buildroot.git
4 years agosupport/scripts/pkg-stats: add support for CVE reporting
Thomas Petazzoni [Sat, 15 Feb 2020 12:44:16 +0000 (13:44 +0100)]
support/scripts/pkg-stats: add support for CVE reporting

This commit extends the pkg-stats script to grab information about the
CVEs affecting the Buildroot packages.

To do so, it downloads the NVD database from
https://nvd.nist.gov/vuln/data-feeds in JSON format, and processes the
JSON file to determine which of our packages is affected by which
CVE. The information is then displayed in both the HTML output and the
JSON output of pkg-stats.

To use this feature, you have to pass the new --nvd-path option,
pointing to a writable directory where pkg-stats will store the NVD
database. If the local database is less than 24 hours old, it will not
re-download it. If it is more than 24 hours old, it will re-download
only the files that have really been updated by upstream NVD.

Packages can use the newly introduced <pkg>_IGNORE_CVES variable to
tell pkg-stats that some CVEs should be ignored: it can be because a
patch we have is fixing the CVE, or because the CVE doesn't apply in
our case.

>From an implementation point of view:

 - A new class CVE implement most of the required functionalities:
   - Downloading the yearly NVD files
   - Reading and extracting relevant data from these files
   - Matching Packages against a CVE

 - The statistics are extended with the total number of CVEs, and the
   total number of packages that have at least one CVE pending.

 - The HTML output is extended with these new details. There are no
   changes to the code generating the JSON output because the existing
   code is smart enough to automatically expose the new information.

This development is a collective effort with Titouan Christophe
<titouan.christophe@railnova.eu> and Thomas De Schampheleire
<thomas.de_schampheleire@nokia.com>.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 19.3.4
Bernd Kuhls [Fri, 14 Feb 2020 17:21:16 +0000 (18:21 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 19.3.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/rocksdb: add gflags optional dependency
Fabrice Fontaine [Fri, 14 Feb 2020 16:44:10 +0000 (17:44 +0100)]
package/rocksdb: add gflags optional dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mono: fix build with powerpc
Fabrice Fontaine [Fri, 14 Feb 2020 16:38:51 +0000 (17:38 +0100)]
package/mono: fix build with powerpc

Fixes:
 - http://autobuild.buildroot.org/results/fff0dd08f71facbe367d982d19158ee084ae8047

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wireguard-linux-compat: bump version to 0.0.20200214
Peter Korsgaard [Fri, 14 Feb 2020 16:16:21 +0000 (17:16 +0100)]
package/wireguard-linux-compat: bump version to 0.0.20200214

Includes misc fixes. For details, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-February/005013.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/postgresql: security bump to version 12.2
Peter Korsgaard [Fri, 14 Feb 2020 08:39:10 +0000 (09:39 +0100)]
package/postgresql: security bump to version 12.2

Fixes the following security issues:

- CVE-2020-1720: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
  https://www.postgresql.org/about/news/2011/

Update the license hash for a change in copyright years:
-Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/screen: bump version to 4.8.0
Peter Korsgaard [Fri, 14 Feb 2020 07:27:01 +0000 (08:27 +0100)]
package/screen: bump version to 4.8.0

Fixes a memory corruption issue in OSC 49 handling.  Notice that this is
only enabled if screen is built with --enable-rxvt_osc, which isn't the case
in Buildroot. From the release notes:

As last fix, fixes potential memory overwrite of quite big size (~768
bytes), and even though I'm not sure about potential exploitability of
that issue, I highly recommend everyone to upgrade as soon as possible.
This issue is present at least since v.4.2.0 (haven't checked earlier).

https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html

Upstream changed the gnu.org URLs to use HTTPS, so adjust
0005-rename-sched_h.patch to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: add Romain Naour for toolchain topic
Romain Naour [Thu, 13 Feb 2020 22:29:13 +0000 (23:29 +0100)]
DEVELOPERS: add Romain Naour for toolchain topic

The first time I worked on the Buildroot's toolchain infra
was to add support for the Sourcery Codebench Standard
(licenced) edition toolchain (from Mentor Graphics) for
x86 target [1]. The series was rejected though.

But the knowledge gained from this work served to refactor
the toolchain-external infra in Buildroot [2].

Nowadays, I'm using toolchains-builder project to do
some toolchain build testing to keep GNU tools up to date
in Buildroot.

[1] http://lists.busybox.net/pipermail/buildroot/2014-November/112036.html
[2] http://lists.busybox.net/pipermail/buildroot/2016-October/175433.html
[3] https://gitlab.com/kubu93/toolchains-builder/

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: add Romain Naour for Qemu defconfigs
Romain Naour [Thu, 13 Feb 2020 21:54:54 +0000 (22:54 +0100)]
DEVELOPERS: add Romain Naour for Qemu defconfigs

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: add Romain Naour for test_glxinfo test
Romain Naour [Thu, 13 Feb 2020 21:47:38 +0000 (22:47 +0100)]
DEVELOPERS: add Romain Naour for test_glxinfo test

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agosupport/testing/glxinfo: explicitely enable GLX
Romain Naour [Thu, 13 Feb 2020 21:40:45 +0000 (22:40 +0100)]
support/testing/glxinfo: explicitely enable GLX

Since [1], the GLX support is enabled by BR2_PACKAGE_MESA3D_OPENGL_GLX
symbol.

