky
things with a few .py files: they pass them through Python's
execfile() facility, which only works with .py files and not .pyc
files. It is used by OpenCV for example to read two small
configuration files.

In order to support such use cases, this commit introduces a very
simple mechanism by which packages can exclude some path patterns from
the .py removal: a per-package <pkg>_KEEP_PY_FILES variable that is
collected into a global PYTHON_KEEP_PY_FILES variable, then used by
the python/python3 target-finalize hooks.

This variable is intentionally not documented, this is really a hack
that we ideally would like to see go away, and we'd rather not see its
usage spread too much.

This is necessary to be able to fix bug #12171.

[Peter: check if PYTHON_KEEP_PY_FILES contains non-white space]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years ago{linux, linux-headers}: bump 4.{4, 9}.x / 5.3.x series
Bernd Kuhls [Fri, 29 Nov 2019 21:10:54 +0000 (22:10 +0100)]
{linux, linux-headers}: bump 4.{4, 9}.x / 5.3.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agodocs/manual: document the effect of per-package directory on variables
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:45 +0000 (17:46 +0100)]
docs/manual: document the effect of per-package directory on variables

As suggested by Arnout Vandecappelle, this commit adjusts the
generic-package documentation to document the effect of per-package
directory support on HOST_DIR, STAGING_DIR and TARGET_DIR.

Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agodocs/manual: add details about top-level parallel build support
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:44 +0000 (17:46 +0100)]
docs/manual: add details about top-level parallel build support

[Peter: change version reference to Buildroot 2020.02]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/pkg-kconfig: handle KCONFIG_DEPENDENCIES with per-package directories
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:43 +0000 (17:46 +0100)]
package/pkg-kconfig: handle KCONFIG_DEPENDENCIES with per-package directories

The pkg-kconfig infrastructure hijacks the regular chain of build
steps to insert its own step to prepare the configuration of kconfig
packages. This additional step may have dependencies of its own, such
as host-flex, host-bison or toolchain.

In the context of per-package directory support, those dependencies
must be copied to the per-package directory of the current package
prior to doing the config preparation. This commit implements this
logic by adding a call to prepare-per-package-directory at the right
spot.

Reported-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/pkg-generic: make libtool .la files compatible with per-package directories
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:42 +0000 (17:46 +0100)]
package/pkg-generic: make libtool .la files compatible with per-package directories

Libtool .la files unfortunately contain a number of absolute paths,
which now refer to per-package directories. Due to this, when building
package A, .la files may contain absolute paths referring to
directories in package B per-package sysroot. This causes some -L
flags referring to other sysroot from being added, which doesn't work
as the linker no longer realizes that such paths are within its
sysroot.

To fix this, we introduce a replacement step of .la files in the
configure step, to make sure all paths refer to this package
per-package directory.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoMakefile: allow top-level parallel build with BR2_PER_PACKAGE_DIRECTORIES=y
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:41 +0000 (17:46 +0100)]
Makefile: allow top-level parallel build with BR2_PER_PACKAGE_DIRECTORIES=y

With per-package folder support, top-level parallel build becomes
safe, so we can enclose the .NOTPARALLEL statement in a
!BR2_PER_PACKAGE_DIRECTORIES condition.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agocore: implement per-package SDK and target
Thomas Petazzoni [Tue, 5 Nov 2019 16:46:40 +0000 (17:46 +0100)]
core: implement per-package SDK and target

This commit implements the core of the move to per-package SDK and
target directories. The main idea is that instead of having a global
output/host and output/target in which all packages install files, we
switch to per-package host and target directories, that only contain
their explicit dependencies.

There are two main benefits:

 - Packages will now see only the dependencies they explicitly list in
   their <pkg>_DEPENDENCIES variable, and the recursive dependencies
   thereof.

 - We can support top-level parallel build properly, because a package
   only "sees" its own host directory and target directory, isolated
   from the build of other packages that can happen in parallel.

It works as follows:

 - A new output/per-package/ directory is created, which will contain
   one sub-directory per package, and inside it, a "host" directory
   and a "target" directory:

   output/per-package/busybox/target
   output/per-package/busybox/host
   output/per-package/host-fakeroot/target
   output/per-package/host-fakeroot/host

   This output/per-package/ directory is PER_PACKAGE_DIR.

