Commit Graph

68985 Commits

Author SHA1 Message Date
Bernd Kuhls
f1ddc91777 package/kodi-peripheral-joystick: bump version to 20.1.11-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 00:14:06 +02:00
Bernd Kuhls
36e26a5067 package/kodi-pvr-mythtv: bump version to 20.4.0-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 00:14:03 +02:00
Julien Olivain
0e19425c77 package/libassuan: bump to version 2.5.6
For change log, see [1] and [2].

This commit also moves the archive SHA256 hash to the section of hashes
published upstream.

libassuan 2.5.6 updated its gpg-error.m4 macro files to detect
gpgrt-config. Its path needs to be forced in _CONF_ENV to make sure it
will work in all host environments. See the log entry of commit
d7f2d8403e "package/gnupg2: fix build failure when host provides an
old gpgrt-config" [3] for a complete explanation.

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=log;h=libassuan-2.5.6
[2] https://dev.gnupg.org/T6542
[3] https://git.buildroot.org/buildroot/commit/?id=d7f2d8403ec82f3b1772ec17bf1df8c42987a1f8

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 00:09:26 +02:00
Julien Olivain
a9e36f73a7 package/libassuan: update _SITE url to use https
This new _SITE url matches the one published upstream at:
https://gnupg.org/download/

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 00:08:40 +02:00
Ismael Luceno
f1a048cc0a package/mawk: bump version to 1.3.4-20230808
Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 00:04:18 +02:00
Yann E. MORIN
2423d9f16b Release 2023.08-rc2
-----BEGIN PGP SIGNATURE-----
 
 iG8EABECADAWIQSrB9gG0s50H7iG7lCwJbqLWcNjGQUCZOKHvRIcamFjbWV0QHVj
 bGliYy5vcmcACgkQsCW6i1nDYxn1/QCg2un/vUk0HEIbpn4d1fMRZFBDSlwAmKRp
 iO+4qkBgt1h+2LxZSJmNbPY=
 =nvGJ
 -----END PGP SIGNATURE-----

Merge tag '2023.08-rc2' into next

Conflicts:
  - .checkpackageignore
  - Makefile
  - board/versal/post-image.sh
  - package/sentry-cli/0001-Disable-SSL-support-for-the-curl-module.patch
      => keep version in next

  - Config.in.legacy
      => merge, introduce legacy comment for 2023.11

  - toolchain/toolchain-external/toolchain-external-bootlin/Config.in.options
      => regenerate, drop dependency on inexistant BR2_ARCH_NEEDS_GCC_AT_LEAST_14

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-21 21:36:17 +02:00
Bernd Kuhls
bfa4a7c8f2 package/{mesa3d, mesa3d-headers}: bump version to 23.1.6
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2023-August/000727.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:55:18 +02:00
Bernd Kuhls
619b5585d9 package/fmt: bump version to 10.1.0
Changelog: https://github.com/fmtlib/fmt/blob/master/ChangeLog.rst

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:50:19 +02:00
Bernd Kuhls
a0e69f70f6 package/cmake: bump version to 3.27.3
Changelog: https://cmake.org/cmake/help/v3.27/release/3.27.html#updates

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:46:46 +02:00
Bernd Kuhls
c68987b9c4 package/openvpn: bump version to 2.6.6
Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/ChangeLog
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:14:22 +02:00
Jamie Gibbons
fd2fa74c53 configs/microchip_mpfs_icicle_defconfig: update RVC config option
Update the RISCV_ISA_RVC config option to match updated RISCV kconfig
instruction set options.

Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:04:36 +02:00
Jamie Gibbons
875ab7d9e3 board/microchip/mpfs_icicle: update post-image script
The hss-payload-generator cannot find where u-boot.bin is when looking
for it using the config.yaml. Update syntax issues and working
directories. Fix the post image script to allow an image to get built.

Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 15:04:31 +02:00
Jesse Taube
80b5688700 package/busybox: use minimal.config for no MMU
By default, when Busybox is enabled, it uses the
package/busybox/busybox.config configuration file, even on noMMU
configurations. As this default configuration enables the 'ash' shell
which isn't available for noMMU targets, Busybox falls back to
enabling the 'hush' shell, but without enabling a number of its
sub-options that are quite relevant. In particular, it doesn't enable
umask, which is used in our startup scripts.

In order to have a default configuration that is more sensible, this
commit changes the Busybox package to use
package/busybox/busybox-minimal.config by default for noMMU
configurations.

Signed-off-by: Jesse Taube <Mr-Bossman075@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 14:59:35 +02:00
Waldemar Brodkorb
2298de6853 package/file: bump version to 5.45
Patch is included upstream.
See here for Changes in 5.45:
https://mailman.astron.com/pipermail/file/2023-July/001205.html
See here for Changes in 5.44:
https://mailman.astron.com/pipermail/file/2022-December/001042.html

The hash of src/vasprintf.c, which is used as one of the license
files, has been updated due to source code changes that do not affect
the licensing terms.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 13:16:24 +02:00
Maksim Kiselev
57ff5f7d2a package/ledmon: new package
Enclosure LED Utilities

ledmon and ledctl are userspace tools designed to control storage
enclosure LEDs. The user must have root privileges to use these tools.

These tools use the SGPIO and SES-2 protocols to monitor and control LEDs.
They been verified to work with Intel(R) storage controllers (i.e. the
Intel(R) AHCI controller) and have not been tested with storage controllers of
other vendors (especially SAS/SCSI controllers).

For backplane enclosures attached to ISCI controllers, support is limited to
Intel(R) Intelligent Backplanes.

Signed-off-by: Maksim Kiselev <bigunclemax@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 12:51:04 +02:00
Julien Olivain
90031397ed package/opencsd: bump to version 1.4.1
For change log, see:
https://github.com/Linaro/OpenCSD/blob/v1.4.1/README.md?plain=1#L294

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 12:44:55 +02:00
Julien Olivain
8f1418b5dd package/gnupg2: bump to version 2.4.3
See release announce:
https://lists.gnupg.org/pipermail/gnupg-announce/2023q3/000480.html

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 12:02:59 +02:00
Julien Olivain
a78241af67 package/perftest: bump to version 23.07.0-0.27
For change log, see:
https://github.com/linux-rdma/perftest/releases/tag/23.07.0-0.27

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 10:12:38 +02:00
Peter Korsgaard
bdd80863cf Update for 2023.08-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-08-20 23:37:21 +02:00
Julien Olivain
5b3641ea59 package/libksba: bump to version 1.6.4
For change log, see [1] and [2].

This commit also change the comment in hash file to add a link to the
integrity check procedure. It also includes SHA1 hash published
upstream.

The AUTHORS file hash is updated. It was reformatted, in upstream
commit [3].

libksba 1.6.4 updated its gpg-error.m4 macro files to detect
gpgrt-config. Its path needs to be forced in _CONF_ENV to make sure it
will work in all host environments. See the log entry of commit
d7f2d8403e "package/gnupg2: fix build failure when host provides an
old gpgrt-config" [4] for a complete explanation.

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=log;h=libksba-1.6.4
[2] https://dev.gnupg.org/T6543
[3] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commitdiff;h=557999424ebd13e70d6fc17e648a5dd2a06f440b
[4] https://git.buildroot.org/buildroot/commit/?id=d7f2d8403ec82f3b1772ec17bf1df8c42987a1f8

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:37:15 +02:00
Yann E. MORIN
0293d131c9 board/radxa/rock5b: fix kernel patch location
Commit 2a5d90a595 (configs/rock5b: Add patches to fix gcc12 warnings)
introduced the kernel patches in an incorrect directory.

Fix that by moving them in the proper location.