Since [2], only one swrast provider can be built.
Keep BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/400391349

[1] 5cb821d5635626b7327d5d704555c412e5ed5a1f
[2] 09a0a285076f544de335efc74c8904e464576575

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ncdu: bump to version 1.14.2
Gilles Talis [Thu, 13 Feb 2020 20:52:58 +0000 (21:52 +0100)]
package/ncdu: bump to version 1.14.2

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libmicrohttpd: bump to version 0.9.70
Gilles Talis [Thu, 13 Feb 2020 20:52:57 +0000 (21:52 +0100)]
package/libmicrohttpd: bump to version 0.9.70

Bugfix release. For details, see the release notes:
https://lists.gnu.org/archive/html/libmicrohttpd/2020-02/msg00006.html

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libhttpparser: bump to version 2.9.3
Gilles Talis [Thu, 13 Feb 2020 20:52:56 +0000 (21:52 +0100)]
package/libhttpparser: bump to version 2.9.3

Also dropped patch that was pushed upstream

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/go: bump version to 1.13.8
Peter Korsgaard [Thu, 13 Feb 2020 20:35:27 +0000 (21:35 +0100)]
package/go: bump version to 1.13.8

Includes fixes to the runtime, the crypto/x509, and net/http
packages.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/dovecot: security bump to version 2.3.9.3
Peter Korsgaard [Thu, 13 Feb 2020 20:19:32 +0000 (21:19 +0100)]
package/dovecot: security bump to version 2.3.9.3

Fixes the following security issues:

- CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and
  lmtp processes
  lib-smtp doesn't handle truncated command parameters properly, resulting
  in infinite loop taking 100% CPU for the process.  This happens for LMTP
  (where it doesn't matter so much) and also for submission-login where
  unauthenticated users can trigger it.

- CVE-2020-7957: Specially crafted mail can crash snippet generation
  Snippet generation crashes if:
  - message is large enough that message-parser returns multiple body
    blocks
  - The first block(s) don't contain the full snippet (e.g.  full of
    whitespace)
  - input ends with '>'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/parted: disable on uclibc
Fabrice Fontaine [Thu, 13 Feb 2020 22:36:44 +0000 (23:36 +0100)]
package/parted: disable on uclibc

Like postgreSQL (and imagemagick), parted does not build against uClibc
with locales enabled, due to an uClibc bug, see
http://lists.uclibc.org/pipermail/uclibc/2014-April/048326.html:

In file included from atari.c:42:
atari.c: In function 'atr_part_correct':
atari.c:221:9: error: dereferencing pointer to incomplete type 'struct __uclibc_locale_struct'
  return isalnum_l(part->id[0], atr_c_locale)
         ^~~~~~~~~

So disable parted on uclibc

Fixes:
 - http://autobuild.buildroot.org/results/992518d340a9f32a0721d6e66936850c4c3ef2e4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/udisks: add locale dependency
Fabrice Fontaine [Thu, 13 Feb 2020 22:36:43 +0000 (23:36 +0100)]
package/udisks: add locale dependency

Commit b5f0c6efb24826641719c493382211e5d768417b forgot to propagate new
locale dependency from parted to udisks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-pyparted: add locale dependency
Fabrice Fontaine [Thu, 13 Feb 2020 22:36:42 +0000 (23:36 +0100)]
package/python-pyparted: add locale dependency

Commit b5f0c6efb24826641719c493382211e5d768417b forgot to propagate new
locale dependency from parted to python-pyparted

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libsigrok: drop remnants of autoreconf
Yann E. MORIN [Sun, 9 Feb 2020 15:12:40 +0000 (16:12 +0100)]
package/libsigrok: drop remnants of autoreconf

libsigrok has not needed autoreconf since b428801934 (package/libsigrok:
bump version to 0.4.0), 4 years ago now.

As such, we no longer need the autoreconf options, nor the dependency on
the autoconf archive.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sdl2: fix build without threads
Fabrice Fontaine [Tue, 11 Feb 2020 21:44:27 +0000 (22:44 +0100)]
package/sdl2: fix build without threads

- Drop first patch (not needed since bump to version 2.0.10 and
  https://github.com/spurious/SDL-mirror/commit/2601ef1f2d7f998c1d276d1b06cac4ed7feba2e1)
- Add a new patch to fix an outstanding build failure

Fixes:
 - http://autobuild.buildroot.org/results/7f7712c5bd47de4a3fcec1e0d0526fd5a3ecd532

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/eudev: Fix monitor starting for kernels w/o CONFIG_SHMEM
Joel Stanley [Mon, 10 Feb 2020 06:47:42 +0000 (17:17 +1030)]
package/eudev: Fix monitor starting for kernels w/o CONFIG_SHMEM

When the kernel has CONFIG_SHMEM disabled, /dev is a ramfs (instead of a
tmpfs) and the name_to_handle_at system call is not supported. This
causes eudev's monitor application to exit on startup.

Upstream eudev has added this fix which is not yet part of a release.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-screensaver-asteroids: bump version to 2.3.2
Bernd Kuhls [Thu, 6 Feb 2020 18:19:40 +0000 (19:19 +0100)]
package/kodi-screensaver-asteroids: bump version to 2.3.2

Switched _LICENSE_FILES to debian/copyright.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-peripheral-steamcontroller: bump version
Bernd Kuhls [Thu, 6 Feb 2020 18:19:39 +0000 (19:19 +0100)]
package/kodi-peripheral-steamcontroller: bump version

Switched _LICENSE_FILES to debian/copyright.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-peripheral-joystick: bump version to 1.4.9-Leia
Bernd Kuhls [Thu, 6 Feb 2020 18:19:38 +0000 (19:19 +0100)]
package/kodi-peripheral-joystick: bump version to 1.4.9-Leia

Switched _LICENSE_FILES to debian/copyright.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-inputstream-rtmp: bump version to 2.0.8-Leia
Bernd Kuhls [Thu, 6 Feb 2020 18:19:37 +0000 (19:19 +0100)]
package/kodi-inputstream-rtmp: bump version to 2.0.8-Leia

