buildroot.git
4 years agopackage/pkg-download.mk: add gitlab macro
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:49 +0000 (21:13 +0200)]
package/pkg-download.mk: add gitlab macro

Just like we have a "github" macro to calculate the URL of the tarball
to download source from Github, let's introduce a similar macro for
Gitlab.

This should be used to download the auto-generated tarballs from
Gitlab. If there is a specific release tarball uploaded by the
upstream developers, the <pkg>_SITE variable should not use this new
gitlab macro.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agodocs/manual: improve details about the Github macro
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:48 +0000 (21:13 +0200)]
docs/manual: improve details about the Github macro

The Github macro example shows something that is now considered
incorrect: using v1.0 as the VERSION. This is not longer recommended
as it prevents from matching with release-monitoring.org details.

Let's update the example, and add a note to explain this in more
details.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/php: bump version to 7.4.16
Bernd Kuhls [Sat, 27 Mar 2021 12:50:49 +0000 (13:50 +0100)]
package/php: bump version to 7.4.16

Changelog: https://www.php.net/ChangeLog-7.php#7.4.16

Update license hash due to copyright year bump:
http://git.php.net/?p=php-src.git;a=commitdiff;h=8c04944b66fd4a4fa88e54b65a2391397998c51d

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/freeswitch: bump version to 1.10.6
Bernd Kuhls [Fri, 26 Mar 2021 19:08:56 +0000 (20:08 +0100)]
package/freeswitch: bump version to 1.10.6

Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/sofia-sip: bump version to 1.13.3
Bernd Kuhls [Fri, 26 Mar 2021 19:08:55 +0000 (20:08 +0100)]
package/sofia-sip: bump version to 1.13.3

Removed patches which were applied upstream:
https://github.com/freeswitch/sofia-sip/commit/f6f29b483e9c31ce8d3e87419ec3deea8679312d
https://github.com/freeswitch/sofia-sip/commit/d568475eb7291bc72f585a116319b05d80b818e1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libqmi: bump version to 1.28.2
Petr Vorel [Thu, 25 Mar 2021 17:58:32 +0000 (18:58 +0100)]
package/libqmi: bump version to 1.28.2

libqrtr-glib is now optional dependency (since libqmi >= 1.28.0)

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libqrtr-glib: new package
Petr Vorel [Thu, 25 Mar 2021 17:58:31 +0000 (18:58 +0100)]
package/libqrtr-glib: new package

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/git: bump version to 2.31.1
Peter Seiderer [Sat, 27 Mar 2021 13:27:28 +0000 (14:27 +0100)]
package/git: bump version to 2.31.1

For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2103.3/04320.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/openvpn: bump version to 2.5.1
Bernd Kuhls [Sat, 27 Mar 2021 13:06:54 +0000 (14:06 +0100)]
package/openvpn: bump version to 2.5.1

Release notes:
https://sourceforge.net/p/openvpn/mailman/message/37226597/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/fetchmail: bump version to 6.4.18
Bernd Kuhls [Sun, 28 Mar 2021 08:14:01 +0000 (10:14 +0200)]
package/fetchmail: bump version to 6.4.18

Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/37249830/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/samba4: bump version to 4.14.2
Bernd Kuhls [Sun, 28 Mar 2021 09:45:54 +0000 (11:45 +0200)]
package/samba4: bump version to 4.14.2

Added patch to fix build error.
Removed patch which was applied upstream.

Added two options to samba4-cache.txt to fix cross build, values were
taken from GnuTLS source:
https://gitlab.com/gnutls/gnutls/-/blob/3.6.15/lib/includes/gnutls/gnutls.h.in#L180
https://gitlab.com/gnutls/gnutls/-/blob/3.6.15/lib/includes/gnutls/gnutls.h.in#L341

host-perl is now mandatory, also host-perl-parse-yapp is needed.

Added option to fix build without dbus, this change needed a rework of
the shared-modules configure option, due to this upstream commit:
https://gitlab.com/samba-team/devel/samba/-/commit/b6805d5e0bcf1716f87e84bcbb2fd8f93c38a8a3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/tvheadend: bump version
Bernd Kuhls [Sun, 28 Mar 2021 08:22:11 +0000 (10:22 +0200)]
package/tvheadend: bump version

Upstream removed x11 dependency from vaapi support:
https://github.com/tvheadend/tvheadend/commit/ecd05a21de3075466476df97cf37ffd42c787e58

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/perl: fix configure when BR2_VERSION_FULL contains a '/'
Yann E. MORIN [Sat, 27 Mar 2021 22:42:20 +0000 (23:42 +0100)]
package/perl: fix configure when BR2_VERSION_FULL contains a '/'

When BR2_VERSION_FULL contains one or more '/', injection our version
in the perl patch-level fails:

    /usr/bin/sed: -e expression #1, char 27: unknown option to `s'

When the build is done in a git tree, and HEAD is a tag, BR2_VERSION_FULL
will contain that tag name. Even if not widely common, it is not unusual
for a tag to contain a '/', and this is perfectly legit in git.

