buildroot.git
3 years agopackage/hwloc: add optional dependencies to udev, libxml2, ncurses & numactl
Bernd Kuhls [Sun, 23 May 2021 09:43:46 +0000 (11:43 +0200)]
package/hwloc: add optional dependencies to udev, libxml2, ncurses & numactl

udev:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L626

libxml2:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L1273

ncurses:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L340

numactl:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L419

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: drop unconditional --disable-libxml2]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/p7zip: add P7ZIP_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 23 May 2021 10:43:35 +0000 (12:43 +0200)]
package/p7zip: add P7ZIP_CPE_ID_VENDOR

cpe:2.3:a:7-zip:p7zip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3A7-zip%3Ap7zip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libical: add LIBICAL_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 23 May 2021 10:39:48 +0000 (12:39 +0200)]
package/libical: add LIBICAL_CPE_ID_VENDOR

cpe:2.3:a:libical_project:libical is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibical_project%3Alibical

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/shellinabox: add SHELLINABOX_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 23 May 2021 10:35:36 +0000 (12:35 +0200)]
package/shellinabox: add SHELLINABOX_CPE_ID_VENDOR

cpe:2.3:a:shellinabox_project:shellinabox is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ashellinabox_project%3Ashellinabox

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/blktrace: add BLKTRACE_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 23 May 2021 10:27:57 +0000 (12:27 +0200)]
package/blktrace: add BLKTRACE_CPE_ID_VENDOR

cpe:2.3:a:blktrace_project:blktrace is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ablktrace_project%3Ablktrace

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lz4: add upstream security fix for CVE-2021-3520
Peter Korsgaard [Sun, 23 May 2021 09:52:39 +0000 (11:52 +0200)]
package/lz4: add upstream security fix for CVE-2021-3520

Fixes a potential memory corruption with negative memmove() size.  For
details, see (NVD not yet updated):

https://security-tracker.debian.org/tracker/CVE-2021-3520

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/imagemagick: security bump to version 7.0.11-13
Fabrice Fontaine [Sat, 22 May 2021 21:59:17 +0000 (23:59 +0200)]
package/imagemagick: security bump to version 7.0.11-13

Fix CVE-2021-20309 to CVE-2021-20313

https://github.com/ImageMagick/ImageMagick/blob/7.0.11-13/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/vlc: fix build with latest live555
Fabrice Fontaine [Sat, 22 May 2021 21:41:39 +0000 (23:41 +0200)]
package/vlc: fix build with latest live555

Fix build failure with live555 raised since commit
6ad1c7f12e57ab7c6f022470e0aacec442d14267

Fixes:
 - http://autobuild.buildroot.org/results/83170984f96238756c45bf1f4e542363afafd45f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/msmtp: add MSMTP_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 20:42:09 +0000 (22:42 +0200)]
package/msmtp: add MSMTP_CPE_ID_VENDOR

cpe:2.3:a:marlam:msmtp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amarlam%3Amsmtp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mpv: add MPV_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 20:28:54 +0000 (22:28 +0200)]
package/mpv: add MPV_CPE_ID_VENDOR

cpe:2.3:a:mpv:mpv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ampv%3Ampv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pwgen: add PWGEN_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 20:25:22 +0000 (22:25 +0200)]
package/pwgen: add PWGEN_CPE_ID_VENDOR

cpe:2.3:a:pwgen_project:pwgen is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apwgen_project%3Apwgen

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pulseaudio: add PULSEAUDIO_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 20:21:56 +0000 (22:21 +0200)]
package/pulseaudio: add PULSEAUDIO_CPE_ID_VENDOR

cpe:2.3:a:pulseaudio:pulseaudio is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apulseaudio%3Apulseaudio

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/proxychains-ng: add PROXYCHAINS_NG_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 20:11:36 +0000 (22:11 +0200)]
package/proxychains-ng: add PROXYCHAINS_NG_CPE_ID_VENDOR

cpe:2.3:a:proxychains-ng_project:proxychains-ng is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aproxychains-ng_project%3Aproxychains-ng

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pigz: add PIGZ_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 17:58:03 +0000 (19:58 +0200)]
package/pigz: add PIGZ_CPE_ID_VENDOR

cpe:2.3:a:zlib:pigz is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Azlib%3Apigz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/picocom: add PICOCOM_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 17:53:51 +0000 (19:53 +0200)]
package/picocom: add PICOCOM_CPE_ID_VENDOR

cpe:2.3:a:picocom_project:picocom is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apicocom_project%3Apicocom

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pngquant: add PNGQUANT_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 22 May 2021 17:47:17 +0000 (19:47 +0200)]
package/pngquant: add PNGQUANT_CPE_ID_VENDOR

cpe:2.3:a:pngquant:pngquant is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apngquant%3Apngquant

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pipewire: link with -latomic
Fabrice Fontaine [Sat, 22 May 2021 16:31:35 +0000 (18:31 +0200)]
package/pipewire: link with -latomic

Fix build failure which is raised since bump to version 0.3.26 in commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9

Fixes:
 - http://autobuild.buildroot.org/results/b5305e8e7dd1a5e8bfaba72b06251056ba7d1af1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/uhd: USRP1 needs gcc >= 4.9
Fabrice Fontaine [Sat, 22 May 2021 16:29:24 +0000 (18:29 +0200)]
package/uhd: USRP1 needs gcc >= 4.9