Switched _LICENSE_FILES to debian/copyright.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/rocksdb: switch to generic-package
Fabrice Fontaine [Tue, 4 Feb 2020 21:13:48 +0000 (22:13 +0100)]
package/rocksdb: switch to generic-package

Switch from cmake-package to generic-package to allow rocksdb to run the
./build_tools/build_detect_platform script and detect compiler options
such as C++17 support for -faligned-new

First patch needs to be updated and second patch can be dropped

Fixes:
 - http://autobuild.buildroot.org/results/22c9909c0d20e3871775f3874f7723910d7e5a41
 - http://autobuild.buildroot.org/results/ab7b2bc9e9653a7093d8b27d4445c28993572ca4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sqlcipher: enable back libressl
Fabrice Fontaine [Thu, 13 Feb 2020 20:09:15 +0000 (21:09 +0100)]
package/sqlcipher: enable back libressl

libressl support has been fixed since version 3.4.2 and
https://github.com/sqlcipher/sqlcipher/commit/ce489ebb4788207f27b1641f8d2bfe6b65462260

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sqlcipher: security bump to version 4.3.0
Fabrice Fontaine [Thu, 13 Feb 2020 18:41:48 +0000 (19:41 +0100)]
package/sqlcipher: security bump to version 4.3.0

>From https://www.zetetic.net/blog/2019/08/14/defcon-sqlite-attacks:

"We strongly recommend that all applications upgrade to SQLCipher 4.2.0
to take advantage of the latest security updates, especially if an
application interacts with non-encrypted databases using SQLCipher."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/bootstrap: security bump to version 4.3.1
Fabrice Fontaine [Thu, 13 Feb 2020 18:00:51 +0000 (19:00 +0100)]
package/bootstrap: security bump to version 4.3.1

- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
  data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
  plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/squashfs: update homepage link
Baruch Siach [Thu, 13 Feb 2020 17:36:35 +0000 (19:36 +0200)]
package/squashfs: update homepage link

Development moved to github.com.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/doxygen: needs host gcc >= 4.9
Fabrice Fontaine [Tue, 11 Feb 2020 21:33:52 +0000 (22:33 +0100)]
package/doxygen: needs host gcc >= 4.9

host-doxygen use std::make_unique which is a C++14 feature and so not
available with host gcc 4.8 so add a Config.in.host for doxygen and add
host gcc 4.9 dependency to host-doxygen and sigrok C++ option

Fixes:
 - http://autobuild.buildroot.org/results/3ac78c5d4728287bafdfeb3a54f50eb193934b63

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/modem-manager: bump to version 1.12.6
Aleksander Morgado [Wed, 12 Feb 2020 10:40:40 +0000 (11:40 +0100)]
package/modem-manager: bump to version 1.12.6

https://lists.freedesktop.org/archives/modemmanager-devel/2020-February/007713.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libxmlpp: bump to version 3.2.0
Fabrice Fontaine [Wed, 12 Feb 2020 21:48:56 +0000 (22:48 +0100)]
package/libxmlpp: bump to version 3.2.0

- Update site in Config.in, see
  https://gitlab.gnome.org/GNOME/libxmlplusplus/commit/604ae3c286a20683f9688f8da5221b3bf89886d0
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/qpdf: bump to version 9.1.1
Fabrice Fontaine [Wed, 12 Feb 2020 21:08:54 +0000 (22:08 +0100)]
package/qpdf: bump to version 9.1.1

Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mongoose: security bump to version 6.17
Fabrice Fontaine [Wed, 12 Feb 2020 21:21:34 +0000 (22:21 +0100)]
package/mongoose: security bump to version 6.17

- Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
  Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
  (infinite loop), or possibly cause an out-of-bounds write, by sending
  a crafted MQTT protocol packet.
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libxml-parser-perl: bump to version 2.46
Francois Perrad [Sat, 8 Feb 2020 20:52:28 +0000 (21:52 +0100)]
package/libxml-parser-perl: bump to version 2.46

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/iozone: bump to version 3_489
Gilles Talis [Sun, 9 Feb 2020 15:49:26 +0000 (16:49 +0100)]
package/iozone: bump to version 3_489

Also install "fileop", another file system benchmarking tool
provided by the iozone package.

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sdl2_mixer: bump to version 2.0.4
Gilles Talis [Sun, 9 Feb 2020 15:49:27 +0000 (16:49 +0100)]
package/sdl2_mixer: bump to version 2.0.4

Also enabled support for Opus music playback using opusfile library

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/rng-tools: bump version to 6.9
Wesley Chow [Sat, 8 Feb 2020 22:38:59 +0000 (17:38 -0500)]
package/rng-tools: bump version to 6.9

Fixes high rngd startup latency along with other minor bugs:
https://github.com/nhorman/rng-tools/releases/tag/v6.9

Signed-off-by: Wesley Chow <wes.chow@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ogre: link with libatomic when needed
Fabrice Fontaine [Mon, 10 Feb 2020 17:41:27 +0000 (18:41 +0100)]
package/ogre: link with libatomic when needed

On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

/home/test/autobuild/run/instance-1/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/8.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: ../../lib/libOgreMain.so.1.12.0: undefined reference to `__atomic_fetch_add_8'

This is often for example the case on sparc v8 32 bits.

Fixes:
 - http://autobuild.buildroot.org/results/3a09e2d1d26b19243244eb7f9235c85488a788d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mesa3d: fix circular dependency in Kconfig
Yann E. MORIN [Mon, 10 Feb 2020 20:51:46 +0000 (21:51 +0100)]
package/mesa3d: fix circular dependency in Kconfig

When the r300 driver was introduced in c5ae77c97 (package/mesa3d: add
support for gallium r300 driver), a last-minute fix was introduced by
Yann, to properly propagate the dependency of a selected symbol.

