package/libraw: security bump to version 0.20.0

- Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
  range check. This affects decoders/unpack_thumb.cpp,
  postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
  malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
  validating T.tlength.

- zlib is an optional dependency since
  https://github.com/LibRaw/LibRaw/commit/b63f017b063edb5e7091e3952ee20cb4d002edbe

Also update indentation in hash file (two spaces) as well as README.md
hash, no license changes:
 - https://github.com/LibRaw/LibRaw/commit/d1975cb0e055d2bfe58c9d845c9a3e57c346a2f9
 - https://github.com/LibRaw/LibRaw/commit/d38361b76e1a405a25b11165a1ee5495fc899246

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/htop: bump to version 3.0.1

Both patches are now upstream and can be dropped:

 - 7cfaa9dede0f7f711a0fb961559e9629e7c7a259 is "MakeHeader.py: Fix for
   non-utf8 environments"

 - dfd9279f87791e36a5212726781c31fbe7110361 is "Resolve complation
   issues with -fno-common (default from gcc-10)"

The license file hash is changed due to the removal of one empty line:

@@ -353,4 +353,3 @@
  applicable licenses of the version of PLPA used in your combined work,
  provided that you include the source code of such version of PLPA when
  and as the GNU GPL requires distribution of source code.
-

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ccache: bump to version 3.7.11

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/easyframes: add missing dependency on MMU support

Easyframes uses fork when capturing frames in a pcap file, therefore
add the dependency BR2_USE_MMU.

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

config/odroidc2: fix uboot version

The custom UBoot version was not correctly specified, causing the latest
one to be selected instead:

    /home/ymorin/dev/buildroot/buildroot/configs/odroidc2_defconfig:25:warning:
    symbol value '"2020.07"' invalid for BR2_TARGET_UBOOT_CUSTOM_VERSION

Fixes:
    https://gitlab.com/ymorin/buildroot/-/jobs/723411844

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lua-lyaml: bump to version 6.2.6

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/re2: build host as shared libs

host-grpc needs re2 as shared lib.
Set this via cmake config flag.

Fixes:
http://autobuild.buildroot.net/results/a98/a98d3203f68f0f929c544537244e7621e80ce0a1

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libostree: bump to version 2020.6

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/brotli: security update to version 1.0.9

Contains fixes for overflows when input chunks are larger than 2 GiB,
an uninitialized data access, and minor correctness and performance
improvements. There does not seem to be any CVEs filed, but there is
a security notice in the release notes at:

  https://github.com/google/brotli/releases/tag/v1.0.9

Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pigpio: add sysv and systemd init scripts

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mpd: bump to version 0.21.25

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/memcached: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/ba8dcdece193b91845a30cd31d3574674ec30068

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libinput: bump version to 1.16.1

For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2020-August/041590.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/olsr: fix build with bison 3.7.1

Fixes:
 - http://autobuild.buildroot.org/results/174f64f5663e655eb97994b903293c07c70268fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/strace: bump to version 5.8

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xserver_xorg-server: fix the target in systemd service

graphical is equivalent to the sysvinit runlevel 5
multi-user is equivalent to a runlevel between 2 and 4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mraa: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/7701c317e300f0b06d258aed2a3bda866e740f48

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/barebox: bump version to 2020.08.1

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kbd: bump to version 2.3.0

Update hash of COPYING and add CREDITS to license files as most of the
original COPYING content moved to CREDITS and COPYING now contains
GPL-2.0+ text since version 2.0.90 and
https://github.com/legionus/kbd/commit/1304c0c11c2281c942ea07cee6fd1e820a8ba6ba

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ltp-testsuite: fix build with uclibc

Fix a build failure with ltp-testsuite in version 20200515

Fixes:
 - http://autobuild.buildroot.org/results/fb0a67b15482e76b379b4b4d9c43b45bb0fccae1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/easyframes: fix build with musl and gcc 4.8

Fixes:
 - http://autobuild.buildroot.org/results/32007293e04e6c661108639d1589fe078f254ecd
 - http://autobuild.buildroot.org/results/1804e8b68f715de1011750cec2ed5d3d3f7964c8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wayland-utils: needs wayland-protocols

wayland-utils needs wayland-protocols:

Run-time dependency wayland-protocols found: NO (tried pkgconfig)

../output-1/build/wayland-utils-1.0.0/wayland-info/meson.build:4:0: ERROR: Dependency "wayland-protocols" not found, tried pkgconfig

