Adam Duskett [Wed, 1 Apr 2020 00:21:26 +0000 (17:21 -0700)]
 
package/libgtk3: enable gobject-introspection support
If gobject-introspection is selected, add the gobject-introspection package to
the dependency list and set the conf opt --enable-introspection.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Wed, 1 Apr 2020 00:21:25 +0000 (17:21 -0700)]
 
package/libgtk2: enable gobject-introspection support
If gobject-introspection is selected, add the gobject-introspection package to
the dependency list and set the conf opt --enable-introspection.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Wed, 1 Apr 2020 00:21:23 +0000 (17:21 -0700)]
 
package/libsecret: enable gobject-introspection support
If gobject-introspection is selected, add the gobject-introspection package to
the dependency list and set the conf opt --enable-introspection.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Sun, 5 Apr 2020 23:04:14 +0000 (01:04 +0200)]
 
support/testing: check if the defconfig provided for testing is valid
Currently, the build continue even if some symbols disapear from
the generated dot config file (.config).
This patch add a new check in order to stop the test if one
of the provided symbol is missing. This must be treated as error.
For example, if a symbol disapear due to new dependency constraints.
Inspired by is_toolchain_usable() function from genrandconfig:
https://git.busybox.net/buildroot/tree/utils/genrandconfig?h=2020.02#n164
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:13 +0000 (01:04 +0200)]
 
support/testing: don't use TestPythonPackageBase.config and linaro toolchain
TestPythonPackageBase.config provide already the basic uClibc toolchain.
So by adding the symbols for the linaro toolchain some warning are printed
at while loading the configuration:
.config:16:warning: override: reassigning to symbol BR2_TOOLCHAIN_EXTERNAL
.config:16:warning: override: BR2_TOOLCHAIN_EXTERNAL changes choice state
.config:17:warning: override: reassigning to symbol BR2_TARGET_ROOTFS_CPIO
.config:21:warning: override: BR2_TOOLCHAIN_EXTERNAL_LINARO_ARM changes choice state
So, some symbol disapear from the generated dot config (.config) leading
to an error due to a new check in the testsuite infra.
Since this test should use the Linaro toolchain, remove
TestPythonPackageBase.config add BR2_arm=y and disable the rootfs tar option.
While at it, re-order the options so that they appear in the same
order as they appear in a defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <Aduskett@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:12 +0000 (01:04 +0200)]
 
support/testing: test_lxc: use ARM arm external toolchain
Until now, the lxc test was using the ARM CodeSourcery 2014.05 armv5 toolchain.
But the recent systemd version bump to 245 added a toolchain dependency
on systemd package due to build issues with gcc < 5.0.
Before [1] the lxc test was failing to build with the ARM CodeSourcery 2014.05
toolchain. After [1], the test is faling at runtime since the
"BR2_INIT_SYSTEMD=y" symbol disapear from the dot config (.config) due to
the new toolchain dependency.
Fix this by using the same toolchain as for the systemd tests [2]
[1] 
2196ee25ff29c87001a42a382655d5b52d5de3c4
[2] 
b3d979c0d1b10de501576644e7dcdba708889b0c
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:11 +0000 (01:04 +0200)]
 
support/testing: test_tmux: remove BR2_GENERATE_LOCALE
The BR2_GENERATE_LOCALE can only be used by uClibc based toolchains with the
internal toolchain backend [1].
The test_tmux is using a external uClibc toolchain, so the
"BR2_GENERATE_LOCALE="en_US.UTF-8"" line disapear from
the generated dot config (.config) leading to an error due to
a new check in the testsuite infra.
[1] https://git.buildroot.net/buildroot/commit/?id=
bd0ffe2206fbd32baf7f4a1dc5fde81cfad70462
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:10 +0000 (01:04 +0200)]
 
support/testing: test_glxinfo: remove BR2_TOOLCHAIN_EXTERNAL_LOCALE
The BR2_TOOLCHAIN_EXTERNAL_LOCALE is only defined for uClibc based
custom external toolchains.
The test_glxinfo is using a glibc toolchain, so the
"# BR2_TOOLCHAIN_EXTERNAL_LOCALE is not set" line disapear from
the generated dot config (.config) leading to an error due to
a new check in the testsuite infra.
There is the same problem with:
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG=y
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS=y
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_NPTL=y
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:09 +0000 (01:04 +0200)]
 
support/testing: test_syslinux: remove BR2_TOOLCHAIN_EXTERNAL_LOCALE
The BR2_TOOLCHAIN_EXTERNAL_LOCALE is only defined for uClibc based
custom external toolchains.
The test_syslinux is using a glibc toolchain, so the
"# BR2_TOOLCHAIN_EXTERNAL_LOCALE is not set" line disapear from
the generated dot config (.config) leading to an error due to
a new check in the testsuite infra.
There is the same problem with:
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG=y
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS=y
BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_NPTL=y
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Sun, 5 Apr 2020 23:04:08 +0000 (01:04 +0200)]
 
support/testing: test_syslinux: fix flake8 errors
Reported by gitlab:
https://gitlab.com/kubu93/buildroot/-/jobs/
499374911
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 6 Apr 2020 16:50:44 +0000 (09:50 -0700)]
 
package/libclc: disable ccache
Configure.py extracts arch, vendor, and os from the passed
toolchain string on line 180. When using ccache, the passed path string is
"/usr/lib64/ccache/g++" which breaks the logic, causing the following error:
Traceback (most recent call last):
  File "./configure.py", line 180, in <module>
    (t_arch, t_vendor, t_os) = target.split('-')
ValueError: not enough values to unpack (expected 3, got 1)
Use --with-cxx-compiler=$(HOSTCXX_NOCCACHE) instead of $(HOSTCXX) to fix the
above error.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sun, 5 Apr 2020 18:20:34 +0000 (20:20 +0200)]
 
