Fabrice Fontaine [Wed, 23 Dec 2020 10:59:48 +0000 (11:59 +0100)]
 
package/mutt: fix activation of openssl on imap
Activation of openssl for imap is broken since commit
0fcd010a2db771c259224ad1d025fb4c5a9baf3b because of the following typo:
BR2_PACKAGET_MUTT_IMAP
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Antoine Tenart [Wed, 23 Dec 2020 10:50:29 +0000 (11:50 +0100)]
 
package/refpolicy: bump to 2.
20200818
Changelog:
https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 23 Dec 2020 11:33:54 +0000 (12:33 +0100)]
 
package/bustle: bump to version 0.8.0
- Update license hash and remove GPL-3.0:
  https://gitlab.freedesktop.org/bustle/bustle/-/commit/
c3f2f160c528c874c483a314ebbf997abfd85492
- Use PCAP_CONFIG which is available since
  https://gitlab.freedesktop.org/bustle/bustle/-/commit/
7e2daf2984fc4d479b153e899b80e8d669ff54cf
- Update indentation in hash file (two spaces)
https://hackage.haskell.org/package/bustle-0.8.0/changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gary Bisson [Wed, 23 Dec 2020 14:01:24 +0000 (15:01 +0100)]
 
package/freescale-imx/firmware-imx: add sdma file for IMX6S platform
Uses the same file as IMX6Q platform, see imx6sl.dtsi.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 25 Dec 2020 22:13:43 +0000 (23:13 +0100)]
 
package/minizip: fix build without openssl
Disable PKWARE traditional and WinZIP AES encryption without openssl to
avoid the following build failure due to MZ_FETCH_LIBS being set to OFF
since commit 
f9d31de3b7585e3521aafe2089fcff79bf7f037d
Fixes:
 - http://autobuild.buildroot.org/results/
ae16497bf56df9ce4be97651b5ce65f75bdf909f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 3 Dec 2020 20:28:53 +0000 (21:28 +0100)]
 
package/rhash: fix build failure due to gcc -v
With BR2_RELRO_PARTIAL or BR2_RELRO_FULL, our toolchain wrapper will
forcibly add -Wl,-z,relro to any call to the actual compiler. This
usually works OK, because gcc will only use those options it needs for
the compile step it has to carry: pre-processing, compiling, assembling,
or linking, and ignore those options it does not need.
Excpt in one case: when -v is passed standalone, with no input file,
then gcc will falsely believe it has to do a link stage;
    $ gcc -Wl,-z,relro -v
    [...]
    /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
    (.text+0x24): undefined reference to `main'
    collect2: error: ld returned 1 exit status
Fixing that in our wrapper will not be easy, because we'd have to detect
there is no input file. Doing so would probably require we support
almost all gcc options to differentiate between the parameter of an
option (e.g. -I /some/path) from an actual inpout file. This would not
be very robust, and would have a high risk od breaking when we introduce
the next gcc version.
Since it seems that only rhash is affected, due to its inventive,
custom, hand-written configure script, we just patch it to be a bit more
robust in the face of a compiler that could not accept -v, and fallback
to --version.
Fixes:
 - http://autobuild.buildroot.org/results/
8605c16cc28316954ce8b9dcc266974390c5da20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - retain "$CC -v" as default, fallback to "$CC --version", in the hope
    that it stands better chance with upstream
  - write a commit log to explain the actual root-cause of the build
    failure
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Baruch Siach [Thu, 24 Dec 2020 15:41:09 +0000 (17:41 +0200)]
 
package/uhubctl: bump to version 2.3.0
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Baruch Siach [Thu, 24 Dec 2020 13:22:19 +0000 (15:22 +0200)]
 
libcurl: security bump to version 7.74.0
Fixes security issues:
CVE-2020-8286: Inferior OCSP verification
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8284: trusting FTP PASV responses
Drop upstream patch.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stefan Agner [Wed, 23 Dec 2020 10:11:36 +0000 (11:11 +0100)]
 
