buildroot.git
4 years agopackage/c-periphery: bump version to 2.2.1
Joris Offouga [Mon, 1 Jun 2020 07:48:40 +0000 (09:48 +0200)]
package/c-periphery: bump version to 2.2.1

Since commit "cmake: add cmake build support"
(https://github.com/vsergeev/c-periphery/commit/952e1e906a5d65b78932128af24b7dbb8cce2e9dvsergeev/c-periphery@d0a973c),
c-periphery implement cmake build, so use cmake-package instead of
generic-package. Due to this, it now builds a shared library, so we
drop the INSTALL_TARGET = NO.

The hash of the license file is updated due to an update in the
copyright year:

  - Copyright (c) 2014-2019 vsergeev / Ivan (Vanya) A. Sergeev
  + Copyright (c) 2014-2020 vsergeev / Ivan (Vanya) A. Sergeev

Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-periphery: bump to version 2.1.0
Pierre-Jean Texier [Mon, 1 Jun 2020 10:15:19 +0000 (12:15 +0200)]
package/python-periphery: bump to version 2.1.0

See changelog https://github.com/vsergeev/python-periphery/blob/master/CHANGELOG.md

Update the license hash for a change in copyright years:
-Copyright (c) 2015-2019 vsergeev / Ivan (Vanya) A. Sergeev
+Copyright (c) 2015-2020 vsergeev / Ivan (Vanya) A. Sergeev

Also switch to the new 2 spaces convention for the hash file

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/orangepi_zero: bump kernel and uboot versions
Gonçalo Salazar [Sun, 31 May 2020 16:36:45 +0000 (17:36 +0100)]
configs/orangepi_zero: bump kernel and uboot versions

Bump kernel to version 5.6 and uboot to version 2020.04 for
orangepi-zero configuration

Signed-off-by: Gonçalo Salazar <glbsalazar@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/checksec: bump to 2.2.2
Matt Weber [Tue, 2 Jun 2020 12:08:06 +0000 (07:08 -0500)]
package/checksec: bump to 2.2.2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/protobuf: bump to 3.12.2
Matt Weber [Tue, 2 Jun 2020 11:55:40 +0000 (06:55 -0500)]
package/protobuf: bump to 3.12.2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoMerge branch 'next'
Thomas Petazzoni [Tue, 2 Jun 2020 19:59:52 +0000 (21:59 +0200)]
Merge branch 'next'

A few conflicts had to be resolved:

 - Version number and hash for mesa3d-headers/mesa3d
 - Patches added in qemu, and the qemu version number
 - The gnuconfig README.buildroot

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoKickoff 2020.08 cycle
Peter Korsgaard [Mon, 1 Jun 2020 21:32:11 +0000 (23:32 +0200)]
Kickoff 2020.08 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agodocs/website/news.html: add 2020.05 announcement link
Peter Korsgaard [Mon, 1 Jun 2020 21:31:29 +0000 (23:31 +0200)]
docs/website/news.html: add 2020.05 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoUpdate for 2020.05
Peter Korsgaard [Mon, 1 Jun 2020 21:11:33 +0000 (23:11 +0200)]
Update for 2020.05

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 6}.x series
Peter Korsgaard [Mon, 1 Jun 2020 20:41:56 +0000 (22:41 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 6}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wampcc fix build with musl 1.2.0
Fabrice Fontaine [Mon, 1 Jun 2020 09:54:32 +0000 (11:54 +0200)]
package/wampcc fix build with musl 1.2.0

Fixes:
 - http://autobuild.buildroot.org/results/da996e189220499b85efbdb541a891ac18db38c6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: cleanup rockwellcollins.com maintainers
Matt Weber [Mon, 1 Jun 2020 12:30:36 +0000 (07:30 -0500)]
DEVELOPERS: cleanup rockwellcollins.com maintainers

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/glib-networking: security bump to version 2.62.4
Fabrice Fontaine [Sun, 31 May 2020 08:49:02 +0000 (10:49 +0200)]
package/glib-networking: security bump to version 2.62.4

- Fix CVE-2020-13645: In GNOME glib-networking through 2.64.2, the
  implementation of GTlsClientConnection skips hostname verification of
  the server's TLS certificate if the application fails to specify the
  expected server identity. This is in contrast to its intended
  documented behavior, to fail the certificate verification.
  Applications that fail to provide the server identity, including Balsa
  before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the
  certificate is valid for any host.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: bump to 2.62.4 rather than 2.64.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libusb-compat: set LIBUSB_1_0_SONAME
Fabrice Fontaine [Sun, 31 May 2020 14:16:23 +0000 (16:16 +0200)]
package/libusb-compat: set LIBUSB_1_0_SONAME

LIBUSB_1_0_SONAME is detected since version 0.1.6 and
https://github.com/libusb/libusb-compat-0.1/commit/b6f5a2fe12ca19d658d7180e106254b31cf1f8f5

The detection mechanism is based on sed, here are the more relevant
parts:

 shrext_regexp=`echo "$shrext_cmds" | sed 's/\./\\\\./'`
[...]
 [AS_VAR_SET([ac_Lib_SONAME], [`ldd conftest$ac_exeext | grep 'lib[$2]'$shrext_regexp | sed 's/^@<:@ \t@:>@*lib[$2]'$shrext_regexp'/lib[$2]'$shrext_regexp'/;s/@<:@ \t@:>@.*$//'`])])

However, this mechanism is broken with sed 4.7 and will return the
following 'silent' error:

checking for SONAME of libusb-1.0... sed: -e expression #1, char 40: Invalid back reference
unknown

Moreover, it also raises the following build failure on one of the
autobuilder because an empty line is added to LIBUSB_1_0_SONAME:

checking for SONAME of libusb-1.0... checking
libusb-1.0.so.0
checking for GNU extensions of errno.h... no
configure: WARNING: cache variable au_cv_lib_soname_LIBUSB_1_0 contains a newline
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating libusb.pc
config.status: creating libusb-config
config.status: creating Makefile
config.status: creating libusb/Makefile
config.status: creating examples/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
config.status: executing default commands
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls
configure: WARNING: cache variable au_cv_lib_soname_LIBUSB_1_0 contains a newline
[7m>>> libusb-compat 0.1.7 Building[27m
PATH="/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/host/bin:/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/host/sbin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1/usr/local/bin:/accts/mlweber1/bin:/accts/mlweber1/libexec/git-core:/accts/mlweber1/usr/bin:/accts/mlweber1
 /usr/local/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"  /usr/bin/make -j8  -C /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/build/libusb-compat-0.1.7/
make[1]: Entering directory `/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/build/libusb-compat-0.1.7'
Makefile:284: *** missing separator.  Stop.

We could patch patch m4/au_check_lib_soname.m4 to fix the mechanism
however this is difficult without reproducing the autobuilder failure
and upstream seems dead so just set LIBUSB_1_0_SONAME

Fixes:
 - http://autobuild.buildroot.org/results/12d771d85d30594929cfe3e1c783fc70857e7f5f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extract the actual SONAME from the library]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/qemu: bump to 5.0.0
Romain Naour [Sat, 2 May 2020 13:52:05 +0000 (15:52 +0200)]
package/qemu: bump to 5.0.0

Remove upstream patches [1][2].

Switch to libcap-ng for virtio support [3].

Remove bluez option [4].

Disable container build [5] since we don't want to use containers for cross-building.

Disable io_uring [6] since there is no such package in Buildroot (yet).

The ARM Cortex-m7 cpu is now supported [7] a defconfig can be added in follup patch.