package/libudfread: new package
Upcoming release of kodi 19.0 will add libudfread as optional
dependency: https://github.com/xbmc/xbmc/pull/17612
Please note that the removed support of libudf was added on the master
branch so we do not need to backport udf support to kodi 18.x:
https://github.com/xbmc/xbmc/commit/
558b54a79eff717237919afe453ec09e0851d3a5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash files]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bartosz Bilas [Sun, 5 Apr 2020 19:02:18 +0000 (21:02 +0200)]
 
package/minizip: bump version to 2.9.2
Bump package version and in addition update indentation of
hash file (two spaces).
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 5 Apr 2020 18:44:51 +0000 (20:44 +0200)]
 
package/boinc: bump version to 7.16.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Sun, 5 Apr 2020 17:11:44 +0000 (19:11 +0200)]
 
package/libnss: fix build failure due to patch not applicable
Current 0001 patch has been committed into buildroot before being
upstreamed. Now that it's been upstreamed it changed a little, so this
makes patch 0002(based on upstream version of patch 0001) impossible to
apply causing build failure while applying patches. So let's update
patch 0001 with upstream one.
Fixes:
http://autobuild.buildroot.net/results/c8a/
c8a6776a3e9cec1dc67862e4972e3ca8f4562a50/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Grzegorz Blach [Mon, 6 Apr 2020 14:10:45 +0000 (16:10 +0200)]
 
package/pigpio: Bump to version 75
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Charlie Turner [Mon, 6 Apr 2020 17:42:05 +0000 (18:42 +0100)]
 
package/cog: support choosing either DRM or FDO platform
A new DRM platform has landed, now you can choose to build with the
DRM or FDO platform, or neither. If neither are selected, Cog will
fallback to a simple WPE backend like WPEBackend-rdk
(https://github.com/WebPlatformForEmbedded/WPEBackend-rdk).
Don't be confused that in both cases the *wpebackend-fdo* package is
required. This is an unfortunate naming issue.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Charlie Turner [Mon, 6 Apr 2020 17:42:04 +0000 (18:42 +0100)]
 
package/cog: add wayland dependencies
The always-built FDO backend relies on this.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Charlie Turner [Mon, 6 Apr 2020 17:42:03 +0000 (18:42 +0100)]
 
package/cog: add missing libxkbcommon dependency
The always-built FDO backend relies on this.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Apr 2020 14:21:59 +0000 (16:21 +0200)]
 
package/qemu: disable SDL2 for the host variant
There is no host variant for SDL2 library in Buildroot.
So the qemu build system will try to detect automatically the
external SDL2 libraries installed on the host.
$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libSDL2-2.0.so.0 => /lib64/libSDL2-2.0.so.0
Disable explicitely sdl2 options (named sdl) to improve the
build reproducibility.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Mon, 6 Apr 2020 14:21:58 +0000 (16:21 +0200)]
 
package/qemu: disable bzip2 for the host variant
bzip2 support is needed for reading bzip2-compressed dmg images.
But the host-bzip2 is missing from host qemu package dependency,
so the qemu build system will try to detect automatically the
external libbzip2 libraries installed on the host.
$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libbz2.so.1 => /lib64/libbz2.so.1
or
	libbz2.so.1.0 => output/host/lib/libbz2.so.1.0
if host-bzip2 is built before host-qemu.
Disable explicitely bzip2 options to improve the build
reproducibility.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Mon, 6 Apr 2020 14:21:57 +0000 (16:21 +0200)]
 
package/qemu: disable vnc optional support for the host variant
The vnc support is enabled by default and the build system
will try to detect automatically some external libraries
installed on the host for vnc-png, vnc-jpeg and vnc-sasl.
$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libpng16.so.16 => /lib64/libpng16.so.16
or
	libpng16.so.16 => output/host/lib/libpng16.so.16
if host-libpng is built before host-qemu.
Disable explicitely thoses options to improve the build
reproducibility.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Mon, 6 Apr 2020 14:21:56 +0000 (16:21 +0200)]
 
package/qemu: disable libssh for the host variant
There is no host-libssh in Buildroot, avoid qemu build system
to find libssh from the host.
Under certain circumstances (host distribution, openssl version), the
qemu-system binary fail to start:
host/bin/qemu-system-aarch64: symbol lookup error: /lib64/libssh.so.4: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libssh.so.4 => /lib64/libssh.so.4
Explicitely disable libssh for the host variant.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 5 Apr 2020 14:21:42 +0000 (16:21 +0200)]
 
package/pkg-generic.mk: also replace /lib by STAGING_DIR/lib in .la files
After the staging installation, we replace a number of paths in libtool
.la files so that those paths point to STAGING_DIR instead of a location
in the build machine.
However, we replace only paths that start with /usr. And it turns out
that the linux-pam package is configured with --libdir=/lib (linux-pam
seems to always be installed in /lib rather than /usr/lib).
Due to this, libpam.la contains the following line:
  libdir='/lib'
When building a configuration that has:
 - BR2_ROOTFS_MERGED_USR=y
 - BR2_PACKAGE_LINUX_PAM=y
 - BR2_PACKAGE_POLKIT=y
on a system that has its system-wide PAM library installed in /lib,
the build fails with:
/lib/libpam.so: file not recognized: File format not recognized
For some reason, libtool searches only in STAGING_DIR/usr/lib, but
when BR2_ROOTFS_MERGED_USR=y, STAGING_DIR/lib points to
STAGING_DIR/usr/lib, so libtool finds libpam.la. And this libpam.la
contains a bogus libdir='/lib' path. libtool then goes on, finds
/lib/libpam.so, and links with it, causing the build failure.
By doing the proper replacement of libdir='/lib', we have a correct
libpam.la, and solve the build issue.
There is no autobuilder failure associated to this issue, as it
requires /lib/libpam.so to exist. This is the case on ArchLinux, on
which Xogium reported the issue, which can also be reproduced in an
ArchLinux container.
Reported-by: Xogium <contact@xogium.me>
Cc: Xogium <contact@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
  - tested by manually creating a symlink to libpam.so in /lib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Sun, 5 Apr 2020 17:55:05 +0000 (19:55 +0200)]
 
