git.libre-soc.org Git - buildroot.git/log

package/mariadb: add SELinux module

Support for mariadb is added by the services/mysql module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/redis: security bump to v6.2.5

From the release notes:
================================================================================
Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.

Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.

See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mpd: add SELinux module

Support for mpd is added by the services/mpd module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/monit: add SELinux module

Support for monit is added by the services/monit module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/monit: add MONIT_CPE_ID_VENDOR

cpe:2.3:a:mmonit:monit is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ammonit%3Amonit

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mongodb: add SELinux module

Support for mongodb is added by the services/mongodb module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/modem-manager: add SELinux module

Support for modem-manager is added by the services/modemmanager module
in the SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/memcached: add SELinux module

Support for memcached is added by the services/memcached module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lirc-tools: add SELinux module

Support for lirc-tools is added by the services/lircd module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openldap: add SELinux module

Support for openldap is added by the services/ldap module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xl2tp: add SELinux module

Support for xl2tp is added by the services/l2tp module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/irqbalance: add SELinux module

Support for irqbalance is added by the services/irqbalance module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/iodine: add SELinux module

Support for iodine is added by the services/iodine module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/iodine: add IODINE_CPE_ID_VENDOR

cpe:2.3:a:kryo:iodine is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akryo%3Aiodine

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ifplugd: add SELinux module

Support for ifplugd is added by the services/ifplugd module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gpsd: add SELinux module

Support for gpsd is added by the services/gpsd module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gpm: add SELinux module

Support for gpm is added by the services/gpm module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/git: add SELinux module

Support for git is added by the services/git module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fetchmail: add SELinux module

Support for fetchmail is added by the services/fetchmail module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fail2ban: add SELinux module

Support for fail2ban is added by the services/fail2ban module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/exim: add SELinux module

Support for exim is added by the services/exim module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/drbd-utils: add SELinux module

Support for drbd-utils is added by the services/drbd module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dante: add SELinux module

Support for dante is added by the services/dante module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cvs: add SELinux module

Support for cvs is added by the services/cvs module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/open62541: cleanup tools files after installation

The open62541 tools directory is indeed 52 MiB, which built as a standalone package
named 'libopen62541-1-tools' in launchpad. Nothing is required at runtime.

See the official debian control file template:
https://raw.githubusercontent.com/open62541/open62541/master/debian/control-template

See https://launchpad.net/~open62541-team/+archive/ubuntu/ppa/+packages
libopen62541-1       Open source implementation of OPC UA - shared library
libopen62541-1-dev   Open source implementation of OPC UA - development files
libopen62541-1-tools Open source implementation of OPC UA - tools
open62541-doc        Open source implementation of OPC UA - documentation

Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

utils/scanpypi: allow installation of commands without 'main' method

In case the setup.py file of a python package does not directly call the
'setup' method, utils/scanpypi was hoping there be a 'main' function which
would do the work, normally called via a construct like:

if __name__ == '__main__':
main()

However, this construct is nonstandard, and there are packages in PyPI which
call 'setup()' directly from the 'if' statement, without a main() method.

But scanpypi does not actually need to make such assumption: when loading
the module, it can decide the name to be '__main__', just as if setup.py
would be loaded interactively.

Additionally, remove some logic seemingly related to the previous trick of
calling 'main'. There should not be a problem in keeping already loaded
modules in sys.modules, as this is the purpose of sys.modules.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

utils/scanpypi: add setup.py script directory as sys.path[0]

Even though the directory containing a package's setup.py was added to
sys.path, some setup.py implementations rely on the fact that it is placed
in sys.path[0].