Commit c577eac16eaae515973faf3013da197516bfd391 forgot to add
dependencies of BR2_PACKAGE_UHD_USB to BR2_PACKAGE_UHD_USRP1

Fixes:
 - http://autobuild.buildroot.org/results/eaae6548fb536e2b0ea539c236cd7579e63fa21e

Note: threads dependency is already guaranteed as uhd itself depends on
NPTL already.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/llvm: include limits
Fabrice Fontaine [Sat, 22 May 2021 15:10:37 +0000 (17:10 +0200)]
package/llvm: include limits

Fix the following build failure:

In file included from /data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.cc:15:
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h: In function 'void AddRange(std::vector<T>*, T, T, int)':
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h:17:30: error: 'numeric_limits' is not a member of 'std'
   17 |   static const T kmax = std::numeric_limits<T>::max();
      |                              ^~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/68581aad7c622a1fc74bb5556799e3c681425b2a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoUpdate for 2021.05-rc2
Peter Korsgaard [Sat, 22 May 2021 13:42:38 +0000 (15:42 +0200)]
Update for 2021.05-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/runc: security bump to version 1.0.0-rc95
Christian Stewart [Fri, 21 May 2021 20:15:17 +0000 (13:15 -0700)]
package/runc: security bump to version 1.0.0-rc95

Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mutt: security bump to version 2.0.7
Fabrice Fontaine [Fri, 21 May 2021 18:57:29 +0000 (20:57 +0200)]
package/mutt: security bump to version 2.0.7

Fix CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt
2019-10-25 through 2021-05-04) has a $imap_qresync issue in which
imap/util.c has an out-of-bounds read in situations where an IMAP
sequence set ends with a comma. NOTE: the $imap_qresync setting for
QRESYNC is not enabled by default.

https://gitlab.com/muttmua/mutt/-/blob/mutt-2-0-7-rel/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wireshark: security bump to version 3.4.5
Fabrice Fontaine [Fri, 21 May 2021 18:55:44 +0000 (20:55 +0200)]
package/wireshark: security bump to version 3.4.5

Fixes: CVE-2021-22207 Excessive memory consumption in MS-WSP dissector
in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service
via packet injection or crafted capture file

See also: https://www.wireshark.org/security/wnpa-sec-2021-04.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add CVE reference]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/webkitgtk: select missing multimedia deps
Adrian Perez de Castro [Wed, 19 May 2021 21:38:27 +0000 (00:38 +0300)]
package/webkitgtk: select missing multimedia deps

Select a few missing multimedia related dependencies:

- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT is needed for
  "autoaudiosink"; not having this element can cause a crash as
  it is used unconditionally.
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA and
  BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX are needed for
  WebM video playback.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wpewebkit: select gstreamer autoaudiosink
Adrian Perez de Castro [Wed, 19 May 2021 21:32:37 +0000 (00:32 +0300)]
package/wpewebkit: select gstreamer autoaudiosink

Select BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT when multimedia
support is enabled. This is needed at runtime to automatically select
a suitable audio output element, otherwise WebKit will crash at an
assertion due to the missing "autoaudiosink" element. More here:

  https://wpewebkit.org/about/faq.html#why-does-the-browser%2Flauncher-(e.g.-cog)-crash-when-trying-to-play-audio%3F

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: drop legacy default
Yann E. MORIN [Fri, 21 May 2021 14:00:08 +0000 (16:00 +0200)]
package/lvm2: drop legacy default

Commit f289b1b36f5c (legacy: drop options removed more than 5 years ago
now) forgot to remove a legacy default.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/waylandpp: add dependency to BR2_INSTALL_LIBSTDCPP
Heiko Thiery [Fri, 21 May 2021 09:14:04 +0000 (11:14 +0200)]
package/waylandpp: add dependency to BR2_INSTALL_LIBSTDCPP

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: propagate the dependency to kodi]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-bluezero: add recursive dependencies
Arnout Vandecappelle (Essensium/Mind) [Fri, 21 May 2021 09:12:30 +0000 (11:12 +0200)]
package/python-bluezero: add recursive dependencies

python-bluezero selects python-gobject but fails to include its arch and
toolchain dependencies. Add them now, as well as the corresponding
comment.

dbus-python also has some dependencies, but all of them are covered by
the python3 dependency, so don't bother with those.

Fixes: 8bdc5e7c4d975193b1e18999ed840507cea63bd6
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/python-bluezero: depends on dbus-python and python-gobject
Grzegorz Blach [Mon, 8 Feb 2021 00:55:42 +0000 (01:55 +0100)]
package/python-bluezero: depends on dbus-python and python-gobject

As of version 0.4.0 observer.py uses dbus-python (to comunicate with BlueZ)
instead of python-aioblescan. Thus, all modules now depend on dbus-python.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/ebtables: fix runtime in case of BR2_KERNEL_64_USERLAND_32
Thomas De Schampheleire [Tue, 18 May 2021 07:46:27 +0000 (09:46 +0200)]
package/ebtables: fix runtime in case of BR2_KERNEL_64_USERLAND_32

ebtables 2.0.11 no longer works correctly when userland is 32-bit and the
kernel is 64-bit. This used to work correctly in version 2.0.10-4.