package/systemd: make sure init choice and package have same dependencies
Currently, the dependencies for the init system choice, and the
dependencies for the package, are slightly different, and not in the
same order, the latter making it difficult to assess consistency between
the two.
Fix all that, by cross-duplicating dependencies from the init choice and
the package, and order the dependencies according to the manual (arch
first, toolchain, then the others).
Note that some dependencies are redundant, but kept nonetheless for
correctness:
  - BR2_USE_MMU is implied by BR2_TOOLCHAIN_USES_GLIBC, but systemd does
    use fork();
  - !BR2_STATIC_LIBS is also implied by BR2_TOOLCHAIN_USES_GLIBC, but it
    is also inherited from kmod which we select;
  - BR2_TOOLCHAIN_HAS_THREADS is also implied by BR2_TOOLCHAIN_USES_GLIBC,
    but systemd does use pthread_*() functions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Sat, 4 Apr 2020 22:08:42 +0000 (00:08 +0200)]
 
package/systemd: add gcc >= 5.x dependency
As reported on the mailing list, there is a build issue with systemd 245
when using gcc < 5.0:
http://lists.busybox.net/pipermail/buildroot/2020-April/278931.html
Build issue:
../src/shared/gpt.c:7:9: error: initializer element is not constant
         { GPT_ROOT_X86,              "root-x86"              },
When testing with a toolchain using gcc 5.4.0 and the build is ok.
http://toolchains.bootlin.com/downloads/releases/toolchains/armv5-eabi--glibc--stable-2017.05-toolchains-1-1.tar.bz2
While searching for "error: initializer element is not constant" message, we
can notice a note about gcc 5 change about "Initializing statics with compound
literals":
https://gcc.gnu.org/gcc-5/porting_to.html
Add a dependency on gcc 5 to avoid using to old compiler.
There is the same issue with host-systemd with host gcc 4.9
(tested with Debian Jessie). So, add a dependency on host gcc >= 5.x.
Fixes:
http://autobuild.buildroot.org/results/520/
520dab2253f4cbe408a8177a6587dcb38c6ba215
http://autobuild.buildroot.org/results/e0e/
e0e0512de822864d670b5d176798a24ab09eed2d
http://autobuild.buildroot.org/results/f56/
f5660b2711627fcee4086e096e4ec4d9ba190ab6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Romain Naour [Sat, 4 Apr 2020 22:08:41 +0000 (00:08 +0200)]
 
support/testing: fix systemd test by using a more recent gcc
As reported on the mailing list [0], there is a build issue with systemd
245 when using gcc < 5.0, due to the following build issue:
    ../src/shared/gpt.c:7:9: error: initializer element is not constant
             { GPT_ROOT_X86,              "root-x86"              },
The pre-built external toolchain we have for armv5 (the default with
just BR2_arm=y) is a very old toolchain from CodeSourcery, which has a
gcc 4.8; we have no other pre-built toolchains for armv5, except by
using a custom one, like those from the Bootlin toolchain builder. But
using a custom toolchain is not nice, as we want our runtime test to
test nominal configurations.
So, switch the systemd tests to use a Cortex-A9, so that we can use the
ARM 2019.12 toolchain, and with VFP, so that it can boot in the qemu
vexpress machine we use for the test-cases.
Fixes:
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144403
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144405
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144406
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144408
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144410
    https://gitlab.com/buildroot.org/buildroot/-/jobs/
498144412
[0] http://lists.busybox.net/pipermail/buildroot/2020-April/278931.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr:
  - just use cortex-a9_VFP, instead of using a bootlin toolchain
  - adapt the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bartosz Bilas [Sat, 4 Apr 2020 16:51:01 +0000 (18:51 +0200)]
 
package/cegui: disable xerces support
Disable temporarily xerces's support due to used char16_t type
which is not supported in the currently used cegui version (0-8-7)
due to forced c++03 standard.
Fixes:
 - http://autobuild.buildroot.net/results/
ea04be78b31b3409801597fc0ebe04627742c0c8
 - http://autobuild.buildroot.net/results/
7de3a07c304e3939ec9fd164328d004a5a9bba6d
 - http://autobuild.buildroot.net/results/
472b4e8438c9100e06e401296f0417a463e5fcf1
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 5 Apr 2020 13:07:59 +0000 (15:07 +0200)]
 
package/kodi: remove optional libtheora support
Kodi plays these files through ffmpeg and does not link to libtheora
anymore, see PR 9686.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jianhui Zhao [Sun, 5 Apr 2020 12:05:05 +0000 (20:05 +0800)]
 
package/libuhttpd: bump version to 3.1.3
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 5 Apr 2020 08:22:03 +0000 (10:22 +0200)]
 
package/unbound: fix detection of libexpat
unbound open-codes the detection of libexpat, and as all packages doing
so, look in host paths (/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw
/usr). Obviously this is wrong for cross-compilation.
Do for libexpat as we do for openssl, and point unbound to staging dir,
when we know expat is.
Fixes:
    http://autobuild.buildroot.org/results/
a89ea6aa1cd8c253b1260ea227fea3dc9b095fe8/
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Stefan Ott <stefan@ott.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 4 Apr 2020 22:13:25 +0000 (00:13 +0200)]
 