[1] https://git.qemu.org/?p=qemu.git;a=commit;h=00b5032eaddb7193f03f0a28b10286244d2e2a7b
[2] https://git.qemu.org/?p=qemu.git;a=commit;h=21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db
[3] https://git.qemu.org/?p=qemu.git;a=commit;h=7e46261368d129c5ee8be927f5bcadc7ecd800d7
[4] https://git.qemu.org/?p=qemu.git;a=commit;h=1d4ffe8dc77cbc9aafe8bcf514ca0e43f85aaae3
[5] https://git.qemu.org/?p=qemu.git;a=commit;h=afc3a8f9f1df09c091f9903eaef82b35c152cacf
[6] https://git.qemu.org/?p=qemu.git;a=commit;h=c10dd8565defdb14695580c9369b20f4544e65a2
[7] https://git.qemu.org/?p=qemu.git;a=commit;h=cf7beda5072e106ddce875c1996446540c5fe239

See:
https://wiki.qemu.org/ChangeLog/5.0
https://www.qemu.org/2020/04/29/qemu-5-0-0/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/qemu: remove csky fork
Romain Naour [Fri, 22 May 2020 23:22:12 +0000 (01:22 +0200)]
package/qemu: remove csky fork

We have a qemu fork for csky cpus [1] but since qemu version
bump to 4.2.0 [2] and libssh2/libssh change the csky build is
broken.

The csky fork is based on Qemu 3.0.0 but unlike autotools packages
any unknown option is handled as error.

Since we don't want to support all options from previous qemu
release and the github repository has been removed [3] and the
only remaining archive is located on http://sources.buildroot.net,
remove the qemu csky fork as suggested by [4].

[1] https://git.buildroot.net/buildroot/commit/?id=f816e5b276f1ef15840bec6667f1e8219717ab7d
[2] https://git.buildroot.net/buildroot/commit/?id=0ea17054ce7dfc54efca5634133cef786445e7b1
[3] https://github.com/c-sky/qemu
[4] http://lists.busybox.net/pipermail/buildroot/2020-May/281885.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Guo Ren <ren_guo@c-sky.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Peter: move patches out of 4.2.0 subdir]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libcap-ng: add host variant
Romain Naour [Sat, 2 May 2020 13:52:04 +0000 (15:52 +0200)]
package/libcap-ng: add host variant

Qemu 5.0.0 recently switched to libcap-ng [1].
Add the host variant for host-qemu package.

[1] https://git.qemu.org/?p=qemu.git;a=commit;h=7e46261368d129c5ee8be927f5bcadc7ecd800d7

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/linux-tools/perf: bear the kernel options munging
Yann E. MORIN [Fri, 1 May 2020 16:22:16 +0000 (18:22 +0200)]
package/linux-tools/perf: bear the kernel options munging

perf by itself is not a standalone package; instead, it is part of a
bigger package, linux-tools.

Even though perf is the only one to need kernel .config fixups, we still
do it in a generic way, as it blends nicely in the existing variables,
which all use a loop over all the tools.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/linux-headers: add support for CIP kernel versions with same-as-kernel
Yann E. MORIN [Wed, 13 May 2020 17:48:09 +0000 (19:48 +0200)]
package/linux-headers: add support for CIP kernel versions with same-as-kernel

When the linux-headers are configured to use the same source as the
kernel (BR2_KERNEL_HEADERS_AS_KERNEL), and the kernel is configured
to be one of the two CIP versions (BR2_LINUX_KERNEL_LATEST_CIP_VERSION
or BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION), the build fails if the
kernel sources are not already downloaded:

    $ cat defconfig
    BR2_LINUX_KERNEL=y
    BR2_LINUX_KERNEL_LATEST_CIP_VERSION=y
    $ make defconfig BR2_DEFCONFIG=$pwd)/defconfig
    $ make linux-headers-source

    >>> linux-headers 4.19.118-cip25 Downloading
    --2020-05-13 19:28:44--  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.118-cip25.tar.xz
    Resolving cdn.kernel.org (cdn.kernel.org)... 2a04:4e42:1d::432, 151.101.121.176
    Connecting to cdn.kernel.org (cdn.kernel.org)|2a04:4e42:1d::432|:443... connected.
    HTTP request sent, awaiting response... 404 Not Found
    2020-05-13 19:28:45 ERROR 404: Not Found.

    make[1]: *** [package/pkg-generic.mk:171: /home/ymorin/dev/buildroot/O/build/linux-headers-4.19.118-cip25/.stamp_downloaded] Error 1
    make: *** [Makefile:23: _all] Error 2

We fix that by adding yet another duplication of information out of
the linux.mk, to use the CIP-specific git tree where to get the
archives as snapshots.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agolinux: forcibly disable use of gcc plugins
Yann E. MORIN [Tue, 12 May 2020 20:33:53 +0000 (22:33 +0200)]
linux: forcibly disable use of gcc plugins

The soon-to-be-released linux 5.7 has changed the way it detects the
ability of gcc to use plugins, when it dropped support for gcc 4.7 or
older [0].

To detect the ability to use gcc plugins, the kernel has to check
whether the host gcc is capable enough to build them.

When we call one of the configurator for the Linux kernel, we explicitly
pass a value of HOSTCC=$(HOSTCC_NOCCACHE), because there might be a
discrepancy between the ncurses headers and libraries as found by the
Linux kconfig build [1] [2].

But then, when we build the kernel, we pass another value to use [3]
HOSTCC="$(HOSTCC) $(HOST_CFLAGS) $(HOST_LDFLAGS)" which boils down to
roughly: gcc -I.../host/include -L.../host/lib -Wl,-rpath,.../host/lib
This is needed so that at build time, the kernel can build host tools
that link with our openssl et al.

So, the two HOSTCC we pass to the kernel may have different behaviours.
For example, on a machine where gmp is missing in the system, it is
available in $(O)/host/ when using an internal toolchain (and under a
few other conditions).

In that case, when configuring the kernel, it decides that the host
compiler can't build plugins, so the dependencies of CONFIG_GCC_PLUGINS
are not met, and that option is not present in the linux' .config file
(neither as "=y" nor as "is not set"). But then, when we build the
kernel, the host compiler suddenly becomes capable of building the
plugins, and the internal syncconfig run by the kernel will notice that
the dependencies of CONFIG_GCC_PLUGINS are now met, and that the user
shall decide on its value. And this blocks a build on an interactive
console (abbreviated):

    * Restart config...
    * GCC plugins
    GCC plugins (GCC_PLUGINS) [Y/n/?] (NEW) _

But most problematic is the behaviour when run in a shell that is not
interactiove (e.g. a CI job or such) (abbreviated):

    * Restart config...
    * GCC plugins
    GCC plugins (GCC_PLUGINS) [Y/n/?] (NEW)
    Error in reading or end of file.
      Generate some entropy during boot and runtime (GCC_PLUGIN_LATENT_ENTROPY) [N/y/?] (NEW)
    Error in reading or end of file.
      Randomize layout of sensitive kernel structures (GCC_PLUGIN_RANDSTRUCT) [N/y/?] (NEW)
    Error in reading or end of file.
    * Memory initialization
    Initialize kernel stack variables at function entry
    > 1. no automatic initialization (weakest) (INIT_STACK_NONE)
      2. zero-init structs marked for userspace (weak) (GCC_PLUGIN_STRUCTLEAK_USER) (NEW)
      3. zero-init structs passed by reference (strong) (GCC_PLUGIN_STRUCTLEAK_BYREF) (NEW)
      4. zero-init anything passed by reference (very strong) (GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) (NEW)
    choice[1-4?]:
    Error in reading or end of file.
    Poison kernel stack before returning from syscalls (GCC_PLUGIN_STACKLEAK) [N/y/?] (NEW)
    Error in reading or end of file.
    Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [N/y/?] n
    Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n

The most obvious and simple solution would be to unconditionally disable
gcc plugins altogether, in the KCONFIG_FIXUP hook. But that can't work
either, because after applying the fixups, we call olddefconfig (or the
likes) with the incapable HOSTCC, so the disabled option would be removed
anyway, and we'd be back to square one.

