git.libre-soc.org Git - buildroot.git/log

linux: bump CIP kernel to version 4.19.88-cip16

This patch bumps Linux CIP version to 4.19.88-cip16.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/iozone: bump to version 3_488

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lrzip: needs C++

Fixes:
http://autobuild.buildroot.net/results/e40/e40653aa895bb47d20ad237c8a5ae3f6b76f3f67/

libzpaq is written in C++ (and unconditionally built), so depend on C++
support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard: bump version to 0.0.20191212

For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-December/004764.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkg-generic.mk: also apply extractor-pkg-dependency to <pkg>_EXTRA_DOWNLOADS

For now, the extractor dependencies were only calculated for
<pkg>_SOURCE, so if the package manually downloads another file using
<pkg>_EXTRA_DOWNLOADS and then extracts it with $(call
suitable-extractor), we are missing the corresponding dependency on
the appropriate extracting tool.

Since the vast majority of <pkg>_EXTRA_DOWNLOADS are compressed files
that will be uncompressed at build time, it makes sense to derive the
corresponding extractor dependencies directly in the common package
infrastructure, rather than having each and every package using
<pkg>_EXTRA_DOWNLOADS making this effort.

On a system without xzcat, before this patch:

$ make printvars VARS=HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES
HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES=host-tar

After this patch:

$ make printvars VARS=HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES
HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES=host-tar host-xz

This commit most notably fixes the build of host-gettext-tiny on
systems without xzcat, and with per-package support enabled. Indeed,
the main _SOURCE for gettext-tiny is a .gz file, but it has a .xz file
in its _EXTRA_DOWNLOADS, which is then extracted. Except that xzcat
being missing from the dependencies, it is not built.

Fixes:

http://autobuild.buildroot.net/results/83c6d47c06334bef27791a59bdd491b1de124c49/

Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pkg-generic.mk: use extractor-pkg-dependency macro

Instead of manually calculating the EXTRACT_DEPENDENCIES value based
on the archive extension, let's use the newly introduced
extractor-pkg-dependency macro.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pkg-utils.mk: rework implementation of extractor-system-dependency

Now that we have the EXTRACTOR_PKG_DEPENDENCY.* variables available,
we can use them to implement extractor-system-dependency: if for a
given archive type, the corresponding EXTRACTOR_PKG_DEPENDENCY.<type>
variable is empty, then it means we need the corresponding extractor
tool to be provided by the system.

Following this, EXTRACTOR_DEPENDENCY_PRECHECKED_EXTENSIONS is no
longer used, so we can drop it from support/dependencies/.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pkg-utils.mk: add extractor-pkg-dependency macro

To extract some archive types, if the extracting tool is not available
on the system where Buildroot runs on, we build it using a Buildroot
host package.

Such dependencies are currently explicitly handled by the
inner-generic-package macro, but in fact we also need to handle them
in all places where the "suitable-extractor" macro is invoked, and
some packages invoke it directly. Otherwise, such packages may be
missing a dependency to the appropriate host Buildroot package
building the extracting tool they need. An example is gettext-tiny,
whose source code is a gzip-compressed tarball, but in addition
manually extracts a xz-compressed tarball.

This extractor-pkg-dependency macro will be used in follow-up commits
to ensure all the packages that use suitable-extractor properly add
the correct dependencies.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

support/testing: add gitdb2 test

Add a simple test case that imports the module.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-gitdb2: new package

GitDB allows you to access bare git repositories for reading and
writing. It aims at allowing full access to loose objects as well as
packs with performance and scalability in mind. It operates
exclusively on streams, allowing to handle large objects with a small
memory footprint.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas: fix license]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: add smmap2 test

Add a simple test case that imports the module and instantiates a new
SlidingWindowMapManager class.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-smmap2: new package

Smmap wraps an interface around mmap and tracks the mapped files as
well as the amount of clients who use it. If the system runs out of
resources, or if a memory limit is reached, it will automatically
unload unused maps to allow continued operation.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pkg-utils.mk: rename extractor-dependency to extractor-system-dependency

The extractor-dependency macro returns which system-provided tools are
needed to be able to extract the archive passed as argument. The
result of this macro is added to DL_TOOLS_DEPENDENCIES so that the
logic in support/dependencies/ verifies that the necessary tools are
provided by the system.