However, this ended up causing a spurious circular dependency that does
not really exists, but that Kconfig is not smart enough to detect is in
fact OK.

Fixing this is pretty non-obvious, but we have an easy way out: the
dependency is about libdrm's radeon driver requirement for a toolchain
that has the sync4 family of primitives, which is always a given for an
x86 toolchain. As the radeon r300 driver is x86-only, this dependency is
forcefully fulfilled.

So, we drop the propagated dependency, and replace it by a fat comment.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/arm-trusted-firmware: add missing qstrip
Gervais, Francois [Tue, 11 Feb 2020 20:22:00 +0000 (20:22 +0000)]
boot/arm-trusted-firmware: add missing qstrip

Add missing qstrip wrapping to the new
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS option.

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wpewebkit: disable JSC JIT for MIPSr6
Adrian Perez de Castro [Tue, 11 Feb 2020 20:44:45 +0000 (22:44 +0200)]
package/wpewebkit: disable JSC JIT for MIPSr6

Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/webkitgtk: disable JSC JIT for MIPSr6
Adrian Perez de Castro [Tue, 11 Feb 2020 20:44:44 +0000 (22:44 +0200)]
package/webkitgtk: disable JSC JIT for MIPSr6

Forcibly disable the JavaScriptCore JIT compilation support
for MIPSr6 processors, which are unsupported.

Fixes: http://autobuild.buildroot.net/results/3d21d3c3460cd85a4c828dd197929cdf17aaf4e0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/musl: move riscv64 register index constant definitions
Mark Corbin [Tue, 11 Feb 2020 15:14:53 +0000 (15:14 +0000)]
package/musl: move riscv64 register index constant definitions

The riscv64 build of libsigsegv using musl fails due to a missing
definition for REG_SP. This constant is used to index the __gregs
array in the ucontext_t structure.

This fix moves the musl defintion of REG_SP (and others) from
arch/riscv64/bits/reg.h to arch/riscv64/bits/signal.h
so that it is picked up correctly.

The patch was downloaded from upstream:
https://git.musl-libc.org/cgit/musl/commit/?id=329e79299daaa994b8e75941331a1093051ea5d9

Fixes:
http://autobuild.buildroot.org/results/8fcd5cb912e513ac08a81e3ee726e29ac22212bb/

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/exim: fix build error during install step
Luca Ceresoli [Mon, 10 Feb 2020 21:48:40 +0000 (22:48 +0100)]
package/exim: fix build error during install step

exim builds some files during the 'make install' step, and these fail with
an error:

  lookups/lf_quote.c:49:3: error: 'for' loop initial declarations are only allowed in C99 mode
     for (int j = 0; j < vlength; j++)
     ^

Fix by passing the -std=c99 here, as it is already passed in the build
step.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/exim: fix various build failures
Luca Ceresoli [Mon, 10 Feb 2020 21:48:39 +0000 (22:48 +0100)]
package/exim: fix various build failures

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/exim: fix target build on some toolchains
Luca Ceresoli [Mon, 10 Feb 2020 21:48:38 +0000 (22:48 +0100)]
package/exim: fix target build on some toolchains

Building with the Sourcery CodeBench ARM 2014.05 the build fails with this
error:

  >>> exim_dbmbuild utility built

  .../buildroot/output/host/bin/arm-none-linux-gnueabi-gcc -DEXIM_DUMPDB exim_dbutil.c
  exim_dbutil.c: In function 'main':
  exim_dbutil.c:568:1: error: 'for' loop initial declarations are only allowed in C99 mode
   for (uschar * key = dbfn_scan(dbm, TRUE, &cursor);
   ^
  exim_dbutil.c:568:1: note: use option -std=c99 or -std=gnu99 to compile your code
  exim_dbutil.c:630:2: error: 'for' loop initial declarations are only allowed in C99 mode
    for (int i = 1; i <= wait->count; i++)
    ^
  exim_dbutil.c:642:6: error: 'for' loop initial declarations are only allowed in C99 mode
        for (int j = 0; j < MESSAGE_ID_LENGTH; j++)
        ^

Fix by enforcing C99. This completes commit
2c692e81a844b30b4d3161dfd9897b3265bb9279 ("package/exim: fix host build")
to also fix target builds.

Fixes: http://autobuild.buildroot.net/results/6b7e08090f5f0f2627cc3e89b349c2052b6e3116/
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoConfig.in.legacy: fix selection of bluez5_utils
Fabrice Fontaine [Mon, 10 Feb 2020 23:01:37 +0000 (00:01 +0100)]
Config.in.legacy: fix selection of bluez5_utils

Select BR2_PACKAGE_BLUEZ5_UTILS only if all its reverse dependencies
are selected

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/gqrx: bump to version 2.12.1
Fabrice Fontaine [Mon, 10 Feb 2020 22:52:34 +0000 (23:52 +0100)]
package/gqrx: bump to version 2.12.1

- Drop all patches (already in version)
- Update indentation in hash file (two spaces)
- This bump also fix a build failure with BR2_ENABLE_DEBUG thanks to
  https://github.com/csete/gqrx/commit/d5f8e008253d63b71f5b2cf41651214f9a78e83c

Fixes:
 - http://autobuild.buildroot.org/results/17e564fc6465e6e83742c421f2a48b8a0a4923bc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/php-*: fix autoconf variables
Fabrice Fontaine [Sun, 9 Feb 2020 22:45:16 +0000 (23:45 +0100)]
package/php-*: fix autoconf variables

Build of php-* packages are broken since commit
3292f3de499717360cf18d7fecd79ac096216ca8 because
$(HOST_DIR)/bin/auto{conf,header} have been replaced by
$(HOST_DIR)/bin/auto{conf,header} -I "$(ACLOCAL_DIR)" -I "$(ACLOCAL_HOST_DIR)"

So revert this change (which should have been only refactoring) for
those packages

Fixes:
 - http://autobuild.buildroot.org/results/0d5f4a792652e302b8c00c1e0f99966cc930fbac
 - http://autobuild.buildroot.org/results/91a559183db212803a90cb399a1cb505b14818d9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/uclibc: restore __isctype_l definition
Max Filippov [Sun, 9 Feb 2020 20:09:37 +0000 (12:09 -0800)]
package/uclibc: restore __isctype_l definition

Recent is*_l fix broke uclibc build because removed __isctype_l
definition was used in libc/misc/ctype/ctype.c. Restore it.

