git.libre-soc.org Git - buildroot.git/log

package/swupdate: add optional systemd dependency

When the swupdate SYSTEMD option is enabled, systemd needs to be built
before swupdate, otherwise the build fails with:

core/notifier.c:27:10: fatal error: systemd/sd-daemon.h: No such file or directory
27 | #include <systemd/sd-daemon.h>
| ^~~~~~~~~~~~~~~~~~~~~

Of course, it remains up to the user to make sure that the systemd
package is enabled when systemd support is enabled in the swupdate
configuration.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libunwind: bump to version 1.4.0

Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: update basic toolchain to bootlin bleeding-edge 2018.11-1

Update the toolchain being used by the testsuite infra.

The new toolchain 2018.11-1 is based on gcc 8.2, uClibc-ng 1.0.30,
linux-headers 4.14 and binutils 2.31.1.
Enable BR2_TOOLCHAIN_HAS_THREADS_DEBUG that is now required.

The old toolchain 2017.05 is based on gcc 4.9, uClibc-ng 1.0.25,
linux-headers 3.10 and binutils 2.27.

Tested with gitlab
https://gitlab.com/kubu93/buildroot/pipelines/132376578

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnss: fix build failure on arm32 arch not armv7

NSS assumes that every neon arm32 build is an armv7, but this is
not always true(i.e. build arm32 for armv8), so let's add a patch to
remove -march=armv7 flag when building gcm-arm32-neon.c

Fixes:
http://autobuild.buildroot.net/results/464/464044fda2850123339de6c8071374e380636ee0/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freescale-imx/kernel-module-imx-gpu-viv: bump to version 6.4.0.p1.0

This package has been tested on Nitrogen8M with the following commands:
# modprobe galcore
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7

Also update the help text as we shouldn't specify a kernel revision. It
is just that this module isn't meant for mainline kernel, only its NXP
forked version.

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libexif: annotate CVEs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: bump version to 245.4

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rtty: bump version to 7.1.3

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libdrm: bump version to 2.4.101

Removed patches applied upstream:
https://cgit.freedesktop.org/mesa/drm/commit/xf86drm.h?id=8c1185d22cb5ea09dea063bd4a0a4f8b64487919
https://cgit.freedesktop.org/mesa/drm/commit/xf86atomic.h?id=8c511950395ce496028bbc5ba30d9b9632690db6
https://cgit.freedesktop.org/mesa/drm/commit/meson.build?id=8de2696213d0f25a10a167b5fd6c312d6ce6a1af
https://cgit.freedesktop.org/mesa/drm/commit/tests/nouveau/threaded.c?id=cd77f114ca0073f609fc89d22390152945e73107

Renumbered remaining patches, use .xz tarball provided by upstream.
Removed md5 & sha1 hashes, not provided by upstream anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 20.0.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard-tools: bump version to 1.0.20200319

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard-linux-compat: bump version to 1.0.20200401

Matching the now-mainline wireguard code in kernel 5.6.

For details, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libva-utils: bump version to 2.7.1

Removed patch which was applied upstream:
https://github.com/intel/libva-utils/commit/bd01ba5a6b53370ee6465f393051908f9c6ddeba

Switched to github helper, upstream does not provide a tarball for this
release.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libva: bump version to 2.7.0

Switched to github helper, upstream does not provide a tarball for this
release.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 5, 6}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/apache: security bump to version 2.4.43

Fixes the following security issues:

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

The LICENSE file has been updated to fix a s/waranties/warranties/ typo, so
update the hash to match and adjust the spacing to match recent agreements:

-This software is provided "as is" and any express or implied waranties,
+This software is provided "as is" and any express or implied warranties,

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/kmscube: Use the official gitlab URL

The cgit URL is a mirror of the gitlab repository.

The README.md file of the kmscube project also points
to the gitlab repository, so switch the URL accordingly.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/sysdig: update upstream URL in Config.in

The sysdig homepage we have points to an "on-sale" domain, that is
purportedly serving malware while at it. Update to point to the wiki on
github instead.

Fixes #12746.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- use wiki instead of git repo
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/ntp: security bump to version 4.2.8p14

"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]

NONE: Sec 3610: process_control() should bail earlier on short packets.

MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.

MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.

[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele

The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:

@@ -3,7 +3,7 @@

    jpg "Clone me," says Dolly sheepishly.