An example package is 'cram' which failed to be added with scanpypi:

    Traceback (most recent call last):
      File "utils/scanpypi", line 756, in <module>
        main()
      File "utils/scanpypi", line 703, in main
        package.load_setup()
      File "utils/scanpypi", line 303, in load_setup
        setup = imp.load_module('setup', s_file, s_path, s_desc)
      File "/usr/lib/python3.8/imp.py", line 234, in load_module
        return load_source(name, filename, file)
      File "/usr/lib/python3.8/imp.py", line 171, in load_source
        module = _load(spec)
      File "<frozen importlib._bootstrap>", line 702, in _load
      File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
      File "<frozen importlib._bootstrap_external>", line 783, in exec_module
      File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
      File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 44, in <module>
        long_description=long_description(),
      File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 20, in long_description
        return open(os.path.join(sys.path[0], 'README.rst')).read()
    FileNotFoundError: [Errno 2] No such file or directory: '.../buildroot/utils/README.rst'

The corresponding code from cram's setup.py is:

    def long_description():
        """Get the long description from the README"""
        return open(os.path.join(sys.path[0], 'README.rst')).read()

Indeed, the Python documentation says:

https://docs.python.org/3.8/library/sys.html#sys.path
    "...
    As initialized upon program startup, the first item of this list,
    path[0], is the directory containing the script that was used to invoke
    the Python interpreter.
    ..."

Fix this by inserting explicitly at index 0 instead of appending to
sys.path.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/haveged: bump version to 1.9.14

- change clock_gettime option from yes/no style to disable/enable one
  (still omitting the explicit disable to keep the configure logic
  defaulting to yes in case no rdtsc is available)

- change to set all available configure options:

  * '--enable-daemon': previous default

  * '--disable-diagnostic': previous default

  * '-disable-init': do not install init files as buildroot ships its
    own sysv/systemd init files

  * '--disable-nistest': disable tests, previous default

  * '--disable-enttest': new option, disable tests

  * '--disable-olt': previous default was yes, disable builtin test

  * '--enable-tune': previous default

- add patch to fix uclibc compile (disable dependency on sys/auxv.h
  introduced with upstream commit [1])

Changelog ([2]):

  - made enttest configurable
  - havegecmd.c - new command added to close the communication socket
    [Werner Fink]

[1] https://github.com/jirka-h/haveged/commit/26d35af198da01220ba4f7a1b987f17012476c00
[2] https://github.com/jirka-h/haveged/releases/tag/v1.9.14

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5declarative: fix gcc-11 compile failure

- add patch for qv4regexp_p to include c++ limits include (instead of plain
  c limit.h)

Fixes:

  In file included from jsruntime/qv4regexp_p.h:62,
                   from jsruntime/qv4regexp.cpp:40:
  ../3rdparty/masm/yarr/Yarr.h:46:44: error: ‘numeric_limits’ is not a member of ‘std’
     46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
        |                                            ^~~~~~~~~~~~~~
  ../3rdparty/masm/yarr/Yarr.h:46:59: error: expected primary-expression before ‘unsigned’
     46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
        |                                                           ^~~~~~~~

- add patch for qqmlprofilerevent_p to include c++ limits include

Fixes:

  In file included from qqmlprofilertypedevent_p.h:43,
                   from qqmlprofilertypedevent.cpp:40:
  qqmlprofilerevent_p.h: In member function ‘void QQmlProfilerEvent::assignNumbers(const Container&)’:
  qqmlprofilerevent_p.h:314:65: error: ‘numeric_limits’ is not a member of ‘std’
    314 |                     static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
        |                                                                 ^~~~~~~~~~~~~~
  qqmlprofilerevent_p.h:314:87: error: expected primary-expression before ‘>’ token
    314 |                     static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
        |                                                                                       ^
  qqmlprofilerevent_p.h:314:90: error: ‘::max’ has not been declared; did you mean ‘std::max’?
    314 |                     static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
        |                                                                                          ^~~
        |                                                                                          std::max

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/samba4: needs host-flex

host-flex is needed to avoid the following build failure since bump to
version 4.14.3 in commit 7df2611e9e93f9c3efea39bf0b5c217564618a28 due to
https://gitlab.com/samba-team/samba/-/commit/942c0d2128cb8e64a9354dde6bdae82a1c1c3d88