However, we are going to add another macro, extractor-pkg-dependency,
which says which Buildroot packages are needed to extract the archive
passed as argument. Indeed, for those archive types, if the extractor
is not provided system-wide, we build it as a host Buildroot package.

To clarify the distinction between the upcoming
extractor-pkg-dependency and existing extractor-dependency, we rename
the latter to extractor-system-dependency.

We take this opportunity to extend the documentation of this macro.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/freescale-imx/firmware-imx: bump version to 8.1.1

This version is aligned with i.MX NXP BSP components version
rel_imx_4.14.98_2.0.0_ga

Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freescale-imx: update SITE to use NXP url

NXP BSPs has been using the nxp.com URL for a while:
http://git.yoctoproject.org/cgit/cgit.cgi/meta-freescale/commit/conf/layer.conf?id=d6abbbc1ce0882bdc82e03b1868eeba1a50a7bd3

It's unclear for how long the freescale.com redirect will be
maintained. This patch update the FREESCALE_IMX_SITE variable
to point directly to the NXP site.

Signed-off-by: Julien Olivain <juju@cotds.org>
Reviewed-by: Gary Bisson <bisson.gary@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/imx8mpico: bump BSP components to 4.14.98_2.0.0

Update Kernel, U-Boot and ATF to TechNexion BSP, based on NXP
4.14.98_2.0.0 release.

This patch also remove BR2_TARGET_UBOOT_FORMAT_IMX in defconfig which
is not needed for this platform.

Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/imx8mmpico: bump BSP components to 4.14.98_2.0.0

Update Kernel, U-Boot and ATF to TechNexion BSP, based on NXP
4.14.98_2.0.0 release.

This patch also remove BR2_TARGET_UBOOT_FORMAT_IMX in defconfig which
is not needed for this platform.

Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/solarus: disable tests

Set -DSOLARUS_TESTS=OFF to disable tests (option added in version 1.6.1
with:
https://gitlab.com/solarus-games/solarus/commit/1829189c6050e36086b12c3806932e8657265467)

Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/solarus: allow building with lua 5.1

Build with lua 5.1 has been fixed since version 1.6.1 and
https://gitlab.com/solarus-games/solarus/commit/611f81a90d42692e986c78c67090541ffd1c5973

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: keep a select BR2_PACKAGE_LUAJIT, but make it "if
!BR2_PACKAGE_LUA_5_1"]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/solarus: bump to version 1.6.2

Switch to gitlab to retrieve latest version

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apitrace: needs wchar

apitrace uses its own version of gtest which depends on wchar since
version 8.0 and
https://github.com/apitrace/apitrace/commit/85cf7c8b86129699246574dfeec846e88a3f88a2

Moreover, apitrace also uses wcslen in trace_writer.cpp since at least
version 8.0 and
https://github.com/apitrace/apitrace/commit/5e9a2b11b248aaa2f6f353bbcf9f600d65bcaf51

Fixes:
- http://autobuild.buildroot.org/results/5f27556ccc9daec578fe1bf2ed516ca9921ed474

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apitrace: needs host-python3

apitrace needs host-python3 since version 9.0 and
https://github.com/apitrace/apitrace/commit/0b8b019952f2668a5e8786cc2d331062b958f02e

Fixes:
- http://autobuild.buildroot.org/results/5f27556ccc9daec578fe1bf2ed516ca9921ed474

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-validators: bump version to 0.14.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jo: bump version to 1.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pipewire: new package

PipeWire is a server and user space API to deal with multimedia
pipelines.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas:
- further bump to 0.2.7
- select BR2_PACKAGE_DBUS instead of depending on it]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jimtcl: bump to version 0.79

- Switch site from debian to github official mirror
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-bluezero: Bump to version 0.3.0

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgit2: security bump to version 0.28.4

Fixes the following CVE:

- CVE-2019-1351: Windows provides the ability to substitute
  drive letters with arbitrary letters, including multi-byte
  Unicode letters. To fix any potential issues arising from
  interpreting such paths as relative paths, we have extended
  detection of DOS drive prefixes to accomodate for such cases.

- CVE-2019-1352: by using NTFS-style alternative file streams for
  the ".git" directory, it is possible to overwrite parts of the
  repository. While this has been fixed in the past for Windows,
  the same vulnerability may also exist on other systems that
  write to NTFS filesystems. We now reject any paths starting
  with ".git:" on all systems.

