buildroot.git
4 years agopackage/gdk-pixbuf: add GDK_PIXBUF_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 22:32:31 +0000 (23:32 +0100)]
package/gdk-pixbuf: add GDK_PIXBUF_CPE_ID_VENDOR

cpe:2.3:a:gnome:gdk-pixbuf is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agdk-pixbuf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/wavpack: set WAVPACK_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 22:28:08 +0000 (23:28 +0100)]
package/wavpack: set WAVPACK_CPE_ID_VENDOR

cpe:2.3:a:wavpack:wavpack is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awavpack%3Awavpack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/jhead: set JHEAD_CPE_ID_VALID
Fabrice Fontaine [Mon, 11 Jan 2021 22:25:33 +0000 (23:25 +0100)]
package/jhead: set JHEAD_CPE_ID_VALID

cpe:2.3:a:jhead_project:jhead is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajhead_project%3Ajhead

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/erofs-utils: bump version to 1.2.1
Gao Xiang [Tue, 12 Jan 2021 04:31:21 +0000 (12:31 +0800)]
package/erofs-utils: bump version to 1.2.1

- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
    0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
    0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
    0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.

Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/qemu_s390x_defconfig: bump kernel version to 5.10.7
Alexander Egorenkov [Wed, 13 Jan 2021 08:51:56 +0000 (09:51 +0100)]
configs/qemu_s390x_defconfig: bump kernel version to 5.10.7

Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/freescale-imx/firmware-imx: fix the VPU firmware location
Fabio Estevam [Wed, 13 Jan 2021 22:30:39 +0000 (19:30 -0300)]
package/freescale-imx/firmware-imx: fix the VPU firmware location

The mainline kernel searches the coda VPU firmware inside the following
locations [1]:

/lib/firmware/
/lib/firmware/vpu/

Currently Buildroot installs the coda firmware into /lib/firmware/imx/vpu,
which is not a valid location.

Fix it by installing the coda firmwares into /lib/firmware/vpu/ which
is a valid path for both mainline and NXP vendor kernels. Also create a
symlink to /lib/firmware/ so that mainline kernels do not need to wait
more than 60 seconds to search again inside /lib/firmware/vpu/.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8af7779f3cbc1f6720d15f00abc797493710d1ab

Reported-by: Romain Naour <romain.naour@gmail.com>
Suggested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/bluez-alsa: bump to version 3.0.0
Jörg Krause [Tue, 12 Jan 2021 22:28:07 +0000 (23:28 +0100)]
package/bluez-alsa: bump to version 3.0.0

Drop upstream patch which is included in the new version.

Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gmp: bump version to 6.2.1
Bernd Kuhls [Tue, 12 Jan 2021 21:01:04 +0000 (22:01 +0100)]
package/gmp: bump version to 6.2.1

Release notes: https://gmplib.org/gmp6.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/upmpdcli: bump to version 1.5.8
Jörg Krause [Tue, 12 Jan 2021 20:10:17 +0000 (21:10 +0100)]
package/upmpdcli: bump to version 1.5.8

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libupnpp: bump to version 0.20.2
Jörg Krause [Tue, 12 Jan 2021 20:09:31 +0000 (21:09 +0100)]
package/libupnpp: bump to version 0.20.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/openldap: add OPENLDAP_CPE_ID_VENDOR
Fabrice Fontaine [Tue, 12 Jan 2021 18:04:48 +0000 (19:04 +0100)]
package/openldap: add OPENLDAP_CPE_ID_VENDOR

cpe:2.3:a:openldap:openldap is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenldap%3Aopenldap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/kontron_smarc_sal28: integrate RCW into rootfs image
Michael Walle [Tue, 12 Jan 2021 10:51:54 +0000 (11:51 +0100)]
configs/kontron_smarc_sal28: integrate RCW into rootfs image

Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/rcw-smarc-sal28: new package
Michael Walle [Tue, 12 Jan 2021 10:51:53 +0000 (11:51 +0100)]
package/rcw-smarc-sal28: new package

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/kontron_smarc_sal28: enable u-boot
Michael Walle [Wed, 13 Jan 2021 19:09:48 +0000 (20:09 +0100)]
configs/kontron_smarc_sal28: enable u-boot

Enable building of the bootloader and integrate it into the resulting
image.

