git.libre-soc.org Git - buildroot.git/log

package/minizip: bump to version 2.10.5

- Drop patches (already in version)
- Set MZ_FETCH_LIBS to OFF (available since version 2.10.5 and
  https://github.com/nmoinvaz/minizip/commit/a1602ed9c82c6b2dd5ea8753dd3fecc3dcc74ba5)
- Use MZ_ICONV which is available since version 2.10.4 and
  https://github.com/nmoinvaz/minizip/commit/628830ff93c2fb1fd1bbb87ccea5857c5caf2af4
- Add xz optional dependency which is available since version 2.10.2 and
  https://github.com/nmoinvaz/minizip/commit/f1cc0e3898b23828765378b2ab6ba7622d1f8dbe

https://github.com/nmoinvaz/minizip/releases/tag/2.10.5
https://github.com/nmoinvaz/minizip/releases/tag/2.10.4
https://github.com/nmoinvaz/minizip/releases/tag/2.10.3
https://github.com/nmoinvaz/minizip/releases/tag/2.10.2
https://github.com/nmoinvaz/minizip/releases/tag/2.10.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/librsvg: bump to version 2.50.2

https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.2/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mongodb: bump to version 4.2.11

https://docs.mongodb.com/master/release-notes/4.2-changelog/#id1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/netsnmp: fix memory leak in IP-MIB when running without IPv6

In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.

Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.

Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libdrm: add license file

Add xf86drm.c as the license file and while at it, update the indentation
in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mutt: fix CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rauc: security bump to version 1.5

Fixes the following security issue:

- CVE-2020-25860: Time-of-Check-Time-of-Use Vulnerability in code that
  checks and installs a firmware bundle.
  For more details, see the advisory:
  https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pyqt5: fix qt5 openssl conditional

BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ti-sgx-*: fix s/correpsonds/corresponds/ typo

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ttyd: bump to version 1.6.2

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/zstd: bump to version 1.4.8

Drop patch (already in version)

https://github.com/facebook/zstd/releases/tag/v1.4.7
https://github.com/facebook/zstd/releases/tag/v1.4.8
(No 1.4.6 release)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ghostscript: bump to version 9.53.3

https://www.ghostscript.com/doc/9.53.3/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/imagemagick: security bump to version 7.10.51

- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
  7.0.10-40 mishandles the -authenticate option, which allows setting a
  password for password-protected PDF files. The user-controlled password
  was not properly escaped/sanitized and it was therefore possible to
  inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
  https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c)

https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptopp: security bump to version 8.3.0

- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
  channel in ECDSA signature generation. This allows a local or remote
  attacker, able to measure the duration of hundreds to thousands of
  signing operations, to compute the private key used. The issue occurs
  because scalar multiplication in ecp.cpp (prime field curves, small
  leakage) and algebra.cpp (binary field curves, large leakage) is not
  constant time and leaks the bit length of the scalar among other
  information. For details, see:
  https://github.com/weidai11/cryptopp/issues/869

- Update license hash due to the addition of ARM SHA1 and SHA256 asm
  implementation from Cryptogams
  https://github.com/weidai11/cryptopp/commit/1a63112faf5af60e0ebcc60654eef806e7f6f11a
  https://github.com/weidai11/cryptopp/commit/4c9ca6b723b5ec5aab7eec720ad4d22598abe941

https://www.cryptopp.com/release830.html

[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/glib-networking: bump to version 2.66.0

https://gitlab.gnome.org/GNOME/glib-networking/-/blob/2.66.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnupg2: bump to version 2.2.25

Update indentation in hash file (two spaces)

https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000449.html
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rtl8188eu: Bump to 60cb0b5 (v5.2.2.4 branch HEAD)

This allows to build against newer kernels (up to 5.10).
Added support for new HW (Edimax EW-7811Un V2, RTL8188FU, MERCUSYS
MW150US v2, various RTL8188CE)

Tested on kernel v5.9.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perl-math-int64: new package

Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perl-devel-size: new package

Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perl-devel-cycle: new package

Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ncurses: don't attempt calling ldconfig in host-ncurses

The host-ncurses install step attempts to run ldconfig, causing a permission
failure:

cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)

The error is non-fatal and ignored, but confusing.