package/linux-firmware: add new option for Samsung MFC firmwares
Multi format codec (MFC) is the IP present in Samsung Exynos series SoCs
for video encoding/decoding operations.
Signed-off-by: Stefan Agner <stefan@agner.ch>
[yann.morin.1998@free.fr: add all FW versions]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Gleb Mazovetskiy [Fri, 25 Dec 2020 12:15:59 +0000 (12:15 +0000)]
 
package/pkg-meson: force-disable binary stripping
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
  - add burb about the target-finalize step
  - enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 15 Oct 2020 05:46:00 +0000 (07:46 +0200)]
 
support/dependencies: set cmake version min to 3.15
quazip requires cmake 3.15 since version 1.0 and
https://github.com/stachenov/quazip/commit/
89e7c201f0215032d347eef6fc0c671a1845738b
https://github.com/stachenov/quazip/commit/
818adc82246cefffa2e8851534016cf1db349da7
The rationale for this requirement is that "default locations for the
install(TARGETS command based on the GNUInstallDirs package were only
added in 3.14" and "3.15 is not that much of a difference from 3.14 and
it introduced a lot of useful UI improvements.":
https://github.com/stachenov/quazip/issues/82
Fixes:
 - http://autobuild.buildroot.org/results/
5d848a46109aef448ea1d1b857a500d9461dc2d9
Note: we also have some patches to allow some packages to build with
cmake-3.10, and this will not be tenable over the long run.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add the "note"]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Wed, 23 Dec 2020 21:35:03 +0000 (22:35 +0100)]
 
package/go: fix s/amrv7/armv7/ typo in comment
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 23 Dec 2020 11:22:59 +0000 (12:22 +0100)]
 
package/sysstat: enable lm-sensors support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 23 Dec 2020 11:22:58 +0000 (12:22 +0100)]
 
package/sysstat: bump to version 12.4.2
Drop NLS workaround, not needed since
https://github.com/sysstat/sysstat/commit/
1b4185b599730e6139aaaaaa48eb6626fb732c9d
https://github.com/sysstat/sysstat/blob/v12.4.2/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adrian Perez de Castro [Wed, 23 Dec 2020 14:50:04 +0000 (16:50 +0200)]
 
package/wpewebkit: security bump to version 2.30.4
This is a minor release which provides a fix for CVE-2020-13543.
Full release notes:
  https://wpewebkit.org/release/wpewebkit-2.30.4.html
A detailed security advisory can be found at:
  https://wpewebkit.org/security/WSA-2020-0009.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adrian Perez de Castro [Wed, 23 Dec 2020 11:43:53 +0000 (13:43 +0200)]
 
package/webkitgtk: security bump to version 2.30.4
This is a minor release which provides a fix for CVE-2020-13543.
Full release notes:
  https://webkitgtk.org/2020/12/15/webkitgtk2.30.4-released.html
A detailed security advisory can be found at:
  https://webkitgtk.org/security/WSA-2020-0009.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Mon, 14 Dec 2020 22:24:07 +0000 (23:24 +0100)]
 
package/bind: fix compile/linking failure
Fixes:
  - http://autobuild.buildroot.net/results/
966a3de94aa97fa8e9895eede29c9cbfb4bd7301
  .../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: warning: libisccfg.so.163, needed by ../../lib/bind9/.libs/libbind9.so, not found (try using -rpath or -rpath-link)
  .../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: ../../lib/bind9/.libs/libbind9.so: undefined reference to `cfg_obj_line'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: replace by upstream patches]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 2 Dec 2020 21:18:48 +0000 (22:18 +0100)]
 
package/bind: drop unrecognized option
Drop --enable-newstats option which is not recognized
Unrecognized options:
    --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --disable-dependency-tracking, --disable-nls, --enable-newstats
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 12 Dec 2020 09:13:05 +0000 (10:13 +0100)]
 
package/bind: bump version to 9.11.25
Release notes:
https://ftp.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 22 Dec 2020 17:11:49 +0000 (18:11 +0100)]
 
package/openldap: security bump to version 2.4.56
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Tue, 22 Dec 2020 22:38:26 +0000 (23:38 +0100)]
 
package/tiff: bump version to 4.2.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Tue, 22 Dec 2020 22:30:00 +0000 (23:30 +0100)]
 