So, in addition to the above, we also forcibly hack the same call just
before actually building the kernel.

Note that the two are needed: the one in the fixups is needed for those
that have a system that already allows building gcc plugins, and the
second is needed in the other case, where the system does not allow it
but would work with our additional headers and libs in $(O)/host/. The
two ensure there is a very similar experience in the two situations.

Forcibly disabling the use of gcc plugins is not a regression on our
side: it has never been possible to do so so far. We're now making sure
that can't work by accident.

Reported-by: Ganesh <ganesh45in@gmail.com>,
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Walle <michael.walle@kontron.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/qt5/qt5webengine: don't link with libstdc++.a on the host
Romain Naour [Sun, 24 May 2020 15:58:18 +0000 (17:58 +0200)]
package/qt5/qt5webengine: don't link with libstdc++.a on the host

While cross-compiling, qt5webengine is building a host tool, 'gn', and
by default wants to link it statically with libstdc++, when the tool is
otherwise dynamically linked with other libraries:

    $ ldd 3rdparty/gn/out/Release/gn
        linux-vdso.so.1 (0x00007ffc1c999000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f48a3c06000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f48a3be4000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f48a3a1b000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f48a3c53000)

Not all ditributions have the static libraries installed by default; for
example, on Fedora, libstdc++-static is not installed on a fresh system,
leading to build issues:

  [185/185] LINK gn
  FAILED: gn
  /usr/bin/g++ -O3 -fdata-sections -ffunction-sections -Wl,--gc-sections -Wl,-strip-all -Wl,--as-needed -static-libstdc++ -pthread -o gn -Wl,--start-group tools/gn/gn_main.o base.a gn_lib.a -Wl,--end-group -ldl
  /usr/bin/ld : unable to find -lstdc++
  [...]
  Project ERROR: GN build error!

The root cause is the addition in [0] of a command line option to the
build of gn, that requests static linking with libstdc++ by default.

Explicitly pass that option now, to avoid static linking with libstdc++
and get a fully dynamicallty linked executable:

    $ ldd 3rdparty/gn/out/Release/gn
        linux-vdso.so.1 (0x00007ffd3f160000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f68138e7000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68138c5000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f68136fc000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f68135b6000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6813b13000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f681359c000)

[0] https://github.com/qt/qtwebengine-chromium/commit/cfab9198a9917f42cf08b1caf84ab9b71aac1911#diff-905c8f054808213577c0a92d1b704615

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gaël Portay <gael.portay@collabora.com>
[yann.morin.1998@free.fr:
  - rewrite the commit log with extra details and explanations
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gcc/9.3.0: fix host-gcc-final when ccache is used
Romain Naour [Thu, 21 May 2020 16:53:45 +0000 (18:53 +0200)]
package/gcc/9.3.0: fix host-gcc-final when ccache is used

As reported by several Buildroot users [1][2][3], the gcc build
may fail while running selftests makefile target.

The problem only occurs when ccache is used with gcc 9 and 10,
probably due to a race condition.

While debuging with "make -p" we can notice that s-selftest-c target
contain only "cc1" as dependency instead of cc1 and SELFTEST_DEPS [4].

  s-selftest-c: cc1

While the build is failing, the s-selftest-c dependencies recipe is
still running and reported as a bug by make.

  "Dependencies recipe running (THIS IS A BUG)."

A change [5] in gcc 9 seems to introduce the problem since we can't
reproduce this problem with gcc 8.

As suggested by Yann E. MORIN [6], move SELFTEST_DEPS before
including language makefile fragments.

With the fix applied, the s-seltest-c dependency contains
SELFTEST_DEPS value.

  s-selftest-c: cc1 xgcc specs stmp-int-hdrs ../../gcc/testsuite/selftests

[1] http://lists.busybox.net/pipermail/buildroot/2020-May/282171.html
[2] http://lists.busybox.net/pipermail/buildroot/2020-May/282766.html
[3] https://github.com/cirosantilli/linux-kernel-module-cheat/issues/108
[4] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/c/Make-lang.in;h=bfae6fd2549c4f728816cd355fa9739dcc08fcde;hb=033eb5671769a4c681a44aad08a454e667e08502#l120
[5] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=033eb5671769a4c681a44aad08a454e667e08502
[6] http://lists.busybox.net/pipermail/buildroot/2020-May/283213.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Ben Dakin-Norris <ben.dakin-norris@navtechradar.com>
Cc: Maxim Kochetkov <fido_max@inbox.ru>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sysrepo: fix SysV init script
Heiko Thiery [Wed, 27 May 2020 07:11:13 +0000 (09:11 +0200)]
package/sysrepo: fix SysV init script

The current script (S51sysrepo-plugind) is not able to stop the daemon.

Possible options to fix the problem:

A) By adding the "-m -p $PIDFILE" option to start the pid file will be
   created but it will not contain the correct PID used by the daemon.
   This is obviously because the daemon forks.
B) By not starting the daemon in background (sysrepo-plugind -d) and
   let do it by start-stop-daemon with "-b" option. But then the log
   messages of the daemon will not longer ends in the syslog but to stderr.
C) Start the daemon without a pidfile and stop the daemon with the
   "-x" option.

The only valid option is C to fix that.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: introduce EXECUTABLE]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoDEVELOPERS: remove Carlos Santos
Carlos Santos [Fri, 29 May 2020 20:32:04 +0000 (17:32 -0300)]
DEVELOPERS: remove Carlos Santos

Goodbye!

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/xen: security bump to version 4.13.1
Fabrice Fontaine [Sat, 30 May 2020 12:25:32 +0000 (14:25 +0200)]
package/xen: security bump to version 4.13.1

- Fix CVE-2020-11739: An issue was discovered in Xen through 4.13.x,
allowing guest OS users to cause a denial of service or possibly gain
privileges because of missing memory barriers in read-write unlock
paths. The read-write unlock paths don't contain a memory barrier. On
Arm, this means a processor is allowed to re-order the memory access
with the preceding ones. In other words, the unlock may be seen by
another processor before all the memory accesses within the "critical"
section. As a consequence, it may be possible to have a writer executing
a critical section at the same time as readers or another writer. In
other words, many of the assumptions (e.g., a variable cannot be
modified after a check) in the critical sections are not safe anymore.
The read-write locks are used in hypercalls (such as grant-table ones),
so a malicious guest could exploit the race. For instance, there is a
small window where Xen can leak memory if XENMAPSPACE_grant_table is
used concurrently. A malicious guest may be able to leak memory, or
cause a hypervisor crash resulting in a Denial of Service (DoS).
Information leak and privilege escalation cannot be excluded.

- Fix CVE-2020-11740: An issue was discovered in xenoprof in Xen through
4.13.x, allowing guest OS users (without active profiling) to obtain
sensitive information about other guests. Unprivileged guests can
request to map xenoprof buffers, even if profiling has not been enabled
for those guests. These buffers were not scrubbed.