Reported-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 23:27:38 +02:00
Julien Olivain
f0ca197b0e package/octave: bump package to version 8.3.0
See release note:
https://octave.org/news/release/2023/08/08/octave-8.3.0-released.html

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:23:17 +02:00
Yann E. MORIN
ebe2a113ab arch/powerpc: drop ABI selection
Since it was introduced in 5a6087d62e (toolchain: add powerpc SPE ABI
support), the CLASSIC vs. SPE choice for the ABI was never really a
choice: CPU without SPE could only use the CLASSIC ABI, while CPUs with
SPE could only use the SPE ABI.

Commit b4c824562b (powerpc: add BR2_POWERPC_CPU_HAS_SPE to replace
adhoc deps/checks) added a blind option that CPUs with SPE would select
rather than duplicate the ad-hoc dependencies in both CLASSIC and SPE
ABI options. Since then, it was even more obvious that the ABI choice
was really not a choice, as the two options have mutually exclusive
conditions.

Drop the useless choice, and directly use the blind option as selected
by the specific CPUs.

We don't need legacy handling, because the situation fixes itself.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:22:27 +02:00
Yann E. MORIN
2bc8e72baf package/ca-certificates: create the bundle as target-finalize hook
Other packages, or rootfs overlays, may install certificates, so only
create the certificate bundle as a target-finalize hook.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:21:01 +02:00
Markus Mayer
4fcbeb391a package/util-linux: bump version to 2.39.2
Release notes:
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/v2.39.2-ReleaseNotes

This update primarily allows util-linux to be built against older kernel
headers. It also means that a downstream patch can be eliminated, because
the changes are included in util-linux 2.39.2. Therefore, AUTORECONF =
YES is no longer needed.

https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=c0136ac0c98b1

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:19:00 +02:00
Waldemar Brodkorb
33f2d1498f package/util-linux: add missing autoreconf
In commit 898bdbca1f we added a patch
for configure.ac and missed to run autoreconf.

Fixes:
 - http://autobuild.buildroot.net/results/06f/06f2e368982a620b3e810eccfdc307ae99271e22

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[yann.morin.1998@free.fr: name patch in comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 23:18:37 +02:00
Waldemar Brodkorb
c243e1b81a package/util-linux: fix compile issue with older kernel headers
Linux added mnt_id member to struct statx in commit:
fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60

Linux 5.4.0 was released on 24. November 2019, but it seems this change
never got backported to 5.4.252.

Upstream added a patch to guard the use of the member in commit:
c0136ac0c9

Add the patch to fix an autobuild failure.

Fixes:
 - http://autobuild.buildroot.net/results/d50/d502bc9236b577e2470a30ffc39c21579b038a1c

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 23:16:21 +02:00
Francois Perrad
c252392fb5 package/lua-rotas: bump to version 0.3.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 23:12:02 +02:00
Kilian Zinnecker
2a5d90a595 configs/rock5b: Add patches to fix gcc12 warnings
This patch introduces patches for the custom kernel, as it is
currently used for the Radxa Rock 5B. The patches fix two gcc
compiler warnings, which result in a build error, if the kernel
is used with gcc version 12.
Since also the code of custom board drivers for WiFi support is
affected, and no fixes are provided by the vendor, the custom WiFi
support is disabled.

Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 21:28:11 +02:00
Yann E. MORIN
bf2d7f8f53 package/pkg-generic: don't download svn externals by default
Commit 7dd27cbe5b (support/download: add support to exclude svn
externals) departed from the usual opt-in scheme, like is done for
git submodule or large files, in an attempt to keep the previous
behaviour unchanged, that is to download externals by default.

As an afterthought, we've concluded that the chances for svn-hosted
packages with externals that are indeed required to do the build,
are relatively slim. For those cases, it even makes sense to explicitly
requested the use of the externals.

So, we change the default to not download svn externals.

Since the generated archives may change, we bump the version suffix.
This will allow users to more easily catch the situation and decide if
they really need the externals or not.

We have a single in-tree package that uses svn, and it does not use
externals, so the generated archive does not change, and we just need
to update the archive filename in the hash file.