package/strace: bump version to 5.10
For details see [1].
[1] https://strace.io/files/5.10
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcin Niestroj [Mon, 21 Dec 2020 18:24:50 +0000 (19:24 +0100)]
 
package/python-crc16: allow to build with python3
python3 is officially supported by package, as there is a usage example
at [1]. Simply remove dependency on BR2_PACKAGE_PYTHON.
[1] https://pypi.org/project/crc16/
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Sat, 19 Dec 2020 11:18:22 +0000 (08:18 -0300)]
 
package/stella: bump version to 6.4
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Sat, 19 Dec 2020 15:22:21 +0000 (12:22 -0300)]
 
package/azure-iot-sdk-c: bump version to LTS_07_2020_Ref02
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 22 Dec 2020 11:10:12 +0000 (12:10 +0100)]
 
package/rauc: fix build with headers < 4.14
Fixes:
 - http://autobuild.buildroot.org/results/
829ae7ed66686c11a941ac99bd08a06f754affb4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Mon, 21 Dec 2020 20:39:52 +0000 (21:39 +0100)]
 
package/rpi-firmware: bump version to 
d016a6e
Keep rpi-firmware up-to-date with the kernel
version bump (5.10.1).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Mon, 21 Dec 2020 20:39:50 +0000 (21:39 +0100)]
 
configs/raspberrypi*: bump kernel version to 
967d45b (5.10.1)
Now based on 5.10.1 (from 5.4.80).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 22 Dec 2020 22:25:12 +0000 (23:25 +0100)]
 
package/xen: security bump to version 4.14.1
Includes security fixes up to XSA-359:
XSA-345: x86: Race condition in Xen mapping code
XSA-346: undue deferral of IOMMU TLB flushes
XSA-347: unsafe AMD IOMMU page table updates
XSA-348: undue recursion in x86 HVM context switch code (CVE-2020-29566)
XSA-351: Information leak via power sidechannel (CVE-2020-28368)
XSA-352: oxenstored: node ownership can be changed by unprivileged clients
         (CVE-2020-29486)
XSA-353: oxenstored: permissions not checked on root node (CVE-2020-29479)
XSA-355: stack corruption from XSA-346 change
XSA-356: infinite loop when cleaning up IRQ vectors (CVE-2020-29567)
XSA-358: FIFO event channels control block related ordering (CVE-2020-29570)
XSA-359: FIFO event channels control structure ordering (CVE-2020-29571)
And drop now upstreamed security patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 22 Dec 2020 20:00:28 +0000 (21:00 +0100)]
 
package/nodejs: security bump to version 12.19.1
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High).  A Node.js
  application that allows an attacker to trigger a DNS request for a host of
  their choice could trigger a Denial of Service by getting the application
  to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Tue, 22 Dec 2020 17:27:43 +0000 (18:27 +0100)]
 
configs/nitrogen6x_defconfig: remove duplicate BR2_PACKAGE_HOST_UBOOT_TOOLS=y
The commit [1] added this option a second time.
Remove the first occurence.
Fixes:
configs/nitrogen6x_defconfig:31:warning: override: reassigning to symbol BR2_PACKAGE_HOST_UBOOT_TOOLS
[1] 
6ea9f662a03e0f4b4a9000a25095b8e6293b07b6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 22 Dec 2020 10:44:11 +0000 (11:44 +0100)]
 
package/apitrace: disable unit tests
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
 - http://autobuild.buildroot.org/results/
8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 14:10:01 +0000 (15:10 +0100)]
 
package/memcached: bump to version 1.6.9
https://github.com/memcached/memcached/wiki/ReleaseNotes169
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 13:57:06 +0000 (14:57 +0100)]
 