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 20.3.3
Bernd Kuhls [Thu, 14 Jan 2021 20:59:42 +0000 (21:59 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 20.3.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/wolfssl: security bump to version 4.6.0
Fabrice Fontaine [Thu, 14 Jan 2021 19:48:32 +0000 (20:48 +0100)]
package/wolfssl: security bump to version 4.6.0

- Fix CVE-2020-36177: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL
  before 4.6.0 has an out-of-bounds write for certain relationships
  between key size and digest size.
- Drop patch (already in version)

https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gkrellm: fix client build
Fabrice Fontaine [Thu, 14 Jan 2021 19:35:44 +0000 (20:35 +0100)]
package/gkrellm: fix client build

Set X11_LIBS to avoid the following build failure:

/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-linux-gnu-gcc main.o alerts.o battery.o base64.o clock.o cpu.o disk.o fs.o hostname.o inet.o mail.o mem.o net.o proc.o sensors.o uptime.o chart.o panel.o config.o gui.o krell.o plugins.o pixops.o client.o utils.o sysdeps-unix.o deprecated.o log.o winops-x11.o  -o gkrellm \
 -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lharfbuzz -lfontconfig -lfreetype -Wl,--export-dynamic -lgmodule-2.0 -lglib-2.0 -lgthread-2.0 -pthread -lglib-2.0   -L/usr/X11R6/lib -lX11 -lSM -lICE  -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lssl -lcrypto    -lm -Wl,-E
aarch64-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/X11R6/lib'

Fixes:
 - http://autobuild.buildroot.org/results/fff9a48efe3818f67a8f4b0fe3a3a605e4985b3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gkrellm: fix build with NLS
Fabrice Fontaine [Thu, 14 Jan 2021 19:35:43 +0000 (20:35 +0100)]
package/gkrellm: fix build with NLS

Fixes:
 - http://autobuild.buildroot.org/results/98d0eda546b09e60eebbd3c3a28493f09dff7e62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/boost: bump version to 1.75.0
Michael Nosthoff [Thu, 14 Jan 2021 18:07:52 +0000 (19:07 +0100)]
package/boost: bump version to 1.75.0

* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/rhash: fix build with uclinux
Fabrice Fontaine [Thu, 14 Jan 2021 07:48:03 +0000 (08:48 +0100)]
package/rhash: fix build with uclinux

Fixes:
 - http://autobuild.buildroot.org/results/598ca65cf0c7ecf9ceaecb75868b656570ae00d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/usbutils: needs gcc >= 4.9
Fabrice Fontaine [Thu, 14 Jan 2021 06:56:08 +0000 (07:56 +0100)]
package/usbutils: needs gcc >= 4.9

Commit 8a26801c9fad1c7749200e22e9dfdeaeeb65f76e forgot to propagate the
gcc dependency from libusb to usbutils

Fixes:
 - http://autobuild.buildroot.org/results/ed8706a1ead398b5097b046524e710b1d3d0bb1e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/at: bump to version 3.2.1
Fabrice Fontaine [Thu, 14 Jan 2021 17:37:20 +0000 (18:37 +0100)]
package/at: bump to version 3.2.1

There is only one commit between version 3.2.1 and current commit
7c74fa1aece6bc6db351763dc012193d5d634b7e which updates the release file:

https://salsa.debian.org/debian/at/-/commit/6a9efb7dd2bd6a5e5249d9f29938acc639618e9c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopkg-generic: host variant use git submodules if target variant does
Yann E. MORIN [Wed, 13 Jan 2021 22:10:14 +0000 (23:10 +0100)]
pkg-generic: host variant use git submodules if target variant does

When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.

This happens in exactly one package in our tree: c-capnproto.

This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.

Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.

Fixes:
    http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/minicom: use official tarball
Fabrice Fontaine [Wed, 6 Jan 2021 17:17:53 +0000 (18:17 +0100)]
package/minicom: use official tarball

Use official tarball (this will also have the nice side-effect of making
MINICOM_VERSION compatible with release-monitoring.org)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/shairport-sync: bump to version 3.3.7
Jörg Krause [Tue, 12 Jan 2021 21:58:31 +0000 (22:58 +0100)]
package/shairport-sync: bump to version 3.3.7

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ncmpc: bump to version 0.42
Jörg Krause [Tue, 12 Jan 2021 21:52:56 +0000 (22:52 +0100)]
package/ncmpc: bump to version 0.42

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mpd: bump to version 0.22.3
Jörg Krause [Tue, 12 Jan 2021 21:49:41 +0000 (22:49 +0100)]
package/mpd: bump to version 0.22.3

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libdrm: bump version to 2.4.104
Bernd Kuhls [Tue, 12 Jan 2021 21:23:10 +0000 (22:23 +0100)]
package/libdrm: bump version to 2.4.104

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/meson: bump to version 0.56.2
Jörg Krause [Tue, 12 Jan 2021 21:44:08 +0000 (22:44 +0100)]
package/meson: bump to version 0.56.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wavpack: security bump to version 5.4.0
Fabrice Fontaine [Wed, 13 Jan 2021 06:45:11 +0000 (07:45 +0100)]
package/wavpack: security bump to version 5.4.0

WavPack 5.4.0 contains a fix for CVE-2020-35738 wherein a specially
crafted WAV file could cause the WAVPACK command-line program to crash
with an out-of-bounds write (see issue #91).