Problem is twofold:
- ebtables itself was broken and needs to be patched
- buildroot needs to pass the correct flag again to indicate when we are in
  this situation

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/mender: the dbus plugin requires libglib2
Adam Duskett [Thu, 20 May 2021 20:34:36 +0000 (13:34 -0700)]
package/mender: the dbus plugin requires libglib2

If libglib2 is not build before building the dbus plugin, mender fails to
compile with the following error:
Package 'gio-2.0', required by 'virtual:world', not found

 - Add a check for libglib2 in addition to dbus when enabling the dbus plugin.
 - Depend on libglib2 if both packages are selected.

Fixes:
http://autobuild.buildroot.org/results/1bc5893b88db08612059ad899c2bc3b2abb291fb

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/gcc: add upstream patches that introduce -mcmodel=large option for or1k
Giulio Benetti [Mon, 3 May 2021 11:13:44 +0000 (13:13 +0200)]
package/gcc: add upstream patches that introduce -mcmodel=large option for or1k

Let's add upstream patches introducing -mcmodel=large or1k gcc option that
works in conjunction with previous binutils patch. That option fix binutils
bug 21464[1] allowing to build libgeos with no problem. This way we can
consider buildroot toolchain binutils bug 21464 free.

[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=21464

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]

3 years agopackage/binutils: add upstream backported patches to support -mcmodel=large gcc option
Giulio Benetti [Mon, 3 May 2021 11:13:43 +0000 (13:13 +0200)]
package/binutils: add upstream backported patches to support -mcmodel=large gcc option

Add upstream backported patches that allows using -mcmodel=large gcc option
that in order allows fixing build failure due to binutils bug 21464:
https://sourceware.org/bugzilla/show_bug.cgi?id=21464

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]

3 years agopackage/binutils: update or1k patches for plt link version with upstream
Giulio Benetti [Mon, 3 May 2021 11:13:42 +0000 (13:13 +0200)]
package/binutils: update or1k patches for plt link version with upstream

Actual patches are stubs suggested but now they are available as upstream.
So let's substitute them since they make part of a or1k patchset and next
patch will add the others.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]

3 years agopackage/dhcp: add host-gawk to global dependencies and build environment
Sergey Matyukevich [Thu, 20 May 2021 21:52:24 +0000 (00:52 +0300)]
package/dhcp: add host-gawk to global dependencies and build environment

DHCP package may silently fail to install binaries to the target image.
The problem occurs when buildroot output/host and build server provide
different flavors of awk. For instance, mawk on build server and gawk
in buildroot output/host. In this case isc-dhcp configure script detects
gawk in output/host and generates Makefiles specifying gawk without
absolute path. During Buildroot installation phase, those Makefiles
are used to install dhcp binaries. They attempt to use gawk without
absolute path. However build host does not have gawk.

To resolve the issue add host-gawk to dependencies and specify absolute
path to host-gawk in dhcp configure script using DHCP_CONF_ENV.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/imx-gpu-viv: fix Config.in indentation
Arnout Vandecappelle (Essensium/Mind) [Fri, 21 May 2021 06:55:50 +0000 (08:55 +0200)]
package/imx-gpu-viv: fix Config.in indentation

As reported by check-package.

Fixes: 3d78dbace207b6b93416b27abcb85dbccde97a6b
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/wpa_supplicant: fix build with CVE-2021-30004 changes
Sergey Matyukevich [Thu, 20 May 2021 19:04:56 +0000 (22:04 +0300)]
package/wpa_supplicant: fix build with CVE-2021-30004 changes

Commit a8fbe67b9b16 ("package/wpa_supplicant: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/assimp: depends on libzlib
Fabrice Fontaine [Thu, 28 Jan 2021 20:04:36 +0000 (21:04 +0100)]
package/assimp: depends on libzlib

assimp doesn't build with zlib-ng because Z_EXPORT and z_crc_t are used
by the bundled unzip source code

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/assimp: fix build on musl
Fabrice Fontaine [Thu, 28 Jan 2021 20:04:35 +0000 (21:04 +0100)]
package/assimp: fix build on musl

Fixes:
 - http://autobuild.buildroot.net/results/7c2db184ee200d1719308f38f42382bb39d8d5c6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agoRevert "package/assimp: fix static only build"
Fabrice Fontaine [Thu, 28 Jan 2021 20:04:34 +0000 (21:04 +0100)]
Revert "package/assimp: fix static only build"

This reverts commit b44b5cb265e3764169aa4856f40e8e2db55cba22.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agoRevert "package/assimp: fix musl zlib/zip related compile failure"
Fabrice Fontaine [Thu, 28 Jan 2021 20:04:33 +0000 (21:04 +0100)]
Revert "package/assimp: fix musl zlib/zip related compile failure"

This reverts commit b529a582ba4d7671597e95d7ab54ee652cbbc261 as it
raises a build failure with hiawatha because assimp installs its own
zlib library in staging directory.

