git.libre-soc.org Git - buildroot.git/log

package/ushare: fix NLS build

Commit c4e1a075101914f8e0d47f8bb9c06bea13ba0fd2 forgot to add
--enable-nls to patch resulting in the following build failure:

Unknown option "--enable-nls".

Fixes:
- http://autobuild.buildroot.org/results/6ab2555b419355f01310f230fe612f2a3699bbfd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

support/testing: test_atf: bump the custom version to v2.5

This version bump is needed to pass the ATF test with
hardening option enabled (-fstack-protector-strong)

With the version v2.2, ATF fail due to undefined references:

./build/juno/release/bl2u/arm_tzc400.o: In function `arm_tzc400_setup':
arm_tzc400.c:(.text.arm_tzc400_setup+0x10): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0x18): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xb8): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xcc): undefined reference to `__stack_chk_fail'

Since commit ccac9a5bbbd7374187a0f0017101ece0c202851d, Buildroot no
longer forces ENABLE_STACK_PROTECTOR. However, we rely on the ATF build
system to handle it correctly, and this wasn't the case in v2.2.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1524842591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/coreutils: Prevent overwriting of fakedate

When BR2_REPRODUCIBLE is set and host-coreutils needs to be built, the
fakedate script installed to 'host/bin/date' will be overwritten by
host-coreutils.

Besides, we do not need our host-coreutils for 'date' at all; we really
rely on the host system to provide it.

Unconditionally disable installing the 'date' binary in host-coreutils.

Note that we explicitly request only ln and realpath to be installed,
but the coreutils buildsystem does not strictly obey to that, as was
already noticed in 885e6fdb8a40 (package/coreutils: introduce a host
variant), which added that comment above HOST_COREUTILS_CONF_OPTS:

    # Explicitly install ln and realpath, which we *are* insterested in.
    # A lot of other programs still get installed, however, but disabling
    # them does not gain much at build time, and is a loooong list that is
    # difficult to maintain...

So, we also update that comment to explain why we still anyway disable
installation of 'date'.

Signed-off-by: Conrad Ratschan <conrad.ratschan@collins.com>
[yann.morin.1998@free.fr:
  - unconditionally disable installing date
  - extend comment and commit log to explain why we need
    --enable-no-install-program=date despite the existing
    --enable-install-program=ln,realpath
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mtd: add ubihealthd missing comment

Commit 42a3fee35e67d8d946f52a82bfa88ee6fd9f04b6 forgot to add comment on
headers 3.17+

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mtd: make ubihealthd independent of ubifs

Since version 2.1.3 ubihealthd can be enabled without of ubifs-utils.

This also fixes usability of enabling BR2_PACKAGE_MTD_UBIHEALTHD.
BR2_PACKAGE_MTD_UBIFS_UTILS is a blind option. The only way to enable it
is to enable BR2_PACKAGE_MTD_MKFSUBIFS that selects it. ubihealthd
dependency on BR2_PACKAGE_MTD_UBIFS_UTILS makes enabling it unintuitive.

Cc: Markus Mayer <mmayer@broadcom.com>
Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/ipmiutil: avoid the need for autoreconf

Build fails since bump to version 3.1.7 in commit
011f31ee244b7fe4621b3f69ca3d7e7b1cfdb5bb because config.h.in is older
than aclocal.m4:

make[1]: Entering directory '/tmp/instance-4/output-1/build/ipmiutil-3.1.7'
(CDPATH="${ZSH_VERSION+.}:" && cd . && autoheader)
/bin/bash: autoheader: command not found

Fixes:
- http://autobuild.buildroot.org/results/2005af881726473f2cda176e90c1e41e4baea67c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nodejs: security bump to version 12.22.5

Fix CVE-2021-22931, CVE-2021-22940 and CVE-2021-22939:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

board/acmesystems/{aria, arietta}-g25: fix genimage.cfg

On the Aria and the Arietta AT91Bootstrap builds, the file name of the
bootloader embeds its version number, and the genimage configuration
needs this filename in order to build the boot filesystem image. Commit
0614f435a09e99c33f418a646eaa7647944c2f4c bumped the AT91Bootstrap
version of all acmesystems' boards but failed to update genimage.cfg
accordingly, which broke the builds. The Acqua board is not affected
by this issue.