Checking for flex
Checking for program 'flex' : not found
Embedded Heimdal build requires flex but it was not found. Install flex or use --with-system-mitkrb5 or --with-system-heimdalkrb5

Fixes:
- http://autobuild.buildroot.org/results/b9ed8be51a0eef77d6e48755861ae266c3b9f811

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/stunnel: requires DES support in openssl

Enable DES in openssl to fix build failure raised since commit
a83d41867c8d69a77d5cd0a665aa216af5340359

Fixes:
- http://autobuild.buildroot.org/results/4b306a13f543bbabf3f01d882b3549e3d9961556

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gumbo-parser: fix build without C++

Build without C++ fails since the addition of the package in commit
f6628763eb302f15f861e0ce7bfc44b34b066bea

Fixes:
- http://autobuild.buildroot.org/results/a32b5d3b959433fd5c3543661c37f80d27fbd010

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnetfilter-log: fix build on musl

Add upstream patches to fix the following build failure with suricata
raised since bump to version 6.0.3 in commit
4c429c3f8c322381991a58fcc37c01da9eb5e8a6

checking for libnetfilter_log/libnetfilter_log.h... no
configure: error: libnetfilter_log.h not found ...

Fixes:
- http://autobuild.buildroot.org/results/0b960f40b5d7e4bb0c4ba20638fe66a9e0964ab3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnfnetlink: fix build on musl

Include upstream patch to fix build failure with suricata raised since
bump to version 6.0.3 in commit 4c429c3f8c322381991a58fcc37c01da9eb5e8a6

Fixes:
- http://autobuild.buildroot.org/results/0b960f40b5d7e4bb0c4ba20638fe66a9e0964ab3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/collectd: add SELinux module

Support for collectd is added by the services/collectd module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: Add myself as rpcbind maintainer

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sudo: add SELinux refpolicy module

SELinux support for sudo is added by the admin/sudo refpolicy module.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/quota: add SELinux refpolicy module

SELinux support for quota is provided by the admin/quota refpolicy
module.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/snort: add SELinux module

Support for snort is added by the services/snort module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cups: add SELinux module

Support for cups is added by the services/cups module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: mark sysroot as 'safe' path for gdb auto-load

gdb can automatically load certain files as described in [1]. Such files
could install pretty-printers for complex data structures.

libstdcxx (C++ standard library) provided by gcc, is one example of a
library for which such auto-load file is available. But there are other
examples too, like libglib2.

However, gdb will only auto-load files if the file is located in one of the
locations treated as 'safe'. The Buildroot sysroot is not by default in that
list.

Provide a better debugging experience by adding the sysroot to the 'safe'
list, via the gdbinit file prepared by Buildroot.

[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain/toolchain-external: fixup gdb pretty-printer loader for libstdcxx

gcc installs a libstdcxx-...so-gdb.py file that gdb will load automatically
when it loads libstdcxx.so, via the mechanism described at [1].

However, the auto-load file installed by gcc contains hardcoded paths
referring to the location where the (external) toolchain was built, which
are normally not available.

Fix up the paths in the load file so that the pretty printers can be loaded
automatically.

Note that gdb will only auto-load the file if its location is marked as
'safe'. A subsequent commit will take care of that.

Technically, there could be more than one load file, e.g. in lib and
usr/lib, so fix them all. This was for example observed in
BR2_TOOLCHAIN_EXTERNAL_ARM_AARCH64.
In a very specific case with a local custom toolchain, there were actually
two 'python' directories, which would break the sed command, so arbitrarily
limit to the first one encountered.

[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdb: fix gdb segfault with Python 3.9 support

When enabling Python 3 support in gdb < 10, gdb segfaults at startup.

The issue is was resolved by the following upstream gdb commit,
present since gdb 10.1:

    commit c47bae859a5af0d95224d90000df0e529f7c5aa0
    Author: Kevin Buettner <kevinb@redhat.com>
    Date:   Wed May 27 20:05:40 2020 -0700

        Fix Python3.9 related runtime problems
        [...]