- Fix CVE-2020-11741: An issue was discovered in xenoprof in Xen through
4.13.x, allowing guest OS users (with active profiling) to obtain
sensitive information about other guests, cause a denial of service, or
possibly gain privileges. For guests for which "active" profiling was
enabled by the administrator, the xenoprof code uses the standard Xen
shared ring structure. Unfortunately, this code did not treat the guest
as a potential adversary: it trusts the guest not to modify buffer size
information or modify head / tail pointers in unexpected ways. This can
crash the host (DoS). Privilege escalation cannot be ruled out.

- Fix CVE-2020-11742: An issue was discovered in Xen through 4.13.x,
allowing guest OS users to cause a denial of service because of bad
continuation handling in GNTTABOP_copy. Grant table operations are
expected to return 0 for success, and a negative number for errors. The
fix for CVE-2017-12135 introduced a path through grant copy handling
where success may be returned to the caller without any action taken. In
particular, the status fields of individual operations are left
uninitialised, and may result in errant behaviour in the caller of
GNTTABOP_copy. A buggy or malicious guest can construct its grant table
in such a way that, when a backend domain tries to copy a grant, it hits
the incorrect exit path. This returns success to the caller without
doing anything, which may cause crashes or other incorrect behaviour.

- Fix CVE-2020-11743: An issue was discovered in Xen through 4.13.x,
allowing guest OS users to cause a denial of service because of a bad
error path in GNTTABOP_map_grant. Grant table operations are expected to
return 0 for success, and a negative number for errors. Some misplaced
brackets cause one error path to return 1 instead of a negative value.
The grant table code in Linux treats this condition as success, and
proceeds with incorrectly initialised state. A buggy or malicious guest
can construct its grant table in such a way that, when a backend domain
tries to map a grant, it hits the incorrect error path. This will crash
a Linux based dom0 or backend domain.

https://xenproject.org/downloads/xen-project-archives/xen-project-4-13-series/xen-project-4-13-1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/mp4v2: fix build with gcc <= 5
Fabrice Fontaine [Sat, 30 May 2020 09:51:15 +0000 (11:51 +0200)]
package/mp4v2: fix build with gcc <= 5

Fixes:
 - http://autobuild.buildroot.org/results/14937c96a82fb3d10e5d83bd7b2905b846fb09f9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: expand the patch' commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoboot/arm-trusted-firmware: ignore licencing check for user defined official version
Romain Naour [Sat, 30 May 2020 17:07:05 +0000 (19:07 +0200)]
boot/arm-trusted-firmware: ignore licencing check for user defined official version

The commit [1] "licensing info is only valid for v1.4" fixed the legal-info
issues when a custom ATF tarball or a version from git is used.
But we need to ignore licencing for a used defined official ATF version.

Althougt the ATF version are licensed under BSD-3-Clause, the license
file can be updated between version (for example between v1.4 and v2.0).

Ignore the licencing check if the user provide a custom official version.

[1] d1a61703f728340ec894c367398d2a3a394a3360

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: use positive logic with the _LATEST option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/freescale_imx8mnevk: new defconfig
Stephane Viau [Wed, 27 May 2020 05:07:48 +0000 (07:07 +0200)]
configs/freescale_imx8mnevk: new defconfig

This patch adds support for the i.MX8M Nano EVK Board [1].

The final boot image is created from uboot and firmware binaries in post
image script board/freescale/common/imx/imx8-bootloader-prepare.sh

Note that this config is based on 4.19.35_1.1.0 ; hence, the kernel
configuration needs host-openssl to build.

[1] https://www.nxp.com/design/development-boards/i-mx-evaluation-and-development-boards/evaluation-kit-for-the-i-mx-8m-nano-applications-processor:8MNANOD4-EVK

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Reviewed-by: Julien Olivain <julien.olivain@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoboard/freescale/common/imx: add support for i.MX8M Nano
Stephane Viau [Wed, 27 May 2020 05:07:47 +0000 (07:07 +0200)]
board/freescale/common/imx: add support for i.MX8M Nano

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Reviewed-by: Julien Olivain <julien.olivain@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoboard/freescale/common/imx: use generic ddr_fw.bin name
Stephane Viau [Wed, 27 May 2020 05:07:46 +0000 (07:07 +0200)]
board/freescale/common/imx: use generic ddr_fw.bin name

For some SoCs (i.e.: i.MX8M Nano for now), the DDR training firmware
in the boot image depends on the type of memory installed on a board
(LPDDR4, DDR4, etc...). The previous patch makes this firmware name
agnostic of the DDR type and uses ddr_fw.bin as a generic name. This
patch makes imx8-bootloader-prepare.sh use this generic name,
independently of the kind board DDR type.

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Reviewed-by: Julien Olivain <julien.olivain@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/freescale-imx/firmware-imx: add choice for DDR training binaries
Stephane Viau [Wed, 27 May 2020 05:07:45 +0000 (07:07 +0200)]
package/freescale-imx/firmware-imx: add choice for DDR training binaries

Several i.MX8 (e.g.: 8M, 8MM, 8MN) support many DDR types (LPDDR4, DDR4,
etc.), for which the DDR training is performed in the bootloader.
Some boards have LPDDR4 (e.g.: nitrogen8mn) and some others have the DDR4
(e.g.: NXP's reference board EVK). This patch allows the selection of either
of the binaries used to train the DDR.

Note that DDR and HDMI FW copies are now separated, which makes latter
being properly copied only for the relevant SoC (i.MX8MQ).
Suggested-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Reviewed-by: Julien Olivain <julien.olivain@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/freescale-imx: Add option for DDR FW need
Stephane Viau [Wed, 27 May 2020 05:07:44 +0000 (07:07 +0200)]
package/freescale-imx: Add option for DDR FW need

Only some i.MX8 needs a DDR training firmware (8M, 8MM, 8MN). Some other
i.MX8 (QuadMax, QuadXPlus) rely on system controller for that task.

Suggested-by: Julien Olivain <julien.olivain@oss.nxp.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
[yann.morin.1998@free.fr:
  - use the new variable to drive the firmware installation
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/dav1d: bump version to 0.7.0
Bernd Kuhls [Sun, 24 May 2020 16:16:56 +0000 (18:16 +0200)]
package/dav1d: bump version to 0.7.0

Release notes:
https://code.videolan.org/videolan/dav1d/-/releases/0.7.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/mongoose: bump to to version 6.18
Pierre-Jean Texier [Mon, 25 May 2020 16:24:20 +0000 (18:24 +0200)]
package/mongoose: bump to to version 6.18

See https://github.com/cesanta/mongoose/releases/tag/6.18

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libubootenv: bump to version c91dcca
Pierre-Jean Texier [Mon, 25 May 2020 16:22:38 +0000 (18:22 +0200)]
package/libubootenv: bump to version c91dcca

c91dcca ubi, write: fix invalid envsize ptr to UBI_IOCVOLUP

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/{fmc,fmlib}: change repository location
Yann E. MORIN [Wed, 27 May 2020 15:47:34 +0000 (17:47 +0200)]
package/{fmc,fmlib}: change repository location

Now that Freescale has been wholly swallowed into NXP, the public-facing
git repositories that were hosting those two packages are no longer
available.

Fortunately, they had been mirrored on Code Aurora forge (a Linux
Foundation project, so relatively stable and trustworthy), which has the
tags we need, and that generates the exact same archives.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agotoolchain: update ARC tools to arc-2020.03-release
Evgeniy Didin [Mon, 25 May 2020 20:15:23 +0000 (23:15 +0300)]
toolchain: update ARC tools to arc-2020.03-release

This commit bumps ARC toolchain to arc-2020.03-release.