package/mcrypt: annotate CVEs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 4 Apr 2020 22:06:48 +0000 (00:06 +0200)]
 
package/bubblewrap: security bump to version 0.4.1
Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed
in setuid mode and the kernel supports unprivileged user namespaces,
then the `bwrap --userns2` option can be used to make the setuid process
keep running as root while being traceable. This can in turn be used to
gain root permissions. Note that this only affects the combination of
bubblewrap in setuid mode (which is typically used when unprivileged
user namespaces are not supported) and the support of unprivileged user
namespaces.
Also update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bartosz Bilas [Sat, 4 Apr 2020 16:51:00 +0000 (18:51 +0200)]
 
package/cegui/cegui.mk: fix typos
Configure options should be passed via CONF_OPTS not CONF_OTPS.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: also fix the epoxy ones]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 8 Mar 2020 22:22:46 +0000 (23:22 +0100)]
 
package/vlc: fix build with opencv3
Fixes:
 - http://autobuild.buildroot.org/results/
210424bd33f660aa0757f62a558e1e03faf0f371
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stefan Ott [Sun, 29 Mar 2020 18:00:16 +0000 (20:00 +0200)]
 
package/unbound: new package
Unbound: validating, recursive & caching DNS resolver with
DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.
Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jianhui Zhao [Sat, 4 Apr 2020 17:04:28 +0000 (01:04 +0800)]
 
package/libuhttpd: new package
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Tue, 24 Mar 2020 14:23:56 +0000 (15:23 +0100)]
 
support/testing: add build tests for the syslinux bootloader
This commit adds four new tests for the syslinux bootloader:
 - Building on x86, for legacy BIOS
 - Building on x86, for EFI BIOS
 - Building on x86-64, for legacy BIOS
 - Building on x86-64, for EFI BIOS
Runtime testing in Qemu would certainly be possible, but is left as a
future addition to these tests.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Tue, 24 Mar 2020 14:23:55 +0000 (15:23 +0100)]
 
boot/syslinux: fix build of efi part with gnu-efi 3.0.10
The following defconfig:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_TARGET_SYSLINUX=y
BR2_TARGET_SYSLINUX_EFI=y
fails to build due to missing setjmp/longjmp definitions, which is a
consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10.
This build failure is fixed by adding another syslinux paytch, which
has been submitted upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 30 Mar 2020 16:24:11 +0000 (18:24 +0200)]
 
package/openssh: bump to version 8.2p1
This new version is mandatory to allow the glibc package bump to version 2.31.
Otherwise it's not possible to connect to the remote host, as reported by [1] [2].
Upstream commit [3][4] fixes the issue.
[1] https://bugs.archlinux.org/task/65386
[2] https://bugs.gentoo.org/708224
[3] https://github.com/openssh/openssh-portable/commit/
beee0ef61866cb567b9abc23bd850f922e59e3f0
[4] https://github.com/openssh/openssh-portable/commit/
69298ebfc2c066acee5d187eac8ce9f38c796630
Release Note:
https://www.openssh.com/txt/release-8.2
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: David Pierret <david.pierret@smile.fr>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Mon, 30 Mar 2020 00:26:49 +0000 (18:26 -0600)]
 
package/swupdate: add optional systemd dependency
When the swupdate SYSTEMD option is enabled, systemd needs to be built
before swupdate, otherwise the build fails with:
core/notifier.c:27:10: fatal error: systemd/sd-daemon.h: No such file or directory
   27 | #include <systemd/sd-daemon.h>
      |          ^~~~~~~~~~~~~~~~~~~~~
Of course, it remains up to the user to make sure that the systemd
package is enabled when systemd support is enabled in the swupdate
configuration.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 2 Apr 2020 16:51:57 +0000 (18:51 +0200)]
 
package/libunwind: bump to version 1.4.0
Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Thu, 2 Apr 2020 21:57:18 +0000 (23:57 +0200)]
 
support/testing: update basic toolchain to bootlin bleeding-edge 2018.11-1
Update the toolchain being used by the testsuite infra.
The new toolchain 2018.11-1 is based on gcc 8.2, uClibc-ng 1.0.30,
linux-headers 4.14 and binutils 2.31.1.
Enable BR2_TOOLCHAIN_HAS_THREADS_DEBUG that is now required.
The old toolchain 2017.05 is based on gcc 4.9, uClibc-ng 1.0.25,
linux-headers 3.10 and binutils 2.27.
Tested with gitlab
https://gitlab.com/kubu93/buildroot/pipelines/
132376578
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Fri, 3 Apr 2020 20:10:21 +0000 (22:10 +0200)]
 
package/libnss: fix build failure on arm32 arch not armv7
NSS assumes that every neon arm32 build is an armv7, but this is
not always true(i.e. build arm32 for armv8), so let's add a patch to
remove -march=armv7 flag when building gcm-arm32-neon.c
Fixes:
http://autobuild.buildroot.net/results/464/
464044fda2850123339de6c8071374e380636ee0/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gary Bisson [Thu, 2 Apr 2020 13:08:41 +0000 (15:08 +0200)]
 
package/freescale-imx/kernel-module-imx-gpu-viv: bump to version 6.4.0.p1.0
This package has been tested on Nitrogen8M with the following commands:
 # modprobe galcore
 # cd /usr/share/examples/viv_samples/vdk/
 # ./tutorial7
Also update the help text as we shouldn't specify a kernel revision. It
is just that this module isn't meant for mainline kernel, only its NXP
forked version.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 1 Apr 2020 21:46:09 +0000 (23:46 +0200)]
 
package/libexif: annotate CVEs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Thu, 2 Apr 2020 01:12:23 +0000 (18:12 -0700)]
 