So, mangle BR2_VERSION_FULL to escape all '/' with a backslash '\', so
that the sed expression is correct, and so that we eventually have a
correct pathclevel string in perl's --version output.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/network-manager: add CPE variables
Heiko Thiery [Thu, 25 Mar 2021 12:54:42 +0000 (13:54 +0100)]
package/network-manager: add CPE variables

cpe:2.3:a:gnome:networkmanager is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Anetworkmanager

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/qt5webkit: fix ICU related compile failures from capital bool defines
Henri Roosen [Thu, 25 Mar 2021 17:39:47 +0000 (18:39 +0100)]
package/qt5webkit: fix ICU related compile failures from capital bool defines

This patch fixes the following compile failures:

In file included from platform/text/TextAllInOne.cpp:30:
platform/text/TextBreakIteratorICU.cpp: In function ‘bool
WebCore::textInChunkOrOutOfRange(UText*, int64_t, int64_t, UBool,
UBool&)’:
platform/text/TextBreakIteratorICU.cpp:217:28: error: ‘TRUE’ was not
declared in this scope
  217 |             isAccessible = TRUE;
      |                            ^~~~
platform/text/TextBreakIteratorICU.cpp:222:28: error: ‘FALSE’ was not
declared in this scope
  222 |             isAccessible = FALSE;
      |                            ^~~~~
platform/text/TextBreakIteratorICU.cpp:231:28: error: ‘TRUE’ was not
declared in this scope
  231 |             isAccessible = TRUE;
      |                            ^~~~
platform/text/TextBreakIteratorICU.cpp:236:28: error: ‘FALSE’ was not
declared in this scope
  236 |             isAccessible = FALSE;
      |                            ^~~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textLatin1Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:246:16: error: ‘FALSE’ was not
declared in this scope
  246 |         return FALSE;
      |                ^~~~~
platform/text/TextBreakIteratorICU.cpp:266:12: error: ‘TRUE’ was not
declared in this scope
  266 |     return TRUE;
      |            ^~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textUTF16Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:367:16: error: ‘FALSE’ was not
declared in this scope
  367 |         return FALSE;
      |                ^~~~~
platform/text/TextBreakIteratorICU.cpp:387:12: error: ‘TRUE’ was not
declared in this scope
  387 |     return TRUE;
      |            ^~~~
...
In file included from platform/text/TextAllInOne.cpp:32:
platform/text/TextCodecICU.cpp: In member function ‘void
WebCore::TextCodecICU::createICUConverter() const’:
platform/text/TextCodecICU.cpp:272:42: error: ‘TRUE’ was not declared in
this scope
  272 |         ucnv_setFallback(m_converterICU, TRUE);
      |                                          ^~~~

The compile failures are fixed by replacing the use of FALSE/TRUE with
false/true as suggested by [1] and/or [2].

A better description is directly from the patch/pull-request ([3]):

  Traditionally, ICU4C has defined its own `FALSE`=0 / `TRUE`=1 macros for use with `UBool`.
  Starting with ICU 68 (2020q4), we no longer define these in public header files
  (unless `U_DEFINE_FALSE_AND_TRUE`=1),
  in order to avoid name collisions with code outside ICU defining enum constants and similar
  with these names.

and explains why it occurred just recently/since the icu bump to version
68-1 ([4])...

[1] https://unicode-org.atlassian.net/browse/ICU-21267
[2] https://unicode-org.atlassian.net/browse/ICU-21148
[3] https://github.com/unicode-org/icu/pull/1282/commits/5d77f7084dbfad50c7ccc17bccb85aa24bae8937
[4] https://git.buildroot.net/buildroot/commit/?id=88f2d1c4e52607d2c2a1fa8d934152c47167a168

Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libglib2: security bump to version 2.66.8
Fabrice Fontaine [Sun, 21 Mar 2021 13:15:08 +0000 (14:15 +0100)]
package/libglib2: security bump to version 2.66.8

Fix a security issue when using g_file_replace() with
G_FILE_CREATE_REPLACE_DESTINATION

https://gitlab.gnome.org/GNOME/glib/-/tags/2.66.8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/openssh: security bump to version 8.5p1
Fabrice Fontaine [Mon, 22 Mar 2021 19:00:34 +0000 (20:00 +0100)]
package/openssh: security bump to version 8.5p1

* ssh-agent(1): fixed a double-free memory corruption that was
   introduced in OpenSSH 8.2 . We treat all such memory faults as
   potentially exploitable. This bug could be reached by an attacker
   with access to the agent socket.

   On modern operating systems where the OS can provide information
   about the user identity connected to a socket, OpenSSH ssh-agent
   and sshd limit agent socket access only to the originating user
   and root. Additional mitigation may be afforded by the system's
   malloc(3)/free(3) implementation, if it detects double-free
   conditions.

   The most likely scenario for exploitation is a user forwarding an
   agent either to an account shared with a malicious user or to a
   host with an attacker holding root access.