Fixes: 8723c5e7a6db ("package/uclibc: fix ctype.h is*_l definitions")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
[yann.morin.1998@free.fr:
  - add new patch, don't fix existing one
  - add URL to upstream ML post
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/mesa3d: add support for gallium r300 driver
James Hilliard [Sun, 9 Feb 2020 15:12:02 +0000 (08:12 -0700)]
package/mesa3d: add support for gallium r300 driver

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: propagate libdrm's radeon dependencies]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libexif: add post-0.6.21 upstream security fixes
Peter Korsgaard [Sat, 8 Feb 2020 15:07:13 +0000 (16:07 +0100)]
package/libexif: add post-0.6.21 upstream security fixes

Fixes the following security issues:

- CVE-2016-6328: A vulnerability was found in libexif.  An integer overflow
  when parsing the MNOTE entry data of the input file.  This can cause
  Denial-of-Service (DoS) and Information Disclosure (disclosing some
  critical heap chunk metadata, even other applications' private data).

- CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
  read vulnerability in exif_data_save_data_entry function in
  libexif/exif-data.c caused by improper length computation of the allocated
  data of an ExifMnote entry which can cause denial-of-service or possibly
  information disclosure.

- CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and
  EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
  exhaust available CPU resources.

- CVE-2019-9278: In libexif, there is a possible out of bounds write due to
  an integer overflow.  This could lead to remote escalation of privilege in
  the media content provider with no additional execution privileges needed.
  User interaction is needed for exploitation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gnuradio: backport build fixes with less use of Boost
Gwenhael Goavec-Merou [Fri, 7 Feb 2020 15:39:27 +0000 (16:39 +0100)]
package/gnuradio: backport build fixes with less use of Boost

Backport patch from upstream to fix build failures such as:

    In file included from /home/buildroot/autobuild/instance-0/output-1/build/gnuradio-3.8.0.0/gr-digital/lib/glfsr.cc:23:
    /home/buildroot/autobuild/instance-0/output-1/build/gnuradio-3.8.0.0/gr-digital/lib/../include/gnuradio/digital/glfsr.h:42:5: error: 'uint32_t' does not name a type; did you mean 'u_int32_t'?
        uint32_t d_shift_register;
        ^~~~~~~~
        u_int32_t

Since Gnuradio policy is Less boost == better and C++11 is used, use cstdint
instead of boost/cstdint.hpp.

Applied in gnuradio master (475e4a156b516c089175afb998acdc80b740b437)

fix:
 - http://autobuild.buildroot.net/results/14015f499e58fee530877ac052878bbe2f799942/
 - http://autobuild.buildroot.net/results/53239f98dd5e03d4dc1bb4eb91ed765f77dbf0ec/

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
  - add upstream reference in the patch itself
  - minor eye-candy in commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/mesa3d: add support for gallium i915 driver
James Hilliard [Sat, 8 Feb 2020 07:42:50 +0000 (00:42 -0700)]
package/mesa3d: add support for gallium i915 driver

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: also guard comment with x86 dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/mesa3d: fix iris driver depends and selects
James Hilliard [Sat, 8 Feb 2020 22:28:09 +0000 (15:28 -0700)]
package/mesa3d: fix iris driver depends and selects

iris is inherently an x86-only driver, and it hard codes gcc options
specific to x86m like -msse2, causing build breakage on other
architectures.

iris also does not use kmsro, but the select was accidentally added when
iris was introduced.

Fix both by adding the missing dependency to x86, and by removing the
select to kmsro.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
  - ad dependency to x86
  - reword commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/weston: update patches with upstream backports
James Hilliard [Sat, 8 Feb 2020 22:23:02 +0000 (15:23 -0700)]
package/weston: update patches with upstream backports

These updated patches fix the same issues but are backported from upstream
commits instead of pull requests.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/Config.in: fix make failure by removing gstreamer/Config.in
Giulio Benetti [Sun, 9 Feb 2020 08:36:51 +0000 (09:36 +0100)]
package/Config.in: fix make failure by removing gstreamer/Config.in

After commit:
https://git.buildroot.net/buildroot/commit/?id=fb49c7a26182f9d48f8283e7328fddc216962c94
gstreamer entry in package/Config.in was left behind resulting in every
make call to fail. So let's remove orphaned gstreamer entry from
package/Config.in

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/qemu: do not support x86_steamroller or x86_core_avx2
Adam Duskett [Sat, 8 Feb 2020 21:15:11 +0000 (13:15 -0800)]
package/qemu: do not support x86_steamroller or x86_core_avx2

These CPU's cause segfaults with qemu.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gstreamer/*: remove packages
Peter Korsgaard [Fri, 7 Feb 2020 14:50:25 +0000 (15:50 +0100)]
package/gstreamer/*: remove packages

Gstreamer 0.10 has been deprecated upstream since 2012 and is missing a lot
of features and (security) fixes compared to gstreamer1, so remove it.