Update hash of COPYING (update in year:
https://github.com/dbry/WavPack/commit/2ce3c069be548e82ea9c05741ace6583e549c6de)

https://github.com/dbry/WavPack/blob/5.4.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Petr Vorel [Tue, 12 Jan 2021 23:32:56 +0000 (00:32 +0100)]
{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/tar: update hash of cpio archive
Yann E. MORIN [Tue, 12 Jan 2021 19:19:49 +0000 (20:19 +0100)]
package/tar: update hash of cpio archive

Commit 37a909cacff9 (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.

However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.

As a consequence, updating the hash file was missed.

Do so now.

Also switch to using the new two-space separators.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/coremark-pro: clean up package
Chris Packham [Tue, 12 Jan 2021 09:08:40 +0000 (22:08 +1300)]
package/coremark-pro: clean up package

- Use the COREMARK_PRO_MARKS definition from the build recipe to
  generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/nvidia-modprobe: new package
Christian Stewart [Thu, 19 Nov 2020 07:53:24 +0000 (23:53 -0800)]
package/nvidia-modprobe: new package

nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.

https://github.com/NVIDIA/nvidia-modprobe

Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
 - use upstream Makefile instead of building directly;
 - don't install to staging;
 - remove dependency on host-pkgconf;
 - correct license to GPL-2.0;
 - remove dependency on threads and glibc;
 - add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/libevdev: bump version to 1.10.1
Peter Seiderer [Mon, 11 Jan 2021 19:40:17 +0000 (20:40 +0100)]
package/libevdev: bump version to 1.10.1

For details see [1].

[1] https://lists.freedesktop.org/archives/input-tools/2021-January/001555.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/wireguard-linux-compat: bump version to 1.0.20201221
Peter Korsgaard [Mon, 11 Jan 2021 19:11:08 +0000 (20:11 +0100)]
package/wireguard-linux-compat: bump version to 1.0.20201221

Fixes a build issue with linux-rt >= 5.4.  For details, see the
announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-December/006210.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/nano: fix tiny build
Bernd Kuhls [Mon, 11 Jan 2021 19:09:02 +0000 (20:09 +0100)]
package/nano: fix tiny build

Since upstream commit
https://git.savannah.gnu.org/cgit/nano.git/commit/configure.ac?id=235f92ce093099cd81f14827ab842bd331132790

--enable-color --enable-nanorc are needed for libmagic support in tiny
builds.

Fixes:
http://autobuild.buildroot.net/results/248/24894e62d6cf89d078959b12e67596c821d64696/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/pdbg: bump to version v3.2
Joel Stanley [Mon, 11 Jan 2021 05:09:10 +0000 (15:39 +1030)]
package/pdbg: bump to version v3.2

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/git: bump version to 2.30.0
Peter Seiderer [Sun, 10 Jan 2021 22:36:48 +0000 (23:36 +0100)]
package/git: bump version to 2.30.0

For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2012.3/03301.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/coremark-pro: add dependency on threads
Chris Packham [Mon, 11 Jan 2021 09:13:53 +0000 (22:13 +1300)]
package/coremark-pro: add dependency on threads

Coremark-pro requires threads so add a depends on
BR2_TOOLCHAIN_HAS_THREADS.

Fixes:
- http://autobuild.buildroot.net/results/ab574485a7856fcf5cd643c154c44b4bfcb34a97/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/quota: add CPE variables
Fabrice Fontaine [Mon, 11 Jan 2021 08:07:00 +0000 (09:07 +0100)]
package/quota: add CPE variables

cpe:2.3:a:jan_kara:linux_diskquota is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajan_kara%3Alinux_diskquota

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/ed: add ED_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 07:56:12 +0000 (08:56 +0100)]
package/ed: add ED_CPE_ID_VENDOR

cpe:2.3:a:gnu:ed is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/links: add LINKS_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 07:46:59 +0000 (08:46 +0100)]
package/links: add LINKS_CPE_ID_VENDOR

cpe:2.3:a:twibright:links is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atwibright%3Alinks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber >matthew.weber@rockwellcollins.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/cereal: add CEREAL_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 07:04:49 +0000 (08:04 +0100)]
package/cereal: add CEREAL_CPE_ID_VENDOR

cpe:2.3:a:usc:cereal is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libtomcrypt: add LIBTOMCRYPT_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 20:49:42 +0000 (21:49 +0100)]
package/libtomcrypt: add LIBTOMCRYPT_CPE_ID_VENDOR

cpe:2.3:a:libtom:libtomcrypt is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtom%3Alibtomcrypt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/go: add GO_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 11 Jan 2021 20:36:24 +0000 (21:36 +0100)]
package/go: add GO_CPE_ID_VENDOR

golang is the correct CPE ID vendor for the go package, see:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agolang%3Ago