 * Portable sshd(8): Prevent excessively long username going to PAM.
   This is a mitigation for a buffer overflow in Solaris' PAM username
   handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
   implementations.  This is not a problem in sshd itself, it only
   prevents sshd from being used as a vector to attack Solaris' PAM.
   It does not prevent the bug in PAM from being exploited via some
   other PAM application. GHPR#212

Also license has been updated to add some openbsd-compat licenses:
https://github.com/openssh/openssh-portable/commit/922cfac5ed5ead9f796f7d39f012dd653dc5c173

https://www.openssh.com/txt/release-8.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/wpebackend-fdo: bump to version 1.8.2
Adrian Perez de Castro [Mon, 22 Mar 2021 22:28:37 +0000 (00:28 +0200)]
package/wpebackend-fdo: bump to version 1.8.2

This minor release fixes an issue with its public API headers which
can cause third party packages (mainly wpewebkit) to show build errors.
Release notes:

  https://wpewebkit.org/release/wpebackend-fdo-1.8.2.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/wpewebkit: security bump to 2.30.6
Adrian Perez de Castro [Mon, 22 Mar 2021 22:28:36 +0000 (00:28 +0200)]
package/wpewebkit: security bump to 2.30.6

This is a minor release which provides fixes for CVE-2020-27918,
CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, and CVE-2021-1870.

Full release notes can be found at:

  https://wpewebkit.org/release/wpewebkit-2.30.6.html

An accompanying security advisory has been published at:

  https://wpewebkit.org/security/WSA-2021-0002.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/webkitgtk: security bump to 2.30.6
Adrian Perez de Castro [Mon, 22 Mar 2021 22:19:48 +0000 (00:19 +0200)]
package/webkitgtk: security bump to 2.30.6

This is a minor release which provides fixes for CVE-2020-27918,
CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, and CVE-2021-1870.

Full release notes can be found at:

  https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html

An accompanying security advisory has been published at:

  https://webkitgtk.org/security/WSA-2021-0002.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/kodi: honour the libusb option even when disabled
Bernd Kuhls [Mon, 22 Mar 2021 19:10:34 +0000 (20:10 +0100)]
package/kodi: honour the libusb option even when disabled

Make sure libusb support is properly disabled even if the libusb
package is enabled, and in case it gets built before Kodi.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/kodi-inputstream-adaptive: bump version to 2.6.8-Matrix
Bernd Kuhls [Sat, 27 Mar 2021 07:16:37 +0000 (08:16 +0100)]
package/kodi-inputstream-adaptive: bump version to 2.6.8-Matrix

Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/kodi-pvr-vuplus: bump version to 7.4.2-Matrix
Bernd Kuhls [Fri, 26 Mar 2021 08:02:14 +0000 (09:02 +0100)]
package/kodi-pvr-vuplus: bump version to 7.4.2-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/kodi-pvr-hts: bump version to 8.3.0-Matrix
Bernd Kuhls [Wed, 24 Mar 2021 21:24:40 +0000 (22:24 +0100)]
package/kodi-pvr-hts: bump version to 8.3.0-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.hts/blob/Matrix/pvr.hts/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/uclibc: update to 1.0.38
Waldemar Brodkorb [Sat, 27 Mar 2021 15:48:33 +0000 (16:48 +0100)]
package/uclibc: update to 1.0.38

- fixes renameat2 issues on riscv64

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoperl-parse-yapp: new package
Bernd Kuhls [Sat, 27 Mar 2021 17:13:35 +0000 (18:13 +0100)]
perl-parse-yapp: new package

Host version is needed for samba 4.14.x.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/python-dialog3: switch to setuptools
Asaf Kahlon [Sat, 27 Mar 2021 20:35:52 +0000 (23:35 +0300)]
package/python-dialog3: switch to setuptools

The package switched to setuptools (see commit:
https://github.com/frougon/pythondialog/commit/88a3f0b45e81aaecf3a85bcf8b8d8ce907fbe29d)

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/freescale_imx8mpevk: new defconfig
Stephane Viau [Thu, 25 Mar 2021 06:21:41 +0000 (07:21 +0100)]
configs/freescale_imx8mpevk: new defconfig

This patch adds support for the NXP i.MX 8M Plus EVK board [1].

The final boot image is created from uboot and firmware binaries in post
image script board/freescale/common/imx/imx8-bootloader-prepare.sh.

This first support is based on NXP's 5.4.70_2.3.0 BSP.

[1] https://www.nxp.com/design/development-boards/i-mx-evaluation-and-development-boards/evaluation-kit-for-the-i-mx-8m-plus-applications-processor:8MPLUSLPD4-EVK

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoboard/freescale/common/imx: add support for i.MX 8M Plus
Stephane Viau [Thu, 25 Mar 2021 06:21:40 +0000 (07:21 +0100)]
board/freescale/common/imx: add support for i.MX 8M Plus

Almost identical as i.MX 8M Nano, with a couple of differences:
- different ATF load address [1]
- different entry point [2]

[1] https://source.denx.de/u-boot/u-boot/-/commit/e8e2703a3050feb8d2e6473d806c5277d5e3236f
[2] https://source.denx.de/u-boot/u-boot/-/blob/v2021.04-rc4/configs/imx8mp_evk_defconfig#L14

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/imx-mkimage: add support for i.MX 8M Plus
Stephane Viau [Thu, 25 Mar 2021 06:21:39 +0000 (07:21 +0100)]
package/imx-mkimage: add support for i.MX 8M Plus

This SoC uses the same tools to generate boot images as the 8M family.

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/freescale-imx/firmware-imx: add support for i.MX 8M Plus
Stephane Viau [Thu, 25 Mar 2021 06:21:38 +0000 (07:21 +0100)]
package/freescale-imx/firmware-imx: add support for i.MX 8M Plus

This SoC requires the same (LP)DDR training binaries as i.MX 8M SoC
family.