Update the affected genimage.cfg with the correct filenames.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1515521690
https://gitlab.com/buildroot.org/buildroot/-/jobs/1515521691
https://gitlab.com/buildroot.org/buildroot/-/jobs/1515521692
https://gitlab.com/buildroot.org/buildroot/-/jobs/1515521694

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

docs/website: use lore for ml search

the nabble.com link is dead and lore has a good search.
So use lore for the search form.

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/mtd: ubihealthd needs kernel 3.17+

ubihealthd requires getrandom(2) that was introduced in kernel version
3.17. ubihealthd does not build when getrandom(2) is not detected, so
the following installation step fails.

Technically the dependency should also be on glibc version 2.25+. But we
have no way to depend on glibc versions of external toolchains.
Toolchain built with kernel headers older than 3.17 can build
ubihealthd, but it will fail at run-time. So this is a pretty close
approximation of the actual dependency.

Fixes:
http://autobuild.buildroot.net/results/2d42b0a626367e4051d0e2aadcce39e974fe09d4/
http://autobuild.buildroot.net/results/a2b6dbf707275e3f8262479c0650cfc7cb9abc8d/

Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/ushare: fix build without msgfmt

Fix the following build failure without /usr/bin/msgfmt raised since the
addition of ushare in commit 74097fd659154499612f21fabeda4e3e7c8fdbfc:

make[3]: Entering directory `/home/buildroot/autobuild/run/instance-3/output-1/build/ushare-2.1/po'
/usr/bin/msgfmt -c --statistics -o fr.gmo fr.po
make[3]: /usr/bin/msgfmt: Command not found

To fix this build failure, set GMSGFMT to $(HOST_DIR)/bin/msgfmt and
don't build po files if NLS is disabled

Fixes:
- http://autobuild.buildroot.org/results/9f6b5b8f38386135bacd2d8f6e97c1fea77bbe69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/cjson: bump to version 1.7.15

Fixes:
- Fix potential core dumped for strrchr
- Fix null pointer crash in cJSON_CreateXxArray
- Fix several null pointer problems on allocation failure
- Fix a possible dereference of null pointer

https://github.com/DaveGamble/cJSON/releases/tag/v1.7.15

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

Revert "toolchain: handle toolchains with multiple ld*.so.* files"

This breaks some existing external toolchains. Since we're very close to
a release, don't try to fix it, but instead simply revert.

This reverts commit 6f911a17257d945eb3cb5c9c9a966f0e5fca0842.

Fixes: http://autobuild.buildroot.net/results/afe/afe44f4b6a3c53e5864cfb10b04529011e72cf5c/
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

configs/pc_x86_64_{efi, bios}_defconfig: update kernel to 4.19.204

gcc 10.x is now used by default but the kernel 4.18.10 used by
pc_x86_64_{efi,bios}_defconfig doesn't build with it.

Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1525741062
https://gitlab.com/kubu93/buildroot/-/jobs/1525741060

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

configs/beaglev_defconfig: update linux-headers to 5.13.

The beaglev kernel is based on the 5.13 branch, update
the expected linux-headers version to 5.13.

This has been wrong ever since the bump of the kernel version in commit
9a1bd7cc1ce512672a5d76baa86c449e36137052: the headers were bumped to
5.12 instead of 5.13.

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1525740895

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/alsa-utils: Fix alsa-plugins compatibility

Previously, alsa-plugins would not work if alsa-utils was installed
after it. This happened because:

1. alsa-plugins copies some files $(TARGET_DIR)/usr/share/alsa/alsa.conf.d
2. alsa-utils removes these files during installation ( rm -rf $(TARGET_DIR)/usr/share/alsa/;)

The `rm -rf` command was originally added as part of the fix for
https://bugs.buildroot.org/show_bug.cgi?id=1573 11 years ago.

The intention might have been to allow for unconfiguring some options
and then rebuilding alsa-utils. However, this is a scenario that does
not work anyway.

The simplest fix for the `alsa-plugins` compatibility issue appears to
be to remove the `rm -rf` command.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libopenssl: security bump version to 1.1.1l

Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

DEVELOPERS: drop Maxime Hadjinlian

Maxime has not been contributing to Buildroot for several years, so it
doesn't make sense to keep him in the DEVELOPERS file and make us
think that those packages are being maintained and to Cc: him on
patches affecting those packages.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

toolchain: handle toolchains with multiple ld*.so.* files

Some 3rd party vendor toolchains have multiple files which match
these glob patterns. In this case, the shell script failed.
Switching to use find and xargs solves the issue.

