Commit Graph

51220 Commits

Author SHA1 Message Date
Bernd Kuhls
cd07b01a8a package/boinc: bump version to 7.16.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:52:16 +02:00
Giulio Benetti
1cdb2922c9 package/libnss: fix build failure due to patch not applicable
Current 0001 patch has been committed into buildroot before being
upstreamed. Now that it's been upstreamed it changed a little, so this
makes patch 0002(based on upstream version of patch 0001) impossible to
apply causing build failure while applying patches. So let's update
patch 0001 with upstream one.

Fixes:
http://autobuild.buildroot.net/results/c8a/c8a6776a3e9cec1dc67862e4972e3ca8f4562a50/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:43:38 +02:00
Grzegorz Blach
5f915df067 package/pigpio: Bump to version 75
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:40:23 +02:00
Charlie Turner
817d553018 package/cog: support choosing either DRM or FDO platform
A new DRM platform has landed, now you can choose to build with the
DRM or FDO platform, or neither. If neither are selected, Cog will
fallback to a simple WPE backend like WPEBackend-rdk
(https://github.com/WebPlatformForEmbedded/WPEBackend-rdk).

Don't be confused that in both cases the *wpebackend-fdo* package is
required. This is an unfortunate naming issue.

Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:35:54 +02:00
Charlie Turner
8db28f15bb package/cog: add wayland dependencies
The always-built FDO backend relies on this.

Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:35:17 +02:00
Charlie Turner
4a9c25e96f package/cog: add missing libxkbcommon dependency
The always-built FDO backend relies on this.

Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-06 21:35:07 +02:00
Romain Naour
44e5da60b7 package/qemu: disable SDL2 for the host variant
There is no host variant for SDL2 library in Buildroot.
So the qemu build system will try to detect automatically the
external SDL2 libraries installed on the host.

$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libSDL2-2.0.so.0 => /lib64/libSDL2-2.0.so.0

Disable explicitely sdl2 options (named sdl) to improve the
build reproducibility.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-06 20:18:13 +02:00
Romain Naour
743fceb2ed package/qemu: disable bzip2 for the host variant
bzip2 support is needed for reading bzip2-compressed dmg images.

But the host-bzip2 is missing from host qemu package dependency,
so the qemu build system will try to detect automatically the
external libbzip2 libraries installed on the host.

$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libbz2.so.1 => /lib64/libbz2.so.1
or
	libbz2.so.1.0 => output/host/lib/libbz2.so.1.0
if host-bzip2 is built before host-qemu.

Disable explicitely bzip2 options to improve the build
reproducibility.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-06 20:18:10 +02:00
Romain Naour
ece36b9a46 package/qemu: disable vnc optional support for the host variant
The vnc support is enabled by default and the build system
will try to detect automatically some external libraries
installed on the host for vnc-png, vnc-jpeg and vnc-sasl.

$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libpng16.so.16 => /lib64/libpng16.so.16
or
	libpng16.so.16 => output/host/lib/libpng16.so.16
if host-libpng is built before host-qemu.

Disable explicitely thoses options to improve the build
reproducibility.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-06 20:18:08 +02:00
Romain Naour
0c4a80c7c4 package/qemu: disable libssh for the host variant
There is no host-libssh in Buildroot, avoid qemu build system
to find libssh from the host.

Under certain circumstances (host distribution, openssl version), the
qemu-system binary fail to start:

host/bin/qemu-system-aarch64: symbol lookup error: /lib64/libssh.so.4: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

$ ldd output/host/bin/qemu-system-aarch64
	[...]
	libssh.so.4 => /lib64/libssh.so.4

Explicitely disable libssh for the host variant.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-06 20:18:06 +02:00
Thomas Petazzoni
7ae7c82dd6 package/pkg-generic.mk: also replace /lib by STAGING_DIR/lib in .la files
After the staging installation, we replace a number of paths in libtool
.la files so that those paths point to STAGING_DIR instead of a location
in the build machine.

However, we replace only paths that start with /usr. And it turns out
that the linux-pam package is configured with --libdir=/lib (linux-pam
seems to always be installed in /lib rather than /usr/lib).