Fixes:
 - http://autobuild.buildroot.org/results/9cac31962d48245a5579da692dbc9488292a397e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/libfuse3: add CPE variables
Fabrice Fontaine [Thu, 20 May 2021 19:31:54 +0000 (21:31 +0200)]
package/libfuse3: add CPE variables

cpe:2.3:a:libfuse_project:libfuse is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibfuse_project%3Alibfuse

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libfuse: add LIBFUSE_CPE_ID_VENDOR
Fabrice Fontaine [Thu, 20 May 2021 19:31:24 +0000 (21:31 +0200)]
package/libfuse: add LIBFUSE_CPE_ID_VENDOR

cpe:2.3:a:libfuse_project:libfuse is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibfuse_project%3Alibfuse

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libeXosip2: add CPE variables
Fabrice Fontaine [Thu, 20 May 2021 19:15:34 +0000 (21:15 +0200)]
package/libeXosip2: add CPE variables

cpe:2.3:a:gnu:exosip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aexosip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/less: add LESS_CPE_ID_VENDOR
Fabrice Fontaine [Thu, 20 May 2021 19:06:08 +0000 (21:06 +0200)]
package/less: add LESS_CPE_ID_VENDOR

cpe:2.3:a:gnu:less is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aless

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/poco: add POCO_CPE_ID_VENDOR
Fabrice Fontaine [Thu, 20 May 2021 18:48:08 +0000 (20:48 +0200)]
package/poco: add POCO_CPE_ID_VENDOR

cpe:2.3:a:pocoproject:poco is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apocoproject%3Apoco

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gd: fix addition of -liconv in gdlib.pc.in
Fabrice Fontaine [Tue, 27 Apr 2021 18:53:47 +0000 (20:53 +0200)]
package/gd: fix addition of -liconv in gdlib.pc.in

Static build of gnuplot with gd and libiconv is broken since bump to
version 2.3.1 in commit 970b2ca3cc3f927f679c871eeadb22ec110b0ed5:

/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/lib/libgd.a(gdkanji.o): in function `do_convert':
gdkanji.c:(.text+0x148): undefined reference to `libiconv_open'
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: gdkanji.c:(.text+0x1d0): undefined reference to `libiconv'

This build failure is raised because LIBS has been replaced by
LIBS_PRIVATES in gdlib.pc.in since
https://github.com/libgd/libgd/commit/28ecfe77c817aff8ce56422d3e4e8533a281bc76

Fixes:
 - http://autobuild.buildroot.org/results/5ab5f4744adfd8d8be483204a9c7f59e34ce26c6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/dhcp: add host-gawk optional dependency
Heiko Thiery [Fri, 7 May 2021 09:43:05 +0000 (11:43 +0200)]
package/dhcp: add host-gawk optional dependency

On hosts where gawk is not available, it is not possible to build the
package with server option (BR2_PACKAGE_DHCP_SERVER).
The build goes through without errors but the binaries are not created
and installed. The reason is that autotools cannot find gawk.

Fixes: Bug 13781
Reported-by: Kay Jeschonneck <kay.jeschonneck@airbus.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/hostapd: fix build with CVE-2021-30004 changes
Sergey Matyukevich [Thu, 20 May 2021 05:48:53 +0000 (08:48 +0300)]
package/hostapd: fix build with CVE-2021-30004 changes

Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.

Fixes:
http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: slightly reformat the patches]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libraw: depends on BR2_TOOLCHAIN_HAS_SYNC_4
Fabrice Fontaine [Thu, 20 May 2021 06:47:29 +0000 (08:47 +0200)]
package/libraw: depends on BR2_TOOLCHAIN_HAS_SYNC_4

libraw needs __sync_fetch_and_add since version 0.20.0 and
https://github.com/LibRaw/LibRaw/commit/d1975cb0e055d2bfe58c9d845c9a3e57c346a2f9

This will fix the following build failure with imagemagick which is
raised since commit 2f47cfade4b298350d056f6d9a7525b837e2ba23:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/run/instance-0/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libraw_r.so: undefined reference to `__sync_fetch_and_add_4'

Fixes:
 - http://autobuild.buildroot.org/results/900df43bd418d2da0c3ec875db1c5564dd857e94

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/imx-gpu-viv: add dependency to BR2_INSTALL_LIBSTDCPP to examples
Heiko Thiery [Thu, 20 May 2021 06:54:29 +0000 (08:54 +0200)]
package/imx-gpu-viv: add dependency to BR2_INSTALL_LIBSTDCPP to examples

The examples require libstdc++.so.6 so add the required dependency to
the Config.in.

  ./tiger: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bullet: needs threads
Fabrice Fontaine [Thu, 20 May 2021 06:58:26 +0000 (08:58 +0200)]
package/bullet: needs threads

Build without threads fails because demo apps are not disabled since
commit 5f154799b6ed772a0c028072996e110fac131508

Fixes:
 - http://autobuild.buildroot.org/results/9db945ce0709f4116d2c1c7544322144b6e473bb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libgtk3: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 20:39:52 +0000 (22:39 +0200)]
package/libgtk3: add CPE variables

cpe:2.3:a:gnome:gtk is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agtk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libgtk2: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 20:38:59 +0000 (22:38 +0200)]
package/libgtk2: add CPE variables

cpe:2.3:a:gnome:gtk is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agtk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/flatcc: disable -Werror
Fabrice Fontaine [Wed, 19 May 2021 19:41:04 +0000 (21:41 +0200)]
package/flatcc: disable -Werror

Disable -Werror to fix the following build failure with gcc 11:

/data/buildroot-autobuilder/instance-0/output-1/build/host-flatcc-0.6.0/include/flatcc/reflection/flatbuffers_common_builder.h: In function 'flatbuffers_char_array_copy_from_pe':
/data/buildroot-autobuilder/instance-0/output-1/build/host-flatcc-0.6.0/include/flatcc/reflection/flatbuffers_common_builder.h:341:3: error: this 'for' clause does not guard... [-Werror=misleading-indentation]
  341 |   for (i = 0; i < n; ++i) N ## _copy_from_pe(&p[i], &p2[i]); return p; }\
      |   ^~~