ARC GNU tools of version arc-2020.03-release bring some quite significant
changes like:
* Binutils 2.34 with additional ARC patches
* GCC 9.3 with additional ARC patches
* glibc 2.30 with additional ARC patches
* GDB 10-prerelease with additional ARC patches

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/imx28evk: bump U-Boot and kernel versions
Fabio Estevam [Tue, 26 May 2020 17:25:41 +0000 (14:25 -0300)]
configs/imx28evk: bump U-Boot and kernel versions

Bump U-Boot to 2020.04 and kernel to 5.4.42 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/rust: allow using python3 interpreter
Romain Naour [Tue, 26 May 2020 18:20:37 +0000 (20:20 +0200)]
package/rust: allow using python3 interpreter

Fedora packaging use python3 as python interpreter since rust 1.24.0 [1]
by removing python2 tests from configure script [2].

Using python3 will help to remove python2 in a near future.

[1] https://src.fedoraproject.org/rpms/rust/c/216b2d27716bf1031c526dbd0e01a1fa8e6d5aa2
[2] https://src.fedoraproject.org/rpms/rust/blob/216b2d27716bf1031c526dbd0e01a1fa8e6d5aa2/f/rust.spec#_314

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Patrick Havelange <patrick.havelange@essensium.com>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-modbus-tk: bump to version 1.1.1
Pierre-Jean Texier [Thu, 28 May 2020 09:48:53 +0000 (11:48 +0200)]
package/python-modbus-tk: bump to version 1.1.1

This includes the following changes:

5732f86 1.1.1
d8e9b32 pep8
4795bc7 Add Jackson Matheson to contributors
26db934 Merge branch 'master' of https://github.com/ljean/modbus-tk
837a12b Merge pull request #125 from jacksonmatheson/master
07b06f8 Fixed READ_WRITE_MULTIPLE_REGISTERS, added write_starting_address_FC23

Also update hash file formatting (2 spaces).

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/atmel_sama5d27_som1: bump to linux4sam-2020.04
Pierre-Jean Texier [Thu, 28 May 2020 10:00:57 +0000 (12:00 +0200)]
configs/atmel_sama5d27_som1: bump to linux4sam-2020.04

This commit:
  - bump Linux & U-Boot to linux4sam-2020.04
  - bump at91bootstrap to v3.9.2

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/hiawatha: reorder CONF_OPTS in the .mk file
Thomas Petazzoni [Fri, 29 May 2020 20:49:15 +0000 (22:49 +0200)]
package/hiawatha: reorder CONF_OPTS in the .mk file

Move the unconditional CONF_OPTS assignment toward the beginning of
the file, before the conditionals on optional dependencies. And use =
for this unconditional assignment instead of +=. No functional
changes, just to align with the coding style used in most other
packages.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/hiawatha: enable optional xslt support
Fabrice Fontaine [Fri, 29 May 2020 17:58:56 +0000 (19:58 +0200)]
package/hiawatha: enable optional xslt support

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 20.1.0
Bernd Kuhls [Fri, 29 May 2020 06:24:35 +0000 (08:24 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 20.1.0

Rebased 0006-pan_bo.h-add-time.h-include-for-time_t.patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 20.0.7
Bernd Kuhls [Fri, 15 May 2020 16:25:29 +0000 (18:25 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 20.0.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libdrm: bump version to 2.4.102
Bernd Kuhls [Fri, 29 May 2020 06:29:59 +0000 (08:29 +0200)]
package/libdrm: bump version to 2.4.102

Removed patch applied upstream, reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoUpdate for 2020.05-rc3
Peter Korsgaard [Fri, 29 May 2020 20:45:33 +0000 (22:45 +0200)]
Update for 2020.05-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoconfigs/imx7dpico: bump kernel and U-Boot version
Joris Offouga [Fri, 29 May 2020 13:49:28 +0000 (15:49 +0200)]
configs/imx7dpico: bump kernel and U-Boot version

Bump U-Boot to 2020.04 and kernel to version 5.6.3

Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/mp4v2: security bump to version 4.1.3
Fabrice Fontaine [Fri, 15 May 2020 21:13:27 +0000 (23:13 +0200)]
package/mp4v2: security bump to version 4.1.3

- Switch site to an active fork
- Send patch upstream
- Update indentation in hash file (two spaces)
- Fix the following CVEs:
  - CVE-2018-14054: A double free exists in the MP4StringProperty class
    in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again
    in the destructor once an exception is triggered.
    Fixed by
    https://github.com/TechSmith/mp4v2/commit/f09cceeee5bd7f783fd31f10e8b3c440ccf4c743
  - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with
    resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
    Fixed by
    https://github.com/TechSmith/mp4v2/commit/e475013c6ef78093055a02b0d035eda0f9f01451
  - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with
    resultant memory corruption) when resizing MP4Array for the ftyp
    atom in mp4array.h.
    Fixed by
    https://github.com/TechSmith/mp4v2/commit/70d823ccd8e2d7d0ed9e62fb7e8983d21e6acbeb
  - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0
    incorrectly uses the MP4ItemAtom data type in a certain case where
    MP4DataAtom is required, which allows remote attackers to cause a
    denial of service (memory corruption) or possibly have unspecified
    other impact via a crafted MP4 file, because access to the data
    structure has different expectations about layout as a result of
    this type confusion.
    Fixed by
    https://github.com/TechSmith/mp4v2/commit/73f38b4296aeb38617fa3923018bb78671c3b833
  - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0
    mishandles substrings of atom names, leading to use of an
    inappropriate data type for associated atoms. The resulting type
    confusion can cause out-of-bounds memory access.
    Fixed by
    https://github.com/TechSmith/mp4v2/commit/51cb6b36f6c8edf9f195d5858eac9ba18b334a16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/matio: add upstream security fixes
Fabrice Fontaine [Sat, 2 May 2020 19:54:38 +0000 (21:54 +0200)]
package/matio: add upstream security fixes

Fix the following CVEs:
 - CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits
   a certain '\0' character, leading to a heap-based buffer over-read in
   strdup_vprintf when uninitialized memory is accessed.
 - CVE-2019-20017: A stack-based buffer over-read was discovered in
   Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
 - CVE-2019-20018: A stack-based buffer over-read was discovered in
   ReadNextCell in mat5.c in matio 1.5.17.
 - CVE-2019-20020: A stack-based buffer over-read was discovered in
   ReadNextStructField in mat5.c in matio 1.5.17.
 - CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in
   mat.c in matio 1.5.17 because SafeMulDims does not consider the
   rank==0 case.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/at91bootstrap3: bump to version 3.9.2
Pierre-Jean Texier [Thu, 28 May 2020 10:00:56 +0000 (12:00 +0200)]
boot/at91bootstrap3: bump to version 3.9.2

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/reaver: bump to v1.6.6
Guillaume W. Bres [Thu, 28 May 2020 10:27:54 +0000 (12:27 +0200)]
package/reaver: bump to v1.6.6

Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gloox: new package
Yair Ben-Avraham [Tue, 19 May 2020 08:26:30 +0000 (08:26 +0000)]
package/gloox: new package

gloox is a rock-solid, full-featured Jabber/XMPP client library,
written in clean ANSI C++. It makes writing spec-compliant clients
easy and allows for hassle-free integration of Jabber/XMPP
functionality into existing applications. gloox is released under the
GNU GPLv3. Commercial licensing and support are available.