This commit backports this fix to all relevant gdb versions supported
in Buildroot.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/snort3: bump to version 3.1.6.0

https://github.com/snort3/snort3/blob/3.1.6.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mariadb: provide native compiled mariadb_config

- overwrite cross-compiled mariadb_config executable (used from the
  mysql_config script) by a native/host compiled one

Fixes (qt5base configure):

  Trying source 0 (type mysqlConfig) of library mysql ...
  + .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config --version
  > .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config: line 100: \
    .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: cannot execute binary file: Exec format error

  with

  $ file host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config
  host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 5.10.0, with debug_info, not stripped

Reported-by: Scott Bartolett <SBartolett@thorlabs.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mariadb: bump version to 10.3.30

- rebase 001-add-extra-check-for-librt.patch
- for changelog see [1], [2]

Fixes:

  CMake Error at libmariadb/cmake/ConnectorName.cmake:30 (ENDMACRO):
    Flow control statements are not properly nested.
  Call Stack (most recent call first):
    libmariadb/CMakeLists.txt:423 (INCLUDE)

[1] https://mariadb.com/kb/en/mariadb-10329-changelog/
[2] https://mariadb.com/kb/en/mariadb-10330-changelog/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dav1d: bump version to 0.9.0

Release notes: https://code.videolan.org/videolan/dav1d/-/releases

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: Add optional GSS support

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libtirpc: Add optional GSSAPI support

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/mtd: update lib{mtd,ubi}.h path

Update lib{mtd,ubi}.h path to fix the following build failure raised
since bump of swupdate to version 2021.04 in commit
2c6b0359c3b819fadb4437b2d780e95c32fdab21:

In file included from corelib/mtd-interface.c:21:
include/flash.h:13:10: fatal error: libmtd.h: No such file or directory
13 | #include <libmtd.h>
| ^~~~~~~~~~

This build failure is raised because of
https://github.com/sbabic/swupdate/commit/0c672866d4a9fe8f0808b5d8a0afb95c13c4c138

Fixes:
- http://autobuild.buildroot.org/results/d475bdb341d2afecf12e404dfa093e58221b9882

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/nvidia-driver: bump version to 390.132

Support Linux kernel 5.4.

Change the 64-bit download to exclude 32-bit compatibility libs.

Signed-off-by: Zach Vargas <zvargas@xes-inc.com>
[vfazio: 64-bit package change]
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/nvidia-driver: fixup libraries according to README

Create a symlink for libglx.so and drop libnvidia-wfb.so (aka libwfb.so)
since all selectable xserver versions in Buildroot provide their own.

VDPAU libraries should be installed into /usr/lib/vdpau/

https://download.nvidia.com/XFree86/Linux-x86_64/390.67/README/installedcomponents.html

Also, allow specifying target subdirectory per library and respect it in
the install loop.

Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

Makefile: Parallelize glibc locale generation

Parallelizes locale generation based on `BR2_JLEVEL` setting.

Locale generation always runs during the finalize stage and can consume
a significant amount of time. Parallelizing it greatly reduces that time
on multi-core machines.

To parallelize it, we first invoke `localedef` for every locale in
parallel with the `--no-archive` option. This creates the intermediate
locale data instead of writing to the finally archive directly.

Then, we invoke `localedef` again once to create the archive from the
intermediate compiled locale data files.

We have to do it this way because `localedef` does not do any locking
when writing to the archive file, so calling it without `--no-archive`
concurrently could result in a corrupt archive file or an archive file
that is missing some locales.

While we're at it, make two additional improvements:
- Remove locale-archive before adding to it. Otherwise, repeated
applications of target-finalize will keep on growing the file.
- Sort the locales when creating locale-archive so its contents are
reproducible.