-   Last update: 2-Jan-2017 11:58 UTC
+   Last update: 4-Feb-2020 23:47 UTC
      __________________________________________________________________

    The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
    Burnicki is:
***********************************************************************
*                                                                     *
-* Copyright (c) Network Time Foundation 2011-2017                     *
+* Copyright (c) Network Time Foundation 2011-2020                     *
*                                                                     *
* All Rights Reserved                                                 *
*                                                                     *

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/netdata: link with libatomic when needed

netdata uses __atomic_fetch_add_2

Fixes:
- http://autobuild.buildroot.org/results/1eb033ba7bf85ba3e25572a106f08faf49cd05b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cog: bump to version 0.6.0

Drop patches that are now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: adjust BR2_LINUX_KERNEL_IMAGE_NAME help text

The help text of BR2_LINUX_KERNEL_IMAGE_NAME is somewhat incomplete,
in the sense that it assumes just a filename can be passed, while it
can be a relative path, such as 'compressed/vmlinux.bin.z'. So make it
clear that such paths are relative to arch/ARCH/boot/.

Also, drop the part about this being only useful for Xtensa as this is
not true: on MIPS it might be needed as well for some specific image
types.

Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: do not install images in subdirectories

The Linux kernel image is typically found in arch/ARCH/boot/, which is
why LINUX_IMAGE_PATH is defined as:

LINUX_IMAGE_PATH = $(LINUX_ARCH_PATH)/boot/$(LINUX_IMAGE_NAME)

However, on MIPS, some kernel image types are available from
arch/mips/boot/compressed, or even at the top-level directory. For
such cases, LINUX_IMAGE_NAME might be set (using
BR2_LINUX_KERNEL_IMAGE_NAME) to values such as:

  compressed/vmlinux.bin.z

or

  ../../../uzImage.bin

Except that the line:

  $(INSTALL) -m 0644 -D $(LINUX_IMAGE_PATH) $(1)/$(LINUX_IMAGE_NAME)

will lead to such images be installed in:

  $(TARGET_DIR)/boot/compressed/vmlinux.bin.z
  $(BINARIES_DIR)/compressed/vmlinux.bin.z

and:

  $(TARGET_DIR)/boot/../../../uzImage.bin
  $(BINARIES_DIR)/../../../uzImage.bin

which of course is completely bogus.

So let's install them under their name, not their full relative path
to arch/ARCH/boot/.

Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cegui: fix invalid cast

Fixes:
- http://autobuild.buildroot.net/results/a76/a76e88d1805c836bf095b9b6ed5fb52aa0fcdc0a
- http://autobuild.buildroot.net/results/d24/d24ebb999215a23e0743c29ca137745417316bc4
- http://autobuild.buildroot.net/results/37b/37b46d25a98a17ead9133cba9fd6c8ebe8996d60

and many many more...

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[Peter: drop number from patch subject]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libopenssl: security bump to version 1.1.1f

Fixes the following security issues (1.1.1e):

CVE-2019-1551 [Low severity]: There is an overflow bug in the x64_64
Montgomery squaring procedure used in exponentiation with 512-bit moduli.
No EC algorithms are affected.  Analysis suggests that attacks against
2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect
would be very difficult to perform and are not believed likely.  Attacks
against DH512 are considered just feasible.  However, for an attack the
target would have to re-use the DH512 private key, which is not recommended
anyway.  Also applications directly using the low level API BN_mod_exp may
be affected if they use BN_FLG_CONSTTIME.  Reported by OSS-Fuzz and Guido
Vranken.

https://www.openssl.org/news/secadv/20191206.txt

CVE-2019-1563 [Low severity]: In situations where an attacker receives
automated notification of the success or failure of a decryption attempt an
attacker, after sending a very large number of messages to be decrypted, can
recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a Bleichenbacher
padding oracle attack.  Applications are not affected if they use a
certificate together with the private RSA key to the CMS_decrypt or
PKCS7_decrypt functions to select the correct recipient info to decrypt.
Reported by Bernd Edlinger.

https://www.openssl.org/news/secadv/20190910.txt

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/config-fragments/autobuild: update OpenRISC toolchain

Following commit eee96b0f0ad224b3e09a9b98c26d056e18f17fd5 that adds a
gcc patch for OpenRISC, the OpenRISC pre-built toolchain was
rebuilt. Let's use this new toolchain version for the autobuilders.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xserver_xorg-server: bump version to 1.20.8

Removed patch applied upstream:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2ef88c4d3a551ff7646bfb86550cae32b02a510