 - The global TARGET_DIR and HOST_DIR variable now automatically point
   to the per-package directory when PKG is defined. So whenever a
   package references $(HOST_DIR) or $(TARGET_DIR) in its build
   process, it effectively references the per-package host/target
   directories. Note that STAGING_DIR is a sub-dir of HOST_DIR, so it
   is handled as well.

 - Of course, packages have dependencies, so those dependencies must
   be installed in the per-package host and target directories. To do
   so, we simply rsync (using hard links to save space and time) the
   host and target directories of the direct dependencies of the
   package to the current package host and target directories.

   We only need to take care of direct dependencies (and not
   recursively all dependencies), because we accumulate into those
   per-package host and target directories the files installed by the
   dependencies. Note that this only works because we make the
   assumption that one package does *not* overwrite files installed by
   another package.

   This is done for "extract dependencies" at the beginning of the
   extract step, and for "normal dependencies" at the beginning of the
   configure step.

This is basically enough to make per-package SDK and target work. The
only gotcha is that at the end of the build, output/target and
output/host are empty, which means that:

 - The filesystem image creation code cannot work.

 - We don't have a SDK to build code outside of Buildroot.

In order to fix this, this commit extends the target-finalize step so
that it starts by populating output/target and output/host by
rsync-ing into them the target and host directories of all packages
listed in the $(PACKAGES) variable. It is necessary to do this
sequentially in the target-finalize step and not in each
package. Doing it in package installation means that it can be done in
parallel. In that case, there is a chance that two rsyncs are creating
the same hardlink or directory at the same time, which makes one of
them fail.

This change to per-package directories has an impact on the RPATH
built into the host binaries, as those RPATH now point to various
per-package host directories, and no longer to the global host
directory. We do not try to rewrite such RPATHs during the build as
having such RPATHs is perfectly fine, but we still need to handle two
fallouts from this change:

 - The check-host-rpath script, which verifies at the end of each
   package installation that it has the appropriate RPATH, is modified
   to understand that a RPATH to $(PER_PACKAGE_DIR)/<pkg>/host/lib is
   a correct RPAT.

 - The fix-rpath script, which mungles the RPATH mainly for the SDK
   preparation, is modified to rewrite the RPATH to not point to
   per-package directories. Indeed the patchelf --make-rpath-relative
   call only works if the RPATH points to the ROOTDIR passed as
   argument, and this ROOTDIR is the global host directory. Rewriting
   the RPATH to not point to per-package host directories prior to
   this is an easy solution to this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/perl-gdtextutil: add license
Fabrice Fontaine [Thu, 28 Nov 2019 20:31:05 +0000 (21:31 +0100)]
package/perl-gdtextutil: add license

Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/lzma: add license
Fabrice Fontaine [Thu, 28 Nov 2019 20:17:26 +0000 (21:17 +0100)]
package/lzma: add license

- lzma program is licensed under GPL-2.0+
- lzmadec program has no license information in source file
- lzmainfo program is licensed under LGPL-2.1+
- LzmaDecode.h is licensed under LGPL-2.1+ (or CPL) as stated in
  src/sdk/7zip/Compress/LZMA_C/LzmaDecode.{c,h}, other sdk files have no
  license information
- lzmore and lzgrep scripts are licensed under GPL-2.0+
- lzdiff script has no license information
- basic and perms tests are licensed under GPL-3.0+
- mkdtemp and test-lib.sh tests have no license information

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/tiff: security bump to 4.1.0
Michael Vetter [Fri, 29 Nov 2019 10:12:38 +0000 (11:12 +0100)]
package/tiff: security bump to 4.1.0

Fixes the following security vulnerabilities:
  * CVE-2018-12900
  * CVE-2018-17000
  * CVE-2019-6128
  * CVE-2019-7663
  * CVE-2019-14973
  * CVE-2018-19210

Remove because contained upstream:
0001-Fix-for-simple-memory-leak-that-was-assigned-CVE-2019-6128.patch

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libglob: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 12:13:08 +0000 (12:13 +0000)]
package/libglob: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/pkg-generic.mk: make HOST_<pkg>_DL_OPTS inherit from <pkg>_DL_OPTS
Thomas Petazzoni [Thu, 28 Nov 2019 18:55:52 +0000 (19:55 +0100)]
package/pkg-generic.mk: make HOST_<pkg>_DL_OPTS inherit from <pkg>_DL_OPTS

Just like _SITE, _SOURCE, _SITE_METHOD, it is very likely that if
<pkg>_DL_OPTS is defined, the same value should be used for
HOST_<pkg>_DL_OPTS, so let's have the same inheritance logic than the
one we have for other variables.

