Commit Graph

53607 Commits

Author SHA1 Message Date
Peter Korsgaard
fd1ac2e762 package/zeromq: security bump to version 4.3.3
Fixes the following security issues:

- CVE-2020-15166: Denial-of-Service on CURVE/ZAP-protected servers by
  unauthenticated clients.
  If a raw TCP socket is opened and connected to an endpoint that is fully
  configured with CURVE/ZAP, legitimate clients will not be able to exchange
  any message.  Handshakes complete successfully, and messages are delivered
  to the library, but the server application never receives them.  For more
  information see the security advisory:
  https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m

- Stack overflow on server running PUB/XPUB socket (CURVE disabled).
  The PUB/XPUB subscription store (mtrie) is traversed using recursive
  function calls.  In the remove (unsubscription) case, the recursive calls
  are NOT tail calls, so even with optimizations the stack grows linearly
  with the length of a subscription topic.  Topics are under the control of
  remote clients - they can send a subscription to arbitrary length topics.
  An attacker can thus cause a server to create an mtrie sufficiently large
  such that, when unsubscribing, traversal will cause a stack overflow.  For
  more information see the security advisory:
  https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8

- Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
  Messages with metadata are never processed by PUB sockets, but the
  metadata is kept referenced in the PUB object and never freed.  For more
  information see the security advisory:
  https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw

- Memory leak in client induced by malicious server(s) without CURVE/ZAP.
  When a pipe processes a delimiter and is already not in active state but
  still has an unfinished message, the message is leaked.
  For more information see the security advisory:
  https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87

- Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
  By crafting a packet which is not valid ZMTP v2/v3, and which has two
  messages larger than 8192 bytes, the decoder can be tricked into changing
  the recorded size of the 8192 bytes static buffer, which then gets
  overflown by the next message.  The content that gets written in the
  overflown memory is entirely decided by the sender.
  For more information see the security advisory:
  https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6

Drop now upstreamed patches, autoreconf and reformat hash file with 2 space
delimiters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-09-09 08:40:48 +02:00
Brandon Maier
76ed69499d docs/manual: Add section about contributing to maintenance branches
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - s/release branch/maintenance branch/
  - extend the master-then-backport section
  - slight eye-candy on the rest
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-09 00:38:41 +02:00
Bartosz Bilas
2389092854 configs/stm32mp157: remove extra metadata_csum mkfs option
Since commit [1] in U-Boot upstrea, there is no necessity to pass extra
metadata_csum option due to changed env location in U-Boot so we can
drop it completely.

[1] 76db1681da52342ca9f4fb7e6787bd83cc82f429:
stm32mp1: use a specific SD/eMMC partition for U-Boot enviromnent

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: 76db1681d referecnes a U-Boot commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-08 23:09:29 +02:00
Fabrice Fontaine
ffba905653 package/kbd: needs gcc 4.9
kbd uses _Generic since version 2.2.90 and
da5feb8fd9

However, _Generic is not available until gcc 4.9:
https://gcc.gnu.org/wiki/C11Status

As a result, build with gcc 4.8 fails on:

setleds.c:352:3: warning: implicit declaration of function '_Generic' [-Wimplicit-function-declaration]
   ndefflags = BITMASK_SET(BITMASK_UNSET(odefflags, ndef), nval);
   ^
setleds.c:22:2: error: expected expression before 'unsigned'
  unsigned char: (unsigned char)(~(x)) \
  ^

Fixes:
 - http://autobuild.buildroot.org/results/b74ecdda44543da1d47fa2c027fb046a3ca1e2d1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: propagate the MMU dependency to the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-08 22:31:51 +02:00
Fabrice Fontaine
9c525cb433 package/wlroots: drop libcap dependency
libcap has been drroped since version 0.11.0 and
906c0766df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-08 22:24:03 +02:00
Francois Perrad
3eadcf8252 package/iptables: bump to version 1.8.5
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-08 22:21:20 +02:00
Asaf Kahlon
7677324419 package/python-ipdb: new package
IPython-enabled pdb.

This package can be very helpful when someone wants to debug
a Python application on the board itself.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-08 09:57:03 +02:00
Heiko Thiery
bae6142582 package/strace: disable mpers support
On aarch64 With the config option "--enable-mpers=check" the configure.ac
script searchs for a 32bit compiler. When a matching compiler is found
in the PATH some compatiblity checks are done. This can fail when the
available kernel headers on host and buildroot target does not match.

Since buildroot does not support 32bit binaries when building for 64bit
architecture (no -m32 option) we can disable this option unconditionally.

When disabling unconditionally also the configuration for toolchain using
MUSL can be removed.

Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-08 09:50:20 +02:00
Baruch Siach
1fc322fa5a package/uhubctl: bump to version 2.2.0
Force GIT_VERSION to avoid git version logic that takes the Buildroot
git commit id.