package/systemd: bump version to 245.4
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jianhui Zhao [Sat, 4 Apr 2020 09:50:40 +0000 (17:50 +0800)]
 
package/rtty: bump version to 7.1.3
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 3 Apr 2020 16:26:17 +0000 (18:26 +0200)]
 
package/libdrm: bump version to 2.4.101
Removed patches applied upstream:
https://cgit.freedesktop.org/mesa/drm/commit/xf86drm.h?id=
8c1185d22cb5ea09dea063bd4a0a4f8b64487919
https://cgit.freedesktop.org/mesa/drm/commit/xf86atomic.h?id=
8c511950395ce496028bbc5ba30d9b9632690db6
https://cgit.freedesktop.org/mesa/drm/commit/meson.build?id=
8de2696213d0f25a10a167b5fd6c312d6ce6a1af
https://cgit.freedesktop.org/mesa/drm/commit/tests/nouveau/threaded.c?id=
cd77f114ca0073f609fc89d22390152945e73107
Renumbered remaining patches, use .xz tarball provided by upstream.
Removed md5 & sha1 hashes, not provided by upstream anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 3 Apr 2020 16:13:11 +0000 (18:13 +0200)]
 
package/{mesa3d, mesa3d-headers}: bump version to 20.0.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 3 Apr 2020 09:30:39 +0000 (11:30 +0200)]
 
package/wireguard-tools: bump version to 1.0.
20200319
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 3 Apr 2020 09:30:38 +0000 (11:30 +0200)]
 
package/wireguard-linux-compat: bump version to 1.0.
20200401
Matching the now-mainline wireguard code in kernel 5.6.
For details, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 3 Apr 2020 05:30:12 +0000 (07:30 +0200)]
 
package/libva-utils: bump version to 2.7.1
Removed patch which was applied upstream:
https://github.com/intel/libva-utils/commit/
bd01ba5a6b53370ee6465f393051908f9c6ddeba
Switched to github helper, upstream does not provide a tarball for this
release.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 3 Apr 2020 05:30:11 +0000 (07:30 +0200)]
 
package/libva: bump version to 2.7.0
Switched to github helper, upstream does not provide a tarball for this
release.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 2 Apr 2020 19:33:31 +0000 (21:33 +0200)]
 
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 5, 6}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 2 Apr 2020 18:20:53 +0000 (20:20 +0200)]
 
package/apache: security bump to version 2.4.43
Fixes the following security issues:
  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]
  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]
The LICENSE file has been updated to fix a s/waranties/warranties/ typo, so
update the hash to match and adjust the spacing to match recent agreements:
-This software is provided "as is" and any express or implied waranties,
+This software is provided "as is" and any express or implied warranties,
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Sat, 4 Apr 2020 13:57:50 +0000 (10:57 -0300)]
 
package/kmscube: Use the official gitlab URL
The cgit URL is a mirror of the gitlab repository.
The README.md file of the kmscube project also points
to the gitlab repository, so switch the URL accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Fri, 3 Apr 2020 18:55:31 +0000 (20:55 +0200)]
 
package/sysdig: update upstream URL in Config.in
The sysdig homepage we have points to an "on-sale" domain, that is
purportedly serving malware while at it. Update to point to the wiki on
github instead.
Fixes #12746.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - use wiki instead of git repo
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sébastien Szymanski [Mon, 30 Mar 2020 11:21:44 +0000 (13:21 +0200)]
 
package/ntp: security bump to version 4.2.8p14
"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]
NONE: Sec 3610: process_control() should bail earlier on short packets.
MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.
MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.
[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele
The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:
@@ -3,7 +3,7 @@
    jpg "Clone me," says Dolly sheepishly.
-   Last update: 2-Jan-2017 11:58 UTC
+   Last update: 4-Feb-2020 23:47 UTC
      __________________________________________________________________
    The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
    Burnicki is:
 ***********************************************************************
 *                                                                     *
-* Copyright (c) Network Time Foundation 2011-2017                     *
+* Copyright (c) Network Time Foundation 2011-2020                     *
 *                                                                     *
 * All Rights Reserved                                                 *
 *                                                                     *
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 30 Mar 2020 21:07:50 +0000 (23:07 +0200)]
 
package/netdata: link with libatomic when needed
netdata uses __atomic_fetch_add_2
Fixes:
 - http://autobuild.buildroot.org/results/
1eb033ba7bf85ba3e25572a106f08faf49cd05b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
James Hilliard [Tue, 31 Mar 2020 17:53:25 +0000 (11:53 -0600)]
 
package/cog: bump to version 0.6.0
Drop patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 2 Apr 2020 21:45:49 +0000 (23:45 +0200)]
 
linux: adjust BR2_LINUX_KERNEL_IMAGE_NAME help text
The help text of BR2_LINUX_KERNEL_IMAGE_NAME is somewhat incomplete,
in the sense that it assumes just a filename can be passed, while it
can be a relative path, such as 'compressed/vmlinux.bin.z'. So make it
clear that such paths are relative to arch/ARCH/boot/.
Also, drop the part about this being only useful for Xtensa as this is
not true: on MIPS it might be needed as well for some specific image
types.
Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 2 Apr 2020 21:45:48 +0000 (23:45 +0200)]
 