We use `find` to collect the installed locales rather than LOCALES. This
makes it possible for something else (skeleton, overlay, custom package)
to create and install additional locales and still have them added to
locale-archive.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[Arnout:
- Remove -j$(PARALLEL_JOBS), it's already part of $(MAKE)
- Remove HOST_DIR, TARGET_DIR, STAGING_DIR, they're already exported
- Extend commit message
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/fwts: bump to version 21.05.00

- Update patch

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Config.in: disable PIC/PIE for microblaze

As reported by Toolchain-builder project [1], the system doesn't
boot when PIC/PIE is enabled for glibc based toolchain (the init
process hang).

Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].

Like for NiosII, disable BR2_PIC_PIE.

[1] https://gitlab.com/bootlin/toolchains-builder/-/pipelines/318038406
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Config.in: add BR2_PIC_PIE_ARCH_SUPPORTS hidden option

The nios2 architecture is already excluded from PIC/PIE due to issues,
and we're going to also exclude Microblaze, so let's introduce a
BR2_PIC_PIE_ARCH_SUPPORTS hidden boolean to facilitate adding this new
architecture exclusion.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/busybox: correctly set BUSYBOX_KCONFIG_SUPPORTS_DEFCONFIG

Commit e6b3913cfc converted busybox to the generic kconfig help text
infrastructure, but set the wrong variable to flag that it doesn't
support defconfig files. Fix that.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/iwd: bump version to 1.14

For details see [1].

[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/timescaledb: bump version to 2.3.0

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/postgresql: add cflags_sl option to pg_config

Some external packages call pg_config to determine the installed
PostgreSQL cflags_sl option. Add this output to Buildroots own
pg_config, so these packages correctly compile.

Default value is defined at src/template/linux as:

Extra CFLAGS for code that will go into a shared library
CFLAGS_SL="-fPIC"

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-pysftp: add missing C++ dependency from paramiko

python-paramiko has a dependency on C++ support, which was added in
commit 2d7b73cf75daedd4a198a75546308fedae7c9467 in 2016.

When python-pysftp was added in commit
3b920487bad119abf5bfb10a237cedd3b5278c10 in 2020, this C++ dependency
was not propagated, even though python-pysftp selects python-paramiko.

This commit fixes this issue by propagating the dependency, which
fixes this warning:

WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON_PARAMIKO
  Depends on [n]: (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y] && BR2_INSTALL_LIBSTDCPP [=n]
  Selected by [y]:
  - BR2_PACKAGE_PYTHON_PYSFTP [=y] && (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y]

That occurs with configuration with C++ disabled, but python-pysftp
enabled.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/uclibc: add nconfig as a kconfig editor

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package: use the generic _HELP_CMDS for kconfig-based packages

As Thomas put it:

    The <pkg>_HELP_CMDS variable allows packages using the
    kconfig-package infrastructure to display their specific
    targets related to the handling of their configuration.

    However, it was not consistently used and handled by the
    different packages.

So, this commit switches all the kconfig-based package to use the
generic help helper.

As a consequence:

  - all kconfig packages now advetise their kconfig-related actions,
    where some were previously missing: at91bootstrap3, linux-backports,
    swupdate, xvisor;

  - busybox advertises it does not support defconfig files;

  - the 'foo-savedfconfig' action is no longer advertised: it is to be
    considered an internal implementation detail.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/pkg-kconfig: generate generic help

Currently, as Thomas pointed out [0], the help for kconfig packages is
not consistently used and handled by the different packages.

This commit introduces a generic help text for kconfig packages, that is
based on what the package declares:

  - the list of kconfig editors it supports;

  - whether it is possible to save back the configuration (impossible if
    the package uses an in-tree defconfig file);

  - whether the package actually supports (loading and saving) defconfig
    files, by introducing a new variable a package can set if it does
    not (only busybox is known to be in that case).

That new help helper is only used if the package does not already define
its own help, to be consistent with what we do for other _CMDS.