Due to this, libpam.la contains the following line:

  libdir='/lib'

When building a configuration that has:

 - BR2_ROOTFS_MERGED_USR=y
 - BR2_PACKAGE_LINUX_PAM=y
 - BR2_PACKAGE_POLKIT=y

on a system that has its system-wide PAM library installed in /lib,
the build fails with:

/lib/libpam.so: file not recognized: File format not recognized

For some reason, libtool searches only in STAGING_DIR/usr/lib, but
when BR2_ROOTFS_MERGED_USR=y, STAGING_DIR/lib points to
STAGING_DIR/usr/lib, so libtool finds libpam.la. And this libpam.la
contains a bogus libdir='/lib' path. libtool then goes on, finds
/lib/libpam.so, and links with it, causing the build failure.

By doing the proper replacement of libdir='/lib', we have a correct
libpam.la, and solve the build issue.

There is no autobuilder failure associated to this issue, as it
requires /lib/libpam.so to exist. This is the case on ArchLinux, on
which Xogium reported the issue, which can also be reproduced in an
ArchLinux container.

Reported-by: Xogium <contact@xogium.me>
Cc: Xogium <contact@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
  - tested by manually creating a symlink to libpam.so in /lib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-05 23:17:26 +02:00
Yann E. MORIN
b57632683b package/systemd: make sure init choice and package have same dependencies
Currently, the dependencies for the init system choice, and the
dependencies for the package, are slightly different, and not in the
same order, the latter making it difficult to assess consistency between
the two.

Fix all that, by cross-duplicating dependencies from the init choice and
the package, and order the dependencies according to the manual (arch
first, toolchain, then the others).

Note that some dependencies are redundant, but kept nonetheless for
correctness:

  - BR2_USE_MMU is implied by BR2_TOOLCHAIN_USES_GLIBC, but systemd does
    use fork();

  - !BR2_STATIC_LIBS is also implied by BR2_TOOLCHAIN_USES_GLIBC, but it
    is also inherited from kmod which we select;

  - BR2_TOOLCHAIN_HAS_THREADS is also implied by BR2_TOOLCHAIN_USES_GLIBC,
    but systemd does use pthread_*() functions.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-05 20:33:36 +02:00
Romain Naour
2196ee25ff package/systemd: add gcc >= 5.x dependency
As reported on the mailing list, there is a build issue with systemd 245
when using gcc < 5.0:

http://lists.busybox.net/pipermail/buildroot/2020-April/278931.html

Build issue:
../src/shared/gpt.c:7:9: error: initializer element is not constant
         { GPT_ROOT_X86,              "root-x86"              },

When testing with a toolchain using gcc 5.4.0 and the build is ok.
http://toolchains.bootlin.com/downloads/releases/toolchains/armv5-eabi--glibc--stable-2017.05-toolchains-1-1.tar.bz2

While searching for "error: initializer element is not constant" message, we
can notice a note about gcc 5 change about "Initializing statics with compound
literals":

https://gcc.gnu.org/gcc-5/porting_to.html

Add a dependency on gcc 5 to avoid using to old compiler.

There is the same issue with host-systemd with host gcc 4.9
(tested with Debian Jessie). So, add a dependency on host gcc >= 5.x.

Fixes:
http://autobuild.buildroot.org/results/520/520dab2253f4cbe408a8177a6587dcb38c6ba215
http://autobuild.buildroot.org/results/e0e/e0e0512de822864d670b5d176798a24ab09eed2d
http://autobuild.buildroot.org/results/f56/f5660b2711627fcee4086e096e4ec4d9ba190ab6

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-05 20:33:32 +02:00
Romain Naour
b3d979c0d1 support/testing: fix systemd test by using a more recent gcc
As reported on the mailing list [0], there is a build issue with systemd
245 when using gcc < 5.0, due to the following build issue:

    ../src/shared/gpt.c:7:9: error: initializer element is not constant
             { GPT_ROOT_X86,              "root-x86"              },

The pre-built external toolchain we have for armv5 (the default with
just BR2_arm=y) is a very old toolchain from CodeSourcery, which has a
gcc 4.8; we have no other pre-built toolchains for armv5, except by
using a custom one, like those from the Bootlin toolchain builder. But
using a custom toolchain is not nice, as we want our runtime test to
test nominal configurations.

So, switch the systemd tests to use a Cortex-A9, so that we can use the
ARM 2019.12 toolchain, and with VFP, so that it can boot in the qemu
vexpress machine we use for the test-cases.