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agodocs/manual: replace LIBFOO_CPE_ID_PRODUCT
Fabrice Fontaine [Mon, 11 Jan 2021 20:12:25 +0000 (21:12 +0100)]
docs/manual: replace LIBFOO_CPE_ID_PRODUCT

Replace LIBFOO_CPE_ID_PRODUCT by LIBFOO_CPE_ID_NAME

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libupnp: set LIBUPNP_CPE_ID_VALID
Fabrice Fontaine [Mon, 11 Jan 2021 20:14:41 +0000 (21:14 +0100)]
package/libupnp: set LIBUPNP_CPE_ID_VALID

cpe:2.3:a:libupnp_project:libupnp is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibupnp_project%3Alibupnp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/netcat: set NETCAT_CPE_ID_VALID
Fabrice Fontaine [Mon, 11 Jan 2021 20:15:44 +0000 (21:15 +0100)]
package/netcat: set NETCAT_CPE_ID_VALID

cpe:2.3:a:netcat_project:netcat is indeed the right CPE identifier for
this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetcat_project%3Anetcat

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gkrellm: new package
Bernd Kuhls [Sat, 2 May 2020 10:06:35 +0000 (12:06 +0200)]
package/gkrellm: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/frotz: needs threads
Fabrice Fontaine [Sun, 10 Jan 2021 19:28:15 +0000 (20:28 +0100)]
package/frotz: needs threads

Fixes:
 - http://autobuild.buildroot.org/results/8443316d8074bf44a82ceeda4630a9acb1254947

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoconfigs/qemu_*: bump kernel version to 5.4.88
Geoffrey Le Gourriérec [Sun, 10 Jan 2021 20:39:10 +0000 (21:39 +0100)]
configs/qemu_*: bump kernel version to 5.4.88

Bump QEMU defconfigs to latest longterm kernel 5.4.88.

Please note that QEMU boards not based on 5.4.y were ignored:
- qemu_csky810_virt_defconfig
- qemu_csky807_virt_defconfig
- qemu_csky610_virt_defconfig
- qemu_csky860_virt_defconfig

Tests were carried out on all QEMU boards using Gitlab [1] (commit
message was slightly different, but the patch is identical)

Additional actions needed were:
- board/qemu/sh4-r2d: Remove one of the two kernel patches [2] provided
  by Alan Modra fixing rodata alignment, carried here by Romain Naour [3]
  to fix an issue preventing kernel from booting with binutils 2.23.
  Patch is present in upstream Linux now.

[1] https://gitlab.com/clumsyape/buildroot/-/pipelines/239483891
[2] https://www.sourceware.org/ml/binutils/2019-12/msg00112.html
[3] https://git.busybox.net/buildroot/commit/?id=a2331c8a61bdd71c47492efc818fb0458a349219

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/nano: drop unrecognized option
Fabrice Fontaine [Sun, 10 Jan 2021 19:58:51 +0000 (20:58 +0100)]
package/nano: drop unrecognized option

wordbounds option has been removed since version 4.0 and
https://git.savannah.gnu.org/cgit/nano.git/commit?id=798695ff1ec0bec2605eb490008f2968a5e8c264

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Petr Vorel [Mon, 11 Jan 2021 17:55:20 +0000 (18:55 +0100)]
{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Drop 5.9 stable (EOL).

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/tar: drop specific version for host variant
Yann E. MORIN [Tue, 29 Sep 2020 19:14:43 +0000 (21:14 +0200)]
package/tar: drop specific version for host variant

Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.

Drop the host-tar version, and use the same as the target variant.

Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agosupport/dependencies: drop check for maximal tar version
Yann E. MORIN [Mon, 28 Sep 2020 21:16:50 +0000 (23:16 +0200)]
support/dependencies: drop check for maximal tar version

So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.

Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.

But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.

Note: this is semantically a revert of b8fa273d500b (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agosupport/download: change format of archives generated from svn
Yann E. MORIN [Mon, 28 Dec 2020 11:06:11 +0000 (12:06 +0100)]
support/download: change format of archives generated from svn

Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.

We have no in-tree users of the svn backend which also has hashes,
so no hash to update.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agosupport/download: cleanup svn backend
Yann E. MORIN [Wed, 23 Dec 2020 21:21:05 +0000 (22:21 +0100)]
support/download: cleanup svn backend

Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.

Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.

As such, we do not need to filter them out  when we generate the list
of files to include in the archive.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agosupport/download: change format of archives generated from git
Yann E. MORIN [Mon, 25 Mar 2019 21:48:12 +0000 (22:48 +0100)]
support/download: change format of archives generated from git

Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.

However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.

To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.