An other option would have been to retrieve the following upstream
commit:
https://github.com/dvidelabs/flatcc/commit/f8c4140dd9dde61c86db751f6002def78754fced
but disabling -Werror is more future-proof

Fixes:
 - http://autobuild.buildroot.org/results/4d5cdddbfeefdeb943234b76eb08b04376f3c36d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/rpi: properly fix defconfigs after upstream rebased
Yann E. MORIN [Wed, 19 May 2021 20:35:09 +0000 (22:35 +0200)]
configs/rpi: properly fix defconfigs after upstream rebased

Commit 8c3f281626fb (configs/rpi: fix defconfigs after upstream rebased)
attempted to point the raspberrypi defconfigs to an existing commit in
the linux rpi repository.

However, in doing so, only a partial replacement was done: the version
string in the tarball filename was not replaced (missing 'g' to the sed
expression).

Fix that now.

Reported-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/supervisor: add SUPERVISOR_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 20:18:05 +0000 (22:18 +0200)]
package/supervisor: add SUPERVISOR_CPE_ID_VENDOR

cpe:2.3:a:supervisord:supervisor is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asupervisord%3Asupervisor

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/synergy: add SYNERGY_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 20:12:57 +0000 (22:12 +0200)]
package/synergy: add SYNERGY_CPE_ID_VENDOR

cpe:2.3:a:symless:synergy is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asymless%3Asynergy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/uclibc: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 19:58:30 +0000 (21:58 +0200)]
package/uclibc: add CPE variables

cpe:2.3:a:uclibc-ng_project:uclibc-ng is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Auclibc-ng_project%3Auclibc-ng

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-falcon: Bump to version 3.0.1
Grzegorz Blach [Tue, 18 May 2021 15:14:10 +0000 (17:14 +0200)]
package/python-falcon: Bump to version 3.0.1

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: clarify when a CVE/CPE should report as N/A
Matthew Weber [Wed, 19 May 2021 02:46:38 +0000 (21:46 -0500)]
support/scripts/pkg-stats: clarify when a CVE/CPE should report as N/A

- If a package doesn't have any versioning, ignore and state that
 - If a package is virtual, CVE=ignore and CPE state virtual
 - For any of these NA cases, don't provide search link and color box
   green

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: add is_actual_package() and rework has_valid_infra()
Matthew Weber [Wed, 19 May 2021 02:46:37 +0000 (21:46 -0500)]
support/scripts/pkg-stats: add is_actual_package() and rework has_valid_infra()

has_valid_infra() is incorrectly named; it probably should be named
is_actual_package(), and has_valid_infra() would be changed to
actually represent having an actual infra.

This resolves packages reporting as having no valid package infra and
cleans up reporting cases of CPE and CVEs where there isn't a valid version
or package definition outside Buildroot

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: verified CPE has a known id but not version
Matthew Weber [Wed, 19 May 2021 02:46:36 +0000 (21:46 -0500)]
support/scripts/pkg-stats: verified CPE has a known id but not version

Currently a verified CPE reports the following if versions are not found
 cpe:2.3:a:qemu:qemu:5.2.0:*:*:*:*:*:*:*
 CPE identifier unknown in CPE database (Search)

This patch clarifies the report to state the 'version' is unknown instead
of the 'identifier'.

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nbd: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 07:01:28 +0000 (09:01 +0200)]
package/nbd: add CPE variables

cpe:2.3:a:network_block_device_project:network_block_device is a valid
CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetwork_block_device_project%3Anetwork_block_device

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nasm: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 06:49:08 +0000 (08:49 +0200)]
package/nasm: add CPE variables

cpe:2.3:a:nasm:netwide_assembler is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anasm%3Anetwide_assembler

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/musl: add MUSL_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 06:40:44 +0000 (08:40 +0200)]
package/musl: add MUSL_CPE_ID_VENDOR

cpe:2.3:a:musl-libc:musl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amusl-libc%3Amusl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bird: add BIRD_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 06:00:54 +0000 (08:00 +0200)]
package/bird: add BIRD_CPE_ID_VENDOR

cpe:2.3:a:nic:bird is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anic%3Abird

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: remove pkg-stats data on clean
Yann E. MORIN [Tue, 18 May 2021 20:28:17 +0000 (22:28 +0200)]
Makefile: remove pkg-stats data on clean

Like commit 1f187371d002 for cpe-updates data, also remove pkg-stats
data on clean.

Unlike the rest, those are not nicely located in a directory of their
own, and have no variable name associated with them, so we just need
to repeat their names in the clean rule.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/environment-setup: Fix incorrect order of the `sed` expressions
Mircea GLIGA [Sun, 16 May 2021 14:19:49 +0000 (17:19 +0300)]
package/environment-setup: Fix incorrect order of the `sed` expressions

Order of the `sed` expressions is important; when this was commited
to master, the order of the expressions from the original patch [1] was
changed, rendering the second expression to noop.

This made all the environment variables from the script to contain
absolute paths: long absolute paths makes verbose builds difficult
to read/follow.
We can take advantage of the fact that the PATH is updated and we
don't have to use absolute paths.