The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.

Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/opkg-utils: needs Python3 on the host

The 'opkg.py' script installed by host-opkg-utils has as shebang:
#!/usr/bin/env python3

which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ffmpeg: enable libv4l2 when selected

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/snort: bump to version 2.9.17

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/chromebook_elm_defconfig: use linux headers same as kernel (5.9 series)

Use linux headers same as kernel (5.9 series).

Fixes:

- https://gitlab.com/buildroot.org/buildroot/-/jobs/917539050

Incorrect selection of kernel headers: expected 5.10.x, got 5.9.x

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: remove Thomas Davis

His e-mail has been bouncing for quite a while:

<sunsetbrew@sunsetbrew.com>: connect to
sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
unreachable

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: remove Owen Walpole

His e-mail has been bouncing for quite a while:

<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
timed out

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pkg-golang.mk: postpone evaluation of TARGET_DIR and HOST_DIR

When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/go: enable ARMv7 optimizations for 32-bit ARMv8

When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.

Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
- move the comment to its own line, expand and reword it a bit
- reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/go: fix a typo in CC and CXX env values

This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.

Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/{mesa3d, mesa3d-headers}: bump version to 20.3.1

Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2020-December/000612.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/roseapplypi: bump kernel to 5.10.1

And drop now upstreamed patches. Mmc support is still not mainline, but
enqueued for 5.12:

https://www.spinics.net/lists/linux-i2c/msg49279.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tinycbor: fix build on musl

Fixes:
- http://autobuild.buildroot.org/results/c23b694442e7f86cbdd14d8789b12e6a8fd26a70

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/syslog-ng: bump to version 3.30.1

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.30.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireshark: security bump to version 3.4.2

The following vulnerabilities have been fixed:
- wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739.
   CVE-2020-26418.
- wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.
- wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994.
   CVE-2020-26420.
- wnpa-sec-2020-19 Multiple dissector memory leak. Bug 17032.
   CVE-2020-26419.
- wnpa-sec-2020-20 QUIC dissector crash Bug 17073.

https://www.wireshark.org/docs/relnotes/wireshark-3.4.1.html
https://www.wireshark.org/docs/relnotes/wireshark-3.4.2.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

pkg-cmake.mk: fix host ccache support for CMake 3.19

Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .

Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.

/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler

Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/qoriq-rcw: rename from package/rcw

This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.

Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.

Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
  - rebase on master
  - incorporate changes by Michael
  - don't move to an 'nxp' sub-directory
  - reword the legacy entry; select the new package
  - expand commit log to explain why we keep installing in
    host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/imx6-sabresd: bump kernel version to 5.10

Bump the kernel version to 5.10.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/iptables: bump to version 1.8.6

remove merged patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-headers: drop 5.8 headers

The 5.8.x series is now EOL, so drop it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

board/kontron/smarc-sal28: remove "known bugs" section

Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sqlite: bump version to 3.34.0

Release notes: https://sqlite.org/releaselog/3_34_0.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-requests: bump to version 2.25.0

LICENSE file content has been changed ([1]) to follow Apache-2.0
instructions.

[1] https://github.com/psf/requests/commit/22b5a39098223f51fcd2df238e13f9bac86b35a4

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/git: fix build without threads

Fix build of git version >= 2.29.0 without threads

Fixes:
- http://autobuild.buildroot.org/results/d41638d1ad8e78dd6f654367c905996b838ee649

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mosquitto: bump version to 2.0.2

Bugfix release. Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/go: bump to version 1.15.6

go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/uclibc-ng-test: add hashes

Fixes:
http://autobuild.buildroot.net/results/4bb/4bb46976665bea99ac62c86d3953ad025f7f0a96/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/uclibc-ng-test: fix TLS for nios2

Fix TLS for nios2 to avoid the following build failure:

In file included from tst-tls1.c:6:
tls-macros.h:101:3: error: #error "No support for this architecture so far."
# error "No support for this architecture so far."
^~~~~