All gstreamer-0.10 sub packages depends on gstreamer, so we only need to add
a legacy entry for that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/nvidia-tegra23-binaries: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:24 +0000 (15:50 +0100)]
package/nvidia-tegra23-binaries: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for installing
binaries using gstreamer 0.10.x in nvidia-tegra23-binaries must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/freerdp: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:23 +0000 (15:50 +0100)]
package/freerdp: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building freerdp
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/opencv3: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:22 +0000 (15:50 +0100)]
package/opencv3: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building opencv3
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/opencv: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:21 +0000 (15:50 +0100)]
package/opencv: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building opencv
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libplayer: remove package
Peter Korsgaard [Fri, 7 Feb 2020 14:50:20 +0000 (15:50 +0100)]
package/libplayer: remove package

Libplayer is dead upstream.  The mercurial repo is no longer online, it
hasn't seen any releases since 2010 and the mplayer backend was removed from
Buildroot in 2018.

With the upcoming removal of gstreamer 0.10, there is no longer any backends
available in Buildroot, so remove the package.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/qt5multimedia: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:19 +0000 (15:50 +0100)]
package/qt5multimedia: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building
qt5multimeda with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libnice: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:18 +0000 (15:50 +0100)]
package/libnice: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building
libnice with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gupnp-dlna: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:17 +0000 (15:50 +0100)]
package/gupnp-dlna: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building
gupnp-dlna with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/classpath: drop gstreamer 0.10.x support
Peter Korsgaard [Fri, 7 Feb 2020 14:50:16 +0000 (15:50 +0100)]
package/classpath: drop gstreamer 0.10.x support

With the upcoming removal of gstreamer 0.10, the logic for building
classpath with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agotoolchain: use consistent code style for C code
Peter Korsgaard [Sat, 8 Feb 2020 19:44:00 +0000 (20:44 +0100)]
toolchain: use consistent code style for C code

Most, but not all our C code follows the Linux kernel code style (as
documented in Documentation/process/coding-style.rst).  Adjust the few
places doing differently:

- Braces:
  ..but the preferred way, as shown to us by the prophets Kernighan
  and Ritchie, is to put the opening brace last on the line

- Spaces after keywords:
  Use a space after (most) keywords

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libnss: fix powerpc altivec build failure
Giulio Benetti [Sat, 8 Feb 2020 10:39:00 +0000 (11:39 +0100)]
package/libnss: fix powerpc altivec build failure

NSS_DISABLE_ALTIVEC variable has been introduced into libnss so let's
use it to prevent Altivec build failure on PowerPc by passing
NSS_DISABLE_ALTIVEC=1 if BR2_POWERPC_CPU_HAS_ALTIVEC is not 'y'.

Fixes:
http://autobuild.buildroot.net/results/957/957cec911bcd68a18418ad02f13e7e3001521c59/
http://autobuild.buildroot.net/results/6a1/6a1578619a477e1605fe152070f004b662f1d839/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libnss: bump version to 3.50
Giulio Benetti [Sat, 8 Feb 2020 10:38:59 +0000 (11:38 +0100)]
package/libnss: bump version to 3.50

It requires already bumped libnspr version 4.25.

Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes

Drop all patches since they have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agotoolchain: allow using custom headers newer than latest known ones
Vincent Fazio [Wed, 15 Jan 2020 18:29:07 +0000 (19:29 +0100)]
toolchain: allow using custom headers newer than latest known ones

When Buildroot is released, it knows up to a certain kernel header
version, and no later. However, it is possible that an external
toolchain will be used, that uses headers newer than the latest version
Buildroot knows about.

This may also happen when testing a development, an rc-class, or a newly
released kernel, either in an external toolchain, or with an internal
toolchain with custom headers (same-as-kernel, custom version, custom
git, custom tarball).

In the current state, Buildroot would refuse to use such toolchains,
because the test is for strict equality.

We'd like to make that situation possible, but we also want the user not
to be lenient at the same time, and select the right headers version
when it is known.

So, we add a new Kconfig blind option that the latest kernel headers
version selects. This options is then used to decide whether we do a
strict or loose check of the kernel headers.

Suggested-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
  - only do a loose check for the latest version
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/skeleton-init-sysv: conditionally enable swapon/swapoff in inittab
Carlos Santos [Fri, 7 Feb 2020 22:33:22 +0000 (19:33 -0300)]
package/skeleton-init-sysv: conditionally enable swapon/swapoff in inittab

The default inittab files added by busybox and sysvinit runs 'swapon -a'
during init and 'swapoff -a' during shutdown, but those programs are not
guaranteed to be available, so the boot log may become polluted by error
messages like this:

    swapon: not found

Add a target-finalize hook to skeleton-init-sysv that enables or disables
the swapon/swapoff lines in /etc/inittab, depending on the existence of
$(TARGET_DIR)/sbin/swap{on,off}.

Based on a previous patch sent by Thomas De Schampheleire.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoRevert "system: don't attempt swapon/swapoff in inittab if not available"
Carlos Santos [Fri, 7 Feb 2020 22:33:21 +0000 (19:33 -0300)]
Revert "system: don't attempt swapon/swapoff in inittab if not available"

This reverts commit c4dce0ae0f5d5d7fecb6f493e974e131a6df43da.

A different fix will be provided in a forthcoming patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sdl_mixer: fix build after aclocal include revamp
Yann E. MORIN [Sat, 8 Feb 2020 18:26:11 +0000 (19:26 +0100)]
package/sdl_mixer: fix build after aclocal include revamp

After d255b67972 (autotools: do not overwrite first include path), the
ordering of include paths has changed: the system directories are
specified with explicit options passed to autoreconf, which means that
any directory specified in the package _AUTORECONF_OPTS are no longer
first:

  - in package/autoconf/autoconf.mk, we define AUTORECONF as:
    AUTOCONF = $(HOST_DIR)/bin/autoconf -I "$(ACLOCAL_DIR)" -I "$(ACLOCAL_HOST_DIR)"

  - in package/pkg-autotools.mk, we call AUTORECONF with:
    $($(PKG)_AUTORECONF_ENV) $(AUTORECONF) $($(PKG)_AUTORECONF_OPTS)

So, the include directory specified by SDL_MIXER_AUTORECONF_OPTS is now
lagging behind the system headers, and the very issue that d255b67972
was suposed to fix in a generic way, pops up back for this specific
case.