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/freescale-imx: add option for i.MX 8M Plus
Stephane Viau [Thu, 25 Mar 2021 06:21:37 +0000 (07:21 +0100)]
package/freescale-imx: add option for i.MX 8M Plus

The i.MX 8M Plus focuses on machine learning and vision and industrial
automation. It also provides advanced multimedia, including a VPU and
the GPU GC7000UL (3D) + GC520L (2D).

Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kodi-pvr-iptvsimple: bump version to 7.5.1-Matrix
Bernd Kuhls [Wed, 24 Mar 2021 06:55:56 +0000 (07:55 +0100)]
package/kodi-pvr-iptvsimple: bump version to 7.5.1-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-inputstream-ffmpegdirect: bump version to 1.19.4-Matrix
Bernd Kuhls [Wed, 24 Mar 2021 06:55:55 +0000 (07:55 +0100)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.19.4-Matrix

Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libopenssl: security bump version to 1.1.1k
Bernd Kuhls [Fri, 26 Mar 2021 18:44:28 +0000 (19:44 +0100)]
package/libopenssl: security bump version to 1.1.1k

Fixes CVE-2021-3449 & CVE-2021-3450:
https://www.openssl.org/news/vulnerabilities-1.1.1.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agolinux: bump CIP kernel 4.19 series
Petr Vorel [Tue, 23 Mar 2021 18:08:11 +0000 (19:08 +0100)]
linux: bump CIP kernel 4.19 series

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years ago{linux, linux-headers}: bump 5.{4, 10, 11}.x 4.{4, 9, 14, 19} series
Petr Vorel [Tue, 23 Mar 2021 18:08:10 +0000 (19:08 +0100)]
{linux, linux-headers}: bump 5.{4, 10, 11}.x 4.{4, 9, 14, 19} series

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-pvr-vuplus: bump version to 7.4.1-Matrix
Bernd Kuhls [Sun, 21 Mar 2021 09:21:25 +0000 (10:21 +0100)]
package/kodi-pvr-vuplus: bump version to 7.4.1-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/kodi-inputstream-ffmpegdirect: bump version to 1.19.3-Matrix
Bernd Kuhls [Sun, 21 Mar 2021 09:21:24 +0000 (10:21 +0100)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.19.3-Matrix

Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libressl: security bump to 3.2.5
Ismael Luceno [Sat, 20 Mar 2021 23:03:37 +0000 (00:03 +0100)]
package/libressl: security bump to 3.2.5

It includes the following bug fix:

 * A TLS client using session resumption may cause a use-after-free.

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt

Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gvfs: add GVFS_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 21 Mar 2021 09:30:00 +0000 (10:30 +0100)]
package/gvfs: add GVFS_CPE_ID_VENDOR

cpe:2.3:a:gnome:gvfs is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agvfs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gutenprint: add GUTENPRINT_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 21 Mar 2021 09:27:06 +0000 (10:27 +0100)]
package/gutenprint: add GUTENPRINT_CPE_ID_VENDOR

cpe:2.3:a:gutenprint_project:gutenprint is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agutenprint_project%3Agutenprint

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gpsd: add GPSD_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 21 Mar 2021 09:15:37 +0000 (10:15 +0100)]
package/gpsd: add GPSD_CPE_ID_VENDOR

cpe:2.3:a:gpsd_project:gpsd is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agpsd_project%3Agpsd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gettext-gnu: add CPE variables
Fabrice Fontaine [Sun, 21 Mar 2021 09:09:13 +0000 (10:09 +0100)]
package/gettext-gnu: add CPE variables

cpe:2.3:a:gnu:gettext is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Agettext

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sdl_net: update to latest git tree
Gleb Mazovetskiy [Sun, 21 Mar 2021 07:36:04 +0000 (07:36 +0000)]
package/sdl_net: update to latest git tree

The latest officially released version of SDL_net is 1.2.8, released
in 2012. Since then, there have been several bugfixes.

SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: use full-length commit hash]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sdl_image: update to latest git tree
Gleb Mazovetskiy [Sun, 21 Mar 2021 07:25:00 +0000 (07:25 +0000)]
package/sdl_image: update to latest git tree

The latest officially released version of SDL_image is 1.2.12, released
in 2012. Since then, there have been many bugfixes, including security
fixes.

SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: use full-length commit hash]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sdl_mixer: update to latest git tree
Gleb Mazovetskiy [Sun, 21 Mar 2021 07:17:04 +0000 (07:17 +0000)]
package/sdl_mixer: update to latest git tree

The latest officially released version of SDL_mixer is 1.2.12, released
in 2012. Since then, there have been many bugfixes on master.

SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
  - use full-length commit hash
  - two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sdl_ttf: switch to github, update version
Gleb Mazovetskiy [Sun, 21 Mar 2021 07:10:37 +0000 (07:10 +0000)]
package/sdl_ttf: switch to github, update version

SDL's canonical source is now on GitHub. The git commit that matches
the Hg commit we used so far is b13aa509166e, but we switch to the
HEAD of the SDL-1.2 branch, which just has two additional commits
touching the autotools files.