Removed md5 & sha1 hashes, not provided by upstream anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 20.0.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libuwsc: bump version to 3.3.4

Adjust license hash for a change in email address:
-Copyright (c) 2019 Jianhui Zhao <jianhuizhao329@gmail.com>
+Copyright (c) 2019 Jianhui Zhao <zhaojh329@gmail.com>

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libpjsip: bump version to 2.10

Other changes:
- Change the site URL as the upstream project has migrated to Github

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/janus-gateway: bump version to 0.9.2

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wpa_supplicant: fix CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/hostapd: fix CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libsndfile: add upstream security fixes

- Fix CVE-2017-6892: In libsndfile version 1.0.28, an error in the
  "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an
  out-of-bounds read memory access via a specially crafted AIFF file.

- Fix CVE-2017-8361: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (buffer overflow and application crash) or possibly have unspecified
  other impact via a crafted audio file.

- Fix CVE-2017-8362: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (invalid read and application crash) via a crafted audio file.

- Fix CVE-2017-8363: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (heap-based buffer over-read and application crash) via a crafted
  audio file.

- Fix CVE-2017-8365: The i2les_array function in pcm.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (buffer over-read and application crash) via a crafted audio file.

- Fix CVE-2017-12562: Heap-based Buffer Overflow in the
  psf_binheader_writef function in common.c in libsndfile through 1.0.28
  allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gdb: bump to version 8.3.1

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cjson: bump to version 1.7.13

Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/manual: minor typo fix

Definition of LIBFOO_USERS actually ends on 33rd line.

Signed-off-by: Nazım Gediz Aydındoğmuş <gediz.aydindogmus@genemek.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: add version 5.6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: move .. or later text to 5.6]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain/Config.in: move BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_5

Config option was placed at the wrong position.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nftables: check for python

If python or python3 is selected, nftables should depend on the package
and set the --enable-python option, otherwise set --disable-python

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

kmscube: Bump to the most recent version

Bump to the latest kmscube version.

Since kmscube has been converted to meson, adjust the .mk file
accordingly.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

kmscube: Change repository to gitlab

The https://cgit.freedesktop.org/mesa/kmscube repository
is mirrored from https://gitlab.freedesktop.org/mesa/kmscube, so
switch to the gitlab one.

The other advantage of using the gitlab repository is that it can handle
archive downloads, so switch to it.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/strace: bump to version 5.5

Drop patch.
Strace 5.5 now is compatible with glibc-2.31 and
Linux kernel headers < 5.3.

The copyright year was updated in COPYING, so update the hash.

Fixes:
  - http://autobuild.buildroot.net/results/dd7ec26396412375941eaf43daf755d61a68458b/

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Cc: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr:
  - add autobuilder reference provided by Baruch
  - fix hash for COPYING
  - two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/tinyproxy: disable a2x

If a2x is found, tinyproxy won't touch the configuration files and will
try to regenerate them which will result in the following build failure:

make[4]: Entering directory `/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/build/tinyproxy-1.10.0/docs/man5'
  GEN      tinyproxy.conf.5
  File "/accts/mlweber1/bin/a2x", line 76
    print '%s: %s' % (PROG,msg)
          ^
SyntaxError: invalid syntax

Fixes:
- http://autobuild.buildroot.org/results/fbd81c05f37a3db6df1cbc3495a89957c6587d25

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gupnp-tools: bump to version 0.10.0

- Update indentation of hash file (two spaces)
- Fix build with latest gupnp/gssdp thanks to
https://gitlab.gnome.org/GNOME/gupnp-tools/-/commit/41feb3168d3870e0d017c248f20cbe85bc5acde7

Fixes:
- No autobuilder failures yet

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/mx53loco: bump the kernel version

Bump the kernel to the 5.4.27 version.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gupnp: needs host-vala for introspection

Introspection support in gupnp is handled by way of vala tools and
vala bindings.

Even though host-vala is already a transitive dependency via gssdp,
add it to gupnp for correctness sake; also explicitly enable the
generation of the vala API, since it is required for introspection.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gssdp: build vala bindings for introspection

When building its introspection metadata description files, gssdp can
also generate the associated vala bindings.

Dependent packages may then use either or both the introspection
metadata description files or the vala bindings to generate their own.
For example; this is the case with gupnp, which requires the vala
bindings from gssdp to be able to generate its introspection metadata
description files and vala bindings.