package/minizip: bump to version 2.10.5
- Drop patches (already in version)
- Set MZ_FETCH_LIBS to OFF (available since version 2.10.5 and
  https://github.com/nmoinvaz/minizip/commit/
a1602ed9c82c6b2dd5ea8753dd3fecc3dcc74ba5)
- Use MZ_ICONV which is available since version 2.10.4 and
  https://github.com/nmoinvaz/minizip/commit/
628830ff93c2fb1fd1bbb87ccea5857c5caf2af4
- Add xz optional dependency which is available since version 2.10.2 and
  https://github.com/nmoinvaz/minizip/commit/
f1cc0e3898b23828765378b2ab6ba7622d1f8dbe
https://github.com/nmoinvaz/minizip/releases/tag/2.10.5
https://github.com/nmoinvaz/minizip/releases/tag/2.10.4
https://github.com/nmoinvaz/minizip/releases/tag/2.10.3
https://github.com/nmoinvaz/minizip/releases/tag/2.10.2
https://github.com/nmoinvaz/minizip/releases/tag/2.10.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 13:22:49 +0000 (14:22 +0100)]
 
package/librsvg: bump to version 2.50.2
https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.2/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 11:58:49 +0000 (12:58 +0100)]
 
package/mongodb: bump to version 4.2.11
https://docs.mongodb.com/master/release-notes/4.2-changelog/#id1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Wujek [Mon, 21 Dec 2020 11:25:34 +0000 (11:25 +0000)]
 
package/netsnmp: fix memory leak in IP-MIB when running without IPv6
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 10:23:18 +0000 (11:23 +0100)]
 
package/libdrm: add license file
Add xf86drm.c as the license file and while at it, update the indentation
in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Dec 2020 10:42:24 +0000 (11:42 +0100)]
 
package/mutt: fix CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 21 Dec 2020 11:24:14 +0000 (12:24 +0100)]
 
package/rauc: security bump to version 1.5
Fixes the following security issue:
- CVE-2020-25860: Time-of-Check-Time-of-Use Vulnerability in code that
  checks and installs a firmware bundle.
  For more details, see the advisory:
  https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 21 Dec 2020 11:02:43 +0000 (12:02 +0100)]
 
package/python-pyqt5: fix qt5 openssl conditional
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 
4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match.  Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 21 Dec 2020 10:02:33 +0000 (11:02 +0100)]
 
package/ti-sgx-*: fix s/correpsonds/corresponds/ typo
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Sun, 20 Dec 2020 12:40:32 +0000 (13:40 +0100)]
 
package/ttyd: bump to version 1.6.2
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Dec 2020 22:41:13 +0000 (23:41 +0100)]
 
package/zstd: bump to version 1.4.8
Drop patch (already in version)
https://github.com/facebook/zstd/releases/tag/v1.4.7
https://github.com/facebook/zstd/releases/tag/v1.4.8
(No 1.4.6 release)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Dec 2020 22:26:18 +0000 (23:26 +0100)]
 
package/ghostscript: bump to version 9.53.3
https://www.ghostscript.com/doc/9.53.3/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Dec 2020 22:20:01 +0000 (23:20 +0100)]
 
package/imagemagick: security bump to version 7.10.51
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
  7.0.10-40 mishandles the -authenticate option, which allows setting a
  password for password-protected PDF files. The user-controlled password
  was not properly escaped/sanitized and it was therefore possible to
  inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
  https://github.com/ImageMagick/ImageMagick/commit/
45e5d2493c08e7cb49f7268c01d847e88f78fd6c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Dec 2020 17:55:56 +0000 (18:55 +0100)]
 
package/cryptopp: security bump to version 8.3.0
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
  channel in ECDSA signature generation. This allows a local or remote
  attacker, able to measure the duration of hundreds to thousands of
  signing operations, to compute the private key used. The issue occurs
  because scalar multiplication in ecp.cpp (prime field curves, small
  leakage) and algebra.cpp (binary field curves, large leakage) is not
  constant time and leaks the bit length of the scalar among other
  information. For details, see:
  https://github.com/weidai11/cryptopp/issues/869
- Update license hash due to the addition of ARM SHA1 and SHA256 asm
  implementation from Cryptogams
  https://github.com/weidai11/cryptopp/commit/
1a63112faf5af60e0ebcc60654eef806e7f6f11a
  https://github.com/weidai11/cryptopp/commit/
4c9ca6b723b5ec5aab7eec720ad4d22598abe941
https://www.cryptopp.com/release830.html
[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 22:38:38 +0000 (23:38 +0100)]
 