So, we bump the git-specific format-version to -br1.

The %ci date  has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.

As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.

Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.

For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    #!/bin/sh
    # Find and download all packages using git as backend.
    # Manually fix hashes for affected packages.

    # Packages that only have a host variant
    HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'

    # Packages that have a non-git main _SOURCE, and/or which
    # have BR_NO_CHECK_HASH_FOR for the git _SOURCE
    NOT_GIT='aufs|aufs-util|xenomai|linux-headers'

    export BR2_DL_DIR=$(pwd)/temp-dl-dir

    make defconfig
    make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
                boot/vexpress-firmware/ package/ \
            |sed -r -e 's,.*/([^/]+)\.mk,\1,' \
            |sed -r -e '/^('"${NOT_GIT}"')$/d;' \
                    -e 's/^('"${HOST_ONLY}"')/host-\1/;' \
                    -e 's/$/-legal-info/;'
          )

    ---8<------8<------8<------8<---

4 years agosupport/download: add helper to generate a reproducible archive
Yann E. MORIN [Mon, 28 Dec 2020 16:07:04 +0000 (17:07 +0100)]
support/download: add helper to generate a reproducible archive

We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).

However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.

As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.

Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.

However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.

Introduce a helper that can generate a reproducible archive from
an input directory.

The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
    tar: Time stamp is out of allowed range

However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    # Here is a Makefile used to test all the versions of tar, with
    # different output formats and different sets of options:
    # Versions prior to 1.27 do not build on recent machines, because
    # 'gets()' got removed (rightfully so), so don't count them as
    # candidates.
    VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
    DATE = Thu 21 May 2020 06:44:11 PM CEST

    TARS = \
     $(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))

    all: $(TARS)
     sha1sum $(^)

    .INTERMEDIATE: test_%.tar
    test_gnu_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=gnu \
     -T list \
     >$(@)
    test_posix_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     -T list \
     >$(@)
    test_posix_paxoption_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     --pax-option='delete=atime,delete=ctime,delete=mtime' \
     --pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
     -T list \
     >$(@)

    list: .FORCE
    list: test
     (cd test && find . -not -type d ) |LC_ALL=C sort >$(@)

    LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
    test: .FORCE
    test:
     rm -rf test
     mkdir -p test/bar
     echo foo >test/Foo
     echo bar >test/bar/Bar
     ln -s bar/Bar test/buz
     echo long >test/Very-$(LONG)-filename
     ln test/Very-$(LONG)-filename \
        test/short

    .PRECIOUS: tar.%
    tar.%: tar-%
     cd $(<) && ./configure
     $(MAKE) -C $(<)
     install -m 0755 $(<)/src/tar $(@)

    .PRECIOUS: tar-%
    tar-%: tar-%.tar.gz
     tar xzf $(<)

    .PRECIOUS: tar-%.tar.gz
    tar-%.tar.gz:
     wget "https://ftp.gnu.org/gnu/tar/$(@)"

    .FORCE:

    clean:
     rm -rf tar-* tar.* test_* test list
    ---8<------8<------8<------8<---

4 years agocore/pkg-infra: allow per site-method sub-version strings
Yann E. MORIN [Sun, 13 Dec 2020 13:59:28 +0000 (14:59 +0100)]
core/pkg-infra: allow per site-method sub-version strings

When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.

To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.

Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agocore/pkg-infra: prepare for alternate default source archives
Yann E. MORIN [Mon, 25 Mar 2019 19:59:20 +0000 (20:59 +0100)]
core/pkg-infra: prepare for alternate default source archives

The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.

When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.

However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.

So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.

Use a macro as suggested by Arnout.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
4 years agopackage/libclc: switch to use the frozen, legacy mirror
Yann E. MORIN [Sat, 9 Jan 2021 10:12:54 +0000 (11:12 +0100)]
package/libclc: switch to use the frozen, legacy mirror

The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.

Switch to using the libclc source from the llvm legacy and frozen
mirror.

Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
---
Changes v1 -> v2:
  - keep everything as-is, just switch to the frozen mirror

4 years agopackage/tzdata: drop obosolete, legacy zic option -y
Yann E. MORIN [Sun, 10 Jan 2021 18:19:49 +0000 (19:19 +0100)]
package/tzdata: drop obosolete, legacy zic option -y

The following commits:
  - 7868289fd534 package/zic: bump version to 2020f
  - c99374ecbb5e package/tzdata: bump version to 2020f

bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].

This now spews annoying warnings:

    warning: -y ignored

Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.

Drop that option.