Fixes:
 - http://autobuild.buildroot.org/results/ea4daeb94c25232e3b4a34c1da72bf9bbd5f3cce

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-opcua-asyncio: sort selects alphabetically

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python3-requests: fix version

Commit a01bf684ea0d6eed9755bb4bf43986720ede722e forgot to update
PYTHON3_REQUESTS_VERSION

Fixes:
 - http://autobuild.buildroot.org/results/ecf4abdd15bb267b77bd1f5097dc7e0b35c38dd7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-opcua-asyncio: new package

opcua-asyncio is an asyncio-based asynchronous OPC UA client
based on python-opcua, removing hacks for support of
python < 3.6.
Asynchronous programming allows for simpler code (e.g. less need
for locks) and potentially performance gains.

More information is available at :
https://github.com/FreeOpcUa/opcua-asyncio.

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libraw: drop unrecognized options

demosaic packs have been removed since version 0.19.0 and
https://github.com/LibRaw/LibRaw/commit/b85690eb4881d613dd48068ee82f98ac246690b8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiofiles: new package

Ordinary local file IO is blocking, and cannot easily and
portably made asynchronous.
This means doing file IO may interfere with asyncio applications,
which shouldn’t block the executing thread. aiofiles helps
with this y introducing asynchronous versions of files
that support delegating operations to a separate thread pool.

More information is available at :
https://pypi.org/project/aiofiles.

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mrp: new package

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/janus-gateway: add an option to remove the HTML demos

janus-gateway comes with an example website to test its features.
Since the bump to 0.10.3, this website takes 1.8MiB uncompressed on
the target, among which is a 1MiB video sample which does not compress
well.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/multipath-tools: new package

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: add pytest test

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-pytest: new package

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-iniconfig: new package

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-pluggy: new package

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openpgm: bump to version 5-3-128

- Drop first patch (not needed since
  https://github.com/steve-o/openpgm/commit/e2ff9cf32df5a9037e956a6be1afe75391b1941d)
- Drop second and third patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zeromq: disable -Werror

This will avoid the following build failure with openpgm 5.3:

In file included from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/skbuff.h:39,
                 from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/msgv.h:33,
                 from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/pgm.h:44,
                 from src/ip.cpp:67:
/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/socket.h:207:1: error: ‘const char* pgm_family_string(int)’ defined but not used [-Werror=unused-function]
  207 | pgm_family_string (
      | ^~~~~~~~~~~~~~~~~

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zeromq: add support for openpgm 5.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/minidlna: fix CallStranger a.k.a. CVE-2020-12675

No MINIDLNA_IGNORE_CVES entry is added as no CVE has been assigned to
minidlna. Indeed, CallStranger vulnerability affect(ed) most of the UPnP
stacks (e.g. gupnp, libupnp)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/easyframes: fix static build with pcap

Fixes:
 - autobuild.buildroot.org/results/99062bfc8c21c32bc835acae675aede7c9cf0c90

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xserver_xorg-server: fix xlib_libXfont2 dependency

The dependency to xlib_libXfont2 was mistakenly removed in
https://git.buildroot.net/buildroot/commit/?id=e6dc4f1857eed27a19abd57fae7428bea38b69e5

Add it back again to fix build errors detected by the autobuilders and
remove handling of xlib_libXfont as well because only older versions of
xserver_xorg-server needed it.

Fixes:
http://autobuild.buildroot.net/results/f72/f72cc9b30e55e2c665de7a00482a1c3ba702118c/
http://autobuild.buildroot.net/results/9dd/9dd99e633dee8f11e7b2b973d4a72e51a2812ec9/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/flashrom: bump to version 1.2

- Drop patch (not needed since
  https://github.com/flashrom/flashrom/commit/e0ceedf76d48757a05f22860e7ddd03e430c2252)
- CONFIG_ENABLE_LIBUSB0_PROGRAMMERS has been dropped since
  https://github.com/flashrom/flashrom/commit/b221cd7048f9cde1fe789e686a0e0adaf9a688b3
- arc platform is supported since
  https://github.com/flashrom/flashrom/commit/34d07f00b2990bec4a2ce12852acd42c08ddf217
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/hiredis: fix build with gcc 4.8

This patch is needed to fix a build failure with hiredis 1.0.0

Fixes:
 - http://autobuild.buildroot.org/results/f7aa90d6d6750fb8bf46334513df09360a8c1c7f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/go: bump to go 1.15.1

Go 1.14, 1.15 are major releases of Go.