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
 - explain why we don;t use the exactly-maching commit
  - use full-length commit hash
  - drop the comment: it did not point to the commit we used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libnss: bump version to 3.63
Giulio Benetti [Sun, 21 Mar 2021 07:59:31 +0000 (08:59 +0100)]
package/libnss: bump version to 3.63

Note: NSS 3.63 requires NSPR 4.30.
Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.63_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libnspr: bump version to 4.30
Giulio Benetti [Sun, 21 Mar 2021 07:59:30 +0000 (08:59 +0100)]
package/libnspr: bump version to 4.30

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoconfigs/qemu_arm_vexpress_tz_defconfig: enable openssl library
Etienne Carriere [Fri, 30 Oct 2020 07:50:45 +0000 (08:50 +0100)]
configs/qemu_arm_vexpress_tz_defconfig: enable openssl library

Enable the OpenSSL library to enable some OP-TEE tests that relies on
it.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/qemu_arm_vexpress_tz: bump versions and update
Vincent Stehlé [Sun, 7 Mar 2021 09:43:17 +0000 (10:43 +0100)]
configs/qemu_arm_vexpress_tz: bump versions and update

- Bump TF-A to version 2.4.
- Bump u-boot to version 2021.01.
- Bump kernel to version 5.11.3.

We switch TF-A to a single FIP image. Thanks to this, TF-A does not need to
use semihosting to load the various BL* anymore (but U-Boot still does).
Update the readme.txt accordingly.

We switch to a u-boot image for the ramdisk. This removes the need to
update the fdt chosen node manually in the bootcmd.

While at it, we drop the generation of the kernel dtb, which we do not use.
In this config, we are indeed using the dtb generated on-the-fly by qemu
and amended by TF-A.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoboot/syslinux: fix gcc-10.x compile
Peter Seiderer [Sun, 7 Mar 2021 17:47:53 +0000 (18:47 +0100)]
boot/syslinux: fix gcc-10.x compile

Add two patches ([1], [2]) taken from the fedora syslinux package ([3]) to fix
compile/linking with gcc-10.x compiler.

[1] https://src.fedoraproject.org/rpms/syslinux/raw/rawhide/f/0005-Workaround-multiple-definition-of-symbol-errors.patch
[2] https://src.fedoraproject.org/rpms/syslinux/raw/rawhide/f/0006-Replace-builtin-strlen-that-appears-to-get-optimized.patch
[3] https://src.fedoraproject.org/rpms/syslinux/tree/rawhide

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-setuptools-rust: bump to version 0.12.1
James Hilliard [Wed, 17 Mar 2021 02:30:21 +0000 (20:30 -0600)]
package/python-setuptools-rust: bump to version 0.12.1

Drop patch that is now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/i2pd: bump to version 2.37.0
Fabrice Fontaine [Tue, 16 Mar 2021 22:33:24 +0000 (23:33 +0100)]
package/i2pd: bump to version 2.37.0

https://github.com/PurpleI2P/i2pd/blob/2.37.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/linux-firmware: add missing closing double quotes
Thomas Petazzoni [Sat, 20 Mar 2021 21:52:13 +0000 (22:52 +0100)]
package/linux-firmware: add missing closing double quotes

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/bananapi_m1_plus_defconfig: select custom headers
Filip Skoneczny [Wed, 17 Mar 2021 15:16:47 +0000 (16:16 +0100)]
configs/bananapi_m1_plus_defconfig: select custom headers

Board used custom Kernel but did not specify
custom headers. This broke the build when
Linux 5.11 was added in d2fe9c6.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1089053980

Signed-off-by: Filip Skoneczny <fskoneczny@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/squid: use external libltdl
Alexander Dahl [Wed, 17 Mar 2021 06:01:45 +0000 (07:01 +0100)]
package/squid: use external libltdl

When enabling BR2_PACKAGE_LIBTOOL it depended on the build order if
squid used the external libltdl or built it from its internal copy. That
broke the build in fli4l where we have additional post build checks
analyzing runtime dependencies and a separate step for copying build
artefacts to target packages.

Depend on the external libltdl unconditionally like done with commit
3efc5a250c1c ("package/siproxd: new package") for package siproxd
recently as well. For reproducibility, size, and security.

Link: https://web.nettworks.org/ci/job/fli4l/job/buildroot/job/4.0/job/trunk-sunxi/672/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/tor: security bump version to 0.4.5.7
Bernd Kuhls [Wed, 17 Mar 2021 06:52:31 +0000 (07:52 +0100)]
package/tor: security bump version to 0.4.5.7

Updated license hash due to upstream commit:
https://gitweb.torproject.org/tor.git/commit/LICENSE?h=tor-0.4.5.7&id=02230575c4da6cd6342516e6682f95dad3e3e29e

Fixes CVE-2021-28089 & CVE-2021-28090.