- CVE-2019-1353: by using NTFS-style 8.3 short names, it was
  possible to write to the ".git" directory and thus overwrite
  parts of the repository, leading to possible remote code
  execution. While this problem was already fixed in the past for
  Windows, other systems accessing NTFS filesystems are
  vulnerable to this issue too. We now enable NTFS protecions by
  default on all systems to fix this attack vector.

- CVE-2019-1354: on Windows, backslashes are not a valid part of
  a filename but are instead interpreted as directory separators.
  As other platforms allowed to use such paths, it was possible
  to write such invalid entries into a Git repository and was
  thus an attack vector to write into the ".git" dierctory. We
  now reject any entries starting with ".git" on all systems.

libgit2 is not affected by these git CVE:

- CVE-2019-1348: the fast-import stream command "feature
  export-marks=path" allows writing to arbitrary file paths.

- CVE-2019-1349: by using NTFS 8.3 short names, backslashes or
  alternate filesystreams, it is possible to cause submodules to
  be written into pre-existing directories during a recursive
  clone using git.

- CVE-2019-1350: recursive clones may lead to arbitrary remote
  code executing due to improper quoting of command line
  arguments.

- CVE-2019-1387: it is possible to let a submodule's git
  directory point into a sibling's submodule directory, which may
  result in overwriting parts of the Git repository and thus lead
  to arbitrary command execution. As libgit2 doesn't provide any
  way to do submodule clones natively, it is not susceptible to
  this vulnerability. Users of libgit2 that have implemented
  recursive submodule clones manually are encouraged to review
  their implementation for this vulnerability.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/beaglebone: kernel builds needs host-openssl

Fixes:

514 scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
515 #include <openssl/bio.h>

Seen at:

https://gitlab.com/buildroot.org/buildroot/-/jobs/378314247

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnice: add optional dependency to openssl

Support for OpenSSL was added in version 0.1.15:
https://lists.freedesktop.org/archives/nice/2018-December/001443.html

With the option of using OpenSSL as a crypto provider, we can't keep
GnuTLS as the default, because using:

select BR2_PACKAGE_GNUTLS if !BR2_PACKAGE_OPENSSL

causes a Kconfig circular dependency:

package/openssl/Config.in:4:error: recursive dependency detected!
package/openssl/Config.in:4: symbol BR2_PACKAGE_OPENSSL is selected by BR2_PACKAGE_GNUTLS
package/gnutls/Config.in:1: symbol BR2_PACKAGE_GNUTLS is selected by BR2_PACKAGE_OPENSSL

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: pass --with-crypto-library argument]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnice: bump version to 0.1.16

Release notes:
https://lists.freedesktop.org/archives/nice/2018-December/001443.html
https://lists.freedesktop.org/archives/nice/2019-May/001444.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/harfbuzz: bump version to 2.6.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- drop patch 0001-pool-Fix-alignment-assertion.patch, which is in
upstream commit aade9b70aabd8a97dd8a28cda2cf4d0694dd7350, available
since version 2.6.0
- further bump to 2.6.4]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/coreutils: bump version to 8.31

Added license hash.
Added patch to fix build error with uclibc.

Release notes:
https://lists.gnu.org/archive/html/coreutils/2019-03/msg00042.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/licheepi_zero: U-Boot needs pylibfdt

Like all Allwinner platforms, building the licheepi_zero U-Boot
configuration requires pylibfdt.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/378314331

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

board/pc/post-build.sh: fix typo in grub boot.img path

Commit 3468ef16fa55610bae3bacefaf816231a20cfab0
("configs/pc_x86_64_efi: use genimage GPT partition table support")
had a small typo on the path to grub boot.img file: i387-pc instead of
i386-pc, which causes a build failure.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/378314412

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre PAYEN <alexandre.payen@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/xdg-dbus-proxy: add patch to support building with musl

Import "0001-Fix-musl-compilation-by-adding-TEMP_FAILURE_RETRY.patch"
from the upstream repository, which allows building against the musl
libc (or any other which does not define the TEMP_FAILURE_RETRY macro).
The patch has been accepted upstream, but no releases have been made yet
which include the fix.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wpewebkit: add option to enable sandboxing support

Add an option to enable WebKit's sandbox, which uses kernel
namespaces to isolate the processes used for Web content rendering
(WebKitWebProcess) and network/disk access (WebKitNetworkProcess).

The reason to have an option is that it needs additional dependencies
(bubblewrap, xdg-dbus-proxy, libseccomp), and that some users may
choose to deploy alternative solution (for example: putting all
of WebKit inside its own container, using systemd-nspawn or the
like).