Read the Release Notes for more information:

 - https://golang.org/doc/go1.14
 - https://golang.org/doc/go1.15

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/linuxptp: needs threads

linuxptp needs threads since version 3.0 and
https://sourceforge.net/p/linuxptp/code/ci/7486e6e4e1b13bd9bceb23c40ace7e048a88b8e5

Fixes:
 - http://autobuild.buildroot.org/results/421dd595f0fd3c0af099cd2991ee94d4edd272e1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/makedumpfile: add BR2_PACKAGE_MAKEDUMPFILE_ARCH_SUPPORTS

makedumpfile only defines KV_BASE in makedumpfile.h with the following
architectures:
 - aarch64
 - arm
 - x86
 - x86_64
 - powerpc32
 - powerpc64
 - s390
 - ia64
 - sparc64

Fixes:
 - http://autobuild.buildroot.org/results/0e20c17bd604ee1168cc379061c120a2d8263e5f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/apparmor: fix per-package build with apache

Per-package build of apparmor with apache fails on:

/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/apxs  -c mod_apparmor.c -L/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/bin/../x86_64-buildroot-linux-musl/sysroot/usr/lib -lapparmor

/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=compile /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/bin/x86_64-linux-gcc -prefer-pic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2    -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include  -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1   -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../../../x86_64-buildroot-lin
 ux-musl/sysroot/usr/include  -c -o mod_apparmor.lo mod_apparmor.c && touch mod_apparmor.slo
mod_apparmor.c:28:10: fatal error: sys/apparmor.h: No such file or directory
 #include <sys/apparmor.h>
          ^~~~~~~~~~~~~~~~

The issue is that sys/appamor.h is not installed in the apache
per-package directory which is mangled by
APACHE_FIX_STAGING_APACHE_CONFIG, i.e.
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include

So implement the same workaround made on apache to replace those wrong
apache paths by apparmor paths in apxs binary and its configuration file
(i.e. config_vars.mk) as suggested by Thomas Petazzoni and Yann E. Morin
during review of the first iteration of this patch

Fixes:
 - http://autobuild.buildroot.org/results/ef1fcd57e0c09a2806bf2272bb21df6d3300b45b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-headers: drop 5.7 headers

The 5.7.x series is now EOL, so drop it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mongrel2: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/858488774503c6cc6a5489bc1e080562f5fc6461

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mongrel2: renumber patches

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/netperf: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/547d9a803375cce93b8e3e7a59243190b71c7688

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mg: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/aacc02abf41e120e0d0b22faa38642e6d149d73f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/hiredis: ssl needs threads

ssl support which has been added in version 1.0.0 needs threads:

/home/buildroot/autobuild/instance-3/output-1/build/hiredis-1.0.0/ssl.c:42:10: fatal error: pthread.h: No such file or directory
 #include <pthread.h>
          ^~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/80ac7500055d167e5ec9a964046de7cca4b4f9f5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nanocom: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/4af4710cb9bbb1bc770b9824339dd7dbf8a80b05

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/hiredis: fix build without C++

This patch is needed to fix a build failure with hiredis 1.0.0

Fixes:
 - http://autobuild.buildroot.org/results/830ec3398cd29b9fc5cde06a225ef531d7a9d850

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-piexif: new package

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lcdproc: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/67367f43cf8b2cc74e9a4f51f9d685ef058d5745

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/lcdproc: renumber patch

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/graphicsmagick: fix CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in
ReadMNGImage in coders/png.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gnutls: security bump to version 3.6.15

libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3
client to crash via a null-pointer dereference. The crash happens in the
application's error handling path, where the gnutls_deinit function is
called after detecting a handshake failure (#1071).
[GNUTLS-SA-2020-09-04, CVSS: medium]

https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-crayons : new package

This module is really simple, it gives you
colored strings for terminal usage.

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/makedumpfile: new package

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

{linux, linux-headers}: add version 5.8

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/website: update for 2020.02.6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.02.6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b120226e0ef58e2665bfefd21bdd31a9adf1acb6)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/matchbox: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/3f552248869d9842b3db8b71c1ca0b030b1a64ba

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/gnupg2: security bump to version 2.2.23

Fixes the following security issues:

CVE-2020-25125: Importing an OpenPGP key having a preference list for AEAD
algorithms will lead to an array overflow and thus often to a crash or other
undefined behaviour (affected: 2.2.21 / 2.2.22)

For more details, see the announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnss: install certutil tool on target

certutil is a command-line utility for managing keys and certificate in
both NSS databases and other NSS tokens.

Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libzip: add patch from upstream to fix build

Cherry-pick a patch from upstream project that fixes the build when used
with a uClibc based toolchain.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/weston: bump to version 9.0.0

Drop patches that are now upstream.

Pipewire now requires renderer-gl, only enable pipewire when
renderer-gl is also enabled.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libcamera: bump version to e59713c6

The libcamera project has moved to C++17, therefore also update the
toolchain requirements accordingly.

Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr: s/\t/  / in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libcamera: Prevent builds on m68k

The ControlValue structure is currently defined with a 16-bit hole
(causing unaligned access to the numElements_ field, though that's a
separate topic).

This structure has a static assertion to ensure that its size does not
change without due care, as it forms part of our ABI and is used in
Serialisation between the pipeline handlers and IPA components.

The m68k architecture is the only target which fails this assertion,
which is likely because it can pack the structure more efficiently,
producing a different binary size.

This is likely an area we will tackle before stabilising our ABI, but
until then, disable m68k builds as libcamera is not expected to be
supported on this target.

Fixes;
  - http://autobuild.buildroot.net/results/9dce26e94299a2c61bba60cbc7803926e2f85e29/

Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr, suggestions from Thomas:
  - introduce BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS
  - propagate that to the comment
  - add autobuilder reference
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/systemd: disable zstd for host-systemd

systemd 246 added support for zstd compression of large fields in
journal files [1]. Since zstd is only used at runtime, we don't
need it to enable its support in host-systemd.

[1] https://github.com/systemd/systemd/blob/v246/NEWS#L323-L331

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/refpolicy: ensure REFPOLICY_EXTRA_MODULES_DIRS is empty when it should be

When both BR2_REFPOLICY_EXTRA_MODULES_DIRS and
PACKAGES_SELINUX_EXTRA_MODULES_DIRS are empty, we expect
REFPOLICY_EXTRA_MODULES_DIRS to also be empty. However, due to spaces,
this is not the case. This commit adds a $(strip ...) call to ensure
it is the case.

Thanks to this, the check on whether REFPOLICY_EXTRA_MODULES_DIRS is
empty later on will really work as it should.

Reported-by: Antoine Ténart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: fix path to board/hardkernel/odroidc2/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/usb_modeswitch: fix parallel install

Extract from bug report:

"In usb_modeswitch Makefile dispatcher-script, dispatcher-dynlink and
dispatcher-statlink are .PHONY targets. The result is that sources are
compiled also when install targets are called.
USB_MODESWITCH_INSTALL_TARGET_CMDS calls $(MAKE) which is a call to
parallel make eg. make -j9. So the install phase can install empty
usb_modeswitch binary (happened once) if the compiler have just cleared
the binary and install command installs it before compiler writes the
binary. USB_MODESWITCH_INSTALL_TARGET_CMDS should call $(MAKE1)."

Instead of disabling parellel install, use install-common target instead
of install-{dyn,stat}link targets. Indeed, the dynamic or static
usb_modeswitch_dispatcher binary will be built by
all-with-{dyn,stat}link-dispatcher targets, there is no need to rebuild
it during the install step

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=12911

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/acsccid: bump to version 1.1.8

- update indentation of hash file (two spaces)

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tinyhttpd: remove package

tinyhttpd is affected by CVE-2002-1819 and is not maintained anymore
(no release since 2001) so remove it

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for ubifs images

If BR2_TARGET_ROOTFS_UBIFS is selected, enable the following kernel options:
  - CONFIG_UBIFS_FS_XATTR
  - CONFIG_UBIFS_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for squashfs images

If BR2_TARGET_ROOTFS_SQUASHFS is selected, enable the following kernel options:
  - CONFIG_SQUASHFS_XATTR

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for jffs2 images

If BR2_TARGET_ROOTFS_JFFS2 is selected, enable the following kernel options:
  - CONFIG_JFS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for f2fs images

If BR2_TARGET_ROOTFS_F2FS is selected, enable the following kernel options:
  - CONFIG_F2FS_FS_XATTR
  - CONFIG_F2FS_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for ext4 images

If BR2_TARGET_ROOTFS_EXT2_4 is selected, enable the following kernel options:
  - CONFIG_EXT4_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for ext3 images

If BR2_TARGET_ROOTFS_EXT2_3 is selected, enable the following kernel options:
  - CONFIG_EXT3_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for ext2 images

If BR2_TARGET_ROOTFS_EXT2 is selected, enable the following kernel options:
  - CONFIG_EXT2_FS_XATTR
  - CONFIG_EXT2_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: enable kernel selinux support for erofs images

If BR2_TARGET_ROOTFS_EROFS is selected, enable the following kernel options:
  - CONFIG_EROFS_FS_XATTR
  - CONFIG_EROFS_FS_SECURITY

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: set the config_lsm kernel config option to selinux

Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.