Fixes:
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144403
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144405
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144406
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144408
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144410
    https://gitlab.com/buildroot.org/buildroot/-/jobs/498144412

[0] http://lists.busybox.net/pipermail/buildroot/2020-April/278931.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr:
  - just use cortex-a9_VFP, instead of using a bootlin toolchain
  - adapt the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-05 20:32:10 +02:00
Bartosz Bilas
689b9c1a7c package/cegui: disable xerces support
Disable temporarily xerces's support due to used char16_t type
which is not supported in the currently used cegui version (0-8-7)
due to forced c++03 standard.

Fixes:
 - http://autobuild.buildroot.net/results/ea04be78b31b3409801597fc0ebe04627742c0c8
 - http://autobuild.buildroot.net/results/7de3a07c304e3939ec9fd164328d004a5a9bba6d
 - http://autobuild.buildroot.net/results/472b4e8438c9100e06e401296f0417a463e5fcf1

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:27:45 +02:00
Bernd Kuhls
2ba1fb9bdd package/kodi: remove optional libtheora support
Kodi plays these files through ffmpeg and does not link to libtheora
anymore, see PR 9686.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:25:43 +02:00
Jianhui Zhao
e3c4eee3b7 package/libuhttpd: bump version to 3.1.3
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:25:43 +02:00
Yann E. MORIN
3c4c508e7b package/unbound: fix detection of libexpat
unbound open-codes the detection of libexpat, and as all packages doing
so, look in host paths (/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw
/usr). Obviously this is wrong for cross-compilation.

Do for libexpat as we do for openssl, and point unbound to staging dir,
when we know expat is.

Fixes:
    http://autobuild.buildroot.org/results/a89ea6aa1cd8c253b1260ea227fea3dc9b095fe8/

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Stefan Ott <stefan@ott.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:25:43 +02:00
Fabrice Fontaine
cdfa84a80d package/mcrypt: annotate CVEs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:25:43 +02:00
Fabrice Fontaine
d82a5ade0b package/bubblewrap: security bump to version 0.4.1
Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed
in setuid mode and the kernel supports unprivileged user namespaces,
then the `bwrap --userns2` option can be used to make the setuid process
keep running as root while being traceable. This can in turn be used to
gain root permissions. Note that this only affects the combination of
bubblewrap in setuid mode (which is typically used when unprivileged
user namespaces are not supported) and the support of unprivileged user
namespaces.

Also update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-05 16:25:43 +02:00
Bartosz Bilas
aa5e2c041f package/cegui/cegui.mk: fix typos
Configure options should be passed via CONF_OPTS not CONF_OTPS.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: also fix the epoxy ones]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-05 09:04:56 +02:00
Fabrice Fontaine
516b3737bf package/vlc: fix build with opencv3
Fixes:
 - http://autobuild.buildroot.org/results/210424bd33f660aa0757f62a558e1e03faf0f371

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:40:43 +02:00
Stefan Ott
dea7f45fef package/unbound: new package
Unbound: validating, recursive & caching DNS resolver with
DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.

Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:33:10 +02:00
Jianhui Zhao
c5d43d6d0e package/libuhttpd: new package
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:16:45 +02:00
Thomas Petazzoni
e9b393c676 support/testing: add build tests for the syslinux bootloader
This commit adds four new tests for the syslinux bootloader:

 - Building on x86, for legacy BIOS
 - Building on x86, for EFI BIOS
 - Building on x86-64, for legacy BIOS
 - Building on x86-64, for EFI BIOS

Runtime testing in Qemu would certainly be possible, but is left as a
future addition to these tests.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:07:36 +02:00
Thomas Petazzoni
6d5da6d916 boot/syslinux: fix build of efi part with gnu-efi 3.0.10
The following defconfig:

BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_TARGET_SYSLINUX=y
BR2_TARGET_SYSLINUX_EFI=y

fails to build due to missing setjmp/longjmp definitions, which is a
consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10.

This build failure is fixed by adding another syslinux paytch, which
has been submitted upstream.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:07:29 +02:00
Romain Naour
bad75bca31 package/openssh: bump to version 8.2p1
This new version is mandatory to allow the glibc package bump to version 2.31.
Otherwise it's not possible to connect to the remote host, as reported by [1] [2].
Upstream commit [3][4] fixes the issue.