Fixes:
- http://autobuild.buildroot.org/results/303e50d996b7261896f163418831fabb40779ff5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/systemd: add a menu entry to enable portable services

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Reviewed-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/shadowsocks-libev: fix static build with netfilter_conntrack

Fixes:
- http://autobuild.buildroot.org/results/6cad497a7ab941a0ee3fd7007defc81e30cdcbe0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/kismet: fix static build with uclibc

Fixes:
- http://autobuild.buildroot.org/results/b859eb3850c0beb23e18010dc2f07cd0f5c14440

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

boot/arm-trusted-firmware: Forward stack protection configuration

TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.

As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).

So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.

This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:

  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]

TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.

Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libeXosip2: bump to version 5.2.0

- Drop patch (already in version)
- Update indentation in hash file (two spaces)

https://git.savannah.nongnu.org/cgit/exosip.git/tree/ChangeLog?h=5.2.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libosip2: bump to version 5.2.0

Update indentation in hash file (two spaces)

https://git.savannah.nongnu.org/cgit/osip.git/tree/ChangeLog?h=5.2.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

arch/Config.in.powerpc: Drop PPC601 support

Linux support was removed in 5.10 [1]. Since no in-tree defconfig
depends on it, just remove it.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/powerpc?id=f0ed73f3fa2cdca65973659689ec9e46d99a5f60

Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr: reorder legacy entry]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/kontron_smarc_sal28: use kernel 5.10

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: add version 5.10

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/suricata: bump to version 6.0.1

These releases are bug fix releases, fixing numerous important issues.

The 6.0.1 release also improves the experimental HTTP/2 support.

https://suricata-ids.org/2020/12/04/suricata-6-0-1-5-0-5-and-4-1-10-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libhtp: bump to version 0.5.36

https://github.com/OISF/libhtp/releases/tag/0.5.36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcap-ng: bump to version 0.8.2

https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2
https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/haproxy: bump to version 2.2.6

Two major bugs were fixed in this versions, both leading to a memory
corruption and random crashes.

https://www.mail-archive.com/haproxy@formilux.org/msg39068.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-pybind: bump to version 2.6.1

Update indentation in hash file (two spaces)

https://github.com/pybind/pybind11/releases/tag/v2.6.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nmap: fix license

Commit 78dc1f185ba0c8c9085d44318f72ab172867b147 forgot to update the
license file from COPYING to LICENSE.

Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:

Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.

Fixes:
- http://autobuild.buildroot.org/results/8cef6a5e99ae341cced405a389346e2faccf6eec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libglib2: correct upstream status for patch 0001

Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.

Clarify the 'Upstream-status' line to make this more clear.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/unbound: security bump to version 1.13.0

This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.

Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/can-utils: bump to version 2020.11.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/htop: bump to version 3.0.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-lxml: security bump to version 4.6.2

Fixes the following security issues:

* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
  by Yaniv Nizry, which allowed JavaScript to pass through.  The cleaner now
  removes more sneaky "style" content.

* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more
  sneaky "style" content.

For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mosquitto: bump version to 2.0.0

A new major version, see the announcement for details:
https://mosquitto.org/blog/2020/12/version-2-0-0-released/

License has now changed to v2.0 of the Eclipse Public License, so update the
license info and hashes to match.

There is now optional cJSON support, so handle that.

Add upstream post-2.0.0 patches fixing build with cJSON and without TLS
support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sqlcipher: security bump to version 4.4.2

Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.

https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mongoose: add mbedtls support

mbedtls is supported since version 6.7 and
https://github.com/cesanta/mongoose/commit/65e01dbabc1f458af5ad8984f6eb5cb01ebae284

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/kmsxx: fix fmt dependency (needs wchar)

Propagate the fmt dependency on wchar.