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Peter: select libseccomp]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/webkitgtk: select libseccomp when sandbox is enabled

Select BR2_PACKAGE_LIBSECCOMP when the sandboxing support is enabled
during configuration.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-tools: bump to version 4.1

- Drop patch (already in version)
- Update hash of license file (copyrights retained since version 4.0 and
https://github.com/tpm2-software/tpm2-tools/commit/e4b469724eaa6eff0a1ce3bce9fd2ab9e010cd3b)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: disable man pages build]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-abrmd: bump to version 2.3.0

Drop dbus dependency as it is not needed since version 2.2.0 and
https://github.com/tpm2-software/tpm2-abrmd/commit/c1d42c9ebefbfe36255603aca065944836c14610

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openal: switch to github mirror

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tpm2-totp: explicitly disable optional configure flags

Explicitly disable doxygen, plymouth, initramfstools and mkinitcpio support
as it is not needed / available in Buildroot.

Also use the new --disable-defaultflags option to ensure our compiler flags
are used rather than trying to disable -fstackprotector-all, similar to how
it is done in tpm2-tss.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-totp: bump to version 0.2.0

Add patch to fix build failure with musl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-tss: bump to version 2.3.2

- Drop patch (already in version)
- Update hash of license file (SPDX ID has been removed with
https://github.com/tpm2-software/tpm2-tss/commit/0dbc84ee45d0e4cd7eae528f53968f8877455aab)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libkrb5: needs host-pkgconf for libedit

host-pkgconf is needed to find libedit

Fixes:
- http://autobuild.buildroot.org/results/45eee300788f46975d292b21eead97f9e9a8b5d8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libscrypt: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnfc: add sub-options to enable individual drivers

Until now, the arygon and pn53x_usb were unconditionally enabled, and
there were no options to choose other drivers. Therefore, we had
sub-options for each individual driver, keeping arygon and pn53x_usb
enabled by default to preserve backward compatibility.

Also, due to this, the BR2_TOOLCHAIN_HAS_THREADS dependency on the
libnfc package is no longer needed, and is only needed for some of the
sub-options.

Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
[Thomas:
- drop the default ""
- remove the top-level HAS_THREADS dependency, and move it down to
the sub-options that need it
- improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiozipkin: new package

Distributed tracing instrumentation for asyncio application
with zipkin.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiosignal: new package

aiosignal: a list of registered asynchronous callbacks.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-frozenlist: new package

A list-like structure which implements
collections.abc.MutableSequence.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-janus: new package

Mixed sync-async queue to interoperate between asyncio
tasks and classic threads.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-async-lru: new package

Simple lru_cache for asyncio.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiohttp-mako: new package

mako template renderer for aiohttp.web (http server for
asyncio).

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiohttp-debugtoolbar: new package

debugtoolbar for aiohttp.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-sockjs: new package

SockJS server implementation for aiohttp.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/glibc: bump version for post-2.30 security fixes

Fixes the following security vulnerability:

- CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
  environment variable during program execution after a security
  transition, allowing local attackers to restrict the possible mapping
  addresses for loaded libraries and thus bypass ASLR for a setuid
  program.  Reported by Marcin Kościelnicki.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-subprocess32: add PYTHON_SUBPROCESS32_CONFIGURE_CMDS

Since commit 1745fcde740057951dcc5429f3bfabd103b764a1,
python-subprocess32 fails to build because it runs configure with
incorrect arguments so add a PYTHON_SUBPROCESS32_CONFIGURE_CMDS

Fixes:
- http://autobuild.buildroot.org/results/dcf944129392ee6cacc106e096d8d3adfa4447bb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/webrtc-audio-processing: needs host-pkgconf

configure fails if the pkgconfig.m4 macros are not available during
this package autoreconf:

./configure: line 11829: syntax error near unexpected token `GNUSTL,'
./configure: line 11829: ` PKG_CHECK_MODULES(GNUSTL, gnustl)'

Fixes:
- http://autobuild.buildroot.org/results/9cbdfb76ea38864fce1acca88714c48c41c77255

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ljsyscall: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ljsyscall: fix build with aarch64

luajit supports aarch64 since commit
2ca0accc21a090874ac6e97670b47153a1f0a0b5

However this raise a build failure with ljsyscall because aarch64
directory does not exist so use arm64 instead