Update LICENSE hash; copyright year update.

Format hashes file with two space delimiters.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-08 09:47:01 +02:00
Norbert Lange
efa95b19ae package/libxml-parser-perl: make host build use correct compiler
This package uses gcc filename without absolute path, which breaks
the host build if host and target compiler have the same filename.
(Can happen with an external toolchain).

This patch adds the variables for the host as overrides,
as they are otherwise not picked up from the environment.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:54:14 +02:00
Angelo Compagnucci
5d730282b8 package/htpdate: new package
Adding htpdate, a time syncronization software based on http.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:48:12 +02:00
Christian Stewart
f76bfdbdda package/linux-firmware: add option for intel iwlwifi 22260
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:33:08 +02:00
Fabrice Fontaine
f7e7a5f71e package/mongrel2: enable parallel build
Parallel build is fixed since version 1.9.2 and
375d2de089

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:15:14 +02:00
Fabrice Fontaine
a68fae11d9 package/jo: bump to version 1.4
Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:15:11 +02:00
Fabrice Fontaine
4c27c72251 package/collectd: fix netlink with musl
Fixes:
 - http://autobuild.buildroot.org/results/cd4d75888b5259b028132dd224be34f69bcbb702

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:12:59 +02:00
Fabrice Fontaine
fd50e0f93f package/libraw: security bump to version 0.20.0
- Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
  range check. This affects decoders/unpack_thumb.cpp,
  postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
  malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
  validating T.tlength.

- zlib is an optional dependency since
  b63f017b06

Also update indentation in hash file (two spaces) as well as README.md
hash, no license changes:
 - d1975cb0e0
 - d38361b76e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:10:27 +02:00
Francois Perrad
cac0ab5478 package/htop: bump to version 3.0.1
Both patches are now upstream and can be dropped:

 - 7cfaa9dede0f7f711a0fb961559e9629e7c7a259 is "MakeHeader.py: Fix for
   non-utf8 environments"

 - dfd9279f87791e36a5212726781c31fbe7110361 is "Resolve complation
   issues with -fno-common (default from gcc-10)"

The license file hash is changed due to the removal of one empty line:

@@ -353,4 +353,3 @@
  applicable licenses of the version of PLPA used in your combined work,
  provided that you include the source code of such version of PLPA when
  and as the GNU GPL requires distribution of source code.
-

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 23:07:28 +02:00
Francois Perrad
8519994cde package/ccache: bump to version 3.7.11
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:50:55 +02:00
Horatiu Vultur
20e000161e package/easyframes: add missing dependency on MMU support
Easyframes uses fork when capturing frames in a pcap file, therefore
add the dependency BR2_USE_MMU.

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:49:34 +02:00
Yann E. MORIN
ac74720468 config/odroidc2: fix uboot version
The custom UBoot version was not correctly specified, causing the latest
one to be selected instead:

    /home/ymorin/dev/buildroot/buildroot/configs/odroidc2_defconfig:25:warning:
    symbol value '"2020.07"' invalid for BR2_TARGET_UBOOT_CUSTOM_VERSION

Fixes:
    https://gitlab.com/ymorin/buildroot/-/jobs/723411844

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:48:10 +02:00
Francois Perrad
2acfc3f422 package/lua-lyaml: bump to version 6.2.6
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:47:41 +02:00
Michael Nosthoff
559aa50864 package/re2: build host as shared libs
host-grpc needs re2 as shared lib.
Set this via cmake config flag.

Fixes:
http://autobuild.buildroot.net/results/a98/a98d3203f68f0f929c544537244e7621e80ce0a1

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:47:18 +02:00
Marcus Folkesson
1a247cd6ac package/libostree: bump to version 2020.6
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:42:16 +02:00
Adrian Perez de Castro
777bbd1b07 package/brotli: security update to version 1.0.9
Contains fixes for overflows when input chunks are larger than 2 GiB,
an uninitialized data access, and minor correctness and performance
improvements. There does not seem to be any CVEs filed, but there is
a security notice in the release notes at:

  https://github.com/google/brotli/releases/tag/v1.0.9

Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 22:42:08 +02:00
Grzegorz Blach
6e2b9d8cca package/pigpio: add sysv and systemd init scripts
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:40:38 +02:00
Jörg Krause
0d648e02ca package/mpd: bump to version 0.21.25
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:35:21 +02:00
Fabrice Fontaine
f4d124b91c package/memcached: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/ba8dcdece193b91845a30cd31d3574674ec30068