Fixes:

  https://bugs.busybox.net/show_bug.cgi?id=12321

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/gst1-plugins-bad: remove rpi-userland extra include paths
Peter Seiderer [Thu, 28 Nov 2019 23:30:17 +0000 (00:30 +0100)]
package/gst1-plugins-bad: remove rpi-userland extra include paths

Fixes #12366 [1]

The rpi-userland extra include paths where added with [2] including
a rpi-userland dependency for the dispmanx option.

The dispmanx option was moved to gst1-plugins-base with commit [3],
including the rpi-userland dependency, excluding the extra include
paths.

Tested gst1-plugins-base with dispmanx enabled compiles without
failures. It seems to be safe to remove the extra includes from
gst1-plugins-bad.

Fixes (from meson-log.txt):

  Sanity check compile stderr:
  arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
  /.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/IL:
  No such file or directory
  arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
  /.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vcos/pthreads:
  No such file
  arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
  /.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vmcs_host/linux:
  No such file

[1] https://bugs.busybox.net/show_bug.cgi?id=12366
[2] https://git.buildroot.net/buildroot/commit/?id=962ffda68cd9b0c4ab6055c97c14e762a5439571
[3] https://git.buildroot.net/buildroot/commit/?id=3f2aef56127fbe71378e6a2d55192a0835d962ab

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-cchardet: bump to version 2.1.5
James Hilliard [Thu, 28 Nov 2019 22:21:18 +0000 (15:21 -0700)]
package/python-cchardet: bump to version 2.1.5

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/oniguruma: security bump to version 6.9.4
Fabrice Fontaine [Fri, 29 Nov 2019 08:09:51 +0000 (09:09 +0100)]
package/oniguruma: security bump to version 6.9.4

- Retrieve official tarball to drop autoreconf
- Fixed CVE-2019-19012
- Fixed CVE-2019-19203 (Does not affect UTF-8, UTF-16 and UTF-32
  encodings)
- Fixed CVE-2019-19204 (Affects only PosixBasic, Emacs and Grep
  syntaxes)
- Fixed CVE-2019-19246

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/most: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 16:49:06 +0000 (16:49 +0000)]
package/most: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/perl-gdgraph: fix license
Fabrice Fontaine [Thu, 28 Nov 2019 20:40:48 +0000 (21:40 +0100)]
package/perl-gdgraph: fix license

Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README so add README to license files and add GPL-2.0+ to license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-multidict: bump to version 4.6.1
James Hilliard [Thu, 28 Nov 2019 22:14:09 +0000 (15:14 -0700)]
package/python-multidict: bump to version 4.6.1

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/wolfssl: add upstream security fix for CVE-2019–18840
Peter Korsgaard [Thu, 28 Nov 2019 15:37:18 +0000 (16:37 +0100)]
package/wolfssl: add upstream security fix for CVE-2019–18840

Fixes the following security vulnerability:

- CVE-2019-18840: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity
  checks of memory accesses in parsing ASN.1 certificate data while
  handshaking.  Specifically, there is a one-byte heap-based buffer overflow
  inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because
  the domain name location index is mishandled.  Because a pointer is
  overwritten, there is an invalid free.

For details, see the writeup:
https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libvorbis: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 13:15:39 +0000 (13:15 +0000)]
package/libvorbis: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libsexy: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 13:08:10 +0000 (13:08 +0000)]
package/libsexy: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(500)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libsecret: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 13:01:09 +0000 (13:01 +0000)]
package/libsecret: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libpciaccess: update help text in Config.in
Mark Corbin [Thu, 28 Nov 2019 12:56:22 +0000 (12:56 +0000)]
package/libpciaccess: update help text in Config.in

Add a short package description. Add an upstream URL to address
the 'Missing' URL status in the package stats web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/haproxy: security bump to version 2.0.10
Peter Korsgaard [Thu, 28 Nov 2019 14:43:44 +0000 (15:43 +0100)]
package/haproxy: security bump to version 2.0.10

Fixes the following security vulnerabilities:

- CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
  mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
  line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
  Intermediary Encapsulation Attacks.