Finally, we add a new section to the manual, in the chapter about
migrating Buildroot to a newer version.

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:30:50 +02:00
Julien Olivain
f4da6c3ebe support/testing/tests/package/test_nftables.py: new runtime test
This runtime test was suggested in discussion [1]. It should detect
potential runtime failures such as the one fixed in commit eb74998125
"package/nftables: fix the build of the pyhon bindings".

We need a special kernel, because not all nftables-related options are
enabled in the pre-built one.

[1] https://lists.buildroot.org/pipermail/buildroot/2023-August/672864.html

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:25:21 +02:00
Thomas Petazzoni
80a1e728b0 utils/docker-run: allow IMAGE to be passed in the environment
It is sometimes useful to use docker-run, but with a different image
than the default one. This commit allows to override the image being
used by only defining IMAGE if not already passed in the environment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: s/\t/    /g]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:20:57 +02:00
Yann E. MORIN
3b877dc7c2 utils/docker-run: make it compatible with SELinux
After switching to a fresh Fedora 38 installation with SELinux disabled,
we noticed that utils/docker-run doesn't work as the applications
running inside the container are not allowed to accept the data mounted
through the bind mount.

Since we do not really need to isolate and confine the build, but rather
to provide a known environment, we don;t really need to enforce any
SELinux confinment in the container.

So, we tell docker to turn off label confinement for the container:

    https://manpages.org/docker-run

    --security-opt=[]
      Security Options
        [...]
        "label=disable"     : Turn off label confinement for the container

Suggested-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use Antoine's proposal]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:20:54 +02:00
Yann E. MORIN
db777eef13 utils/docker-run: also mount current working directory
Currently, using utils/docker-run expects that the current working
directory is the working copy. This means that it is not possible
to use docker-run with an out-of-tree build (one using O=).

Add the current working directory to the list of mountpoints, and
use that as working directory in the container.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 16:20:51 +02:00
Nicolas Boichat
e71fb8f71c utils/docker-run: bind mount .git/objects if needed
If buildroot is checked out as part of a 'repo' manifest, docker-run
doesn't fully bind mount the .git directory, leading to commands such
as `utils/docker-run make check-package` to fail.

Signed-off-by: Nicolas Boichat <drinkcat@google.com>
[yann.morin.1998@free.fr: use newly introduced mountpoints list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:20:48 +02:00
Thomas Petazzoni
7fddbe2530 utils/docker-run: mount the download directory if specified
If the user has defined $BR2_DL_DIR in the environment, it would be
nice to have it accessible inside the Docker container, and the
BR2_DL_DIR environment variable set to access it.

This commit does exactly this: it mounts the host $BR2_DL_DIR as /dl
in the container, and sets BR2_DL_DIR=/dl in the container.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use the new mountpoints list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 16:20:45 +02:00
Yann E. MORIN
f4b798120b utils/docker-run: introduce sorted list of mountpoints
For now, we only ever mount two mountpoints, the main directory (i.e.
the working copy), and the git directory.

To pave the way for adding new mountpoints, we introduce a list of them,
that we sort to ensure that we never mount a shallower mounpoint after a
deeper one (that would shadow the deeper mountpoint).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 16:20:42 +02:00
Thomas Petazzoni
193f6dd002 DEVELOPERS: fix incorrect path to board/firefly/roc-rk3399-pc/
Commit
b86adfb89a ("configs/roc_rk3399_pc: new
defconfig") introduced a new defconfig with the relevant entries in
the DEVELOPERS file, but one of these entries points to a non-existing
directory. This commit fixes that.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 15:36:15 +02:00
Bartosz Bilas
9ba399a3dd package/host-gdb: disable source-highlight
This is the follow-up commit to the 4de60e4 which disables
sourcehighlight dependency for the target GDB package.
Do the same for the host variant to be sure that this
won't be picked up from the host system.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 15:33:34 +02:00
Yann E. MORIN
eb74998125 package/nftables: fix the build of the pyhon bindings
nftables provides python bindings; it uses setuptools to install them.
We currently install those bindings by telling the nftables buildsystem,
autotools, to install the python bindings.