[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
4 years agopackage/tzdata: bump version to 2020f
Bernd Kuhls [Sun, 10 Jan 2021 16:47:11 +0000 (17:47 +0100)]
package/tzdata: bump version to 2020f

Release notes:
https://mm.icann.org/pipermail/tz-announce/2020-December/000064.html

Upstream removed timezones pacificnew and systemv:
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/zic: bump version to 2020f
Bernd Kuhls [Sun, 10 Jan 2021 16:47:10 +0000 (17:47 +0100)]
package/zic: bump version to 2020f

Release notes:
https://mm.icann.org/pipermail/tz-announce/2020-December/000064.html

Rebased patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/readline: bump to version 8.1
Francois Perrad [Sat, 9 Jan 2021 07:41:23 +0000 (08:41 +0100)]
package/readline: bump to version 8.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/busybox: fix selinux-related build error
Bernd Kuhls [Sun, 10 Jan 2021 12:23:10 +0000 (13:23 +0100)]
package/busybox: fix selinux-related build error

Fixes:
http://autobuild.buildroot.net/results/b89/b89b7d0f0601bb706e76cea31cf4e43326e5540c/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/rng-tools: bump to version 6.11
Fabrice Fontaine [Sun, 10 Jan 2021 13:00:13 +0000 (14:00 +0100)]
package/rng-tools: bump to version 6.11

Drop patches (already in version)

https://github.com/nhorman/rng-tools/releases/tag/V6.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sdl2: bump version to 2.0.14
Michael Fischer [Fri, 8 Jan 2021 10:12:00 +0000 (11:12 +0100)]
package/sdl2: bump version to 2.0.14

patch 0001: already applied upstream
patch 0002: adapt patch to 2.0.14

Signed-off-by: Michael Fischer <mf@go-sys.de>
[yann.morin.1998@free.fr:
  - renumber remaining patch
  - fix space-typo in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/multipath-tools: fix license
Fabrice Fontaine [Sun, 10 Jan 2021 08:59:51 +0000 (09:59 +0100)]
package/multipath-tools: fix license

As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
 - GPL-2.0+ (e.g. libmultipath/alias.c)
 - GPL-3.0+ (e.g. libdmmp/libdmmp.c)
 - LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)

So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/casync: new package
Yair Ben-Avraham [Sun, 10 Jan 2021 08:35:35 +0000 (08:35 +0000)]
package/casync: new package

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[yann.morin.1998@free.fr:
  - correctly fix build without lzma in an upstreamable fashion
  - actually fix the build without udev
  - depend on udev, not libudev (which does not exist)
  - don't use += for the first variable assignment to _CONF_OPTS
  - explicitly disable unsupported fuzz options
  - add explicit optiopnal support for bash-completion
  - drop useless comments about "features" and "booleans"
  - fix alphabetical order in DEVELOPERS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/nodejs: security bump to version 12.20.1
Peter Korsgaard [Thu, 7 Jan 2021 22:24:12 +0000 (23:24 +0100)]
package/nodejs: security bump to version 12.20.1

Fixes the following security issues:

- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
  are vulnerable to a use-after-free bug in its TLS implementation.  When
  writing to a TLS enabled socket, node::StreamBase::Write calls
  node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
  argument.  If the DoWrite method does not return an error, this object is
  passed back to the caller as part of a StreamWriteResult structure.  This
  may be exploited to corrupt memory leading to a Denial of Service or
  potentially other exploits

- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
  Node.js allow two copies of a header field in a http request.  For
  example, two Transfer-Encoding header fields.  In this case Node.js
  identifies the first header field and ignores the second.  This can lead
  to HTTP Request Smuggling

- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
  This is a vulnerability in OpenSSL which may be exploited through Node.js.
  You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
https://github.com/nodejs/node/commit/9eb1fa19248949dfc716807b1dc97dedf36da14e

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/clinfo: bump to version 3.0.20.11.20
Romain Naour [Thu, 7 Jan 2021 16:09:16 +0000 (17:09 +0100)]
package/clinfo: bump to version 3.0.20.11.20

Update indentation of hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/poppler: use ENABLE_GLIB
Fabrice Fontaine [Fri, 8 Jan 2021 06:53:41 +0000 (07:53 +0100)]
package/poppler: use ENABLE_GLIB

Use ENABLE_GLIB which is available since version 0.60 and
https://github.com/freedesktop/poppler/commit/766a32ff59dadd9ae4639d8a79861a17be6aec52

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoDEVELOPERS: fix order
Bernd Kuhls [Thu, 7 Jan 2021 21:41:24 +0000 (22:41 +0100)]
DEVELOPERS: fix order

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libiec61850: fix CVE-2020-15158
Fabrice Fontaine [Fri, 8 Jan 2021 18:19:53 +0000 (19:19 +0100)]
package/libiec61850: fix CVE-2020-15158

In libIEC61850 before version 1.4.3, when a message with COTP message
length field with value < 4 is received an integer underflow will happen
leading to heap buffer overflow. This can cause an application crash or
on some platforms even the execution of remote code. If your application
is used in open networks or there are untrusted nodes in the network it
is highly recommend to apply the patch. This was patched with commit
033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when
available. As a workaround changes of commit 033ab5b can be applied to
older versions.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/busybox: bump version to 1.33.0
Bernd Kuhls [Fri, 8 Jan 2021 19:06:03 +0000 (20:06 +0100)]
package/busybox: bump version to 1.33.0

Rebased patch 0002.