Signed-off-by: Jonah Petri <jonah@petri.us>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libarchive: security bump to version 3.5.2

Fix CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free
in copy_string (called from do_uncompress_block and process_block).

https://github.com/libarchive/libarchive/releases/tag/v3.5.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/belle-sip: add BELLE_SIP_CPE_ID_VENDOR

cpe:2.3:a:linphone:belle-sip is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinphone%3Abelle-sip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libffi: disable use of static exec trampolines

TestGst1Python test segfault since the libffi bump to 3.4.2.

Apply the same fix from Yocto [1] disabling static exec trampolines.

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1522848331

[1] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=dadfef3950fae4e93ce4c13ab91a2a7f41b3702e

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/linux-pam: add libxcrypt optional dependency

Add libxcrypt optional dependency and fix the following build failure
with libxcrypt and uclibc-ng raised since the addition of libxcrypt in
commit 464bbe26ff5fb9e5bfe26a26ea65c700b90598f5:

/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabihf/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabihf/bin/ld: unix_chkpwd-passverify.o: in function `verify_pwd_hash':
passverify.c:(.text+0xab4): undefined reference to `crypt_checksalt'

Fixes:
- http://autobuild.buildroot.org/results/65d68b7c9c7de1c7cb0f941ff9982f93a49a56f8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/localedef: bump to version 2.33-46-gedfd11197ecf3629bbb4b66c5814da09a61a7f9f

resync the version with glibc package.

Remove upstream patches.

Rebase remaining patches for glibc 2.33.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/python{3}-requests: allow idna 3.x to be installed on python 3.x

The tests.package.test_docker_compose.TestDockerCompose is broken
since the python-idna version bump to 3.0 because python-requests needs
python-idna < 3.0.

# docker-compose up -d
Traceback (most recent call last):
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 583, in _build_master
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 900, in require
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 791, in resolve
pkg_resources.ContextualVersionConflict: (idna 3.2 (/usr/lib/python3.9/site-packages), Requirement.parse('idna<3,>=2.5'), {'requests'})

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
   File "/usr/bin/docker-compose", line 6, in <module>
     from pkg_resources import load_entry_point
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3252, in <module>
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 585, in _build_master
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 598, in _build_from_requirements
   File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 786, in resolve
pkg_resources.DistributionNotFound: The 'idna<3,>=2.5' distribution was not found and is required by requests

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1522848327

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: test_docker_compose: bump the kernel to 4.19.204

gcc 10.x is now used by default but the kernel 4.19 used by
test_docker_compose doesn't build with it.

Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: revert the last change of check_network()

check_network() must check the error code of the command
used to check the network configuration with the value
passed as argument "exitCode".

But this argument is ignored since this commit [1].

Revert the last change of check_network().

Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1522848308
https://gitlab.com/kubu93/buildroot/-/jobs/1522848306

[1] afc1ed4d5152e0f6e724e6986a1d12c8001b94fe

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: improve conditions for gcc bug 99140

Gcc bug 99140 has been fixed on gcc 8.x but reappeared on gcc 9.x while
it's been fixed on gcc 10.x+. So let's update
BR2_TOOLCHAIN_HAS_GCC_BUG_99140 accordingly.

Fixes:
http://autobuild.buildroot.net/results/c55/c55f50a8d657695f0d5492c32efa666254cd7f99/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "package/libcap: don't overwrite 'empty' when generating loader.txt"

This was for the next branch, not master...

This reverts commit 6fb0dbe4038ccde96e4600ca566d6269911077bc.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libcap: don't overwrite 'empty' when generating loader.txt

Upstream commit [1] introduced an invocation of objcopy to generat
loader.txt. However, objcopy, if not provided with an output file, will
overwrite the input file. This is usually harmless because it will be
identical, but the timestamp is updated. This may cause 'empty' to be
newer than 'loader.txt', which causes 'loader.txt' and its dependencies
to be rebuilt during 'make install'

We provide a different set of parameters during 'make install'. In
particular, we no longer pass in HOST_CONFIGURE_OPTS, so we no longer
set LDFLAGS. Thus, there is no -Wl,rpath option that is passed in, which
causes the resulting binaries to have an incorrect RPATH.