[0] http://lists.busybox.net/pipermail/buildroot/2021-July/313570.html

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/pkg-kconfig: move defaults before calling pkg-generic

Currently, we define the default values for kconfig-specific variables
after we call into the generic package infrastructure.

So far, this was totally unconsequential, because there was no kconfig
variable that could influence the generic parts. But conversely, there
are generic variables that do influence the kconfig part (e.g. $(2)_DIR
that is used in some dependency definitions), but none that do influence
the kconfig variables.

However, we are going to add a new kconfig-related variable that will
have an impact on the generic parts, so we will want that kconfig
variable to be defined before calling into the generic infrastructure.

For consistency, move all the defaults before calling the generic infra.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/php: needs wchar

php depends on wchar since bump to version 8.0.7 in commit
469c11c516959375f6caddde178adbdcdc5d9887 and
https://github.com/php/php-src/commit/457380cae7813a4a34faa1f9a49fa121395fe290

Fixes:
- http://autobuild.buildroot.org/results/751fea989e4c0136d0bbda0f5487d55d387ee5f3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pipewire: bump to version 0.3.32

- Drop second patch (already in version)
- Update license:
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/31d79f4c9b606218a14e4d695aaa0afb1820c9f1
- avahi is an optional dependency since
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/6744934734f509087df769b447185b070c82b58e
- libusb is an optional dependency since
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/5e0b63b149559154a6164dbc064aefc7e773c03a
- pulseaudio is an optional dependency since
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/44f326013b5f5e1e858ee3788fe664f802ca2523
- webrtc-audio-processing is an optional dependency since
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/d95870d8d3ab7fb9b91f0dbd8ae9395b1929434b
- Fix a build failure without C++ thanks to
  https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/d95870d8d3ab7fb9b91f0dbd8ae9395b1929434b

https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.32/NEWS

Fixes:
- http://autobuild.buildroot.org/results/20cd863cb3c83b85900e80de02d485b780288330

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lua-silva: bump to version 0.1.8

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/moarvm: bump to version 2021.06

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/janet: bump to version 0.16.1

patch upstreamed.

diff LICENSE:
-Copyright (c) 2020 Calvin Rose and contributors
+Copyright (c) 2021 Calvin Rose and contributors

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/at: bump version to 3.2.2

Let's bump at to version 3.2.2 by:
- moving SITE to http://software.calhariz.com/at that is the official at
realease site while the actual(https://salsa.debian.org/debian/at)
doesn't provide consitent tarballs.
- rebasing 2 local patches(some some of them has not been accepted upstream
because of removing -g root -o root while installing, while other simply
has not been taken into account for 1 year.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/at: convert local patches to git format

Convert local patches to git format. Note that some of them change name
because of use of 'git format-patch'.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnss: bump to version 3.68

libnss 3.68 requires libnspr 4.32.

Release Notes (not yet available, but should eventually land):
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.68_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnspr: bump to version 4.32

Bump to version 4.32

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/webkitgtk: security bump to version 2.32.3

This is a minor release which provides fixes for CVE-2021-21775,
CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689,
CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749,
CVE-2021-30795, CVE-2021-30797, and CVE-2021-30799.

Full release notes can be found at:

https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html

An accompanying security advisory has been published at:

https://webkitgtk.org/security/WSA-2021-0004.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpewebkit: security bump to version 2.32.3

This is a minor release which provides fixes for CVE-2021-21775,
CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689,
CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749,
CVE-2021-30795, CVE-2021-30797, and CVE-2021-30799.