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:34:41 +02:00
Peter Seiderer
2aa14fabe1 package/libinput: bump version to 1.16.1
For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2020-August/041590.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:34:12 +02:00
Fabrice Fontaine
458a9d3f73 package/olsr: fix build with bison 3.7.1
Fixes:
 - http://autobuild.buildroot.org/results/174f64f5663e655eb97994b903293c07c70268fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:33:20 +02:00
Heiko Thiery
9b56750d57 package/strace: bump to version 5.8
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:31:32 +02:00
Francois Perrad
698ba56858 package/x11r7/xserver_xorg-server: fix the target in systemd service
graphical is equivalent to the sysvinit runlevel 5
multi-user is equivalent to a runlevel between 2 and 4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:31:13 +02:00
Fabrice Fontaine
fd5376a39d package/mraa: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/7701c317e300f0b06d258aed2a3bda866e740f48

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:30:43 +02:00
Bartosz Bilas
4069d930f0 boot/barebox: bump version to 2020.08.1
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:30:33 +02:00
Fabrice Fontaine
cae5944904 package/kbd: bump to version 2.3.0
Update hash of COPYING and add CREDITS to license files as most of the
original COPYING content moved to CREDITS and COPYING now contains
GPL-2.0+ text since version 2.0.90 and
1304c0c11c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:30:29 +02:00
Fabrice Fontaine
951571a799 package/ltp-testsuite: fix build with uclibc
Fix a build failure with ltp-testsuite in version 20200515

Fixes:
 - http://autobuild.buildroot.org/results/fb0a67b15482e76b379b4b4d9c43b45bb0fccae1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:22:54 +02:00
Fabrice Fontaine
4ad323054b package/easyframes: fix build with musl and gcc 4.8
Fixes:
 - http://autobuild.buildroot.org/results/32007293e04e6c661108639d1589fe078f254ecd
 - http://autobuild.buildroot.org/results/1804e8b68f715de1011750cec2ed5d3d3f7964c8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:19:54 +02:00
Fabrice Fontaine
a85c7e0b38 package/wayland-utils: needs wayland-protocols
wayland-utils needs wayland-protocols:

Run-time dependency wayland-protocols found: NO (tried pkgconfig)

../output-1/build/wayland-utils-1.0.0/wayland-info/meson.build:4:0: ERROR: Dependency "wayland-protocols" not found, tried pkgconfig

Fixes:
 - http://autobuild.buildroot.org/results/ea4daeb94c25232e3b4a34c1da72bf9bbd5f3cce

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 21:19:15 +02:00
Thomas Petazzoni
1ae3c887a9 package/python-opcua-asyncio: sort selects alphabetically
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-07 08:49:56 +02:00
Fabrice Fontaine
b73dd6cc91 package/python3-requests: fix version
Commit a01bf684ea forgot to update
PYTHON3_REQUESTS_VERSION

Fixes:
 - http://autobuild.buildroot.org/results/ecf4abdd15bb267b77bd1f5097dc7e0b35c38dd7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-06 22:24:58 +02:00
Jugurtha BELKALEM
5dc5e1a9cc package/python-opcua-asyncio: new package
opcua-asyncio is an asyncio-based asynchronous OPC UA client
based on python-opcua, removing hacks for support of
python < 3.6.
Asynchronous programming allows for simpler code (e.g. less need
for locks) and potentially performance gains.

More information is available at :
https://github.com/FreeOpcUa/opcua-asyncio.

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 21:00:03 +02:00
Fabrice Fontaine
68480c9bf0 package/libraw: drop unrecognized options
demosaic packs have been removed since version 0.19.0 and
b85690eb48

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 20:52:44 +02:00
Jugurtha BELKALEM
0a5fd75a29 package/python-aiofiles: new package
Ordinary local file IO is blocking, and cannot easily and
portably made asynchronous.
This means doing file IO may interfere with asyncio applications,
which shouldn’t block the executing thread. aiofiles helps
with this y introducing asynchronous versions of files
that support delegating operations to a separate thread pool.

More information is available at :
https://pypi.org/project/aiofiles.

Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 20:50:41 +02:00
Horatiu Vultur
97d431c181 package/mrp: new package
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 16:38:02 +02:00
Nicolas Cavallari
fc483043d4 package/janus-gateway: add an option to remove the HTML demos
janus-gateway comes with an example website to test its features.
Since the bump to 0.10.3, this website takes 1.8MiB uncompressed on
the target, among which is a 1MiB video sample which does not compress
well.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 16:31:23 +02:00
Alexander Egorenkov
3e34bd5f64 package/multipath-tools: new package
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:50:06 +02:00
Marcin Niestroj
fd89fcf944 support/testing: add pytest test
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:46:41 +02:00
Marcin Niestroj
e53efebf85 package/python-pytest: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:44:16 +02:00
Marcin Niestroj
3ede260315 package/python-iniconfig: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:43:28 +02:00
Marcin Niestroj
abce8e3c43 package/python-pluggy: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:42:46 +02:00
Fabrice Fontaine
1589e4716c package/openpgm: bump to version 5-3-128
- Drop first patch (not needed since
  e2ff9cf32d)
- Drop second and third patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-06 14:40:28 +02:00