Fixes:

- http://autobuild.buildroot.net/results/814b0f9c3df0076791ca73579b844ef4d56f13c3

  [ 66%] Building CXX object CMakeFiles/fmt.dir/src/os.cc.o
  In file included from .../build/fmt-7.1.3/include/fmt/os.h:26,
                   from .../build/fmt-7.1.3/src/os.cc:13:
  .../build/fmt-7.1.3/include/fmt/format.h:1139:8: error: 'wstring' in namespace 'std' does not name a type
     std::wstring str() const { return {&buffer_[0], size()}; }
          ^~~~~~~

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/xapian: bump to version 1.4.17

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libolm: bump to version 3.2.1

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/iozone: bump to version 3_490

Also updated indentation in hash file (two spaces)

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/proj: bump to 7.2.0

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/qemu: fix build with kernel < 5.0

Fixes:
- http://autobuild.buildroot.org/results/e4ef13e8ca4ac634650ed80a72a0e1da59520628

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

DEVELOPERS: drop ti-sgx-libgbm

Commit 814bfc5ec1ab49188d1c8cb7f0d8d857b92d6a03 forgot to drop
ti-sgx-libgbm from DEVELOPERS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/upmpdcli: bump to version 1.5.5

https://www.lesbonscomptes.com/upmpdcli/pages/releases.html#UPMPDCLI-1.5.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libupnpp: bump to version 0.20.1

https://www.lesbonscomptes.com/upmpdcli/pages/releases.html#_2020_11_26_libupnpp_0_20_1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libnpupnp: bump to version 4.0.14

https://www.lesbonscomptes.com/upmpdcli/pages/releases.html#_2020_11_15_libnpupnp_4_0_14

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libgpg-error: bump to version 1.39

https://dev.gnupg.org/T5031
https://dev.gnupg.org/T4859

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/usbutils: bump to version 013

Update indentation in hash file (two spaces)

https://github.com/gregkh/usbutils/blob/v013/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/i2pd: bump to version 2.35.0

Update hash of license file (update in year:
https://github.com/PurpleI2P/i2pd/commit/bc330ff0ea134d5d18d927609d3870192829f70f)

https://github.com/PurpleI2P/i2pd/releases/tag/2.34.0
https://github.com/PurpleI2P/i2pd/releases/tag/2.35.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libusb: needs gcc >= 4.9

libusb depends on gcc >= 4.9 because of _Thread_local since version
1.0.24 and
https://github.com/libusb/libusb/commit/9a1bc8cafb904c20a869c74ad6d657686a1c4bb1

Fixes:
- http://autobuild.buildroot.org/results/7b7f4b31095f8a7eecb347b574391003a2def8bc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dtv-scan-tables: switch upstream location

The old git tree is unreachable now, switch to using the new one.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/ti-sgx-{km, um}: bump to SDK 06.01.00.08 versions

Currently, the ti-sgx packages and the beaglebone_qt5_defconfig do
not work with KMS nor Weston. What's worse, is the latest SDK version
06.03.00.106 (as of this commit) of these packages is broken and does
not correctly support KMS, and attempting to run KMS applications
results in eglfs initialization failures. As such, bumping these
packages to the version before 06.03.00.106 is the best option.

Because of the above problems, several packages must change at the
same time to ensure this patch does not break any other packages:

  - ti-sgx-libgbm
    - dropped, merged into ti-sgx-um, see below

  - ti-sgx-um:
    - bump the version that matches TI SDK 06.01.00.08.
    - demove select BR2_PACKAGE_TI_SGX_LIBGBM in Config.in, as the libgbm
      package merges ti-sgx-libgbm with this package.

  - ti-sgx-km:
    - bump the version that matches TI SDK 06.01.00.08.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Markus <zehnder@live.com>
[yann.morin.1998@free.fr:
  - actually switch qt5base to use ti-sgx-um
  - split the beaglebone config changes to their own patch
  - split the ti-sgx-demos changes to their own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5base: fix build with TI SGX GL stack

qt5base FTBFS with TI SGX GL stack because it defines a type that is
incompatible with that expected by Qt.