Fix this by adding /dev/null as the output file in the objcopy
invocation.

Patch was sent upstream, but there's no mailing list, just a single
person.

Fixes: http://autobuild.buildroot.net/results/600/600aff5b839b48db80751cace5fa9670b7a3d698
(hopefully)

[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=efd293947f940180eedd8d0915b124f4aedccc08

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

support/testing: remove TestPythonPy2{Cryptography, ServiceIdentity, Treq, Twisted, Txtorcon}

The python2 support has been removed since the python-idna bump to version 3.2 [1]

[1] 0c7e30b43a5e98abfc8db521a6415b5a5c1c267f

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libmodsecurity: disable -fPIC on m68k_cf

This package has -fPIC gcc option set by default but we can't use it on
m68k_cf since it doesn't support it throwing a gcc build failure. So let's
disable it by passing -fno-PIC.

Fixes:
http://autobuild.buildroot.net/results/b92980a563fe7ee331e70f288ce041be0bf29d40/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/mesa3d: fix build on riscv32

Fix the following build failure on riscv32:

../src/util/futex.h: In function 'sys_futex':
../src/util/futex.h:39:19: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
   39 |    return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
      |                   ^~~~~~~~~
      |                   sys_futex

Fixes:
- http://autobuild.buildroot.org/results/692700a5f967760a0b8cd358b1712f1d5a7b681e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/snort3: link with -latomic if needed

Fix the following build failure raised since bump to version 3.1.6
in commit e66f2fd310374779d415fa683813cc5f5ccf6be9 and
https://github.com/snort3/snort3/commit/3e518d86040e74c328bcc0d5bbd49c1da6b7a3ec:

/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: service_inspectors/dce_rpc/CMakeFiles/dce_rpc.dir/dce_smb2_file.cc.o: undefined reference to symbol '__atomic_load_8@@LIBATOMIC_1.0'

Fixes:
- http://autobuild.buildroot.org/results/df34a69175e61bc7b180d89c738747e19aaf13bf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/sdl2: fix build with kmsdrm

Build with kmsdrm is broken since bump to version 2.0.14 in commit
5e0da5c40da82d90c3f6ca037170838a6689b65b. Indeed, first patch was
already applied in this version:
https://github.com/libsdl-org/SDL/commit/9354aea19834ada7ffb90d379600a242a7aa820f
but upstream made other changes that requires EGL so add an upstream
patch to fix the build failure

Moreover, run autogen.sh instead of autoreconf as it breaks the build
and is not recommended by upstream:
https://github.com/libsdl-org/SDL/pull/4214

Fixes:
- http://autobuild.buildroot.org/results/355c7e5092e7641d8b04ecb550e2671d70720bd2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add dependency on host-autoconf]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/sdl2: kmsdrm needs GBM

kmsdrm needs GBM (and so mesa3d) since its addition in version 2.0.6:
https://github.com/libsdl-org/SDL/commit/56363ebf6124b345e1cfbd14fb6c0e654837910c

If libgbm is not found, kmsdrm will be silently disabled

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/lua-lunix: fix sys/sysctl.h detection

sysctl.h has been removed from glibc since version 2.32.

Fixes: http://autobuild.buildroot.net/results/749a11d5289c6fec3b2f236b9073fc1ab730d090/
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

Config.in: disable Fortify Source for microblaze

As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.

Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].

Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.

[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libressl: always expose SSL_OP_NO_TLSv1_3

Fixes the build of vsftpd 3.0.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kvm-unit-tests: fix powerpc64 PHDR seg err

Upstream comment: "Let's introduce some fake PHDRs
to the linker script to get this working again."

Fixes:
(next) http://autobuild.buildroot.net/results/ae091dbcb155e63c208ce5adb289807cee83e28d/
(master) http://autobuild.buildroot.net/results/ef0/ef0b044802c54a697d8bffb28eba08cf9ce44f4c/
(2021.02.x) http://autobuild.buildroot.net/results/044/04495aa23ce51c48b9b850890453abded85dc477/
(2021.05.x) http://autobuild.buildroot.net/results/0fa/0fa94f1f930aa16cec3bc96e64bc57b460238a0a/

[Cherry-picked upstream]
5126732d73aa75a0bc84f898042bfe35640624b8

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/polkit: install polkit.loc to HOST_DIR

Fix added by commit c20d31baf471daeeec50d62cb8baa79bac06fa51 is
incomplete as polkit.loc must also be added to
$(HOST_DIR)/share/gettext/its

Additionally, the destination path for "$(INSTALL) -D" must be a
fully-qualified filename, not just the destination directory.