Since there is no way to know whether the vala bindings are required or
not, we always build them. host-vala has no dependency that is not
already a dependency of gssdp, so the overhead is just the time to build
host-vala itself, roughly 32s here when compared to 10+minutes to build
all the dependencies of gssdp with introspection support.

Fixes:
- http://autobuild.buildroot.org/results/06f879902a567c26bade630091b21b56f637bd60/
- http://autobuild.buildroot.org/results/457ecc20e1932e13e82ff6bdcaf4adaf97cb7d1d/

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Makefile: make-4.3 now longer un-escapes \# in macros

make-4.3 shipped with a backward incompatible change in how sharp signs
are handled in macros. Previously, up to make 4.2, the sharp sign would
always start a comment, unless backslash-escaped, even in a macro or a
fucntion call.

Now, the sharp sign is no longer starting a comment when it appears
inside such a macro or function call. This behaviour was supposed to be
in force since 3.81, but was not; 4.3 fixed the code to match the doc.

As such, use of external toolchains is broken, as we use the sharp sign
in the copy_toolchain_sysroot macro, in shell variable expansion to
strip off any leading /: ${target\#/}.

Fix that by applying the workaround suggested in the release annoucement
[0], by using a variable to hold a sharp sign.

[0] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html

Signed-off-by: Yaroslav Syrytsia <me@ys.lc>
[yann.morin.1998@free.fr:
- move the SHARP_SIGN definition out of Makefile and into support/
- expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/freescale-imx/imx-vpu-hantro: bump version to 1.15.0

To match NXP BSP 4.19.35-1.1.0 release:
https://source.codeaurora.org/external/imx/meta-fsl-bsp-release/tree/imx/meta-bsp/recipes-bsp/imx-vpu-hantro?h=warrior-4.19.35-1.1.0

Adds support for i.MX8MMini platform (Hantro H1 encoder).

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Tested-by: Laurent Gauthier <laurent.gauthier_1@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Config.in.legacy: move cegui06 package to 2020.05 section

During package update, the legacy option was set to the existing
2020.02 release instead of the next 2020.05.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/evtest: fix build with musl 1.2.0

Add upstream patch fixing issue with 64-bit time_t introduced in musl
1.2.0 for 32-bit architectures.

Fixes:
http://autobuild.buildroot.net/results/0847ef68b7f7bffa3083229ad9523dbad28db4f2/
http://autobuild.buildroot.net/results/73355877a945d3555350bea3bef70dfa68b80018/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/opencv3: fix build with protobuf

External protobuf is used instead of embedded one since commit
31c68a449ecd7da61ecfd909bea7ce799f9a6450. However it fails to build on:

[ 63%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/misc/caffe/opencv-caffe.pb.cc.o
In file included from /home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:4:
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:17:2: error: #error This file was generated by an older version of protoc which is
   17 | #error This file was generated by an older version of protoc which is
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:18:2: error: #error incompatible with your Protocol Buffer headers. Please
   18 | #error incompatible with your Protocol Buffer headers.  Please
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:19:2: error: #error regenerate this file with a newer version of protoc.
   19 | #error regenerate this file with a newer version of protoc.
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:12:10: fatal error: google/protobuf/wire_format_lite_inl.h: No such file or directory
   12 | #include <google/protobuf/wire_format_lite_inl.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix this error by setting PROTOBUF_UPDATE_FILES to ON

Fixes:
- http://autobuild.buildroot.org/results/219258c90709fc34748929f1dcdf4f0649215e61

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "package/opencv3: bump to version 4.2.0"

This reverts commit 5e51bb2756ee5063eff9a45a46033a449e2a6195.
Indeed, version 4.x is not backward with opencv 3.x, most of the C API
has been removed as stated in https://opencv.org/opencv-4-0.

Moreover, these issues should also be fixed:
- pkg-config file is not installed by default since
https://github.com/opencv/opencv/commit/e755a2a6e48ae02dd5136a628cc4148566a08225
- layout of include files and pkg-config file name are different since
https://github.com/opencv/opencv/commit/a95673287433fc810eda2d88b94bb234298c4cd5

As a result, ffmpeg fails to build with opencv 4.2.0.

Moreover, it should be noted that -DPROTOBUF_UPDATE_FILES=ON should be
applied in a separate patch to fix existing build failure with 3.4.9 as
stated in https://patchwork.ozlabs.org/patch/1222308

Fixes:
- http://autobuild.buildroot.org/results/ef1d09d8b234807dcd993422f9557e5c34506013

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-vfs-rar: bump version to 2.2.3-Leia

Updated hash of lib/UnrarXLib/license.txt due to upstream changes:
https://github.com/xbmc/vfs.rar/commits/Leia/lib/UnrarXLib/license.txt

Changed addon license file to LICENSE.md.