Fixes:
- http://autobuild.buildroot.org/results/3a0bd14349b3cab3e09d0b8b24ddab66dfab91ff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/memtool: bump to version 2018.03.0

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dialog: bump version to 1.3-20191210

Fixes a number of regressions in 1.3-20190808:

- Menu shadows are not longer (erroneously) drawn with --no-shadow
- Spaces in menu fields are now correctly handled on uClibc-ng

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cups-filters: bump to version 1.26.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cups: security bump to version 2.3.1

Fix CVE-2019-2228: The ippSetValuetag function did not validate the
default language value.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/polkit: needs C++11

polkit depends on spidermonkey since bump to version 0.116 in commit
ce2a5eff7890815afeb26105c7760b6f8d2986e0 however build fails with gcc 5:

/home/naourr/work/instance-0/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support for the \
  ^
polkitbackendjsauthority.cpp:223:13: warning: G_ADD_PRIVATE
                                                  PolkitBackendJsAuthorityPrivate);
             ^
In file included from /home/naourr/work/instance-0/output-1/host/bin/../mips64el-buildroot-linux-gnu/sysroot/usr/include/mozjs-60/js/RequiredDefines.h:32:0,
                 from <command-line>:0:
/home/naourr/work/instance-0/output-1/host/bin/../mips64el-buildroot-linux-gnu/sysroot/usr/include/mozjs-60/mozilla/Char16.h:136:15: error: 'char16_t' does not name a type
typedef const char16_t* char16ptr_t;
               ^

Fixes:
- http://autobuild.buildroot.org/results/a7ea21a8e10f32239ee28f58331899912f232ca2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libp11: add host-pkgconf dependency for host variant

host-pkgconf is needed to find host-openssl

Fixes:
- http://autobuild.buildroot.org/results/05adf424050cb56f74ae4106b3c9b61f8daff7d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gpsd: remove bogus select of BR2_PACKAGE_GPSD_NTP_SHM

In commit 57f85e52a7b29363e76735930bc1bb51a38718ac ("package/gpsd:
unconditionally enable NTP time hinting support"), the option
BR2_PACKAGE_GPSD_NTP_SHM was removed, because NTP time hinting support
is now enabled unconditionally.

However, in one place, a select of this option was kept, which is
obviously no longer needed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openpowerlink: drop bogus select

There is no option BR2_PACKAGE_OPENPOWERLINK_PCAP_DAEMON, and we never
had any option named like this, so it seems like a leftover from
previous iterations of the openpowerlink patch series. Since the
option does not exist, the select doesn't do anything, and we can
simply drop it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/easy-rsa: select the appropriate option for openssl binary

Since openssl was converted to a virtual package,
BR2_PACKAGE_OPENSSL_BIN no longer exists: it was renamed to
BR2_PACKAGE_LIBOPENSSL_BIN, but easy-rsa was not changed accordingly.

easy-rsa needs to take into account the two providers of openssl, and
select the appropriate suboptions depending on which openssl
implementation was chosen.

Ideally, we would probably need a more elaborate option that ensures
easy-rsa doesn't have to know the details of which openssl
implementation is selected, but practically speaking with just two
providers of openssl at the moment, the proposed solution is good
enough.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/syslog-ng: remove bogus select

The eventlog package was removed as part of commit
5e0b1f9c2386e9184256b10ca19a6a7e4f4865cc ("package/eventlog: remove
package"). It used to be a separate package, but it is now part of
syslog-ng itself, which is why the eventlog package was removed.

But commit 5e0b1f9c2386e9184256b10ca19a6a7e4f4865cc forgot to drop the
select BR2_PACKAGE_EVENTLOG, so let's fix this.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gstreamer1/gst1-plugins-bad: drop bogus select

BR2_PACKAGE_WEBRTC does not exist, and we already select
BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING, which is the package really
needed by the webrtcdsp plugin.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pylibftdi: Fix LICENSE hash after 0.18.1 bump

Commit dd90d40b5226 (package/python-pylibftdi: bump version to 0.18.1)
bumped the version of the package but failed to take into account the change
of copyright year in the license file:

-Copyright (c) 2010-2018 Ben Bass
+Copyright (c) 2010-2019 Ben Bass

Adjust the license file to match the new content.