Fix that by adapting a mix of upstream bug reports, upstream tentative
patch, and various comments on various Qt forums, none of which were
satisfying for various reasons explained in each resource:

  - https://bugreports.qt.io/browse/QTBUG-72567
  - https://codereview.qt-project.org/c/qt/qtbase/+/248270
  - https://forum.qt.io/topic/88588/qtbase-compilation-error-with-device-linux-rasp-pi3-g-qeglfskmsgbmwindow-cpp/8
  - https://forum.qt.io/topic/91596/raspberry-pi-3-compiling-qt-5-11-0-problem/6
  - https://patchwork.ozlabs.org/project/buildroot/patch/20200702201125.3639873-1-aduskett@gmail.com/#2579598

... which, mixed together with my little understanding of Qt, GL, and
C++, gave a relatively simple patch that overcomes the build failure on
TI's SGX, while at the same time keeping buildability and functionality
on other platforms.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Markus <zehnder@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ti-sgx-demos: use KMS-based demos

Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/beaglebone_qt5: switch to using KMS instead of wayland+weston

weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgcrypt: bump to version 1.8.7

https://dev.gnupg.org/T5113

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libassuan: bump to version 2.5.4

Update indentation in hash file

https://dev.gnupg.org/T5112

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libksba: bump to version 1.5.0

- Update hash of AUTHORS file (update in year and URL)
- Update indentation in hash file

https://dev.gnupg.org/T5146
https://dev.gnupg.org/T4943

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5/qt5mqtt: bump version to 5.15.2 (and fix download)

- bump version to 5.15.2
- change download url to original site

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5/qt5coap: bump version to 5.15.2 (and fix download)

- bump version to 5.15.2
- change download url to original site

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5/qt5knx: bump version to 5.15.2 (and fix download)

- bump version to 5.15.2
- change download url to original site

Fixes:

  - http://autobuild.buildroot.net/results/a043bb991a827880d6c743e63f070fc6a3b72a2f

  >>> qt5knx 5.15.2 Downloading[27m
  --2020-12-12 13:42:47--  https://github.com/qt/qtknx/archive/v5.15.2/qt5knx-5.15.2.tar.gz
  Resolving github.com (github.com)... 140.82.114.3
  Connecting to github.com (github.com)|140.82.114.3|:443... connected.
  HTTP request sent, awaiting response... 302 Found
  Location: https://codeload.github.com/qt/qtknx/tar.gz/v5.15.2/qt5knx-5.15.2 [following]
  --2020-12-12 13:42:47--  https://codeload.github.com/qt/qtknx/tar.gz/v5.15.2/qt5knx-5.15.2
  Resolving codeload.github.com (codeload.github.com)... 140.82.114.10
  Connecting to codeload.github.com (codeload.github.com)|140.82.114.10|:443... connected.
  HTTP request sent, awaiting response... 404 Not Found
  2020-12-12 13:42:47 ERROR 404: Not Found.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/botan: bump to version 2.17.2

https://botan.randombit.net/news.html#version-2-17-2-2020-11-13

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libressl: security bump to version 3.2.3

It includes the following security fix:
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qemu: bump to version 5.2.0

From [1]:
"The build system is now partly based on Meson. However, building is
still done with configure and make as in previous versions of QEMU."

Qemu requires meson >= 0.55.3, Buildroot use the latest version 0.56.0.
In order to add host-meson dependency we have to remove --python option
since it requires to use the meson bundled into Qemu sources [2].

Even without --python, python3 is used. See config-host.mak:
PYTHON=output/host/bin/python3 -B

See config-host.mak to check if meson and ninja from HOST_DIR are used:
MESON=output/host/bin/meson
NINJA=output/host/bin/ninja

Since the switch to meson is partial and still requires using the
configure script, keep using generic-package infra.

Disable new options introduced in Qemu 5.2.0:
--disable-virtiofsd
--disable-vhost-user-blk-server

Runtime tested on gitlab [3]

[1] https://wiki.qemu.org/ChangeLog/5.2#Build_Information
[2] https://git.qemu.org/?p=qemu.git;a=blob;f=configure;h=18c26e0389741643748c70ac7788a996ef006834;hb=553032db17440f8de011390e5a1cfddd13751b0b#l1895
[3] https://gitlab.com/kubu93/buildroot/-/pipelines/228214205

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>