We fix that by patching sdl_mixer so that it uses the bog-down standard
mechanisms, to specify the macro directory from within configure.in,
instead of specifying it on the command line, so that the magic
introduced by d255b67972 does happen.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/localedef: relax required toolchain version
Matt Weber [Thu, 6 Feb 2020 21:08:59 +0000 (15:08 -0600)]
package/localedef: relax required toolchain version

The glibc package has been updating the toolchain version
dependency since 2.28.x. The dependencies don't currently
apply to the localedef build of the package, so this
patchset relaxes the restriction such that builds can still
occur on older host machines.

The current supported minimum versions after this patch
is applied are:
GCC 4.8
Binutils 2.24

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/luarocks: fix buildroot addon vs 3.3.x
Francois Perrad [Sat, 8 Feb 2020 14:27:06 +0000 (15:27 +0100)]
package/luarocks: fix buildroot addon vs 3.3.x

an internal API change introduced by version 3.3.0 causes the following failure:
```
Error: LuaRocks 3.3.1 bug (please report at https://github.com/luarocks/luarocks/issues).
Arch.: linux-x86_64
.../user/build/qarm/host/share/lua/5.3/luarocks/queries.lua:55: assertion failed!
stack traceback:
[C]: in function 'assert'
.../user/build/qarm/host/share/lua/5.3/luarocks/queries.lua:55: in function 'luarocks.queries.new'
...m/host/share/lua/5.3/luarocks/cmd/external/buildroot.lua:322: in function 'luarocks.cmd.external.buildroot.command'
(...tail calls...)
[C]: in function 'xpcall'
/home/user/build/qarm/host/share/lua/5.3/luarocks/cmd.lua:620: in function 'luarocks.cmd.run_command'
/home/user/build/qarm/host/bin/luarocks:38: in main chunk
[C]: in ?
```

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/util-linux: upgrade to version 2.35.1
Carlos Santos [Fri, 7 Feb 2020 23:16:08 +0000 (20:16 -0300)]
package/util-linux: upgrade to version 2.35.1

Drop patches already applied upstream and, consequently, AUTORECONF.

util-linux 2.35.1 Release Notes
===============================

build-sys:
   - add --disable-hwclock-gplv3  [Karel Zak]
chrt:
   - Use sched_setscheduler system call directly  [jonnyh64]
lib/randutils:
   - use explicit data types for bit ops  [Karel Zak]
libfdisk:
   - fix __copy_partition()  [Karel Zak]
   - make sure we use NULL after free  [Karel Zak]
libmount:
   - fix x- options use for non-root users  [Karel Zak]
po:
   - update uk.po (from translationproject.org)  [Yuri Chornoivan]
sfdisk:
   - make sure we do not overlap on --move  [Karel Zak]
   - remove broken step alignment for --move  [Karel Zak]

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/barebox: bump version to 2020.01.0
Bartosz Bilas [Fri, 7 Feb 2020 20:56:37 +0000 (21:56 +0100)]
boot/barebox: bump version to 2020.01.0

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/uclibc: fix ctype.h is*_l definitions
Max Filippov [Fri, 7 Feb 2020 19:51:44 +0000 (11:51 -0800)]
package/uclibc: fix ctype.h is*_l definitions

ctype locale-specific macro definitions are broken because they result
in dereference of pointer to structure of incomplete type.
Drop these macros since they are optional and let applications use
functions with the same names.

Backported from:
  https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=d1a3ca7ca56630fddde7311a0474eed4a21335a7
Fixes:
  http://autobuild.buildroot.net/results/b7ba1210d5aa184b133f0171da621d2b0083ec39

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/luarocks: bump to version 3.3.1
Francois Perrad [Fri, 7 Feb 2020 14:59:55 +0000 (15:59 +0100)]
package/luarocks: bump to version 3.3.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ninja: fix build for cmake 3.10
Yegor Yefremov [Thu, 6 Feb 2020 13:21:32 +0000 (14:21 +0100)]
package/ninja: fix build for cmake 3.10

If the host cmake is 3.10, the configuration step produces
the following error:

CMake Error at CMakeLists.txt:87 (target_link_libraries):
Target "libninja" of type OBJECT_LIBRARY may not be linked into another
target. One may link only to STATIC or SHARED libraries, or to executables
with the ENABLE_EXPORTS property set.

This patch fixes CMakeLists.txt to use the object library as it was intended
in cmake 3.10.

Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12546

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Damian Tometzki <dti@familie-tometzki.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wireguard-tools: bump to version 1.0-20200206
Peter Korsgaard [Thu, 6 Feb 2020 22:21:06 +0000 (23:21 +0100)]
package/wireguard-tools: bump to version 1.0-20200206

Drop libmnl dependency. From the announcement:

 * netlink: remove libmnl requirement

We no longer require libmnl.  It turns out that inlining the small subset of
libmnl that we actually use results in a smaller binary than the overhead of
linking to the external library.

pkg-config is still used for the systemd support though, so move the
host-pkgconf dependency there.