However, we do not pass any of the environment variables that are needed
for setuptools packages. When host-python-setuptools is installed before
nftables is built [0], this breaks the system at runtime, as the
bindings are not installed; only the egg is, resulting in runtime errors
like:

    # python -c 'import nftables'
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
    ModuleNotFoundError: No module named 'nftables'

Upstream has been doing some changes on their python handling, but it is
not in a released version yet, and we can't backport those changes
either, due to other big changes.

Instead, we split the pyhon bindings to their own package.

For legacy handling, we make that new package default to y, so that
existing (def)config still work. The only novelty is that it can be
disabled now.

Many thanks to Julien for testing and finding the offending dependency,
to James for suggesting the package split, and to Adam for, well,
trigerring the issue in the first place! ;-p

Note: a git bisect of the issue turns up 72 candidates for the breakage,
all around the time we dropped python2 support in early 2022; the last
known-good commit is 55df30f8b1 (package/zfs: drop python2 support)
and the first known-bad commit is 697acda00d (package/pkg-python: drop
python2 host/setuptools support); everything in-between does not
configure (package/python/Config.in.host still sourced but already
removed), or does not build (host-python still in the dependency chain
but already removed), so had to be skipped during the bisect.

[0] This can happen when another python package using setuptools is
    built before nftables. However, with PPD, this never happens because
    host-python-setuptools is never in the dependency chain of nftables.

Reported-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Suggested-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-20 11:38:45 +02:00
Clement Ramirez
d5162e790d package/connman: security bump version to 1.42
The 1.42 version of connman comes with the following CVEs fixes :
 - CVE-2022-32292
 - CVE-2022-32293
 - CVE-2023-28488

The first two CVEs have been fixed wuth upstream patches [0] which we
carry since 2f2b4c80f4 (package/connman: fix CVE-2022-3229{2,3}), now
included in this version bump; the third CVE [2] is also fixed by this
version bump [3].

[0] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd
    https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c
    https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a

[1] 2f2b4c80f4 package/connman: fix CVE-2022-3229{2,3}

[2] https://nvd.nist.gov/vuln/detail/CVE-2023-28488

[3] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138

Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com>
[yann.morin.1998@free.fr:
  - squash CVE-2023-28488 backport with version bump
  - reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 11:05:36 +02:00
Peter Korsgaard
9f1ca943d5 package/mosquitto: security bump to version 2.0.16
Fixes the following security issues:

- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
  messages with the same message ID, but then never respond to the PUBREC
  commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
  initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
  will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
  identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com

For more details, see the changelog:
https://mosquitto.org/ChangeLog.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 10:58:48 +02:00
Bernd Kuhls
c614a7d003 package/libtextstyle: drop useless host package
Now that we build the full host-gettext-gnu, we don't need the
standalone libtextstyle anymore.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: split off to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-19 20:36:11 +02:00
Bernd Kuhls
f6a6e3a836 package/gettext-gnu: bump to version 0.22
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html
https://lists.gnu.org/archive/html/info-gnu/2023-06/msg00003.html

Removed patch 0001, the patched file is not present in this release.
Removed patch 0002 which was applied upstream.

Added comment to gettext-tiny.mk about version bumps.

Since upstream commit
785a89e5df
gettext-runtime is a build-dependency for gettext-tools so we are
building the complete package for the host from now on.