Updated dependencies due to upstream commit:
https://github.com/xbmc/vfs.rar/commit/6c7a62439eac2b2afeb2bf8c241836cd2ab2b93e

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freescale-imx: fix i.MX8MMini configuration

- Just like i.MX8MQ, i.MX8MMini is using Hantro VPU.
- Platform name wasn't set for i.MX8Mini
-> now differencing IMX8MQ and IMX8MM for VPU package

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/meson: bump to version 0.54.0

Remove patches that are now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/procps-ng: use logger in S02sysctl only if it is available

The script used the logger utility unconditionally but it may not exist
(e.g. busybox-minimal.config is used and BR2_PACKAGE_UTIL_LINUX_LOGGER
is not selected).

Declare two functions to perform the operation, run_logger and run_std,
and use the appropriate one, depending on the existence of logger.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/procps-ng: add busybox-related comments to S02sysctl

Explain the busybox peculiarities and how the script works with both
versions of the sysctl utility.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/busybox: use same S02sysctl script as procps-ng

The scripts were already the same, except for some comments, so make the
busybox S02sysctl a symlink to the procps-ng one, which works with both
versions of the "sysctl" utility.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rng-tools: fix redefinition of encrypt

Fixes:
- http://autobuild.buildroot.org/results/bb7dbd5a76c1ecd2a1d205f4a1c391095e653886

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rygel: bump to version 0.38.3

- Update indentation of hash file (two spaces)
- Fix build with gssdp/gupnp 1.2 thanks to:
https://github.com/GNOME/rygel/commit/791b688d8ac3f8da4d162b1935871d16fe8e16fd

Fixes:
- No autobuilder failures yet

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libuwsc: new package

Signed-off-by: Jianhui zhao <zhaojh329@gmail.com>
[Thomas:
- add entry in DEVELOPERS file
- be more explicit with SSL options
- drop logic around luainterpreter since luajit is not properly
detected]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gupnp: disable examples

Disable examples through the new meson option (they are enabled by
default)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/ghostscript: add optional dependency to openjpeg

Remove openjpeg source files included in upstream tarball as well.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ghostscript: add optional dependency to jbig2dec

Remove jbig2dec source files included in upstream tarball as well.

Needs http://patchwork.ozlabs.org/patch/1161981/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jbig2dec: new package.

jbig2dec is a decoder implementation of the JBIG2 image compression format.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cegui: rename and bump version

Since spice ver. 0.12.6 doesn't depend on cegui anymore
let's bump to the latest stable version and rename package.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/network-manager: bump to version 1.22.10

Add COPYING.LGPL to license files, disable the "cloud configuration"
tool. It requires libcurl and it is too unlikely to be useful.

The library license is now LGPL-2.1+.

The hash of CONTRIBUTING has changed because it now refers to
LGPL-2.1+ instead of LGPL-2.0+.

The hash of COPYING is changed due to white-space changes, and the
removal of an introduction text:

    Unless a COPYING file in a subdirectory or file-specific license
    headers specify a different license, the following applies to all
    files in this directory and all subdirectories.

    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License as
    published by the Free Software Foundation; either version 2 of the
    License, or (at your option) any later version.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
[Thomas:
- fix hash of CONTRIBUTING
- expand commit log
- drop GFDL license information, since documentation is not installed
   on the target]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/optee-client: add option to configure TEE-based storage location

OP-TEE provides the possibility of secure storage done by the
normal world OS via tee-supplicant.

The location is a compile-time value and by default it is /data/tee .
As this might not be suitable for all use-cases add an option to
set the CFG_TEE_FS_PARENT_PATH compile option.

Default value is still /data/tee as it was before adding this option.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpebackend-fdo: bump to version 1.6.0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libwpe: bump to version 1.6.0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpewebkit: bump to version 2.28.0

Adjust fix build with musl patch for 2.28.0.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "package/rtty: remove unnecessary cmake options"

This reverts commit 7f169e6bc3812d7f9160449d7724711e4df7e39e.