Fixes:
- http://autobuild.buildroot.org/results/170e4802b7b4e8e7dafa95ade549e8fd05e43bfd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: dest must be a filename, not a directory]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libvirt: fix syntax error in Config.in

The typo was introduced in 6aa318d91e66731d66dca485c4c30391fe0e2423

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/cpio: fix CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mpv: fix build of vaapi with egl-drm

Build of vaapi with egl-drm is broken since commit
6ec47c4e59c7c8c57e972dab985c8a2ba0bf7174 because egl-drm is a part of gl
group which is only enabled if BR2_PACKAGE_HAS_LIBGL or
BR2_PACKAGE_HAS_LIBGLES are set:
https://github.com/mpv-player/mpv/blob/ec0006bfa1aaf608a7141929f2871c89ac7a15d6/wscript#L572

As a result, despite what is being displayed in the autobuilder log
message, the build failure is not related to X11 but to the fact that
we try to enable vaapi through egl-drm but at the same time, we disable
gl.

To fix it, enable gl if libegl is available as gl can be enabled for
example through wayland and egl (gl-wayland):

'deps': 'gl-cocoa || gl-x11 || egl-x11 || egl-drm || '
+ 'gl-win32 || gl-wayland || rpi || '
+ 'plain-gl',

Fixes:
- http://autobuild.buildroot.org/results/e5c15228f42a73f8c34b26630b2074c30e5f5966

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mpv: vaapi-drm needs egl-drm

Build of vaapi-drm without egl-drm is broken since commit
6ec47c4e59c7c8c57e972dab985c8a2ba0bf7174.

egl-drm has been added with commit
031df474c24f92757ac95ade572b90995ebdc6a2 and it is only available with
mesa3d because of the gbm dependency:
https://github.com/mpv-player/mpv/blob/0b56e1c00a57fdb767674462c299a5c973a9e373/wscript#L571

Indeed, at the moment, mesa3d is the only gbm provider in buildroot.

Fixes:
- http://autobuild.buildroot.org/results/83d6dcbb77ab8754aefcdcf90baeaff9db2a1c81

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libmcrypt: drop package

Drop libmcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development.".

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mcrypt: drop package

Drop mcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libvirt: fix dependency of comment

d1fc0690addd (package/libvirt: fix dependencies on kernel headers)
forgot to update the conditions for the comment after the last-minute
changes by Yann.

Fix that.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libvirt: fix dependencies on kernel headers

In ccfc90e1010e (package/libvirt: new package), last-minute changes
missed the depenecny on kernel headers; headers >= 3.12 are required for
all architectures, but AArch64, which requires 4.11 for HWCAP_CPUID:

    ../src/cpu/cpu_arm.c: In function 'virCPUarmCpuDataFromRegs':
    ../src/cpu/cpu_arm.c:562:20: error: 'HWCAP_CPUID' undeclared (first use in this function); did you mean 'HWCAP_PMULL'?
         if (!(hwcaps & HWCAP_CPUID)) {
                        ^~~~~~~~~~~
                        HWCAP_PMULL

Fixes:
- http://autobuild.buildroot.org/results/85bf7b4dad73a748bf439e63874eb64d9a53088f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - move AArch64 4.11 req. from _ARCH_SUPPORTS to BR2_PACKAGE_LIBVIRT
  - add missing dependency on headers 3.12 for the rest
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rust-bin: harmonize indentation

Use an indentation of two spaces everywhere

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/heirloom-mailx: fix build failure due to gcc bug 101916

The heirloom-mailx package exhibits gcc bug 101916 when built for the
SH4 architecture with optimization enabled, which causes a build failure.

As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101916=y.
Also introduce HEIRLOOM_MAILX_CFLAGS as done for other packages and move
the already present -fPIC CFLAG to it.