Removed patch 0003 which was applied upstream:
https://git.busybox.net/busybox/commit/?h=1_33_stable&id=1a5d6fcbb5e606ab4acdf22afa26361a25f1d43b

Switched _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/frotz: new package
Thomas Huth [Thu, 30 Apr 2020 14:44:41 +0000 (16:44 +0200)]
package/frotz: new package

Frotz is an interpreter for old Infocom adventures and other Z-code
games.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agotoolchain: CodeSourcery AArch64 2014.11 does not contain libatomic
Bernd Kuhls [Sat, 9 Jan 2021 12:33:37 +0000 (13:33 +0100)]
toolchain: CodeSourcery AArch64 2014.11 does not contain libatomic

Fixes build error

output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
 cannot find -latomic

using this defconfig

BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y

libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/xorcurses: new package
Thomas Huth [Thu, 30 Apr 2020 06:54:45 +0000 (08:54 +0200)]
package/xorcurses: new package

XorCurses is a remake of the 8-bit game 'Xor' by Astral Software.
Your task is to roam around a series of mazes where you have to
collect all blue masks before finding the exit. You have two 'shields'
(players) and you can use either one at any time and switch between
them. While the first level is simply a matter of navigation, the
following levels introduce further objects like bombs and teleports,
which have to be used right to solve the puzzles.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/apcupsd: fix reverse dependency for libusb
Bernd Kuhls [Sat, 9 Jan 2021 13:37:08 +0000 (14:37 +0100)]
package/apcupsd: fix reverse dependency for libusb

Commit 8a26801c9f (package/libusb: needs gcc >= 4.9) added a dependency
to gcc >= 4.9 for libusb but forgot to propagate the reverse dependency
to BR2_PACKAGE_APCUPSD_USB.

Fixes:
http://autobuild.buildroot.net/results/f34/f348fe8e5530970a14589ca878810a3bdaf98f67/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/solidrun_clearfog_gt_8k: bump BSP components
Baruch Siach [Sat, 9 Jan 2021 20:09:21 +0000 (22:09 +0200)]
configs/solidrun_clearfog_gt_8k: bump BSP components

Switch to upstream ATF of recent version to fix build with recently
updated mv-ddr. The vendor does not provide public access to newer ATF
versions anymore.

Bump U-Boot and kernel to fix dtc build on hosts with gcc 10.

Increase rootfs size. The default 60MB is not enough.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/948622614

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/bats-core: bump version to 1.2.1
Peter Korsgaard [Sat, 9 Jan 2021 17:55:07 +0000 (18:55 +0100)]
package/bats-core: bump version to 1.2.1

For details, see the release notes:
https://github.com/bats-core/bats-core/releases/tag/v1.2.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agolinux: indicate proper CPE prefix
Thomas Petazzoni [Thu, 7 Jan 2021 21:13:34 +0000 (22:13 +0100)]
linux: indicate proper CPE prefix

The CPE type of the Linux kernel is special, it should be "o", unlike
all other packages that use "a". We therefore need to override
<pkg>_CPE_ID_PREFIX, so that the CPE ID of the linux package matches
with the CPE dictionary.

Reported-by: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/nano: bump to version 5.4
Francois Perrad [Sat, 9 Jan 2021 12:18:55 +0000 (13:18 +0100)]
package/nano: bump to version 5.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/dbus: bump to version 1.12.20
Francois Perrad [Sat, 9 Jan 2021 12:17:19 +0000 (13:17 +0100)]
package/dbus: bump to version 1.12.20

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/p11-kit: security bump to version 0.23.22
Fabrice Fontaine [Fri, 8 Jan 2021 18:11:57 +0000 (19:11 +0100)]
package/p11-kit: security bump to version 0.23.22

- Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361,
  CVE-2020-29362 and CVE-2020-29363)
- Update indentation in hash file (two spaces)

https://github.com/p11-glue/p11-kit/blob/0.23.22/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/openvpn: set OPENVPN_CPE_ID_VENDOR
Fabrice Fontaine [Fri, 8 Jan 2021 17:53:00 +0000 (18:53 +0100)]
package/openvpn: set OPENVPN_CPE_ID_VENDOR

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-s3transfer: bump to version 0.3.3
Raphaël Mélotte [Fri, 8 Jan 2021 17:50:49 +0000 (18:50 +0100)]
package/python-s3transfer: bump to version 0.3.3