Signed-off-by: Yair Ben Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gnupg: fix build with gcc 10
Thomas Petazzoni [Tue, 26 May 2020 21:27:54 +0000 (23:27 +0200)]
package/gnupg: fix build with gcc 10

This commit backports an upstream patch made for gnupg2 into gnupg, in
order to fix build failures with gcc 10 due to the use of
-fno-common. Due to the code differences between upstream gnupg2 and
the old gnupg 1.x, the backport is in fact more a rewrite than an
actual backport.

Fixes:

  http://autobuild.buildroot.net/results/496a18833505dc589f7ae58f2c7e5fe80fe9af79/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/qt5/qt5declarative: fix parallel install
Romain Naour [Tue, 26 May 2020 21:04:43 +0000 (23:04 +0200)]
package/qt5/qt5declarative: fix parallel install

Installing qt5declarative examples on fast/fast/multicore machines sometimes
failes with a variation of the following error messages:

 - Cannot touch [...]/chapter5-listproperties/app.qml: No such file or directory
 - Error copying [...]/chapter2-methods/app.qml: Destination file exists

Fix it by using OTHER_FILES instead of a seperate qml files install target
to fix the race between install_target, install_qml and install_sources.

Fixes:

 - https://gitlab.com/buildroot.org/buildroot/-/jobs/565470221

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Reworked patch and commit log]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/efl: fix -fno-common build failure
Heiko Thiery [Mon, 18 May 2020 06:43:21 +0000 (08:43 +0200)]
package/efl: fix -fno-common build failure

Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default).

Fixes:
http://autobuild.buildroot.net/results/47f/47fcf9bceba029accdcf159236addea3cb03f12f/

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/erlang: fix -fno-common build failure
Heiko Thiery [Sun, 17 May 2020 21:34:26 +0000 (23:34 +0200)]
package/erlang: fix -fno-common build failure

Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default).

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agolinux: fix COPYING file hash
Yegor Yefremov [Wed, 27 May 2020 09:49:11 +0000 (11:49 +0200)]
linux: fix COPYING file hash

In version 5.6 a minor change was made to this file, stating tht "[a]ll
contributions to the Linux Kernel are subject to this COPYING file",
and hence the hash changed.

We can update the hash, because the licensing information is only
accounted for the "latest" version, so the hash change will not impact
older kernel versions as the user would have to switch to a non-latest
kernel.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gerbera: fix static linking with libmagic
Fabrice Fontaine [Sat, 23 May 2020 19:21:55 +0000 (21:21 +0200)]
package/gerbera: fix static linking with libmagic

This patch was wrongly removed when bumping the version to 1.4.0 in
commit 6976f312fa84d4a9c4bbf99ed3b173085780dcd9

Fixes:
 - http://autobuild.buildroot.org/results/7a53a59dd08c043f371bea967c3b450a7bddcde8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoboard/freescale: increase the vfat size
Fabio Estevam [Tue, 26 May 2020 21:01:19 +0000 (18:01 -0300)]
board/freescale: increase the vfat size

The default iamge size is 32MiB, which is quite low by today's standards.
Besides, the AArch64 kernels are relatively big, which leaves not much
room, if at all, for users to experiment on the default image.

Increase the vfat size to a more reasonable 64MiB.

Note that users who derive an in-tree defconfig for their own case will
allways hit any arbitarary size we put here, so they will anyway have to
also derive this template for their own use-cases.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/uboot-tools: tools/env/fw_env.h: remove env.h
Romain Naour [Mon, 11 May 2020 21:47:43 +0000 (23:47 +0200)]
package/uboot-tools: tools/env/fw_env.h: remove env.h

As reported by Nicolas Carrier on the Buildroot mailing list [1],
there is a new build issue while building a program which interacts with
the u-boot environment. This program uses the headers of the ubootenv
library provided by uboot-tools.

This is an upstream change from uboot [2] adding "#include <env.h>" to
fw_env.h. Adding env.h require a board configuration to build.

But only fw_env.h header is installed in the staging directory by
uboot-tools package, but since it now include env.h the build is broken
because env.h is missing from the staging directory.

It's seems an upstream bug since env_set() is not used in fw_env tool.
Nicolas removed env.h from fw_env tool and fixed it's build issue.

This problem is present since uboot v2019.10, so the uboot version
present in Buildroot 2020.02 is affected.

It's probably not a problem for upstream uboot but it's a problem
for uboot-tools package that build uboot tools without a board
configuration for the target.

[1] http://lists.busybox.net/pipermail/buildroot/2020-April/280307.html
[2] https://gitlab.denx.de/u-boot/u-boot/-/commit/9fb625ce05539fe6876a59ce1dcadb76b33c6f6e

Reported-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr: add URL to upstream commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/audit: fix -fno-common build failure
Heiko Thiery [Mon, 18 May 2020 05:43:32 +0000 (07:43 +0200)]
package/audit: fix -fno-common build failure

Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default).

Fixes:
http://autobuild.buildroot.net/results/c4b/c4bba80e9fc476247c7ba28850831c6a8edd559f/build-end.log

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/leveldb: fix detection of the snappy library
Thomas Petazzoni [Mon, 18 May 2020 05:22:02 +0000 (07:22 +0200)]
package/leveldb: fix detection of the snappy library

Pull a patch pending in an upstream pull request to fix the detection
of the snappy library when we are in static linking configurations.

Fixes:

  https://bugs.busybox.net/show_bug.cgi?id=12671

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/leveldb: turn snappy into an optional dependency
Thomas Petazzoni [Mon, 18 May 2020 05:22:01 +0000 (07:22 +0200)]
package/leveldb: turn snappy into an optional dependency

snappy is not a mandatory dependency to build leveldb. Back when it
was introduced in Buildroot, as of version 1.18, the build logic
already made snappy an optional dependency.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/mesa3d: propagate missing libdrm-freedreno deps
James Hilliard [Tue, 26 May 2020 20:24:37 +0000 (14:24 -0600)]
package/mesa3d: propagate missing libdrm-freedreno deps

Libdrm freedreno depends on BR2_arm || BR2_aarch64 || BR2_aarch64_be
as such we need to propagate those dependencies to mesa's gallium
freedreno driver.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/prosody: use correct bit32 package
James Hilliard [Mon, 25 May 2020 02:50:53 +0000 (20:50 -0600)]
package/prosody: use correct bit32 package

According to https://prosody.im/doc/depends#bitop the correct bitop
package to use with prosody for Lua 5.1 is:
https://luarocks.org/modules/siffiejoe/bit32

As such replace BR2_PACKAGE_LUABITOP with BR2_PACKAGE_LUA_BIT32

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agodocs/website/sponsors.html: show 2020 sponsors
Thomas Petazzoni [Tue, 26 May 2020 19:53:15 +0000 (21:53 +0200)]
docs/website/sponsors.html: show 2020 sponsors

So far in 2020, Logilin and Tap2Open made some financial donations to
the Buildroot Association, so let's thank them on our sponsors page.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/lrzip: fix hash
Fabrice Fontaine [Tue, 26 May 2020 05:34:12 +0000 (07:34 +0200)]
package/lrzip: fix hash

Hash was not updated by commit 18079e20a712c4a7d539ead52b0a0c725ec7f7e2

Fixes:
 - http://autobuild.buildroot.org/results/0f7179ed4706f05551af330d7f12b3efaeffd278

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 6}.x series
Peter Korsgaard [Mon, 25 May 2020 16:26:31 +0000 (18:26 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 6}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/pkg-generic.mk: enable hash checks for svn tarbals
Heiko Thiery [Sun, 24 May 2020 21:28:29 +0000 (23:28 +0200)]
package/pkg-generic.mk: enable hash checks for svn tarbals

With commit 89f5e989323ace815a32fced27eaefee2f4666de support for
reproducible archives was added. Thus archives generated from svn do no
longer needs to be added to BR_NO_CHECK_HASH_FOR.