Fixes:
http://autobuild.buildroot.net/results/911/911f5c024834741754102ff1bbb05c4a64c54a0b/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_101916

heirloom-mailx package fails to build for the SH4 architecture with
optimization enabled with gcc = 11.1.0:
http://autobuild.buildroot.net/results/911/911f5c024834741754102ff1bbb05c4a64c54a0b/

It's been reported upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101916

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lmbench: fix build failure due to gcc bug 101915

The lmbench package exhibits gcc bug 101915 when built for the
Microblaze architecture with optimization enabled, which causes a build
failure.

As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101915=y.

Fixes:
http://autobuild.buildroot.net/results/ae1/ae1e4d61ed367c6cb64442c60d98882cc7985346/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_101915

lmbench package fails to build for the Microblaze architecture with
optimization enabled with gcc = 11.1.0:
http://autobuild.buildroot.net/results/ae1/ae1e4d61ed367c6cb64442c60d98882cc7985346/

It's been reported upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101915

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: bump CIP RT kernel to version 4.19.198-cip54-rt21

This patch bumps Linux CIP RT to version 4.19.198-cip54-rt21

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: bump CIP kernel to version 4.19.198-cip54

This patch bumps Linux CIP to version 4.19.198-cip54.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdb: fix build of gdb on riscv

Build of gdb on riscv without host-gdb is broken since commit
4ecd247ead22a6cfb87a4ffafc4be05201328aef because BR2_GDB_VERSION_10 is
never defined if BR2_PACKAGE_HOST_GDB is not selected resulting in the
following build failure:

/bin/bash: line 0: cd: /tmp/instance-0/output-1/build/gdb-10.1/gdb/gdbserver: No such file or directory

So add a BR2_PACKAGE_GDB_TOPLEVEL hidden option as suggested by Thomas
Petazzoni.

Fixes:
- http://autobuild.buildroot.org/results/ce47d616ee79d5f735779570ebc3b4a9c0f64c6a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdb: bump version 10.x to 10.2

Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "package/libshout: enable optional dependency for libressl"

This reverts commit 46b8fb7500ecca65a79507318fd3052208559c09 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/haproxy: security bump to version 2.4.3

Fixes the following security issues:

- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It does not ensure that the scheme
  and path portions of a URI have the expected characters.  For example, the
  authority field (as observed on a target HTTP/2 server) might differ from
  what the routing rules were intended to achieve.

- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
  before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.  An HTTP method
  name may contain a space followed by the name of a protected resource.  It
  is possible that a server would interpret this as a request for that
  protected resource, such as in the "GET /admin?  HTTP/1.1 /static/images
  HTTP/1.1" example.

- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It can lead to a situation with an
  attacker-controlled HTTP Host header, because a mismatch between Host and
  authority is mishandled.

For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sentry-cli: remove package

This package has had build failures for a very long time, and these
issues have not been fixed, and it is now the number 1 build failure
reason in our autobuilders. It is time to acknowledge that the package
needs to be removed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/openvmtools: fix time_t build failure on 32-bit platforms

Add upstream pending patch[1] to fix time_t on 32-bit platform.

[1]: https://github.com/vmware/open-vm-tools/pull/387

Fixes:
http://autobuild.buildroot.net/results/eb3dfe679536b578a0f16762312a96ada7162095/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libvirt: fix NLS build

Fix the following build failure raised since the addition of the package
in commit ccfc90e1010e42e6529afae3a5ea8bf7226dabc1:

/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/util/libvirt_util.a(viralloc.c.o): in function `virInsertElementsN':
viralloc.c:(.text+0x167): undefined reference to `libintl_dgettext'

Fixes:
- http://autobuild.buildroot.net/results/2349c55a4a42f08ca52700c60cda3065b0c4bd88

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/at91bootstrap3: update to final 4.0.0 version

Update to AT91Bootstrap 4.0.0 version.

This package is now released under MIT license, and a license file was
added.

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bullet: fix build failure due to gcc bug 101952

The bullet package exhibits gcc bug 101952 when built for the SH4
architecture with optimization enabled, which causes a build failure.

As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101952=y like we
already do for BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y.