Release notes: https://blog.torproject.org/node/2009

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/lualdap: bump to version 1.2.6
Francois Perrad [Wed, 17 Mar 2021 10:12:34 +0000 (11:12 +0100)]
package/lualdap: bump to version 1.2.6

- switch to luarocks infrastructure
- support Lua 5.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/elfutils: fix build with uclibc
Fabrice Fontaine [Thu, 18 Mar 2021 07:42:19 +0000 (08:42 +0100)]
package/elfutils: fix build with uclibc

Update first patch to fix a build failure with uclibc and elfutils in
version 0.183.0 which errors out if obstack is not found since
https://sourceware.org/git/?p=elfutils.git;a=commit;h=da855fc9cd415c288bfcb9de1f3d5eb329de0557

Indeed, obstack has been removed from uclibc-ng since version 1.0.21 and
https://github.com/wbx-github/uclibc-ng/commit/0bd6bfb2b643ea2b4b1440dfd917ba752f0c0d15

Fixes:
 - http://autobuild.buildroot.org/results/003ae73c7b48ad6b9837fb19ca197061d20eaf6d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/pulseview: bump to version 0.4.2
Fabrice Fontaine [Thu, 18 Mar 2021 06:33:13 +0000 (07:33 +0100)]
package/pulseview: bump to version 0.4.2

- Drop first patch (already in version)
- BR2_PACKAGE_QT5TOOLS_LINGUIST_TOOLS is mandatory since
  https://sigrok.org/gitweb/?p=pulseview.git;a=commit;h=0466001be51e779b23aaebec1cc9361305c07be9

https://github.com/sigrokproject/pulseview/blob/pulseview-0.4.2/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/haproxy: bump to version 2.2.10
Fabrice Fontaine [Wed, 17 Mar 2021 17:20:13 +0000 (18:20 +0100)]
package/haproxy: bump to version 2.2.10

https://www.mail-archive.com/haproxy@formilux.org/msg39916.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/fwts: bump to version 21.02.00
Vincent Stehlé [Wed, 17 Mar 2021 22:10:12 +0000 (23:10 +0100)]
package/fwts: bump to version 21.02.00

The dates in the copyright file have changed; update the hash accordingly.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/efivar: add upstream post-37 patches fixing efibootmgr -v
Peter Korsgaard [Wed, 17 Mar 2021 20:43:34 +0000 (21:43 +0100)]
package/efivar: add upstream post-37 patches fixing efibootmgr -v

Without this patch, efibootmgr -v errors out:

efibootmgr -v
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0002,0000
Boot0000* Diagnostic ProgramCould not parse device path: Invalid argument

vs:

efibootmgr -v
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0002,0000
Boot0000* Diagnostic Program    FvVol(5c60f367-a505-419a-859e-2a4ff6ca6fe5)/FvFile(085e8cc2-8ec9-4666-bd2a-49d481e95fa7)
Boot0001* containeros-a HD(1,GPT,1491d519-d9d7-7c4e-9110-4ab21271ac64,0x800,0x20000)/File(\efi\container\boot.efi)

For more details, see:

https://github.com/rhboot/efibootmgr/issues/133
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963475

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/jasper: bump version to 2.0.27
Michael Vetter [Thu, 18 Mar 2021 11:33:27 +0000 (12:33 +0100)]
package/jasper: bump version to 2.0.27

Changes:
  * Check for an image containing no samples in the PGX
    decoder. (#271, #272, #273, #274, #275, #276, #281)
  * Check for dimensions of zero in the JPC and JPEG decoders.
  * Fix an arguably incorrect type for an integer literal
    in the PGX decoder. (#270)
  * Check for an invalid component reference in the
    JP2 decoder. (#269)
  * Check on integer size in JP2 decoder. (#278)

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/liburiparser: bump to version 0.9.5
Fabrice Fontaine [Fri, 19 Mar 2021 06:38:37 +0000 (07:38 +0100)]
package/liburiparser: bump to version 0.9.5

https://github.com/uriparser/uriparser/blob/uriparser-0.9.5/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/linux-firmware: add option for Marvell 8997 wifi cards
Peter Seiderer [Thu, 18 Mar 2021 19:55:41 +0000 (20:55 +0100)]
package/linux-firmware: add option for Marvell 8997 wifi cards

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/git: bump version to 2.31.0
Peter Seiderer [Thu, 18 Mar 2021 20:16:55 +0000 (21:16 +0100)]
package/git: bump version to 2.31.0

- drop libpcre1 support

For details see [1].

[1] https://lore.kernel.org/git/xmqqwnu8z03c.fsf@gitster.g/T/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/git: bump version to 2.30.2
Peter Seiderer [Thu, 18 Mar 2021 20:16:54 +0000 (21:16 +0100)]
package/git: bump version to 2.30.2

Fix CVE-2021-21300:

  On case-insensitive file systems with support for symbolic links,
  if Git is configured globally to apply delay-capable clean/smudge
  filters (such as Git LFS), Git could be fooled into running
  remote code during a clone.

For details see [1] and [2].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2102.1/01858.html
[2] http://lkml.iu.edu/hypermail/linux/kernel/2103.1/02533.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-python: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:43 +0000 (20:47 +0100)]
package/gst1-python: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst-omx: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:42 +0000 (20:47 +0100)]
package/gst-omx: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gstreamer1-editing-services: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:41 +0000 (20:47 +0100)]
package/gstreamer1-editing-services: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-rtsp-server: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:40 +0000 (20:47 +0100)]
package/gst1-rtsp-server: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-vaapi: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:39 +0000 (20:47 +0100)]
package/gst1-vaapi: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-libav: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:38 +0000 (20:47 +0100)]
package/gst1-libav: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-devtools: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:37 +0000 (20:47 +0100)]
package/gst1-devtools: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-plugins-ugly: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:36 +0000 (20:47 +0100)]
package/gst1-plugins-ugly: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-plugins-bad: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:35 +0000 (20:47 +0100)]
package/gst1-plugins-bad: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-plugins-good: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:34 +0000 (20:47 +0100)]
package/gst1-plugins-good: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gst1-plugins-base: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:33 +0000 (20:47 +0100)]
package/gst1-plugins-base: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gstreamer1: bump version to 1.18.4
Peter Seiderer [Thu, 18 Mar 2021 19:47:32 +0000 (20:47 +0100)]
package/gstreamer1: bump version to 1.18.4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/qpid-proton: fix build on musl
Fabrice Fontaine [Sat, 20 Mar 2021 17:40:56 +0000 (18:40 +0100)]
package/qpid-proton: fix build on musl