linux: do not install images in subdirectories
The Linux kernel image is typically found in arch/ARCH/boot/, which is
why LINUX_IMAGE_PATH is defined as:
LINUX_IMAGE_PATH = $(LINUX_ARCH_PATH)/boot/$(LINUX_IMAGE_NAME)
However, on MIPS, some kernel image types are available from
arch/mips/boot/compressed, or even at the top-level directory. For
such cases, LINUX_IMAGE_NAME might be set (using
BR2_LINUX_KERNEL_IMAGE_NAME) to values such as:
  compressed/vmlinux.bin.z
or
  ../../../uzImage.bin
Except that the line:
  $(INSTALL) -m 0644 -D $(LINUX_IMAGE_PATH) $(1)/$(LINUX_IMAGE_NAME)
will lead to such images be installed in:
  $(TARGET_DIR)/boot/compressed/vmlinux.bin.z
  $(BINARIES_DIR)/compressed/vmlinux.bin.z
and:
  $(TARGET_DIR)/boot/../../../uzImage.bin
  $(BINARIES_DIR)/../../../uzImage.bin
which of course is completely bogus.
So let's install them under their name, not their full relative path
to arch/ARCH/boot/.
Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Thu, 2 Apr 2020 16:17:59 +0000 (18:17 +0200)]
 
package/cegui: fix invalid cast
Fixes:
- http://autobuild.buildroot.net/results/a76/
a76e88d1805c836bf095b9b6ed5fb52aa0fcdc0a
- http://autobuild.buildroot.net/results/d24/
d24ebb999215a23e0743c29ca137745417316bc4
- http://autobuild.buildroot.net/results/37b/
37b46d25a98a17ead9133cba9fd6c8ebe8996d60
and many many more...
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[Peter: drop number from patch subject]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sébastien Szymanski [Thu, 2 Apr 2020 10:08:20 +0000 (12:08 +0200)]
 
package/libopenssl: security bump to version 1.1.1f
Fixes the following security issues (1.1.1e):
CVE-2019-1551 [Low severity]: There is an overflow bug in the x64_64
Montgomery squaring procedure used in exponentiation with 512-bit moduli.
No EC algorithms are affected.  Analysis suggests that attacks against
2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect
would be very difficult to perform and are not believed likely.  Attacks
against DH512 are considered just feasible.  However, for an attack the
target would have to re-use the DH512 private key, which is not recommended
anyway.  Also applications directly using the low level API BN_mod_exp may
be affected if they use BN_FLG_CONSTTIME.  Reported by OSS-Fuzz and Guido
Vranken.
https://www.openssl.org/news/secadv/
20191206.txt
CVE-2019-1563 [Low severity]: In situations where an attacker receives
automated notification of the success or failure of a decryption attempt an
attacker, after sending a very large number of messages to be decrypted, can
recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a Bleichenbacher
padding oracle attack.  Applications are not affected if they use a
certificate together with the private RSA key to the CMS_decrypt or
PKCS7_decrypt functions to select the correct recipient info to decrypt.
Reported by Bernd Edlinger.
https://www.openssl.org/news/secadv/
20190910.txt
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 2 Apr 2020 21:12:24 +0000 (23:12 +0200)]
 
support/config-fragments/autobuild: update OpenRISC toolchain
Following commit 
eee96b0f0ad224b3e09a9b98c26d056e18f17fd5 that adds a
gcc patch for OpenRISC, the OpenRISC pre-built toolchain was
rebuilt. Let's use this new toolchain version for the autobuilders.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 2 Apr 2020 20:53:48 +0000 (22:53 +0200)]
 
package/x11r7/xserver_xorg-server: bump version to 1.20.8
Removed patch applied upstream:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/
c2ef88c4d3a551ff7646bfb86550cae32b02a510
Removed md5 & sha1 hashes, not provided by upstream anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 2 Apr 2020 20:45:03 +0000 (22:45 +0200)]
 
package/{mesa3d, mesa3d-headers}: bump version to 20.0.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jianhui Zhao [Mon, 30 Mar 2020 16:43:38 +0000 (00:43 +0800)]
 
package/libuwsc: bump version to 3.3.4
Adjust license hash for a change in email address:
-Copyright (c) 2019 Jianhui Zhao <jianhuizhao329@gmail.com>
+Copyright (c) 2019 Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Mon, 30 Mar 2020 16:31:21 +0000 (09:31 -0700)]
 
package/libpjsip: bump version to 2.10
Other changes:
  - Change the site URL as the upstream project has migrated to Github
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Mon, 30 Mar 2020 16:03:01 +0000 (09:03 -0700)]
 
package/janus-gateway: bump version to 0.9.2
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 30 Mar 2020 21:55:00 +0000 (23:55 +0200)]
 
package/wpa_supplicant: fix CVE-2019-16275
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 30 Mar 2020 21:54:25 +0000 (23:54 +0200)]
 
package/hostapd: fix CVE-2019-16275
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 30 Mar 2020 22:17:19 +0000 (00:17 +0200)]
 
package/libsndfile: add upstream security fixes
- Fix CVE-2017-6892: In libsndfile version 1.0.28, an error in the
  "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an
  out-of-bounds read memory access via a specially crafted AIFF file.
- Fix CVE-2017-8361: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (buffer overflow and application crash) or possibly have unspecified
  other impact via a crafted audio file.
- Fix CVE-2017-8362: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (invalid read and application crash) via a crafted audio file.
- Fix CVE-2017-8363: The flac_buffer_copy function in flac.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (heap-based buffer over-read and application crash) via a crafted
  audio file.
- Fix CVE-2017-8365: The i2les_array function in pcm.c in
  libsndfile 1.0.28 allows remote attackers to cause a denial of service
  (buffer over-read and application crash) via a crafted audio file.
- Fix CVE-2017-12562: Heap-based Buffer Overflow in the
  psf_binheader_writef function in common.c in libsndfile through 1.0.28
  allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
James Hilliard [Mon, 30 Mar 2020 23:39:55 +0000 (17:39 -0600)]
 
package/gdb: bump to version 8.3.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 2 Apr 2020 16:28:00 +0000 (18:28 +0200)]
 
package/cjson: bump to version 1.7.13
Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nazım Gediz AYDINDOĞMUŞ [Thu, 2 Apr 2020 12:41:12 +0000 (12:41 +0000)]
 
docs/manual: minor typo fix
Definition of LIBFOO_USERS actually ends on 33rd line.
Signed-off-by: Nazım Gediz Aydındoğmuş <gediz.aydindogmus@genemek.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 30 Mar 2020 18:22:50 +0000 (20:22 +0200)]
 