Fixes:
http://autobuild.buildroot.net/results/32b/32bfaf0aae57ed18c18e82a72a958af9b3e1b241/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_101952

bullet package fails to build for the SH4 architecture with optimization
enabled with gcc = 11.1.0:
http://autobuild.buildroot.net/results/32b/32bfaf0aae57ed18c18e82a72a958af9b3e1b241/

It's been reported upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101952

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add myself to toolchain topics/packages

Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/eigen: override Fortran path

The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).

This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.

Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rustc: fix conditions related to MIPS support

For MIPS64 architecture variants supported by Rust, we need to exclude
MIPS64R6, but due to a copy/paste mistake in commit
d69d40c029dc7d8199b745eaee759d92b66c5d17 ("package/rustc: add support
for Tier 1 and Tier 2 platform"), we used BR2_MIPS_CPU_MIPS32R6 for
both MIPS 32-bit and MIPS 64-bit configurations, while
BR2_MIPS_CPU_MIPS64R6 should be used on MIPS 64-bit.

Fixes:

http://autobuild.buildroot.net/8bab232eb98b164df300581ae019254bde7c8ca3/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nvidia-driver: fix build without X.org drivers

Fix the following build failure without BR2_PACKAGE_NVIDIA_DRIVER_XORG
raised since commit 9cda982855315d683d4880e6bb2a129133ea7213:

ln: failed to create symbolic link '/tmp/instance-0/output-1/target/usr/lib/xorg/modules/extensions/libglx.so': No such file or directory

Fixes:
- http://autobuild.buildroot.org/results/c2e7a826c105363309f70a3fcfe28bd53efcb94a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Update for 2021.08-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/postgresql: security bump version to 13.4

Release notes:
https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/

Fixes CVE-2021-3677:
https://www.postgresql.org/support/security/CVE-2021-3677/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

configs/{atmel, microchip}: bump at91bootstrap3 version

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Tested-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

configs/acmesystems_*: bump at91bootstrap3 version

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

boot/at91bootstrap3: bump 3.x series to 3.10.3

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/protobuf: fix build failure due to missing -mcmodel=large

When building protobuf for or1k -mcmodel=large is needed to link, so let's
add that gcc option in case we're building for or1k.

Upstream gcc doesn't have the -mcmodel=large option for or1k, but all
released Buildroot gcc versions have the patch to add it, so that's
fine.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libgeos: fix build failure due to missing -mcmodel=large

When building libgeos for or1k -mcmodel=large is needed to link, so let's
add that gcc option in case we're building for or1k.

Upstream gcc doesn't have the -mcmodel=large option for or1k, but all
released Buildroot gcc versions have the patch to add it, so that's
fine.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/gcc: add OpenRisc patches for gcc version 11.1.0

At the moment of gcc 11.1.0 release the OpenRisc patches for -mcmodel=large
were still pending. They have been upstreamed yesterday as pointed in gcc
bugzilla[1]. So they will be part of gcc 11.3.0 or maybe before on 11.2.
2. Anyway at the moment if we try to build packages libgeos and protobuf
with OpenRisc gcc 11.1.0 it fails due to missing -mcmodel=large. So let's
add OpenRisc patches for it as done for all the previous versions.

Fixes:
still not appeared on autobuilers

[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99783

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/tor: security bump version to 0.4.6.7

Fixes CVE-2021-38385: https://blog.torproject.org/node/2062

Rebased patch 0001.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-treq: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-service-identity: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-secretstorage: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-pyopenssl: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-keyring: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't view the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-cryptography: depend comment on BR2_PACKAGE_PYTHON3

The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libbpf: needs headers >= 4.13

Since its addition in commit f7b8508e4fe9c96bf679cc5423cc1500b6523e83,
libbpf unconditionally uses TCA_BPF_ID which is only available since
kernel 4.13 and
https://github.com/torvalds/linux/commit/e86283071fb0eed28136adb52997888f4beb202b:

netlink.c: In function '__get_tc_info':
netlink.c:515:11: error: 'TCA_BPF_ID' undeclared (first use in this function); did you mean 'TCA_BPF_FD'?
  515 |  if (!tbb[TCA_BPF_ID])
      |           ^~~~~~~~~~
      |           TCA_BPF_FD

Fixes:
- http://autobuild.buildroot.org/results/14996a0b7b9b65d0d6d5717d6da8922752789749

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/fontconfig: fix build with NLS

Add TARGET_NLS_DEPENDENCIES and host-gettext dependency to avoid the
following build failure in a per-package-directorie build with
host-cairo raised because fontconfig installs its ITS files in the wrong
directory (i.e. outside of gettext-tiny symlink):

mkdir -p /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
cannot delete non-empty directory: share/gettext
could not make way for new symlink: share/gettext

This only happens with per-package directories because then the rsync is
done. Otherwise the fontconfig installation will simply follow the
symlink.