Fix build on musl with qpid-proton in version 0.33.0 which was added
with commit d4c0fde91da0d79204a21ed8de1bd410efa1c4d6

Fixes:
 - http://autobuild.buildroot.org/results/6a901b9ff68b7f52cabf8273d1017025fbd93b0d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libwebsockets: needs dynamic library
Fabrice Fontaine [Fri, 19 Mar 2021 21:29:00 +0000 (22:29 +0100)]
package/libwebsockets: needs dynamic library

kismets fails to build statically with libwebsockets since commit
14522a8f9d272204763c49a21ebce5653430c612 because libwebsockets does not
specify any Libs.Private field in its pkg-config file resulting in the
following failure:

configure:10659: checking for lws_client_connect_via_info in -lwebsockets
configure:10684: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arm-linux-g++ -std=gnu++17 -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2   -static -static -O3 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.cpp -lwebsockets  -latomic -lz >&5
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libwebsockets.a(tls.c.o): in function `alpn_cb':
tls.c:(.text+0x24): undefined reference to `SSL_select_next_proto'

As it is not trivial to specify Libs.Private with cmake buildsystem
(i.e. LIB_LIST contains the list of libraries but in the "cmake format"
with full paths and ';'), just disable static build with libwebsockets.

Fixes:
 - http://autobuild.buildroot.org/results/9fc7891b61b1c487b95f07c59b802dd98ef71e3a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/janet: fix build without threads
Fabrice Fontaine [Fri, 19 Mar 2021 21:27:37 +0000 (22:27 +0100)]
package/janet: fix build without threads

Fix build of janet without threads which is broken since its addition
in commit 9a5c9c058cbb250cfb9519347507a030e157ed16

Fixes:
 - http://autobuild.buildroot.org/results/dd894a7178a395ea29912804132b1516934e8fa3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/beaglebone_qt5: add overlay to defconfig
Michael Nosthoff [Fri, 19 Mar 2021 14:59:07 +0000 (15:59 +0100)]
configs/beaglebone_qt5: add overlay to defconfig

commit 8efc5dce98f9795d97b7a3452f9be4a774032379 added an overlay but
forgot to add it to the related defconfig.

Fixes: missing overlay data in image
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/ejabberd: add EJABBERD_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 19:13:07 +0000 (20:13 +0100)]
package/ejabberd: add EJABBERD_CPE_ID_VENDOR

cpe:2.3:a:process-one:ejabberd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprocess-one%3Aejabberd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/dtc: add DTC_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 19:00:06 +0000 (20:00 +0100)]
package/dtc: add DTC_CPE_ID_VENDOR

cpe:2.3:a:dtc_project:dtc is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adtc_project%3Adtc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/doxygen: add DOXYGEN_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 18:50:11 +0000 (19:50 +0100)]
package/doxygen: add DOXYGEN_CPE_ID_VENDOR

cpe:2.3:a:doxygen:doxygen is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adoxygen%3Adoxygen

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/dhcpcd: add DHCPCD_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 18:41:57 +0000 (19:41 +0100)]
package/dhcpcd: add DHCPCD_CPE_ID_VENDOR

cpe:2.3:a:dhcpcd_project:dhcpcd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adhcpcd_project%3Adhcpcd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/davfs2: add DAVFS2_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 18:30:19 +0000 (19:30 +0100)]
package/davfs2: add DAVFS2_CPE_ID_VENDOR

cpe:2.3:a:werner_baumann:davfs2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awerner_baumann%3Adavfs2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/cracklib: add CRACKLIB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 18:21:02 +0000 (19:21 +0100)]
package/cracklib: add CRACKLIB_CPE_ID_VENDOR

cpe:2.3:a:cracklib_project:cracklib is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acracklib_project%3Acracklib

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/cups-filters: add CUPS_FILTERS_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 20 Mar 2021 18:12:55 +0000 (19:12 +0100)]
package/cups-filters: add CUPS_FILTERS_CPE_ID_VENDOR

cpe:2.3:a:linuxfoundation:cups-filters is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxfoundation%3Acups-filters

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agosupport/download: fix tarball generation with symlinks pointing to ./something
Jean-pierre Cartal [Thu, 18 Mar 2021 07:28:16 +0000 (08:28 +0100)]
support/download: fix tarball generation with symlinks pointing to ./something

When a --transform expression is provided, it is by default also applied
to the target of a symlink.

When we create tarballs (from git or svn checkouts), we use a --transform
expression to replace the leading ./ with the package name and version.

This causes issues when a package contains symlinks that points to
./something, as the leading './' is also replaced.