In addition, 2.0.6..10 fixes a number of bugs.  See the changelog for
details:

https://www.haproxy.org/download/2.0/src/CHANGELOG

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/liblockfile: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 12:45:52 +0000 (12:45 +0000)]
package/liblockfile: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libiscsi: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 12:38:31 +0000 (12:38 +0000)]
package/libiscsi: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. Removing
the trailing comment from the URL line addresses the 'Missing'
status in the package stats web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libhid: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 12:28:52 +0000 (12:28 +0000)]
package/libhid: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/mii-diag: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:38:47 +0000 (16:38 +0000)]
package/mii-diag: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/mediastreamer: update the upstream URL in Config.in
Mark Corbin [Thu, 28 Nov 2019 16:18:02 +0000 (16:18 +0000)]
package/mediastreamer: update the upstream URL in Config.in

Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/metacity: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 16:23:56 +0000 (16:23 +0000)]
package/metacity: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/musl: add an upstream URL to Config.in
Mark Corbin [Thu, 28 Nov 2019 17:58:42 +0000 (17:58 +0000)]
package/musl: add an upstream URL to Config.in

Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

[Peter: also add URL to BR2_TOOLCHAIN_BUILDROOT_MUSL help]
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libselinux: fix build on old glibc with <fts.h> incompatible with LFS
Thomas Petazzoni [Thu, 28 Nov 2019 18:05:02 +0000 (19:05 +0100)]
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS

glibc versions prior to 2.23 have a <fts.h> implementation that is not
compatible with large file support, causing build failures such as:

In file included from selinux_restorecon.c:17:0:
/home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
 # error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"

Prior to commit 3fce6f1c150dbe4be58d083008ca8dbe7257836e
("package/libselinux: fix the build with Python 3.8"), we were not
passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with
3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the
PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the
build environment. While this is part of fixing the build of
libselinux with Python 3.8, it breaks the build because we are no
longer filtering out the -D_FILE_OFFSET_BITS=64 option from
CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it
gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV).

To avoid this, we pass CFLAGS/LDFLAGS *after*
$(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the
CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just
$(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything
specific.

Fixes:

  http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years ago{linux, linux-headers}: bump 4.{4, 9}.x series
Bernd Kuhls [Thu, 28 Nov 2019 18:50:56 +0000 (19:50 +0100)]
{linux, linux-headers}: bump 4.{4, 9}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoDEVELOPERS: add Pierre-Jean Texier for ipset
Pierre-Jean Texier [Wed, 27 Nov 2019 16:36:05 +0000 (17:36 +0100)]
DEVELOPERS: add Pierre-Jean Texier for ipset

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/ipset: bump to version 7.4
Pierre-Jean Texier [Wed, 27 Nov 2019 16:36:04 +0000 (17:36 +0100)]
package/ipset: bump to version 7.4

See full changelog http://ipset.netfilter.org/changelog.html

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-aiomonitor: bump to version 0.4.5
James Hilliard [Mon, 11 Nov 2019 08:05:46 +0000 (01:05 -0700)]
package/python-aiomonitor: bump to version 0.4.5

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-aiohttp: bump to version 3.6.2
James Hilliard [Mon, 11 Nov 2019 07:59:34 +0000 (00:59 -0700)]
package/python-aiohttp: bump to version 3.6.2

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/python-aiohttp-session: bump to version 2.9.0
James Hilliard [Mon, 11 Nov 2019 07:55:55 +0000 (00:55 -0700)]
package/python-aiohttp-session: bump to version 2.9.0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/am33x-cm3: disable PIE
Fabrice Fontaine [Sun, 10 Nov 2019 21:09:20 +0000 (22:09 +0100)]
package/am33x-cm3: disable PIE

Fixes:
 - http://autobuild.buildroot.org/results/418a40b995e91bc66e692dfbc4b0521db3fa5fbb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>