Fixed by reordering the `sed` expresions:
* first update the path of the binaries: e.g. 's%$(HOST_DIR)/bin/%%g'
* only then update remaining paths: e.g. 's%$(HOST_DIR)%\$$SDK_PATH%g'

[1] https://patchwork.ozlabs.org/project/buildroot/patch/20201027140140.47982-1-matthew.weber@rockwellcollins.com/

Signed-off-by: Mircea GLIGA <mgliga@bitdefender.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/x11r7/xlib_libX11: security bump version to 1.7.1
Bernd Kuhls [Tue, 18 May 2021 15:26:00 +0000 (17:26 +0200)]
package/x11r7/xlib_libX11: security bump version to 1.7.1

Fixes CVE-2021-31535:
https://lists.x.org/archives/xorg-announce/2021-May/003088.html

Release notes:
https://lists.x.org/archives/xorg-announce/2021-May/003089.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/xterm: security bump version to 367
Bernd Kuhls [Tue, 18 May 2021 15:31:12 +0000 (17:31 +0200)]
package/xterm: security bump version to 367

Fixes CVE-2021-27135:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agosupport/testing: test_hardening disable PIC/PIE
Romain Naour [Thu, 13 May 2021 16:22:45 +0000 (18:22 +0200)]
support/testing: test_hardening disable PIC/PIE

Since [1], PIC/PIE is enabled by default but the TestRelroPartial
test expect implicitely PIC/PIE being disabled.

Disable PIC/PIE from the config fragment provided by
TestRelroPartial.

[1] 810ba387bec3c5b6904e8893fb4cb6f9d3717466

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661757

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agosupport/scripts/pkg-stats: fix flake8 E741 ambiguous variable name
Matthew Weber [Tue, 18 May 2021 18:21:53 +0000 (13:21 -0500)]
support/scripts/pkg-stats: fix flake8 E741 ambiguous variable name

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/rocksdb: bump to version 6.20.3
Fabrice Fontaine [Sat, 8 May 2021 09:54:08 +0000 (11:54 +0200)]
package/rocksdb: bump to version 6.20.3

- Refresh first patch
- Add BR2_PACKAGE_ROCKSDB_ARCH_SUPPORTS due to toku_time.h which has
  been added in version 6.16.3 by
  https://github.com/facebook/rocksdb/commit/98236fb10ecdbe6e7e8ef5cfb11e1f11dcb72f84
  and contains the following blob:

 #if defined(__x86_64__) || defined(__i386__)
  uint32_t lo, hi;
  __asm__ __volatile__("rdtsc" : "=a"(lo), "=d"(hi));
  return (uint64_t)hi << 32 | lo;
 #elif defined(__aarch64__)
  uint64_t result;
  __asm __volatile__("mrs %[rt], cntvct_el0" : [ rt ] "=r"(result));
  return result;
 #elif defined(__powerpc__)
  return __ppc_get_timebase();
 #else
 #error No timer implementation for this platform
 #endif

- Also drop second patch and disable build on powerpc as it seems that
  upstream is not really testing powerpc (patch not merged after more
  than one year + build failure with uclibc/musl only fixed on ppc64:
  https://github.com/facebook/rocksdb/commit/24b7ebee80ab282e073fd541d5b807d4a0bbbfab)

- Update hash of README.md (change not related to license:
  https://github.com/facebook/rocksdb/commit/f4ade82ad29790b1e0d99188e0b26e5b805c7243)

As a side effect, this will remove the autobuilder failures on arm,
powerpc and m68k

https://github.com/facebook/rocksdb/blob/v6.20.3/HISTORY.md

Fixes:
 - http://autobuild.buildroot.org/results/059ebe270e6e7c23e40060c4cf0112c4cd72b0e7
 - http://autobuild.buildroot.org/results/f007412f29ab2e03a6904e2f548e77654abde6de
 - http://autobuild.buildroot.org/results/83505f78fcb4d925779177411d830bea127b6800

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/libdrm: bump version to 2.4.106
Bernd Kuhls [Tue, 18 May 2021 04:46:26 +0000 (06:46 +0200)]
package/libdrm: bump version to 2.4.106

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/rpi: fix defconfigs after upstream rebased
Yann E. MORIN [Tue, 18 May 2021 14:50:03 +0000 (16:50 +0200)]
configs/rpi: fix defconfigs after upstream rebased

Branches in the Rappberry Pi linux repository are often rebased, which
means that commits that are not reachable from a reference (tag,branch)
will eventually get garbage-collected.

This is probably what hapenned with the commit we are curently
referencing in our defconfig files.

Swith to using the current HEAD of the rpi-5.10.y brnch, in lieue of the
previous one.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/testing: test_glxinfo load X11 modules in the right order
Romain Naour [Thu, 13 May 2021 14:11:49 +0000 (16:11 +0200)]
support/testing: test_glxinfo load X11 modules in the right order

From [1]
"Xorg does not implement real dynamic linking and requires that its
modules get loaded in the right order."