As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: add a section about SELinux

Add documentation about how to use SELinux in Buildroot, and what are
the available mechanisms to extend and customize the SELinux policy.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
[Thomas: misc improvements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: fix the configure, build and install steps

The refpolicy configure and build step were not correctly defined. The
configuration was split between the configure and build step, while
both the compilation and the installation were done in the install
step. Fix this by moving all the configuration within the
configuration step and by adding a call to make in the build step to
compile the policy.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: allow packages to provide their own SELinux modules

Allow packages to have an 'selinux' subfolder containing SELinux modules
(sources) to be synced and compiled within the refpolicy, if the package
is selected.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: allow to provide a custom refpolicy

Add support for the user to provide a fully custom refpolicy. When
this is used, modules aren't disabled anymore and packages do not
select refpolicy available modules either. The custom refpolicy must
define the full policy explicitly, and must be a fork of the original
refpolicy, to have the same build system.

This is added to allow users to fully control an SELinux policy, by
providing a complete custom policy.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: allow selecting additional modules

Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: allow providing user defined modules

Allow users to provide custom SELinux modules to be part of the final
policy. A new configuration variable is added, pointing to list of
directories containing the custom modules.

SELinux modules do require a metadata.xml file to be well integrated
in the refpolicy build. If this file isn't provided, it will be
automatically created.

For now, this option requires the extra modules to be directly into
the BR2_REFPOLICY_EXTRA_MODULES directory, and subfolders aren't
supported.  They may never be, as having subfolders could introduce
issues when two different modules have the same name (which isn't
supported by the refpolicy).

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/e2fsprogs: select SELinux module

Select the fstools SELinux module when e2fsprogs binaries are compiled
and installed in the target filesystem, so that they'll be supported by
the SELinux policy.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/util-linux: select SELinux module

Select the fstools SELinux module to be compiled in the policy for the
relevant binaries of util-linux.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dbus: select SELinux module

Select the dbus SElinux module so that it will be compiled in the
refpolicy. This way, if an SELinux policy is generated, dbus will be
supported.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: select SELinux modules

Select the systemd and udev SELinux modules so that they will be
compiled in the refpolicy. This way, if an SELinux policy is generated,
Systemd will be supported.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: allow packages to select SELinux modules

Add support for packages to enable SELinux modules already supported by
the refpolicy, but not selected by default in its policy.

With this commit, packages will be able to do something like:

SYSTEMD_SELINUX_MODULES = systemd udev

to enable additional SELinux modules.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy: smaller monolithic policy

The refpolicy is configured to use a monolithic build, compiling all the
available modules (whether they're 'base' or 'modules' ones) in the
binary policy. The result is a quite big SELinux policy, with a lot more
rules than what would be needed in a Buildroot image.

Refactor the refpolicy build configuration to enable less modules by
default. To achieve this, all the modules marked as being part of the
'base' policy are kept but all the modules marked as being only
'modules' are disabled. Then a static list of modules (in addition to
the already selected 'base' ones) are enabled. The result is a much
smaller refpolicy: tests showed a reduction of the binary policy from
2.4M to 249K (~90% smaller).

This minimal set of SELinux modules should allow to boot a system in
enforcing mode in the future. It currently does not work, not because
extra modules are needed, but because of required changes within the
selected modules.

This patch would break backward compatibility as the refpolicy will no
longer have all the modules provided by the project, but only those
selected. This should not be an issue as this configuration was not
suitable directly for a real system. Modifications had to be done. If we
still find out later that this is an issue for someone, we'll have the
ability to mimic what was done previously thanks to other mechanisms
(such as providing the upstream policy as a "custom" policy location).

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

fs/common.mk: move down ROOTFS_REPRODUCIBLE for consistency

This patch is cosmetic and moves down ROOTFS_REPRODUCIBLE for
consistency.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>