The error of course exists for target as well, but doesn't occur in
autobuilders since it already fails for host.

Fixes:
- http://autobuild.buildroot.org/results/00e29958cecfffa4e994ab549637117dd8f55c30

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/fontconfig: break circular dependency

Build fails because of the following circular dependency:

fontconfig -> util-linux -> udev -> systemd -> polkit ->
gobject-introspection -> cairo -> fontconfig

which results in the following build failure:

checking for UUID... no
checking where uuid functions comes from... configure: error:
*** uuid is required. install util-linux.

To break it, apply the same ugly workaround that was applied for
libglib2 and cryptsetup until a better solution is found:
https://patchwork.ozlabs.org/project/buildroot/patch/20201101150619.1709959-1-fontaine.fabrice@gmail.com/

Fixes:
- http://autobuild.buildroot.org/results/2c6ef073e7e98e13daa409e1ea6130e9abd32c87

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/busybox/udhcpc.script: ensure action argument is correctly passed to hook scripts

commit f79a420825479c47d (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.

As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.

Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/harfbuzz: fix build without threads

Fix the following build failures without threads by defining HB_NO_MT as
specified in https://github.com/harfbuzz/harfbuzz/blob/main/CONFIG.md:

In file included from ../src/hb.hh:458,
                 from ../src/hb-blob.cc:28:
../src/hb-mutex.hh:88:2: error: #error "Could not find any system to define mutex macros."
   88 | #error "Could not find any system to define mutex macros."
      |  ^~~~~

This build failure is raised since bump to version 2.8.1 in commit
e9ba1c80e8ebf5f5ad9d889d2dd37f27af87e811 and
https://github.com/harfbuzz/harfbuzz/commit/711c241f6c7e18c5403602375a733af74df76f83
which removed busyloop mutex implementation.

Fixes:
- http://autobuild.buildroot.org/results/0c03aca5e3ade735b54b0b9233896b868aec1520

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libepoxy: bump to version 1.5.9

Update to libepoxy 1.5.9, which adds a fallback to use libOpenGL.so that
fixes a couple of regressions:

https://github.com/anholt/libepoxy/releases/tag/1.5.9

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR

Commit 5f432df7e2d2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:

make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?

Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libargtable2: update LIBARGTABLE2_VERSION

Update LIBARGTABLE2_VERSION to reflect what is used by
https://release-monitoring.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/iozone: update IOZONE_VERSION

Update IOZONE_VERSION to reflect what is used by
https://release-monitoring.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sqlite: add SQLITE_TAR_VERSION

3.35.0 is the version used by https://release-monitoring.org as well as
NVD NIST database so add SQLITE_TAR_VERSION and drop
SQLITE_CPE_ID_VERSION

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/unbound: bump to version 1.13.2

The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.

This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2

Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/go: security bump to version 1.16.7

go1.16.7 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler, the
linker, the runtime, the go command, and the net/http package.

https://golang.org/doc/devel/release#go1.16

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: drop Sven Fischer

Sven has privately asked to no longer receive notifications related to
this package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: fix build with samba

Fix the following build failure with samba raised since commit
49f6b2f39ee23e3e53c0b001894644734b8338b6:

Compiling targeted policy.31
env LD_LIBRARY_PATH="/tmp/instance-5/output-1/host/lib:/tmp/instance-5/output-1/host/usr/lib" /tmp/instance-5/output-1/host/usr/bin/checkpolicy -c 31 -U deny -S -O -E policy.conf -o policy.31
policy/modules/services/samba.te:399:ERROR 'type crack_db_t is not within scope' at token ';' on line 360232:
allow smbd_t crack_db_t:dir { getattr search open };
#line 399
checkpolicy: error(s) encountered while parsing configuration

Fixes:
- http://autobuild.buildroot.org/results/ab7098948d1920e42fa587e07f0513f23ba7fc74

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>