From /var/log/Xorg.0.0.log:
 (II) LoadModule: "modesetting"
 (II) Loading /usr/lib/xorg/modules/drivers/modesetting_drv.so
 (EE) Failed to load /usr/lib/xorg/modules/drivers/modesetting_drv.so: /usr/lib/xorg/modules/drivers/modesetting_drv.so: undefined symbol: shadowRemove

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661899

[1] https://forums.gentoo.org/viewtopic-p-8245578.html#8245578

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/testing: test_glxinfo: switch to Gallium swrast
Romain Naour [Thu, 13 May 2021 14:11:48 +0000 (16:11 +0200)]
support/testing: test_glxinfo: switch to Gallium swrast

Since the mesa3d bump to version 21.0.3 [1], the
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST option is not supported anymore
since the mesa DRI swrast driver has been removed upstream

So, switch to Gallium swrast.

[1]15a2f9b819806d38a7d8172a20f80130b1d60e63

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gerbera: fix build with -Os and gcc 9 or 10
Fabrice Fontaine [Thu, 13 May 2021 11:46:33 +0000 (13:46 +0200)]
package/gerbera: fix build with -Os and gcc 9 or 10

For an unknown reason, gerbera fails to build with -Os and gcc 9 or 10
since bump to version 1.8.0 in commit 8974596836945eada8e162844fb87f88adec9100:

[100%] Linking CXX executable gerbera
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-gnu/10.2.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: liblibgerbera.a(content_manager.cc.o): in function `ContentManager::_rescanDirectory(std::shared_ptr<AutoscanDirectory>&, int, std::shared_ptr<GenericTask> const&)':
content_manager.cc:(.text+0xb53b): undefined reference to `std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>::swap(std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>&)'
collect2: error: ld returned 1 exit status

A similar build failure has been reported as gcc bug 91067:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91067

But this bug has been fixed since gcc 9.3 and 10.1 and build failures
are raised with gcc 10.2

To fix this build failure, set optimisation to -O2 if needed

Fixes:
 - http://autobuild.buildroot.org/results/a4ee8ad7ff93939716673b611c7cc3f68dafa3d0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pipewire: fix build with uclibc-ng
Fabrice Fontaine [Tue, 4 May 2021 21:10:16 +0000 (23:10 +0200)]
package/pipewire: fix build with uclibc-ng

Build fails with uclibc-ng since bump to version 0.3.26 in commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9

Fixes:
 - http://autobuild.buildroot.org/results/a45f0ee009d90cef867dee4b1093225610fa10df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/cutelyst: fix linking with -latomic
Fabrice Fontaine [Mon, 17 May 2021 19:40:08 +0000 (21:40 +0200)]
package/cutelyst: fix linking with -latomic

Build is broken since commit 7333207eaf2900076185cba6641c6406d61c235e
because upstream overrides CMAKE_EXE_LINKER_FLAGS when building with
jemalloc:
https://github.com/cutelyst/cutelyst/commit/7d73eba273be365f15f1ffcb3d3ee7f1d44e10fb

Fixes:
 - http://autobuild.buildroot.org/results/ba9bccaae2cad487a66b6eb9851fc206c32d7c82

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libtirpc: bump version to 1.3.2
Petr Vorel [Mon, 17 May 2021 17:43:40 +0000 (19:43 +0200)]
package/libtirpc: bump version to 1.3.2

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoConfig.in.lgeacy: fix udisks lvm2 help
Fabrice Fontaine [Mon, 17 May 2021 21:18:57 +0000 (23:18 +0200)]
Config.in.lgeacy: fix udisks lvm2 help

Remove spurious "was removed"

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoConfig.in.legacy: update iostat title
Fabrice Fontaine [Mon, 17 May 2021 21:18:56 +0000 (23:18 +0200)]
Config.in.legacy: update iostat title

Specify that iostat 'package' has been removed to be consistent with
other entries

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: remove cpe-updates on clean
Yann E. MORIN [Sun, 16 May 2021 12:42:37 +0000 (14:42 +0200)]
Makefile: remove cpe-updates on clean

Commit fd7312940aef (Makefile: add new missing-cpe target) added the
rule to generate a set of files to update the NVD.

For an in-tree build, 'make clean' remove the output directory, so
those files are removed. But for an out-of-tree build, the output
directory is not removed, so those files still linger around after a
clean.

Explicitly remove them on clean, to cater for both cases.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: drop BR2_PACKAGE_LVM2_APP_LIBRARY
Fabrice Fontaine [Mon, 17 May 2021 17:06:09 +0000 (19:06 +0200)]
package/lvm2: drop BR2_PACKAGE_LVM2_APP_LIBRARY

The application library (liblvm2app) has been dropped since version
2.03.00 and
https://github.com/lvmteam/lvm2/commit/0d22b58172808f050abeacdb5d6a7b7132b91a8c

It should be noted that lvm2 support must be dropped from udisks until
a bump to at least version 2.7.0 and
https://github.com/storaged-project/udisks/commit/4c0709a893be49a0db5b2839e4766621e2c1bb98