Doing so we can drop the _POST_INSTALL_HOOK, and we can rely of the
in-tree libtextstyle.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-19 20:36:02 +02:00
Yann E. MORIN
acfdf21f0b Revert "package/meson: bump to version 1.2.0"
The bump to meson 1.2.0 triggers unexpected build failure of the host
packages, because meson changed the way it passes library search paths
when building natively:

    59cfbf68e0
    http://lists.busybox.net/pipermail/buildroot/2023-August/672649.html

As a consequence, the libraries are searched for in the system paths
before being searched in our host-dir, leading to failures when
incompatible libraries are installed in both locations. For example, if
the system has an older version of libglib2 installed, this causes link
failures when one of the glib2 library (e.g. libgio) is linked by path,
but a dependent library (e.g. libgmodule) is linked by name:

    /path/to/host/lib/libgio-2.0.so -L /path/to/host/lib/ -lgmodule-2.0

The first is indeed the one we built and installed in host-dir, but the
second is found in the system path; when it is an older (or more
recent?) version than the one we use, the link fails;

    /path/to/host/lib/libgio-2.0.so: undefined reference to `g_module_open_full'

Since fixing the issue is not trivial, revert to the previous meson
version that did not exhibit the issue.

This reverts commit d06e610d58.

Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-19 16:34:08 +02:00
Jamie Gibbons
5e012a0704 configs/microchip_mpfs_icicle_defconfig: update instruction sets
Update the instruction sets for MPFS icicle kit to mirror the
configuration update, i.e. It is now classed as a RISC-V G core with
support for C, IMAFDC.

Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-18 23:50:03 +02:00
Jamie Gibbons
cbd91e89e4 arch/Config.in.riscv: allow extensions for generic
The generic extension set 'G' is realy a base with the minimal set of
extensions needed to be comfortable (but not required) to run a
linux-bassed system. Similarly, we consider the custom to be about the
custom set of features (not about a custom core implementing such a
set).

As such, we allow that a core with the G set can have futher extensions
without requiring it to be configured as a custom set.

We drop the intermediate symbols with the prompts, and move the prompts
to the previously hidden symbols, and add a prompt for the I set.

This alows one to clearly see what the generic set is about, without
having to delve into the help and hunt the list of selected symbol.

Note however that the G set implies Zicsr and Zifencei, but we have no
prompt for thos two, because in Buildroot, we assume that they are
mandatory and always present, like the I set (which they previously were
part of).

Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
[yann.morin.1998@free.fr:
  - drop the intermediate symbols
  - move prompt to previously hidden symbols
  - add symbol for I
  - update defconfigs
  - reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-18 23:45:45 +02:00
Waldemar Brodkorb
94edad7ed5 package/trinity: fix compile error with newer kernels
Add two patches from Upstream git to avoid compilation errors with
Linux kernel 6.4.x.

Fixes:
 - http://autobuild.buildroot.net/results/7f9/7f9626827a315b54c42e49ccb0bf75f8b5ec971d

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-15 17:16:50 +02:00
Julien Olivain
64490ea84c package/lsof: change _LICENSE_FILES to use COPYING
Commit e3322e2c7 "lsof: add license info" added the package license
info. At that time, lsof was at version 4.85. The package was not
including a dedicated license file. Instead, the license text was
copied in many files (source files, readmes, ...). It was then decided
to use the small source file "dialects/linux/dproto.h".

Recently, lsof added a COPYING license file. See [1]. This commit was
first included in lsof version 4.97.0. We can now use this file.

The license file hash is updated due to formatting changes. As a side
note, the copyright year in source file was 1997 (see [2]), whereas in
the new license file it is 2002. Source files have different copyright
dates, and can be as old as 1994, for example in [3]. The rest of the
license text remains unchanged.

[1] 62dab61cae
[2] https://github.com/lsof-org/lsof/blob/4.98.0/dialects/linux/dproto.h#L9
[3] https://github.com/lsof-org/lsof/blob/4.98.0/arg.c#L7

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-15 17:12:01 +02:00
Romain Naour
c61329f4c6 package/optee-test: fix build with openssl >= 3.0
Backport an upstream:
"Add -DOPENSSL_API_COMPAT=10100 to the build flags to avoid this and be
flexible with regards to which version of OpenSSL build environment has
to provide"

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4839060472

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-15 11:22:21 +02:00