package/glib-networking: bump to version 2.66.0
https://gitlab.gnome.org/GNOME/glib-networking/-/blob/2.66.0/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 22:21:20 +0000 (23:21 +0100)]
 
package/gnupg2: bump to version 2.2.25
Update indentation in hash file (two spaces)
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000449.html
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Petr Vorel [Thu, 10 Dec 2020 21:26:53 +0000 (22:26 +0100)]
 
package/rtl8188eu: Bump to 
60cb0b5 (v5.2.2.4 branch HEAD)
This allows to build against newer kernels (up to 5.10).
Added support for new HW (Edimax EW-7811Un V2, RTL8188FU, MERCUSYS
MW150US v2, various RTL8188CE)
Tested on kernel v5.9.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joeri Barbarien [Mon, 7 Dec 2020 10:04:40 +0000 (11:04 +0100)]
 
package/perl-math-int64: new package
Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joeri Barbarien [Mon, 7 Dec 2020 10:04:39 +0000 (11:04 +0100)]
 
package/perl-devel-size: new package
Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joeri Barbarien [Mon, 7 Dec 2020 10:04:38 +0000 (11:04 +0100)]
 
package/perl-devel-cycle: new package
Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Wed, 9 Dec 2020 14:59:23 +0000 (15:59 +0100)]
 
package/ncurses: don't attempt calling ldconfig in host-ncurses
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:
cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)
The error is non-fatal and ignored, but confusing.
The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.
Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Wed, 9 Dec 2020 15:15:50 +0000 (16:15 +0100)]
 
package/opkg-utils: needs Python3 on the host
The 'opkg.py' script installed by host-opkg-utils has as shebang:
    #!/usr/bin/env python3
which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joseph Kogut [Wed, 9 Dec 2020 20:57:51 +0000 (12:57 -0800)]
 
package/ffmpeg: enable libv4l2 when selected
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Sat, 19 Dec 2020 16:34:28 +0000 (13:34 -0300)]
 
package/snort: bump to version 2.9.17
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sat, 19 Dec 2020 19:24:45 +0000 (20:24 +0100)]
 
configs/chromebook_elm_defconfig: use linux headers same as kernel (5.9 series)
Use linux headers same as kernel (5.9 series).
Fixes:
  - https://gitlab.com/buildroot.org/buildroot/-/jobs/
917539050
  Incorrect selection of kernel headers: expected 5.10.x, got 5.9.x
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 19 Dec 2020 13:20:24 +0000 (14:20 +0100)]
 
DEVELOPERS: remove Thomas Davis
His e-mail has been bouncing for quite a while:
<sunsetbrew@sunsetbrew.com>: connect to
    sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
    unreachable
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 19 Dec 2020 13:19:56 +0000 (14:19 +0100)]
 
DEVELOPERS: remove Owen Walpole
His e-mail has been bouncing for quite a while:
<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
    timed out
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tian Yuanhao [Fri, 18 Dec 2020 05:58:56 +0000 (13:58 +0800)]
 
package/pkg-golang.mk: postpone evaluation of TARGET_DIR and HOST_DIR
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Baudino [Fri, 18 Dec 2020 10:00:23 +0000 (10:00 +0000)]
 
package/go: enable ARMv7 optimizations for 32-bit ARMv8
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.
Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
  - move the comment to its own line, expand and reword it a bit
  - reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Baudino [Fri, 18 Dec 2020 09:57:42 +0000 (09:57 +0000)]
 
package/go: fix a typo in CC and CXX env values
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.
Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Wed, 16 Dec 2020 21:41:49 +0000 (22:41 +0100)]
 
package/{mesa3d, mesa3d-headers}: bump version to 20.3.1
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2020-December/000612.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 16 Dec 2020 10:18:29 +0000 (11:18 +0100)]
 
configs/roseapplypi: bump kernel to 5.10.1
And drop now upstreamed patches. Mmc support is still not mainline, but
enqueued for 5.12:
https://www.spinics.net/lists/linux-i2c/msg49279.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Dec 2020 21:47:40 +0000 (22:47 +0100)]
 
package/tinycbor: fix build on musl
Fixes:
 - http://autobuild.buildroot.org/results/
c23b694442e7f86cbdd14d8789b12e6a8fd26a70
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Dec 2020 22:42:52 +0000 (23:42 +0100)]
 