As pointed out by Yann E. Morin, we really want to explicitly disable
crypto backends, otherwise they will get automatically re-enabled if
one of the dependencies is found:

    elseif(OPENSSL_FOUND)
        set(RTTY_USE_OPENSSL ON)
    elseif(WOLFSSL_FOUND)
        set(RTTY_USE_WOLFSSL ON)
    elseif(MBEDTLS_FOUND)
        set(RTTY_USE_MBEDTLS ON)

But as usual, dependencies may incorrectly be found, so we want to
explicitly disable.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/vuejs: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rtty: remove unnecessary cmake options

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cog: fix segfaults on null xkb_data keymap/state

Fixes:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 xkb_state_key_get_layout (state=state@entry=0x0, kc=kc@entry=50) at ../src/state.c:217

Program terminated with signal SIGSEGV, Segmentation fault.
#0 XkbKey (kc=kc@entry=45, keymap=0x0) at ../src/keymap.h:430

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gupnp: bump version to 1.2.2

Other changes:
- Convert the package type to meson as there is no longer autotools support.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gssdp: bump version to 1.2.2

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rtty: fix static build with openssl

Fixes:
- http://autobuild.buildroot.org/results/6105b69d8598f0033044a26f53a768e2d4b2915e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/oprofile: fix build with binutils >= 2.34

The libbfd library provided by binutils unfortunately changed its API
in binutils >= 2.34. This is causing some build failures at the moment
on architectures such as ARC that are using a very recent binutils
version, but it would also cause build failures on other architectures
once they start using binutils 2.34.

We fix this build issue by backporting an upstream oprofile
patch. However, this patch touches configure.ac, which means we need
to autoreconf, which needs another fix in configure.ac for autoreconf
to succeed.

With all that in place, this commit fixes:

http://autobuild.buildroot.net/results/583d281c6cd2aecb65556080b379db24101ae3a8/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender-artifact: bump version to 3.3.0

Other changes:
- Update license file hash due to year change.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: bump version to 2.2.0

Other changes:
  - Update license file hashes due to copyright year change.
  - Remove vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE
    as it no longer exists.
  - Add new vendor/github.com/urfave/cli/LICENSE hash.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rpi-wifi-firmware: bump version to d4f7087

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rpi-bt-firmware: bump version to d4f7087

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rpi-firmware: bump version to 5574077

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rpi-userland: bump version to 6fb5973

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/raspberrypi*: bump kernel version to 4f2a4cc

Now based on 4.19.113 (from 4.19.97).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/janus-gateway: remove stray REST comment

Commit 80f3622bc7 (package/libmicrohttpd: remove dependency on
threads) removed BR2_TOOLCHAIN_HAS_THREADS dependency from
BR2_PACKAGE_JANUS_GATEWAY_REST but forgot to remove comment.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

{linux, linux-headers}: add version 5.5

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[yann.morin.1998@free.fr:
- bump to 5.5.13
- rebase on top of master
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gvfs: fix CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gvfs: fix CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gvfs: fix CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gvfs: fix CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gvfs: fix CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before
version 1.39.4 was found that allows reading and modify arbitrary files
by privileged users without asking for password when no authentication
agent is running. This vulnerability can be exploited by malicious
programs running under privileges of users belonging to the wheel group
to further escalate its privileges by modifying system files without
user's knowledge. Successful exploitation requires uncommon system
configuration.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/vala: also wrap vapigen

when compiling gobject-introspection .gir files, some packages use vapigen to
generate a vala-api compatible .gir file. These packages tend to call vapigen
directly instead of vala or valac.

Without the wrapper, building the .gir files fail. In the case of for example,
gupnp-dlna throws the following error:
"error: Package `Gst-1.0' not found in specified Vala API directories or
GObject-Introspection GIR directories."

Installing the vala wrapper for vapigen fixes the above issue.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/vala: fix wrapper

Add double quotes around the $@ variable to prevent word splitting.

Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: s/globbing/word splitting/]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/hiredis: install alloc.h

This will fix build of collectd, proftpd ... with latest hiredis

Fixes:
- http://autobuild.buildroot.org/results/f5afe60defd63461a5fc06b26bd4759fb5f56a8f
- http://autobuild.buildroot.org/results/45e980c85d170827d3a41e7443cf1088b2d59ead

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/nitrogen8mm: Add new defconfig

NXP i.MX8MMini based SBC with 2GB of LPDDR4 and 8GB eMMC.

More details on the platform here:
https://boundarydevices.com/product/nitrogen8m-mini

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

board/boundarydevices: update readme.txt

- update outdated website URL
- add missing Nitrogen8M configuration
- reword procedure to make it clear it works for all storages

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>