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/lrzip: bump to 7f3bf46203bf45ea115d8bd9f310ea219be88af4
Fabrice Fontaine [Sat, 23 May 2020 08:36:23 +0000 (10:36 +0200)]
package/lrzip: bump to 7f3bf46203bf45ea115d8bd9f310ea219be88af4

This bump contains only one commit that fix a build failure with asm:
https://github.com/ckolivas/lrzip/commit/844b8c057c8c7372ca41ad2efdbf849f45c24506

Fixes:
 - http://autobuild.buildroot.org/results/800d8a97966ef75dbf20e85ec8a02766ba02cc76

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/qemu: remove csky fork
Romain Naour [Fri, 22 May 2020 23:22:12 +0000 (01:22 +0200)]
package/qemu: remove csky fork

We have a qemu fork for csky cpus [1] but since qemu version
bump to 4.2.0 [2] and libssh2/libssh change the csky build is
broken.

The csky fork is based on Qemu 3.0.0 but unlike autotools packages
any unknown option is handled as error.

Since we don't want to support all options from previous qemu
release and the github repository has been removed [3] and the
only remaining archive is located on http://sources.buildroot.net,
remove the qemu csky fork as suggested by [4].

[1] https://git.buildroot.net/buildroot/commit/?id=f816e5b276f1ef15840bec6667f1e8219717ab7d
[2] https://git.buildroot.net/buildroot/commit/?id=0ea17054ce7dfc54efca5634133cef786445e7b1
[3] https://github.com/c-sky/qemu
[4] http://lists.busybox.net/pipermail/buildroot/2020-May/281885.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Guo Ren <ren_guo@c-sky.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Peter: move patches out of 4.2.0 subdir]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wiringpi: remove
Yann E. MORIN [Sun, 24 May 2020 20:26:51 +0000 (22:26 +0200)]
package/wiringpi: remove

The author has completely ripped off the git tree, so the sources
are no longer available, with that message:
    "Please look for alternatives for wiringPi"

And indeed there is a better alternative, using the kernel GPIO
subsystem and drivers.

Note that queezelite looses that functionality now, but upstream
squeezelite has done changes to do without wiringpi (hint for an
upgrade?).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Hiroshi Kawashima <kei-k@ca2.so-net.ne.jp>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/speexdsp+tremor: switch to new git repository
Yann E. MORIN [Sun, 24 May 2020 08:58:00 +0000 (10:58 +0200)]
package/speexdsp+tremor: switch to new git repository

The original git server on git.xiph.org died, and the Xiph project has
now moved on to host their repositories on gitlab.comn instead.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage: don't use BR2_KERNEL_MIRROR for git downloads
Yann E. MORIN [Sun, 24 May 2020 08:57:21 +0000 (10:57 +0200)]
package: don't use BR2_KERNEL_MIRROR for git downloads

The git repositories are not served on the kernel.org CDN:

    fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/' not found

Switch to explicitly use the git.kernel.org server.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ffmpeg: bump version to 4.2.3
Bernd Kuhls [Fri, 22 May 2020 20:37:36 +0000 (22:37 +0200)]
package/ffmpeg: bump version to 4.2.3

Removed patch included in upstream release, reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/wireshark: security bump to version 3.2.4
Fabrice Fontaine [Fri, 22 May 2020 20:10:41 +0000 (22:10 +0200)]
package/wireshark: security bump to version 3.2.4

Fix CVE-2020-13164: In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and
2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in
epan/dissectors/packet-nfs.c by preventing excessive recursion, such as
for a cycle in the directory graph on a filesystem.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/fio: fix build on sh4
Fabrice Fontaine [Sat, 23 May 2020 17:20:36 +0000 (19:20 +0200)]
package/fio: fix build on sh4

Fixes:
 - http://autobuild.buildroot.org/results/6dc82572ae1369aa5c9954b6e61777766c5aa3b4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agodocs/manual: new chapter on release engineering
Joachim Nilsson [Sat, 23 May 2020 14:05:03 +0000 (16:05 +0200)]
docs/manual: new chapter on release engineering

Describe release engineering and development phases of the project.

Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ltrace: directly use s.b.o to fetch the archive
Yann E. MORIN [Sun, 24 May 2020 20:39:25 +0000 (22:39 +0200)]
package/ltrace: directly use s.b.o to fetch the archive

During the migration from alioth to gitlab, the git repository for ltrace
was not migrated. There is a repository on gitlab.com, owned by the debian
maintainer, but that repository does not contain the sha1 we know of:
    https://gitlab.com/cespedes/ltrace

s.b.o. is the only known location so far to host the archive, so switch
to it.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/bind: security bump to version 9.11.19
Peter Korsgaard [Mon, 25 May 2020 06:15:28 +0000 (08:15 +0200)]
package/bind: security bump to version 9.11.19

Fixes the following security issues:

- (9.11.18) DNS rebinding protection was ineffective when BIND 9 is
  configured as a forwarding DNS server.  Found and responsibly reported by
  Tobias Klein.  [GL #1574]

- (9.11.19) To prevent exhaustion of server resources by a maliciously
  configured domain, the number of recursive queries that can be triggered
  by a request before aborting recursion has been further limited.  Root and
  top-level domain servers are no longer exempt from the
  max-recursion-queries limit.  Fetches for missing name server address
  records are limited to 4 for any domain.  This issue was disclosed in
  CVE-2020-8616.  [GL #1388]

- (9.11.19) Replaying a TSIG BADTIME response as a request could trigger an
  assertion failure.  This was disclosed in CVE-2020-8617.  [GL #1703]

Also update the COPYRIGHT hash for a change of copyright year and adjust the
spacing for the new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackages/systemd: fix double getty on console
Jérémy Rosen [Fri, 22 May 2020 16:59:29 +0000 (18:59 +0200)]
packages/systemd: fix double getty on console

When selecting "console" for the automatic getty, the buildroot logic
would collide with systemd's internal console detection logic, resulting
in two getty being started on the console.

This commit fixes that by doing nothing when "console" is selected and
letting systemd-getty-generator deal with starting the proper getty.

Note that if something other than the console is selected
* Things will work properly, even if the selected terminal is also the
  console
* A getty will still be started on the console.
  This is what systemd has been doing on buildroot since the beginning. it
  could be disabled but I left it for backward compatibility

Fixes: #12361
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/dovecot: security bump to version 2.3.10.1
Fabrice Fontaine [Fri, 22 May 2020 13:58:08 +0000 (15:58 +0200)]
package/dovecot: security bump to version 2.3.10.1

- Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
  sending of malformed parameters to a NOOP command causes a NULL
  Pointer Dereference and crash in submission-login, submission, or
  lmtp.
- Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
  message triggers an unauthenticated use-after-free bug in
  submission-login, submission, or lmtp, and can lead to a crash under
  circumstances involving many newlines after a command.
- Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
  unauthenticated attackers can crash the lmtp or submission process by
  sending mail with an empty localpart.
- Drop first patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/dovecot: drop first patch
Fabrice Fontaine [Fri, 22 May 2020 13:58:07 +0000 (15:58 +0200)]
package/dovecot: drop first patch

First patch is not needed since version 2.3.0 and
https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi: bump version to 18.7-Leia
Bernd Kuhls [Thu, 21 May 2020 17:18:29 +0000 (19:18 +0200)]
package/kodi: bump version to 18.7-Leia

Release notes: http://www.kodi.tv/article/kodi-leia-187-release

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/unbound: bump version to 1.10.1 for security fixes
Stefan Ott [Fri, 22 May 2020 01:40:26 +0000 (03:40 +0200)]
package/unbound: bump version to 1.10.1 for security fixes

Fixes the following security vulnerabilities:

CVE-2020-12662: Unbound can be tricked into amplifying an incoming query
  into a large number of queries directed to a target.