package/syslog-ng: bump to version 3.30.1
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.30.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Dec 2020 22:15:41 +0000 (23:15 +0100)]
 
package/wireshark: security bump to version 3.4.2
The following vulnerabilities have been fixed:
 - wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739.
   CVE-2020-26418.
 - wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.
 - wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994.
   CVE-2020-26420.
 - wnpa-sec-2020-19 Multiple dissector memory leak. Bug 17032.
   CVE-2020-26419.
 - wnpa-sec-2020-20 QUIC dissector crash Bug 17073.
https://www.wireshark.org/docs/relnotes/wireshark-3.4.1.html
https://www.wireshark.org/docs/relnotes/wireshark-3.4.2.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Amend [Sat, 12 Dec 2020 22:52:24 +0000 (23:52 +0100)]
 
pkg-cmake.mk: fix host ccache support for CMake 3.19
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .
Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.
/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++"  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF  -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler
Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changming Huang [Fri, 7 Feb 2020 08:38:50 +0000 (16:38 +0800)]
 
package/qoriq-rcw: rename from package/rcw
This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.
Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.
Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
  - rebase on master
  - incorporate changes by Michael
  - don't move to an 'nxp' sub-directory
  - reword the legacy entry; select the new package
  - expand commit log to explain why we keep installing in
    host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabio Estevam [Mon, 14 Dec 2020 17:13:18 +0000 (14:13 -0300)]
 
configs/imx6-sabresd: bump kernel version to 5.10
Bump the kernel version to 5.10.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Mon, 14 Dec 2020 16:09:45 +0000 (17:09 +0100)]
 
package/iptables: bump to version 1.8.6
remove merged patch
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 14 Dec 2020 15:56:12 +0000 (16:56 +0100)]
 
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 14 Dec 2020 15:56:11 +0000 (16:56 +0100)]
 
package/linux-headers: drop 5.8 headers
The 5.8.x series is now EOL, so drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Walle [Mon, 14 Dec 2020 15:12:34 +0000 (16:12 +0100)]
 
board/kontron/smarc-sal28: remove "known bugs" section
Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 14 Dec 2020 15:33:22 +0000 (16:33 +0100)]
 
package/sqlite: bump version to 3.34.0
Release notes: https://sqlite.org/releaselog/3_34_0.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcin Niestroj [Tue, 15 Dec 2020 14:04:07 +0000 (15:04 +0100)]
 
package/python-requests: bump to version 2.25.0
LICENSE file content has been changed ([1]) to follow Apache-2.0
instructions.
[1] https://github.com/psf/requests/commit/
22b5a39098223f51fcd2df238e13f9bac86b35a4
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 15 Dec 2020 06:51:55 +0000 (07:51 +0100)]
 
package/git: fix build without threads
Fix build of git version >= 2.29.0 without threads
Fixes:
 - http://autobuild.buildroot.org/results/
d41638d1ad8e78dd6f654367c905996b838ee649
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 15 Dec 2020 15:43:13 +0000 (16:43 +0100)]
 
package/mosquitto: bump version to 2.0.2
Bugfix release.  Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Wed, 16 Dec 2020 09:02:25 +0000 (01:02 -0800)]
 
package/go: bump to version 1.15.6
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 19 Nov 2020 06:22:01 +0000 (07:22 +0100)]
 
package/uclibc-ng-test: add hashes
Fixes:
http://autobuild.buildroot.net/results/4bb/
4bb46976665bea99ac62c86d3953ad025f7f0a96/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 1 Dec 2020 19:30:57 +0000 (20:30 +0100)]
 
package/uclibc-ng-test: fix TLS for nios2
Fix TLS for nios2 to avoid the following build failure:
In file included from tst-tls1.c:6:
tls-macros.h:101:3: error: #error "No support for this architecture so far."
 # error "No support for this architecture so far."
   ^~~~~
Fixes:
 - http://autobuild.buildroot.org/results/
303e50d996b7261896f163418831fabb40779ff5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Gervais [Thu, 26 Nov 2020 15:55:33 +0000 (10:55 -0500)]
 