[1] https://bugs.archlinux.org/task/65386
[2] https://bugs.gentoo.org/708224
[3] beee0ef618
[4] 69298ebfc2

Release Note:
https://www.openssh.com/txt/release-8.2

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: David Pierret <david.pierret@smile.fr>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:06:43 +02:00
James Hilliard
bea0d20c78 package/swupdate: add optional systemd dependency
When the swupdate SYSTEMD option is enabled, systemd needs to be built
before swupdate, otherwise the build fails with:

core/notifier.c:27:10: fatal error: systemd/sd-daemon.h: No such file or directory
   27 | #include <systemd/sd-daemon.h>
      |          ^~~~~~~~~~~~~~~~~~~~~

Of course, it remains up to the user to make sure that the systemd
package is enabled when systemd support is enabled in the swupdate
configuration.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:01:39 +02:00
Fabrice Fontaine
44d1b8ae29 package/libunwind: bump to version 1.4.0
Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 23:00:57 +02:00
Romain Naour
0207a65323 support/testing: update basic toolchain to bootlin bleeding-edge 2018.11-1
Update the toolchain being used by the testsuite infra.

The new toolchain 2018.11-1 is based on gcc 8.2, uClibc-ng 1.0.30,
linux-headers 4.14 and binutils 2.31.1.
Enable BR2_TOOLCHAIN_HAS_THREADS_DEBUG that is now required.

The old toolchain 2017.05 is based on gcc 4.9, uClibc-ng 1.0.25,
linux-headers 3.10 and binutils 2.27.

Tested with gitlab
https://gitlab.com/kubu93/buildroot/pipelines/132376578

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 22:59:34 +02:00
Giulio Benetti
f8a12bf80c package/libnss: fix build failure on arm32 arch not armv7
NSS assumes that every neon arm32 build is an armv7, but this is
not always true(i.e. build arm32 for armv8), so let's add a patch to
remove -march=armv7 flag when building gcm-arm32-neon.c

Fixes:
http://autobuild.buildroot.net/results/464/464044fda2850123339de6c8071374e380636ee0/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 22:58:01 +02:00
Gary Bisson
a8b39ad901 package/freescale-imx/kernel-module-imx-gpu-viv: bump to version 6.4.0.p1.0
This package has been tested on Nitrogen8M with the following commands:
 # modprobe galcore
 # cd /usr/share/examples/viv_samples/vdk/
 # ./tutorial7

Also update the help text as we shouldn't specify a kernel revision. It
is just that this module isn't meant for mainline kernel, only its NXP
forked version.

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 22:40:18 +02:00
Fabrice Fontaine
094d9857bd package/libexif: annotate CVEs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 22:30:44 +02:00
Adam Duskett
7c099731e7 package/systemd: bump version to 245.4
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-04 22:29:35 +02:00
Jianhui Zhao
cdb127feca package/rtty: bump version to 7.1.3
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:30:37 +02:00
Bernd Kuhls
f1db1e9ff1 package/libdrm: bump version to 2.4.101
Removed patches applied upstream:
https://cgit.freedesktop.org/mesa/drm/commit/xf86drm.h?id=8c1185d22cb5ea09dea063bd4a0a4f8b64487919
https://cgit.freedesktop.org/mesa/drm/commit/xf86atomic.h?id=8c511950395ce496028bbc5ba30d9b9632690db6
https://cgit.freedesktop.org/mesa/drm/commit/meson.build?id=8de2696213d0f25a10a167b5fd6c312d6ce6a1af
https://cgit.freedesktop.org/mesa/drm/commit/tests/nouveau/threaded.c?id=cd77f114ca0073f609fc89d22390152945e73107

Renumbered remaining patches, use .xz tarball provided by upstream.
Removed md5 & sha1 hashes, not provided by upstream anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:29:34 +02:00
Bernd Kuhls
0936fe3dcf package/{mesa3d, mesa3d-headers}: bump version to 20.0.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:28:05 +02:00
Peter Korsgaard
11036ca0d2 package/wireguard-tools: bump version to 1.0.20200319
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:27:58 +02:00
Peter Korsgaard
4285b1bac3 package/wireguard-linux-compat: bump version to 1.0.20200401
Matching the now-mainline wireguard code in kernel 5.6.