While at it, use two spaces for all the hashes.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/openjpeg: fix build with poppler
Fabrice Fontaine [Fri, 8 Jan 2021 17:32:59 +0000 (18:32 +0100)]
package/openjpeg: fix build with poppler

Fix build of poppler with openjpeg in version 2.4.0

Fixes:
 - http://autobuild.buildroot.org/results/e4e43519a1c70686844b08257971cc350a746636

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/multipath-tools: disable -Werror
Fabrice Fontaine [Fri, 8 Jan 2021 17:06:29 +0000 (18:06 +0100)]
package/multipath-tools: disable -Werror

Set the new WARNFLAGS to "" which has been added since version 0.8.5 and
https://github.com/opensvc/multipath-tools/commit/82f1b164cb21c9632b3c73f865d97777c7a61e0d

Otherwise, -Werror will raise the following build failure:

/srv/storage/autobuild/run/instance-3/output-1/host/bin/mipsel-linux-gcc --std=gnu99 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2  -D_FORTIFY_SOURCE=1  -Werror -Wall -Wextra -Wformat=2 -Werror=implicit-int -Werror=implicit-function-declaration -Werror=format-security -Wno-clobbered -Wno-error=clobbered -Werror=cast-qual -Werror=discarded-qualifiers -pipe -DBIN_DIR=\"/sbin\" -DLIB_STRING=\"lib\" -DRUN_DIR=\"run\" -MMD -MP -fPIC -I.. -I../../libmultipath/nvme -Wp,-D_FORTIFY_SOURCE=2  -c -o nvme.o nvme.c
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]

Fixes:
 - http://autobuild.buildroot.org/results/71f7661e7d26ca8608e902eee9f2a92376b00601

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/balena-engine: new package
Tian Yuanhao [Wed, 16 Dec 2020 08:42:46 +0000 (00:42 -0800)]
package/balena-engine: new package

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/libiec61850: new package
Romain Naour [Fri, 24 Apr 2020 17:04:35 +0000 (19:04 +0200)]
package/libiec61850: new package

Don't add mbedtls support since it require a bundled and specific
version.

Keep experimental Python binding support disabled for now.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/fluidsynth: add systemd optional dependency
Fabrice Fontaine [Fri, 24 Apr 2020 11:39:28 +0000 (13:39 +0200)]
package/fluidsynth: add systemd optional dependency

systemd is an optional dependency (enabled by default) since version
2.0.5 and
https://github.com/FluidSynth/fluidsynth/commit/099369f8b7f39afe08b6a518195948b05a937af3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/fluidsynth: add sdl2 optional dependency
Fabrice Fontaine [Fri, 24 Apr 2020 11:39:27 +0000 (13:39 +0200)]
package/fluidsynth: add sdl2 optional dependency

sdl2 is an optional dependency (enabled by default) since version 2.1.0:
https://github.com/FluidSynth/fluidsynth/commit/978283bbf0309191a441121b7ea867e41e329d3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/swupdate: note init script tokenizing limitation
Matt Weber [Tue, 21 Apr 2020 13:08:53 +0000 (08:08 -0500)]
package/swupdate: note init script tokenizing limitation

Command line options reference:
https://sbabic.github.io/swupdate/_sources/swupdate.txt

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/luasyslog: bump to version 2.2.0 from a fork
Francois Perrad [Wed, 22 Apr 2020 09:22:53 +0000 (11:22 +0200)]
package/luasyslog: bump to version 2.2.0 from a fork

This commit switches the luasyslog package to use a fork of the
project that has good Lua 5.3 support.

This fork has a public repository on Github
(https://github.com/ntd/luasyslog/), and is available as a Lua Rock
(https://luarocks.org/modules/ntd/luasyslog), but unfortunately the
rockspec uses a build method that is not supported by the Buildroot
luarocks infrastructure. Therefore, we used the autotools build system
provided by this fork.

Because this fork has good support for Lua 5.3, the "Lua 5.3
compatibility" patch becomes useless and can be dropped.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/environment-setup: fix spelling of the script file in the manual.
Konrad Schwarz [Thu, 31 Dec 2020 21:29:47 +0000 (22:29 +0100)]
package/environment-setup: fix spelling of the script file in the manual.

The manual incorrectly refers to the script file as `setup-environment';
it is actually called `environment-setup'.

Signed-off-by: Konrad Schwarz <konrad.schwarz@siemens.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/freescale-imx/firmware-imx/Config.in: install imx6q binaries for IM6UL platform
Rob Mellor [Fri, 13 Nov 2020 10:10:26 +0000 (10:10 +0000)]
package/freescale-imx/firmware-imx/Config.in: install imx6q binaries for IM6UL platform

linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";

without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target

Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>