For more details, see the announcement:

https://lists.zx2c4.com/pipermail/wireguard/2020-February/004963.html

While we are at it, adjust the white space in the .hash file to match the
new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wireguard-linux-compat: bump version to 0.0.20200205
Peter Korsgaard [Thu, 6 Feb 2020 22:21:05 +0000 (23:21 +0100)]
package/wireguard-linux-compat: bump version to 0.0.20200205

Includes fixes for issues found through fuzzing.  For details, see the
announcement:

https://lists.zx2c4.com/pipermail/wireguard/2020-February/004962.html

While we are at it, adjust the white space in the .hash file to match the
new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wpebackend-fdo: bump to version 1.4.1
Adrian Perez de Castro [Fri, 7 Feb 2020 09:26:39 +0000 (11:26 +0200)]
package/wpebackend-fdo: bump to version 1.4.1

This is a bugfix release which solves a couple of build issues.
Full release notes:

  https://wpewebkit.org/release/wpebackend-fdo-1.4.1.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libftdi1: fix python support
Yegor Yefremov [Thu, 6 Feb 2020 09:54:21 +0000 (10:54 +0100)]
package/libftdi1: fix python support

Add an upstreamed patch that reorders find_package() commands.
This way Python interpreter will be detected first and based on
it the Python libraries can be found.

Fixes the following CMake error:

Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series
Peter Korsgaard [Thu, 6 Feb 2020 21:39:03 +0000 (22:39 +0100)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: add Yegor Yefremov as contact for swig and libftdi1
Yegor Yefremov [Thu, 6 Feb 2020 11:12:09 +0000 (12:12 +0100)]
DEVELOPERS: add Yegor Yefremov as contact for swig and libftdi1

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/clamav: security bump version to 0.102.2
Bernd Kuhls [Thu, 6 Feb 2020 18:43:14 +0000 (19:43 +0100)]
package/clamav: security bump version to 0.102.2

Fixes CVE-2020-3123: A vulnerability in the Data-Loss-Prevention (DLP)
module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0
could allow an unauthenticated, remote attacker to cause a denial of service
condition on an affected device.  The vulnerability is due to an
out-of-bounds read affecting users that have enabled the optional DLP
feature.  An attacker could exploit this vulnerability by sending a crafted
email file to an affected device.  An exploit could allow the attacker to
cause the ClamAV scanning process crash, resulting in a denial of service
condition.

Release notes:
https://lists.clamav.net/pipermail/clamav-announce/2020/000045.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/optee-os: license files hashes only valid for latest version
Yann E. MORIN [Wed, 5 Feb 2020 14:48:43 +0000 (15:48 +0100)]
boot/optee-os: license files hashes only valid for latest version

We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for optee-os as was done for other packages in the recent past,
and only define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/at91bootstrap3: license files hashes only valid for latest version
Yann E. MORIN [Wed, 5 Feb 2020 14:48:42 +0000 (15:48 +0100)]
boot/at91bootstrap3: license files hashes only valid for latest version

We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for at91bootstrap3 as was done for other packages in the recent
past, and only define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/barebox: license files hashes only valid for latest version
Yann E. MORIN [Wed, 5 Feb 2020 14:48:41 +0000 (15:48 +0100)]
boot/barebox: license files hashes only valid for latest version

We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for Barebox as was done for ATF, linux, and linux-headers, and
only define the list of license files for the latest version.

Add the hash for that license file, and align hashes to the new spacing
convention.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/uboot: license files hashes only valid for latest version
Yann E. MORIN [Wed, 5 Feb 2020 14:48:40 +0000 (15:48 +0100)]
boot/uboot: license files hashes only valid for latest version

We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for U-Boot as was done for ATF, linux, and linux-headers, and only
define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/linux-headers: license files hashes only valid for latest version
Yann E. MORIN [Wed, 5 Feb 2020 14:48:39 +0000 (15:48 +0100)]
package/linux-headers: license files hashes only valid for latest version

Like we did for the linux kernel, change linux-headers to only check the
license hashes for the latest known version as the content of COPYING has
changed between versions.

To simplify the test, we introduce an intermediate, blind option that get
selected when the latest kernel sources are used.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agolinux: license files hashes are only valid for latest known version
Markus Mayer [Wed, 5 Feb 2020 14:48:38 +0000 (15:48 +0100)]
linux: license files hashes are only valid for latest known version

The content of COPYING changed between v4.16 and v4.17. Since kernels
before and after the change are supported, storing the hash for this
file will cause an error during "make legal-info" when a kernel with the
respective other hash is being used.

So, for the kernel, we do like we did for ATF: the license file is only
listed for the latest version.

In the process, add the missing license files referenced from COPYING
and align the fields to the new spacing convention.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
  - only list the licenses files for the latest version
  - restore the hash for COPYING
  - introduce hashes for the two new license files
  - expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/glslsandbox-player: new package
Julien Olivain [Fri, 23 Aug 2019 20:57:11 +0000 (22:57 +0200)]
package/glslsandbox-player: new package

GLSL Sandbox standalone player allow one to run and render
(most of) nice shaders available online on the
http://glslsandbox.com/ website, but without the need of an
Internet connection, a web browser or any of its
dependencies. Instead, the only requirement of
glslsandbox-player is a working EGL and GLESv2 libraries.

This package is useful for stressing and testing GLES shader
compiler in GPU drivers.

https://github.com/jolivain/glslsandbox-player

Signed-off-by: Julien Olivain <juju@cotds.org>
[Arnout: add dependency on threads and make BUSYBOX_SHOW_OTHERS
 conditional]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/wireshark: security bump to version 3.2.1
Titouan Christophe [Wed, 5 Feb 2020 17:05:32 +0000 (18:05 +0100)]
package/wireshark: security bump to version 3.2.1

This fixes CVE-2020-7044:
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.
This was addressed in epan/dissectors/packet-wassp.c by using
>= and <= to resolve off-by-one errors.

Also change the hash file to the new spacing convention introduced
by Yann E. Morin.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>