Signed-off-by: Christian Kellermann <christian.kellermann@solectrix.de>
[Peter: extend commit message, add SOB]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pyasn-modules: select correct option

BR2_PACKAGE_PYASN does not exist, it is BR2_PACKAGE_PYTHON_PYASN that
should be selected.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/efl: drop invalid select BR2_PACKAGE_XLIB_LIBXP

The option BR2_PACKAGE_XLIB_LIBXP does not exist, but is select by
efl/Config.in since the package was introduced. Since all xlib_*
dependency in the .mk file each have a corresponding select in the
Config.in file, we simply drop this bogus dependency.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/webkitgtk: add option to enable sandboxing support

Add an option to enable WebKit's sandbox, which uses kernel
namespaces to isolate the processes used for Web content rendering
(WebKitWebProcess) and network/disk access (WebKitNetworkProcess).

The reason to have an option is that it needs additional dependencies
(bubblewrap, xdg-dbus-proxy, libseccomp), and that some users may
choose to deploy alternative solutions (for example: putting all
of WebKit inside its own container, using systemd-nspawn or the
like).

Patch "0002-GTK-WPE-Do-not-run-the-Bubblewrap-executable-when-co.patch"
is imported from upstream, as it is needed to avoid trying to run
the "bwrap" command from the target during cross-compilation.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pango: add dependency on libfribidi

Since commit 5cce413eb11ac75f5c48ed351896c5d1c33961d5 ("package/pango:
bump to version 1.44.6"), pango needs libfribidi. Through the Meson
subprojects mechanism, it tries to download it by itself if not
available. But in Buildroot, we definitely want to use the separate
libfribidi package, so let's add it as a dependency of pango.

Fixes:
http://autobuild.buildroot.net/results/f16fda910da23dfe5f8ac1cb51f9dbcec444b516

subprocess.CalledProcessError: Command '['git', 'clone', 'https://github.com/fribidi/fribidi.git', 'fribidi']' returned non-zero exit status 128.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libfribidi: enable host build

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libqmi: bump to version 1.24.2

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xdg-dbus-proxy: new package

xdg-dbus-proxy is a filtering proxy for D-Bus connections, which can
be used to limit access to a set of services. Typically it is used in
combination with containers to provide them with access to certain
services running outside the container.

https://github.com/flatpak/xdg-dbus-proxy

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Peter: license is LGPL-2.1+]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/imx7d-sdb: bump U-Boot and kernel versions

Bump kernel to 5.4.1 version and U-Boot to 2019.10.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sdl_mixer: prefer tremor over libvorbis

When Tremor is enabled, configure SDL_mixer to use this Vorbis decoding
library instead of libvorbis. Since Tremor does fixed-point math, it is
safe to assume that if it's enabled then it is faster than libvorbis on
the target architecture.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-multidict: bump to version 4.7.1

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/modem-manager: bump to version 1.12.2

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "support/download/git: rename local refs to avoid confusing Git warning"

This reverts commit 6f35d967564863ab150eabf32ca462889bf1e049.

Repeat after me: on the master branch you will not work. On the master
branch you will not work.

This definitely shouldn't have been pushed. Sorry about that.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/boot-wrapper-aarch64: add gicv3 support

This patch adds support for GICv3 (such as GIC-500).

Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/boot-wrapper-aarch64: improve dtb handling

This patch improves the DTB handling, using a parameter
in more recent versions of the bootwrapper.

Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/boot-wrapper-aarch64: bump version

This patch bumps the bootwrapper version to the latest.

Signed-off-by: Jan Kotas <jank@cadence.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/download/git: rename local refs to avoid confusing Git warning

Running "git fetch origin ${cset}:${cset}" to create a local ref
${cset} from the remote ref ${cset} causes Git to issue a warning like
the below, when the version is a full commit hash:

===

warning: refname '49eb4ecb1ef9879ebc6789a1bdb536ab2b1d9871' is ambiguous.
Git normally never creates a ref that ends with 40 hex characters
because it will be ignored when you just specify 40-hex. These refs
may be created by mistake. For example,

git switch -c $br $(git rev-parse ...)

where "$br" is somehow empty and a 40-hex ref is created. Please
examine these refs and maybe delete them. Turn this message off by
running "git config advice.objectNameWarning false"

===

This warning is very confusing for users, and is caused by the fact
that Git doesn't like our local ref name to look like a commit hash.

So, this commit proposes to fix the issue by having the local ref
named buildroot-${cset}, i.e
buildroot-${version-specified-by-the-package}.