Fix that by using the 'S' transformation scope flag, as described in the
tar manual:
    https://www.gnu.org/software/tar/manual/html_node/transform.html#transform

    In addition, several transformation scope flags are supported, that
    control to what files transformations apply. These are:

    ‘r’ Apply transformation to regular archive members.
    ‘R’ Do not apply transformation to regular archive members.
    ‘s’ Apply transformation to symbolic link targets.
    ‘S’ Do not apply transformation to symbolic link targets.
    ‘h’ Apply transformation to hard link targets.
    ‘H’ Do not apply transformation to hard link targets.

    Default is ‘rsh’ [...].

Fixes: #13616
This has been checked to not change any of the existing hash for any of
our git-downloaded package (some are host-only, hence the few fixups):

    ---8<---
    $ m="$( git grep -l -E -- -br[[:digit:]]+.tar.gz boot package/ \
            |awk -F/ '{print $(NF-1)}' \
            |sed -r -e 's/(imx-mkimage|netsurf-buildsystem|prelink-cross|qoriq-rcw|vboot-utils)/host-\1/g' \
                    -e 's/$/-source/'
          )"
    $ make defconfig; make clean; BR2_DL_DIR=$(pwd)/trash-me make ${m}
    ---8<---

Note: it is unclear what the 'H' flag does nor how it works, because the
concept of "target of a hardlink" is not obvious; probably it has to do
with how tar internally detects and stores hardlinks. Since we do not
yet have any issue with hardlinks, just ignore the problem for now, and
postpone until we have an actual issue with a real test-case.

Signed-off-by: Jean-pierre Cartal <jpcartal@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
  - re-indent commit log
  - add scriptlet to test existing hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/zstd: security bump to version 1.4.9
Fabrice Fontaine [Sat, 20 Mar 2021 09:05:25 +0000 (10:05 +0100)]
package/zstd: security bump to version 1.4.9

Fix CVE-2021-24032: Beginning in v1.4.1 and prior to v1.4.9, due to an
incomplete fix for CVE-2021-24031, the Zstandard command-line utility
created output files with default permissions and restricted those
permissions immediately afterwards. Output files could therefore
momentarily be readable or writable to unintended parties.

https://github.com/facebook/zstd/releases/tag/v1.4.9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agosupport/download: fix git/svn corrupted cache
Thomas De Schampheleire [Fri, 19 Mar 2021 20:15:40 +0000 (21:15 +0100)]
support/download: fix git/svn corrupted cache

Commit 54d3d94b6e3846447b5796ef8587b08b537cd348 ("support/download: print
command used for download") broke the git and svn download helpers, because
these helpers have invocations of the _git/_svn commands where the exact
output matters.

For example for git, this would result in:

    date: invalid date ‘GIT_DIR=.../dl/libyuv/git/.git git log -1 --pretty=format:%ci \n2019-04-12 17:48:45 +0000’
    Detected a corrupted git cache.
    Removing it and starting afresh.

Fix by splitting the _git function in two: _git and _plain_git.
The former echoes the command, and then calls the latter.
Most invocations use _git as before, but those cases where the output should
not be disturbed, directly call _plain_git.

For symmetry, all download helpers are aligned, even though only the git and
svn helpers were broken.

Fixes: #13631
Fixes:
    http://autobuild.buildroot.org/results/c2f/c2fcd4aa6660e3c2f9c6f85646ca7dfe0db56040/

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: add bug report and autobuild failure]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/linux-firmware: add RTL87XX/RTL88XX Bluetooth firmware
Stefan Agner [Fri, 19 Mar 2021 09:38:07 +0000 (10:38 +0100)]
package/linux-firmware: add RTL87XX/RTL88XX Bluetooth firmware

Add firmware files for Realtek 87XX and 88XX Bluetooth chipsets. Those
are supported by the upstream Realtek Bluetooth driver CONFIG_BT_RTL.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoDEVELOPERS: update Nicolas Serafini e-mail address
Nicolas Serafini [Fri, 19 Mar 2021 10:33:03 +0000 (11:33 +0100)]
DEVELOPERS: update Nicolas Serafini e-mail address

Signed-off-by: Nicolas Serafini <nicolas.serafini@ik.me>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agosupport/download: print command used for download
Thomas De Schampheleire [Fri, 15 Jan 2021 15:00:46 +0000 (16:00 +0100)]
support/download: print command used for download

Even though that most download commands actually print some output, like
progress indication or other messages, the actual command used is not. This
makes it hard to analyze a build log when you are not fully familiar with
the typical output of said log.

Update the download helpers to do just that, respecting any quiet/verbose
flag so that a silent make (make -s) does not get more verbose.

Note: getting rid of the duplication of the command in the script is not
straightforward without breaking support for arguments with spaces.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: use printf, not echo]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agosupport/download: rename internal 'verbose' variable where applicable
Thomas De Schampheleire [Fri, 15 Jan 2021 15:00:45 +0000 (16:00 +0100)]
support/download: rename internal 'verbose' variable where applicable

Most 'verbose' variable inside the download helpers actually mean 'quiet'.
I.e. they are assigned in case quiet operation is requested, and empty in
case of non-quiet operation. Using the name 'verbose' for such a variable is
confusing, especially when you want to test the variable on emptiness or
non-emptiness (in a subsequent commit).

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>