Full release notes can be found at:

https://wpewebkit.org/release/wpewebkit-2.32.3.html

An accompanying security advisory has been published at:

https://wpewebkit.org/security/WSA-2021-0004.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/minissdpd: add SELinux refpolicy module

SELinux support for minissdpd is added by the services/minissdpd
refpolicy module.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/asterisk: add SELinux module

Support for asterisk is added by the services/asterisk module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apcupsd: add SELinux module

Support for apcupsd is added by the services/apcupsd module in the
SELinux refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/acpid: add SELinux module

Support for acpid is added by the services/acpi module in the SELinux
refpolicy.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libffi: bump to version 3.4.2

- Use official tarball
- Drop fourth to seventh patches (already in version)
- Update hash of LICENSE file (update in year:
https://github.com/libffi/libffi/commit/2bdc8e52efb78d939f23efb4f9c515355610bff5
https://github.com/libffi/libffi/commit/b844a9c7f1ca792a1dfb0c09d5dae576178e6729)
- Update indentation in hash file (two spaces)

https://github.com/libffi/libffi/blob/v3.4.2/README.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/netsnmp: fix legal info

Commit 87bef179222e wrongly removed hash of COPYING

Fixes: 87bef179222ee8a0b0f39c8f96113a4ecf813085
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gtest: fix legal info

Commit 9dfbbbb4105c47602da048c9bb9499fb8862e768 forgot to removed
googletest from GTEST_LICENSE_FILES

Fixes:
- http://autobuild.buildroot.org/results/848238f9f99bee6919b1b71acd078835e94a8501

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/lapack: introduce BR2_PACKAGE_LAPACK_ARCH_SUPPORTS

This makes it easier for packages that depend on lapack to get
their dependencies correct.

The !uClibc dependency is also not sufficient: indeed, musl too does not
provide _fpu_control; only glibc does. This is the same situation as for
clapack. Add a comment about this, to mirror clapack.

Since the !glibc dependency only exists for PowerPC, treat it as
an architecture dependency.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- fpu_control depends on glibc, not on !uclibc
- add or update comments accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/clapack: introduce BR2_PACKAGE_CLAPACK_ARCH_SUPPORTS

This makes it easier for packages that depend on clapack to get
their dependencies correct.

Since the glibc dependency only exists for PowerPC, treat it as
an architecture dependency.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Revert "package/htop: fix sources location"

This reverts commit 1ad3de2abde38c023a7958cbd3ada1d7b066da67.

Indeed, the tarball changed, so its hash changed; this is going to
cause the traditional hash clash with the existing archive on s.b.o.
or on users machines...

Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/audit: replace deprecated matchpathcon calls from init script

This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.

Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/spidermonkey: drop package

Now that Spidermonkey is no longer required to build the polkit package, and
no other packages require Spidermonkey, and python2 is required to build the
package, it is safe to drop the package.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: add polkit tests

This test script tests polkit with and without systemd.

The Systemd test does the following:
  - The brtest user attempts to restart the systemd-timesyncd service and is
    denied.

  - A systemd-timesyncd-restart.rules file provided by polkit-rules-test
    is copied from /root/ to /etc/polkit-1/rules.d

  - The brtest user attempts to restart the systemd-timesyncd service and should
    now succeed.

The initd test does the following:
- The brtest user attempts to run the test application "hello-polkit" with the
  command "pkexec hello-polkit" and is denied.

- A hello-polkit.rules file provided by polkit-rules-test is copied from /root/
  to /etc/polkit-1/rules.d

- The brtest user attempts to re-run the test hello-polkit binary with
  "pkexec hello-polkit" and succeeds.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/polkit: add init S50polkit script

The Polkit source does not come with non-systemd init script. Add one that is
modeled after package/busybox/S01syslogd.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/polkit: bump version to 0.119 and use duktape

Unfortunately, as of commit 3e1d61868fa8bfc586099302e931433270e5d17d, polkit
requires mozjs >= 78, which means spidermonkey is too old. As such, this patch
is larger than usual.

Spidermonkey has a few major issues:
  - The source directory after compilation is enormous (2.7G!)
  - The shared library is 24MB stripped!
  - It requires python2 to build, which is EOLed, and Buildroot is working
    towards removing. See: https://elinux.org/Buildroot:Python2Packages

Instead of going through the arduous task of updating Spidermonkey, there is a
better solution: use duktape.