The generated tarballs are exactly identical, nothing changes, it is
really just internally the local ref we are using to checkout the
correct version that is different. And it avoids the confusing
warning.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dante: add optional libminiupnpc dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dante: remove --without-pam

--without-pam was wrongly put back when next was merged into master for
2019.02 in commit 13c43455a05b (Merge branch 'next')

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mention next merge]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pylibftdi: bump version to 0.18.1

Signed-off-by: Christian Kellermann <christian.kellermann@solectrix.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-aiologstash: new package

asyncio-compatible logstash logging handler.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-logstash: new package

Python logging handler for Logstash.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libuio: add missing dependency on host-pkgconf

configure fails if the pkgconfig.m4 macros are not available during
this package autoreconf:

./configure: line 12003: syntax error near unexpected token `PKGCONF,'
./configure: line 12003: ` PKG_CHECK_MODULES(PKGCONF, glib-2.0)

Fixes:

http://autobuild.buildroot.net/results/9be944e35090bf270fbc9572423466be9af7b1f2/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkg-generic.mk, support/scripts/fix-rpath: fix per-package regexp

Commit c4e6d5c8be6ada8e7c60950e3b499c55d48761cb ("core: implement
per-package SDK and target") had a mistake on the regexp that is used
to match $(PER_PACKAGE_DIR)/<something>/, and due to this, the regexp
was never matched.

The + sign in [^/]+ which was suggested by Yann E. Morin during the
review of the per-package patch series (instead of [^/]*) needs to be
escaped to be taken into account correctly. Without this, the regexp
doesn't match, and the replacement is not done, causing:

(1) For the libtool fixup in pkg-generic.mk, the lack of replacement
     causes libtool .la files to not be tweaked as expected, which it
     turn causes build failures reported by the autobuilder.

(2) For the fix-rpath, the RPATH of host binaries in the SDK were not
     correct.

Interestingly, we have the same regexp in
support/scripts/check-host-rpath, but here the + sign does not need to
be escaped.

Fixes:

  http://autobuild.buildroot.net/results/d4d996f3923699e266afd40cc7180de0f7257d99/ (libsvg-cairo)
  http://autobuild.buildroot.net/results/56330f86872f67a2ce328e09b4c7b12aa835a432/ (bind)
  http://autobuild.buildroot.net/results/9e0fc42d2c9f856b92954b08019b83ce668ef289/ (ibrcommon)
  and probably a number of other similar issues

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libostree: bump to version 2019.6

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/git: security bump to version 2.24.1

Fixes the following security vulnerabilities:

* CVE-2019-1348:
   The --export-marks option of git fast-import is exposed also via
   the in-stream command feature export-marks=... and it allows
   overwriting arbitrary paths.

* CVE-2019-1349:
   When submodules are cloned recursively, under certain circumstances
   Git could be fooled into using the same Git directory twice. We now
   require the directory to be empty.

* CVE-2019-1350:
   Incorrect quoting of command-line arguments allowed remote code
   execution during a recursive clone in conjunction with SSH URLs.

* CVE-2019-1351:
   While the only permitted drive letters for physical drives on
   Windows are letters of the US-English alphabet, this restriction
   does not apply to virtual drives assigned via subst <letter>:
   <path>. Git mistook such paths for relative paths, allowing writing
   outside of the worktree while cloning.

* CVE-2019-1352:
   Git was unaware of NTFS Alternate Data Streams, allowing files
   inside the .git/ directory to be overwritten during a clone.

* CVE-2019-1353:
   When running Git in the Windows Subsystem for Linux (also known as
   "WSL") while accessing a working directory on a regular Windows
   drive, none of the NTFS protections were active.

* CVE-2019-1354:
   Filenames on Linux/Unix can contain backslashes. On Windows,
   backslashes are directory separators. Git did not use to refuse to
   write out tracked files with such filenames.

* CVE-2019-1387:
   Recursive clones are currently affected by a vulnerability that is
   caused by too-lax validation of submodule names, allowing very
   targeted attacks via remote code execution in recursive clones.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

SDL_mixer: Add support for libmodplug

Add support for playing back tracker modules using libmodplug.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sunxi-mali-mainline-driver: bump version

For A64 frequency stability.

git shortlog --invert-grep --grep=travis --no-merges
a5e38ca3f05f0f74fdd5e85a711c964383ad23df..
Vasily Khoruzhick (1):
Set GPU clock to 432MHz on A64

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-tqdm: bump to version 4.40.1

Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>