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - slightly expand help text for legacy BR2_PACKAGE_UDISKS_LVM2
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/docker-engine: devicemapper driver does not need liblvm2app
Fabrice Fontaine [Mon, 17 May 2021 17:06:08 +0000 (19:06 +0200)]
package/docker-engine: devicemapper driver does not need liblvm2app

lvm2 app library is not needed to build devicemapper filesystem driver

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: tweak title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agolmbench: lat_rpc: fix stray pointer
Vineet Gupta [Mon, 10 May 2021 18:00:49 +0000 (11:00 -0700)]
lmbench: lat_rpc: fix stray pointer

| # ./lat_rpc -S localhost
| potentially unexpected fatal signal 11.
| Path: /lmbench/bin/arc64/lat_rpc
| CPU: 0 PID: 62 Comm: lat_rpc Not tainted 5.6.0-00224-g8e1b159f529e #39
| Invalid Read @ 0x00000001 by insn @ 0x2011f110
|   @off 0x6c110 in [/lib/libc-2.32.so]  VMA: 0x200b3000 to 0x201b8000
| ECR: 0x00050100 EFA: 0x00000001 ERET: 0x2011f110
| STAT32: 0x80081082 [IE U     ]   BTA: 0x2011b87c
|  SP: 0x5fffefe8  FP: 0x00000000 BLK: 0x20103242
| r00: 0x00000001 r01: 0x00000002 r02: 0x00000001
| r03: 0x20101eb0 r04: 0x00000001 r05: 0x00000001
| r06: 0x00000000 r07: 0x00000000 r08: 0x00000001
| r09: 0x2019d8b0 r10: 0x20039fc4 r11: 0x5ffff0f0
| r12: 0x2019d6d0 r13: 0x2019d748 r14: 0x5ffff588
| r15: 0x00000000 r16: 0x00000000 r17: 0x5ffff708
| r18: 0x20039fc0 r19: 0xffffffff r20: 0x201ba010
| r21: 0x00000000 r22: 0x00000000 r23: 0x20039fc0
| r24: 0x00000bd0 r25: 0x00000073
Segmentation fault

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agolmbench: memsize: increase delay for slow FPGAs
Vineet Gupta [Mon, 10 May 2021 18:00:47 +0000 (11:00 -0700)]
lmbench: memsize: increase delay for slow FPGAs

otherwise memsize bails out and erroneously reports 1 MB

NOK
----
| />/lmbench/bin/arc/memsize 16
|
| 1

OK
----
| />/lmbench/bin/arc/memsize 16
| 2MB OK3MB OK4MB OK5MB OK6MB OK7MB OK8MB OK9MB OK10MB OK11MB OK12MB OK13MB OK14MB OK15MB OK16MB OK
| 16

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mesa3d-headers: remove spurious empty line
Arnout Vandecappelle (Essensium/Mind) [Mon, 17 May 2021 19:18:58 +0000 (21:18 +0200)]
package/mesa3d-headers: remove spurious empty line

Detected by check-package

Fixes: 7fa481437e71484aa7064398e69aa63cdabb86b2
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/intel-microcode: security bump to version 20210216
Peter Korsgaard [Mon, 17 May 2021 17:38:30 +0000 (19:38 +0200)]
package/intel-microcode: security bump to version 20210216

Fixes the following security issues:

- CVE-2020-8696: Description: Improper removal of sensitive information
  before storage or transfer in some Intel(R) Processors may allow an
  authenticated user to potentially enable information disclosure via local
  access

- CVE-2020-8698: Description: Improper isolation of shared resources in some
  Intel(R) Processors may allow an authenticated user to potentially enable
  information disclosure via local access

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html

License file updated with the new year, so change hash accordingly.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/redis: security bump to v6.2.3
Titouan Christophe [Mon, 17 May 2021 13:05:39 +0000 (15:05 +0200)]
package/redis: security bump to v6.2.3

From the release notes:
================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================

Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.

Read more on https://github.com/redis/redis/blob/6.2.3/00-RELEASENOTES

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: drop BR2_PACKAGE_LVM2_LVMETAD
Fabrice Fontaine [Sun, 16 May 2021 20:27:22 +0000 (22:27 +0200)]
package/lvm2: drop BR2_PACKAGE_LVM2_LVMETAD

lvmetad has been dropped since version 2.03.00 and
https://github.com/lvmteam/lvm2/commit/117160b27e510dceb1ed6acf995115c040acd88d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tpm2-tss: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 17:11:01 +0000 (19:11 +0200)]
package/tpm2-tss: add CPE variables

cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atpm2_software_stack_project%3Atpm2_software_stack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/weston: add WESTON_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:10:34 +0000 (19:10 +0200)]
package/weston: add WESTON_CPE_ID_VENDOR

cpe:2.3:a:wayland:weston is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Aweston

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libuv: add LIBUV_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:10:04 +0000 (19:10 +0200)]
package/libuv: add LIBUV_CPE_ID_VENDOR

cpe:2.3:a:libuv:libuv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibuv%3Alibuv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libusb: add LIBUSB_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:09:40 +0000 (19:09 +0200)]
package/libusb: add LIBUSB_CPE_ID_VENDOR

cpe:2.3:a:libusb:libusb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibusb%3Alibusb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libsamplerate: add LIBSAMPLERATE_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:09:10 +0000 (19:09 +0200)]
package/libsamplerate: add LIBSAMPLERATE_CPE_ID_VENDOR

cpe:2.3:a:libsamplerate_project:libsamplerate is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsamplerate_project%3Alibsamplerate

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/librelp: add LIBRELP_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:08:42 +0000 (19:08 +0200)]
package/librelp: add LIBRELP_CPE_ID_VENDOR

cpe:2.3:a:rsyslog:librelp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arsyslog%3Alibrelp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/liboping: add LIBOPING_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:08:05 +0000 (19:08 +0200)]
package/liboping: add LIBOPING_CPE_ID_VENDOR

cpe:2.3:a:noping:liboping is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anoping%3Aliboping

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>