There has been a pending patch for over a year that incorporates duktape as an
optional backend for polkit found here:
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35

As Thomas Petazzoni put it:
  "As I am subscribed to notifications on this merge request, I have been
  following the intermittent discussions taking place on this topic.
  And indeed, discussions have been sparse, and the polkit maintainer reaction
  has not been very supportive. It even feels like they are trying to find
  every possible argument or small issue not to merge the duktape integration."

Many people have come out to support using duktape, and many users, including
myself, have used polkit with duktape for as long as the above merge request has
been around without issues; merging in the above merge request is an acceptable
exception to the typical Buildroot package policies.

As Thomas also suggested, I have forked polkit on Github
(https://github.com/aduskett/polkit-duktape), with the above duktape
merge request applied, and a release made with the same tag as upstream (0.119).

I refrained from also adding 0001-make-netgroup-support-optional.patch as it is
outside of the scope of why the fork exists.

Changes:
  - refactor 0001-make-netgroup-support-optional.patch to work with 0.119 and
    duktape.
  - Remove upstream incorporated 0002-jsauthority-memleak.patch
  - Remove upstream 0003-polkit-0.116-pkttyagent-sigttou-bg-job.patch
  - Remove any trace of spidermonkey from polkit, udisks, and systemd-polkit
  - Add duktape as a dependency of polkit
  - Change POLKIT_SITE to the above polkit-duktape GitHub repository.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/htop: fix sources location

Change sources location from bintray to github since bintray doesn't
work anymore

Signed-off-by: Daniil Stas <daniil.stas@posteo.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libglu: bump version to 9.0.2

Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-June/000634.html

Removed md5 & sha1 hashes not provided by upstream anymore.

Updated license hash due to upstream commit:
https://cgit.freedesktop.org/mesa/glu/commit/?id=a172e0aec8f537f365078dab5486cae9c9a6880e

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/qemu: replace old configure param with new equivalent

QEMU 6.0.0 replaces in [1] --(enable|disable)-git-update with
--with-git-submodules=(update|validate|ignore). "Disable" is now "ignore".

[1] https://lore.kernel.org/qemu-devel/20201016203857.62572-1-ddstreet@canonical.com/

Signed-off-by: Joseph Burt <caseorum@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gtest: bump to version 1.11.0

Python is removed as dependency.
gtest uses python for self-tests which are not run by buildroot,
and the remaining scripts are not used by the build, and aren't
maintained or supported.

Special handling for gtest-config and gmock-config is removed as well,
the CMake Buildsystem now does take care of those.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
[Arnout: still install gmock_gen.py]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/glibc: bump to version 2.33-46-gedfd11197ecf3629bbb4b66c5814da09a61a7f9f

See:
https://sourceware.org/pipermail/libc-announce/2021/000030.html

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/alsa-lib: fix static build

Fix the following build failure raised since bump to version 1.2.5.1 in
commit af19131543926879fb6676a3352c63ac0b2038bc:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../src/.libs/libasound.a(control_symbols.o):(.data+0x4): undefined reference to `_snd_module_control_empty'

Fixes:
- http://autobuild.buildroot.org/results/a8fd791ba4c289cc4fc744a8ff9615bacd9558f3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/daq3: fix build without threads

pcap module and example unconditionally uses pthread.h

Fixes:
- http://autobuild.buildroot.org/results/b618bcca1a83704f7f15e76cd1e7f1117cbbd464

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-passlib: bump to version 1.7.4

- Update site URL
- Update indentation in hash file (two spaces)
- Update hash of LICENSE due to update in year with
https://foss.heptapod.net/python-libs/passlib/-/commit/02ca63576ac7749c28ef48365218f291eac9b8e1

https://passlib.readthedocs.io/en/stable/history/1.7.html#whats-new

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openvpn: add SELinux refpolicy module

SELinux support for openvpn is added by the services/openvpn refpolicy
module.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>