For details, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:27:50 +02:00
Bernd Kuhls
e3d4ed41f0 package/libva-utils: bump version to 2.7.1
Removed patch which was applied upstream:
bd01ba5a6b

Switched to github helper, upstream does not provide a tarball for this
release.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:27:33 +02:00
Bernd Kuhls
226bbae9d1 package/libva: bump version to 2.7.0
Switched to github helper, upstream does not provide a tarball for this
release.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:26:59 +02:00
Peter Korsgaard
79c640e2e0 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 5, 6}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:26:53 +02:00
Peter Korsgaard
2bf40ad66b package/apache: security bump to version 2.4.43
Fixes the following security issues:

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

The LICENSE file has been updated to fix a s/waranties/warranties/ typo, so
update the hash to match and adjust the spacing to match recent agreements:

-This software is provided "as is" and any express or implied waranties,
+This software is provided "as is" and any express or implied warranties,

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-04 17:26:49 +02:00
Fabio Estevam
8ab9acbed8 package/kmscube: Use the official gitlab URL
The cgit URL is a mirror of the gitlab repository.

The README.md file of the kmscube project also points
to the gitlab repository, so switch the URL accordingly.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-04 16:21:03 +02:00
Peter Seiderer
ca3166da48 package/sysdig: update upstream URL in Config.in
The sysdig homepage we have points to an "on-sale" domain, that is
purportedly serving malware while at it. Update to point to the wiki on
github instead.

Fixes #12746.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - use wiki instead of git repo
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-04 15:23:37 +02:00
Sébastien Szymanski
9daf7483e9 package/ntp: security bump to version 4.2.8p14
"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]

NONE: Sec 3610: process_control() should bail earlier on short packets.

MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.

MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.

[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele

The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:

@@ -3,7 +3,7 @@

    jpg "Clone me," says Dolly sheepishly.

-   Last update: 2-Jan-2017 11:58 UTC
+   Last update: 4-Feb-2020 23:47 UTC
      __________________________________________________________________

    The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
    Burnicki is:
 ***********************************************************************
 *                                                                     *
-* Copyright (c) Network Time Foundation 2011-2017                     *
+* Copyright (c) Network Time Foundation 2011-2020                     *
 *                                                                     *
 * All Rights Reserved                                                 *
 *                                                                     *

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-03 10:04:25 +02:00
Fabrice Fontaine
d7bd652081 package/netdata: link with libatomic when needed
netdata uses __atomic_fetch_add_2

Fixes:
 - http://autobuild.buildroot.org/results/1eb033ba7bf85ba3e25572a106f08faf49cd05b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-03 09:53:06 +02:00
James Hilliard
1cb6009dda package/cog: bump to version 0.6.0
Drop patches that are now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-03 09:50:07 +02:00
Thomas Petazzoni
ea044ee20c linux: adjust BR2_LINUX_KERNEL_IMAGE_NAME help text
The help text of BR2_LINUX_KERNEL_IMAGE_NAME is somewhat incomplete,
in the sense that it assumes just a filename can be passed, while it
can be a relative path, such as 'compressed/vmlinux.bin.z'. So make it
clear that such paths are relative to arch/ARCH/boot/.

Also, drop the part about this being only useful for Xtensa as this is
not true: on MIPS it might be needed as well for some specific image
types.

Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-03 00:25:34 +02:00
Thomas Petazzoni
19be97d497 linux: do not install images in subdirectories
The Linux kernel image is typically found in arch/ARCH/boot/, which is
why LINUX_IMAGE_PATH is defined as:

LINUX_IMAGE_PATH = $(LINUX_ARCH_PATH)/boot/$(LINUX_IMAGE_NAME)

However, on MIPS, some kernel image types are available from
arch/mips/boot/compressed, or even at the top-level directory. For
such cases, LINUX_IMAGE_NAME might be set (using
BR2_LINUX_KERNEL_IMAGE_NAME) to values such as:

  compressed/vmlinux.bin.z

or

  ../../../uzImage.bin

Except that the line:

  $(INSTALL) -m 0644 -D $(LINUX_IMAGE_PATH) $(1)/$(LINUX_IMAGE_NAME)

will lead to such images be installed in:

  $(TARGET_DIR)/boot/compressed/vmlinux.bin.z
  $(BINARIES_DIR)/compressed/vmlinux.bin.z

and:

  $(TARGET_DIR)/boot/../../../uzImage.bin
  $(BINARIES_DIR)/../../../uzImage.bin

which of course is completely bogus.

So let's install them under their name, not their full relative path
to arch/ARCH/boot/.

Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-03 00:23:49 +02:00