CVE-2020-12663: Malformed answers from upstream name servers can be used
  to make Unbound unresponsive.

Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoUpdate for 2020.05-rc2
Peter Korsgaard [Fri, 22 May 2020 09:53:24 +0000 (11:53 +0200)]
Update for 2020.05-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/freerdp: security bump to version 2.1.1
Fabrice Fontaine [Thu, 21 May 2020 14:39:57 +0000 (16:39 +0200)]
package/freerdp: security bump to version 2.1.1

>From ChangeLog:
- CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
- CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to
  uninitialized value
- CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
- Enforce synchronous legacy RDP encryption count (#6156)
- Fixed some leaks and crashes missed in 2.1.0
- Removed dynamic channel listener limits
- Lots of resource cleanup fixes (clang sanitizers)

https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoDEVELOPERS: remove python-pycrypto
Fabrice Fontaine [Thu, 21 May 2020 14:43:40 +0000 (16:43 +0200)]
DEVELOPERS: remove python-pycrypto

Commit 7ef76ed32fcd447391e26d33a555ff5dab6dc48e forgot to remove
python-pycrypto entry from DEVELOPERS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libpam-tacplus: fix build when time_t is 64 bits
Fabrice Fontaine [Mon, 18 May 2020 16:15:25 +0000 (18:15 +0200)]
package/libpam-tacplus: fix build when time_t is 64 bits

Fixes:
 - http://autobuild.buildroot.org/results/874433d8cb30d21332f23024081a8b6d7b3254ae

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/vboot-utils: fix -fno-common build failure
Heiko Thiery [Tue, 19 May 2020 06:53:21 +0000 (08:53 +0200)]
package/vboot-utils: fix -fno-common build failure

Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default).

Fixes:
http://autobuild.buildroot.net/results/aca662d9fd7052f3b361b731cd266edb3b6c41b0
http://autobuild.buildroot.net/results/6546b284cf306a2fde3c69d67daf9aacffa9e143
http://autobuild.buildroot.net/results/db20bb3c11a1a9558a5d8021015c6915f99097c8

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-pycrypto: remove package
Romain Naour [Sun, 26 Apr 2020 22:33:23 +0000 (00:33 +0200)]
package/python-pycrypto: remove package

This package doesn't work with Python 3.8 since the code contains
time.clock() that was deprecated in Python 3.3 and removed in Python 3.8.

Instead of applying non upstream patches from Fedora [1], python-pycrypto
was replaced by python-pycryptodomex for crda and optee-os package.
Now we can remove safely this package.

[1] http://lists.busybox.net/pipermail/buildroot/2020-April/280683.html

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/498144209

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoboot/optee-os: replace pycrypto by pycryptodomex
Romain Naour [Sun, 26 Apr 2020 22:33:22 +0000 (00:33 +0200)]
boot/optee-os: replace pycrypto by pycryptodomex

>From [1] included in optee-os release 3.7.0:
"PyCryptodome is a fork of PyCrypto, which is not maintained any more
(the last release dates back to 2013 [2]). It exposes almost the same
API, but there are a few incompatibilities [3]."

pem_to_pub_c.py/sign.py scripts still use pycrypto that is replaced
by pycryptodomex. Add a patch to use pycryptodomex but don't use
upstream commit since it also switches from the algorithm
TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256
when replacing pycrypto to pycryptodomex [4].

[1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0
[2] https://pypi.org/project/pycrypto/#history
[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html
[4] https://github.com/OP-TEE/optee_os/commit/ababd72d2fd76cb2ded8e202b49db28d6545f6eb

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/526035730

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/crda: replace pycrypto by pycryptodomex
Romain Naour [Sun, 26 Apr 2020 22:33:21 +0000 (00:33 +0200)]
package/crda: replace pycrypto by pycryptodomex

>From [1]:
"PyCryptodome is a fork of PyCrypto, which is not maintained any more
(the last release dates back to 2013 [2]). It exposes almost the same
API, but there are a few incompatibilities [3]."

[1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0
[2] https://pypi.org/project/pycrypto/#history
[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html

Update the patch 0001-crda-support-python-3-in-utils-key2pub.py.patch
since it add pycrypto.

>From [4]
"CRDA is no longer needed as of kernel v4.15 since commit 007f6c5e6eb45
("cfg80211: support loading regulatory database as firmware file") added
support to use the kernel's firmware request API which looks for the
firmware on /lib/firmware. Because of this CRDA is legacy software for
older kernels. It will continue to be maintained."

[4] https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/tree/README?id=9856751feaf7b102547cea678a5da6c94252d83d#n8

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-pycryptodomex: add host variant
Romain Naour [Sun, 26 Apr 2020 22:33:20 +0000 (00:33 +0200)]
package/python-pycryptodomex: add host variant

Adding a host variant will allow to replace host-python-pycrypto by
host-python-pycryptodomex for the crda and optee-os packages.

From [1]:
"PyCryptodome is a fork of PyCrypto, which is not maintained any more
(the last release dates back to 2013 [2]). It exposes almost the same
API, but there are a few incompatibilities [3]."

[1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0
[2] https://pypi.org/project/pycrypto/#history
[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/xerces: fix coding style in Config.in
Thomas Petazzoni [Thu, 21 May 2020 13:42:59 +0000 (15:42 +0200)]
package/xerces: fix coding style in Config.in

We generally use on "depends on" for each toolchain option, so let's
do this as well in package/xerces/Config.in.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/xerces: add enable network option
Jared Bents [Wed, 20 May 2020 22:28:50 +0000 (17:28 -0500)]
package/xerces: add enable network option

Update to add the option to compile xerces with network
enabled by default so it can be unselected to compile
without network support.

When network support is enabled the Network Accessor feature
will decode schema urls and if they don't appear as localhost
or local files, it will open a stream (socket) session with
the remote server. In an embedded setting having the option to
disable this allows:
 * cleaner audit logging
 * smaller security attack surface
 * less library dependencies
 * no behind the scenes failed session attempts

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kodi-pvr-wmc: bump version to 2.4.6-Leia
Bernd Kuhls [Wed, 20 May 2020 17:20:12 +0000 (19:20 +0200)]
package/kodi-pvr-wmc: bump version to 2.4.6-Leia

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kodi-pvr-pctv: bump version to 2.4.7-Leia
Bernd Kuhls [Wed, 20 May 2020 17:19:42 +0000 (19:19 +0200)]
package/kodi-pvr-pctv: bump version to 2.4.7-Leia

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kodi-pvr-mythtv: bump version to 5.10.16-Leia
Bernd Kuhls [Wed, 20 May 2020 17:18:28 +0000 (19:18 +0200)]
package/kodi-pvr-mythtv: bump version to 5.10.16-Leia

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>