{linux, linux-headers}: add version 5.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: move .. or later text to 5.6]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 30 Mar 2020 18:22:48 +0000 (20:22 +0200)]
 
toolchain/Config.in: move BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_5
Config option was placed at the wrong position.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Mon, 30 Mar 2020 23:46:12 +0000 (16:46 -0700)]
 
package/nftables: check for python
If python or python3 is selected, nftables should depend on the package
and set the --enable-python option, otherwise set --disable-python
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabio Estevam [Wed, 1 Apr 2020 17:05:04 +0000 (14:05 -0300)]
 
kmscube: Bump to the most recent version
Bump to the latest kmscube version.
Since kmscube has been converted to meson, adjust the .mk file
accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabio Estevam [Wed, 1 Apr 2020 17:05:03 +0000 (14:05 -0300)]
 
kmscube: Change repository to gitlab
The https://cgit.freedesktop.org/mesa/kmscube repository
is mirrored from https://gitlab.freedesktop.org/mesa/kmscube, so
switch to the gitlab one.
The other advantage of using the gitlab repository is that it can handle
archive downloads, so switch to it.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Evgeniy Didin [Mon, 10 Feb 2020 07:40:30 +0000 (10:40 +0300)]
 
package/strace: bump to version 5.5
Drop patch.
Strace 5.5 now is compatible with glibc-2.31 and
Linux kernel headers < 5.3.
The copyright year was updated in COPYING, so update the hash.
Fixes:
  - http://autobuild.buildroot.net/results/
dd7ec26396412375941eaf43daf755d61a68458b/
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Cc: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr:
  - add autobuilder reference provided by Baruch
  - fix hash for COPYING
  - two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 30 Mar 2020 20:40:30 +0000 (22:40 +0200)]
 
package/tinyproxy: disable a2x
If a2x is found, tinyproxy won't touch the configuration files and will
try to regenerate them which will result in the following build failure:
make[4]: Entering directory `/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/build/tinyproxy-1.10.0/docs/man5'
  GEN      tinyproxy.conf.5
  File "/accts/mlweber1/bin/a2x", line 76
    print '%s: %s' % (PROG,msg)
          ^
SyntaxError: invalid syntax
Fixes:
 - http://autobuild.buildroot.org/results/
fbd81c05f37a3db6df1cbc3495a89957c6587d25
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 30 Mar 2020 21:49:13 +0000 (23:49 +0200)]
 
package/gupnp-tools: bump to version 0.10.0
- Update indentation of hash file (two spaces)
- Fix build with latest gupnp/gssdp thanks to
  https://gitlab.gnome.org/GNOME/gupnp-tools/-/commit/
41feb3168d3870e0d017c248f20cbe85bc5acde7
Fixes:
 - No autobuilder failures yet
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Tue, 31 Mar 2020 20:12:05 +0000 (17:12 -0300)]
 
configs/mx53loco: bump the kernel version
Bump the kernel to the 5.4.27 version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Fri, 27 Mar 2020 18:29:59 +0000 (11:29 -0700)]
 
package/gupnp: needs host-vala for introspection
Introspection support in gupnp is handled by way of vala tools and
vala bindings.
Even though host-vala is already a transitive dependency via gssdp,
add it to gupnp for correctness sake; also explicitly enable the
generation of the vala API, since it is required for introspection.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Fri, 27 Mar 2020 18:29:56 +0000 (11:29 -0700)]
 
package/gssdp: build vala bindings for introspection
When building its introspection metadata description files, gssdp can
also generate the associated vala bindings.
Dependent packages may then use either or both the introspection
metadata description files or the vala bindings to generate their own.
For example; this is the case with gupnp, which requires the vala
bindings from gssdp to be able to generate its introspection metadata
description files and vala bindings.
Since there is no way to know whether the vala bindings are required or
not, we always build them. host-vala has no dependency that is not
already a dependency of gssdp, so the overhead is just the time to build
host-vala itself, roughly 32s here when compared to 10+minutes to build
all the dependencies of gssdp with introspection support.
Fixes:
  - http://autobuild.buildroot.org/results/
06f879902a567c26bade630091b21b56f637bd60/
  - http://autobuild.buildroot.org/results/
457ecc20e1932e13e82ff6bdcaf4adaf97cb7d1d/
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yaroslav Syrytsia [Mon, 30 Mar 2020 13:41:37 +0000 (16:41 +0300)]
 
Makefile: make-4.3 now longer un-escapes \# in macros
make-4.3 shipped with a backward incompatible change in how sharp signs
are handled in macros. Previously, up to make 4.2, the sharp sign would
always start a comment, unless backslash-escaped, even in a macro or a
fucntion call.
Now, the sharp sign is no longer starting a comment when it appears
inside such a macro or function call. This behaviour was supposed to be
in force since 3.81, but was not; 4.3 fixed the code to match the doc.
As such, use of external toolchains is broken, as we use the sharp sign
in the copy_toolchain_sysroot macro, in shell variable expansion to
strip off any leading /: ${target\#/}.
Fix that by applying the workaround suggested in the release annoucement
[0], by using a variable to hold a sharp sign.
[0] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Signed-off-by: Yaroslav Syrytsia <me@ys.lc>
[yann.morin.1998@free.fr:
  - move the SHARP_SIGN definition out of Makefile and into support/
  - expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Gary Bisson [Mon, 30 Mar 2020 08:05:22 +0000 (10:05 +0200)]
 
package/freescale-imx/imx-vpu-hantro: bump version to 1.15.0
To match NXP BSP 4.19.35-1.1.0 release:
https://source.codeaurora.org/external/imx/meta-fsl-bsp-release/tree/imx/meta-bsp/recipes-bsp/imx-vpu-hantro?h=warrior-4.19.35-1.1.0
Adds support for i.MX8MMini platform (Hantro H1 encoder).
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Tested-by: Laurent Gauthier <laurent.gauthier_1@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bartosz Bilas [Mon, 30 Mar 2020 11:40:15 +0000 (13:40 +0200)]
 