package/systemd: add a menu entry to enable portable services
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Reviewed-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Mon, 23 Nov 2020 21:12:58 +0000 (22:12 +0100)]
 
package/shadowsocks-libev: fix static build with netfilter_conntrack
Fixes:
 - http://autobuild.buildroot.org/results/
6cad497a7ab941a0ee3fd7007defc81e30cdcbe0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 24 Nov 2020 22:15:33 +0000 (23:15 +0100)]
 
package/kismet: fix static build with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/
b859eb3850c0beb23e18010dc2f07cd0f5c14440
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Christoph Müllner [Mon, 23 Nov 2020 13:15:06 +0000 (14:15 +0100)]
 
boot/arm-trusted-firmware: Forward stack protection configuration
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]
TF-A releases after Nov 2019, that include 
7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sun, 22 Nov 2020 10:16:56 +0000 (11:16 +0100)]
 
package/libeXosip2: bump to version 5.2.0
- Drop patch (already in version)
- Update indentation in hash file (two spaces)
https://git.savannah.nongnu.org/cgit/exosip.git/tree/ChangeLog?h=5.2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sun, 22 Nov 2020 10:16:55 +0000 (11:16 +0100)]
 
package/libosip2: bump to version 5.2.0
Update indentation in hash file (two spaces)
https://git.savannah.nongnu.org/cgit/osip.git/tree/ChangeLog?h=5.2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Michael Walle [Tue, 15 Dec 2020 08:14:33 +0000 (09:14 +0100)]
 
arch/Config.in.powerpc: Drop PPC601 support
Linux support was removed in 5.10 [1]. Since no in-tree defconfig
depends on it, just remove it.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/powerpc?id=
f0ed73f3fa2cdca65973659689ec9e46d99a5f60
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr: reorder legacy entry]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Walle [Mon, 14 Dec 2020 09:37:24 +0000 (10:37 +0100)]
 
configs/kontron_smarc_sal28: use kernel 5.10
Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Walle [Mon, 14 Dec 2020 09:37:23 +0000 (10:37 +0100)]
 
{linux, linux-headers}: add version 5.10
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 17:04:20 +0000 (18:04 +0100)]
 
package/suricata: bump to version 6.0.1
These releases are bug fix releases, fixing numerous important issues.
The 6.0.1 release also improves the experimental HTTP/2 support.
https://suricata-ids.org/2020/12/04/suricata-6-0-1-5-0-5-and-4-1-10-released
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 17:04:19 +0000 (18:04 +0100)]
 
package/libhtp: bump to version 0.5.36
https://github.com/OISF/libhtp/releases/tag/0.5.36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 16:57:16 +0000 (17:57 +0100)]
 
package/libcap-ng: bump to version 0.8.2
https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2
https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 13 Dec 2020 16:47:00 +0000 (17:47 +0100)]
 
package/haproxy: bump to version 2.2.6
Two major bugs were fixed in this versions, both leading to a memory
corruption and random crashes.
https://www.mail-archive.com/haproxy@formilux.org/msg39068.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 6 Dec 2020 09:32:30 +0000 (10:32 +0100)]
 
package/python-pybind: bump to version 2.6.1
Update indentation in hash file (two spaces)
https://github.com/pybind/pybind11/releases/tag/v2.6.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 6 Dec 2020 09:08:37 +0000 (10:08 +0100)]
 
package/nmap: fix license
Commit 
78dc1f185ba0c8c9085d44318f72ab172867b147 forgot to update the
license file from COPYING to LICENSE.
Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:
Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
Fixes:
 - http://autobuild.buildroot.org/results/
8cef6a5e99ae341cced405a389346e2faccf6eec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Wed, 9 Dec 2020 11:26:32 +0000 (12:26 +0100)]
 
package/libglib2: correct upstream status for patch 0001
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.
Clarify the 'Upstream-status' line to make this more clear.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 12 Dec 2020 21:55:58 +0000 (22:55 +0100)]
 
package/unbound: security bump to version 1.13.0
This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.
Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Mon, 14 Dec 2020 12:43:58 +0000 (13:43 +0100)]
 
package/can-utils: bump to version 2020.11.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>