Config.in.legacy: move cegui06 package to 2020.05 section
During package update, the legacy option was set to the existing
2020.02 release instead of the next 2020.05.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Fri, 27 Mar 2020 07:45:25 +0000 (10:45 +0300)]
 
package/evtest: fix build with musl 1.2.0
Add upstream patch fixing issue with 64-bit time_t introduced in musl
1.2.0 for 32-bit architectures.
Fixes:
http://autobuild.buildroot.net/results/
0847ef68b7f7bffa3083229ad9523dbad28db4f2/
http://autobuild.buildroot.net/results/
73355877a945d3555350bea3bef70dfa68b80018/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 13 Jan 2020 19:57:57 +0000 (20:57 +0100)]
 
package/opencv3: fix build with protobuf
External protobuf is used instead of embedded one since commit
31c68a449ecd7da61ecfd909bea7ce799f9a6450. However it fails to build on:
[ 63%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/misc/caffe/opencv-caffe.pb.cc.o
In file included from /home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:4:
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:17:2: error: #error This file was generated by an older version of protoc which is
   17 | #error This file was generated by an older version of protoc which is
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:18:2: error: #error incompatible with your Protocol Buffer headers. Please
   18 | #error incompatible with your Protocol Buffer headers.  Please
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:19:2: error: #error regenerate this file with a newer version of protoc.
   19 | #error regenerate this file with a newer version of protoc.
      |  ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:12:10: fatal error: google/protobuf/wire_format_lite_inl.h: No such file or directory
   12 | #include <google/protobuf/wire_format_lite_inl.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix this error by setting PROTOBUF_UPDATE_FILES to ON
Fixes:
 - http://autobuild.buildroot.org/results/
219258c90709fc34748929f1dcdf4f0649215e61
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 10 Mar 2020 22:31:32 +0000 (23:31 +0100)]
 
Revert "package/opencv3: bump to version 4.2.0"
This reverts commit 
5e51bb2756ee5063eff9a45a46033a449e2a6195.
Indeed, version 4.x is not backward with opencv 3.x, most of the C API
has been removed as stated in https://opencv.org/opencv-4-0.
Moreover, these issues should also be fixed:
 - pkg-config file is not installed by default since
 https://github.com/opencv/opencv/commit/
e755a2a6e48ae02dd5136a628cc4148566a08225
 - layout of include files and pkg-config file name are different since
 https://github.com/opencv/opencv/commit/
a95673287433fc810eda2d88b94bb234298c4cd5
As a result, ffmpeg fails to build with opencv 4.2.0.
Moreover, it should be noted that -DPROTOBUF_UPDATE_FILES=ON should be
applied in a separate patch to fix existing build failure with 3.4.9 as
stated in https://patchwork.ozlabs.org/patch/
1222308
Fixes:
 - http://autobuild.buildroot.org/results/
ef1d09d8b234807dcd993422f9557e5c34506013
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 29 Mar 2020 12:22:59 +0000 (14:22 +0200)]
 
package/kodi-vfs-rar: bump version to 2.2.3-Leia
Updated hash of lib/UnrarXLib/license.txt due to upstream changes:
https://github.com/xbmc/vfs.rar/commits/Leia/lib/UnrarXLib/license.txt
Changed addon license file to LICENSE.md.
Updated dependencies due to upstream commit:
https://github.com/xbmc/vfs.rar/commit/
6c7a62439eac2b2afeb2bf8c241836cd2ab2b93e
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gary Bisson [Thu, 26 Mar 2020 16:49:42 +0000 (17:49 +0100)]
 
package/freescale-imx: fix i.MX8MMini configuration
- Just like i.MX8MQ, i.MX8MMini is using Hantro VPU.
- Platform name wasn't set for i.MX8Mini
  -> now differencing IMX8MQ and IMX8MM for VPU package
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Mon, 30 Mar 2020 00:09:16 +0000 (18:09 -0600)]
 
package/meson: bump to version 0.54.0
Remove patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Sun, 29 Mar 2020 23:49:24 +0000 (20:49 -0300)]
 
package/procps-ng: use logger in S02sysctl only if it is available
The script used the logger utility unconditionally but it may not exist
(e.g. busybox-minimal.config is used and BR2_PACKAGE_UTIL_LINUX_LOGGER
is not selected).
Declare two functions to perform the operation, run_logger and run_std,
and use the appropriate one, depending on the existence of logger.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Sun, 29 Mar 2020 23:49:23 +0000 (20:49 -0300)]
 
package/procps-ng: add busybox-related comments to S02sysctl
Explain the busybox peculiarities and how the script works with both
versions of the sysctl utility.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Sun, 29 Mar 2020 23:49:22 +0000 (20:49 -0300)]
 
package/busybox: use same S02sysctl script as procps-ng
The scripts were already the same, except for some comments, so make the
busybox S02sysctl a symlink to the procps-ng one, which works with both
versions of the "sysctl" utility.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>