Commit Graph

50139 Commits

Author SHA1 Message Date
Adam Duskett
1f7efaf89f package/qemu: do not support x86_steamroller or x86_core_avx2
These CPU's cause segfaults with qemu.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 23:01:39 +01:00
Peter Korsgaard
fb49c7a261 package/gstreamer/*: remove packages
Gstreamer 0.10 has been deprecated upstream since 2012 and is missing a lot
of features and (security) fixes compared to gstreamer1, so remove it.

All gstreamer-0.10 sub packages depends on gstreamer, so we only need to add
a legacy entry for that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:43:01 +01:00
Peter Korsgaard
602e968010 package/nvidia-tegra23-binaries: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for installing
binaries using gstreamer 0.10.x in nvidia-tegra23-binaries must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:59 +01:00
Peter Korsgaard
545ffdc185 package/freerdp: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building freerdp
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:56 +01:00
Peter Korsgaard
ceb23e88c9 package/opencv3: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building opencv3
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:54 +01:00
Peter Korsgaard
0220ad8b13 package/opencv: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building opencv
with support for it must go as well.

As there is now a single option for gstreamer (1.x) support, convert the
gstreamer support choice to a normal option for simplicity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:51 +01:00
Peter Korsgaard
d89fa735a7 package/libplayer: remove package
Libplayer is dead upstream.  The mercurial repo is no longer online, it
hasn't seen any releases since 2010 and the mplayer backend was removed from
Buildroot in 2018.

With the upcoming removal of gstreamer 0.10, there is no longer any backends
available in Buildroot, so remove the package.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:49 +01:00
Peter Korsgaard
3069cb706f package/qt5multimedia: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building
qt5multimeda with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:46 +01:00
Peter Korsgaard
8be6732792 package/libnice: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building
libnice with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:43 +01:00
Peter Korsgaard
e34b889ec4 package/gupnp-dlna: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building
gupnp-dlna with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:41 +01:00
Peter Korsgaard
87d907c2ff package/classpath: drop gstreamer 0.10.x support
With the upcoming removal of gstreamer 0.10, the logic for building
classpath with support for it must go as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:42:39 +01:00
Peter Korsgaard
5fd8dd203a toolchain: use consistent code style for C code
Most, but not all our C code follows the Linux kernel code style (as
documented in Documentation/process/coding-style.rst).  Adjust the few
places doing differently:

- Braces:
  ..but the preferred way, as shown to us by the prophets Kernighan
  and Ritchie, is to put the opening brace last on the line

- Spaces after keywords:
  Use a space after (most) keywords

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-08 22:10:06 +01:00
Giulio Benetti
9aebf953fb package/libnss: fix powerpc altivec build failure
NSS_DISABLE_ALTIVEC variable has been introduced into libnss so let's
use it to prevent Altivec build failure on PowerPc by passing
NSS_DISABLE_ALTIVEC=1 if BR2_POWERPC_CPU_HAS_ALTIVEC is not 'y'.

Fixes:
http://autobuild.buildroot.net/results/957/957cec911bcd68a18418ad02f13e7e3001521c59/
http://autobuild.buildroot.net/results/6a1/6a1578619a477e1605fe152070f004b662f1d839/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:46:53 +01:00
Giulio Benetti
fcefe548f9 package/libnss: bump version to 3.50
It requires already bumped libnspr version 4.25.

Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes

Drop all patches since they have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:46:42 +01:00
Vincent Fazio
338e62bd5d toolchain: allow using custom headers newer than latest known ones
When Buildroot is released, it knows up to a certain kernel header
version, and no later. However, it is possible that an external
toolchain will be used, that uses headers newer than the latest version
Buildroot knows about.

This may also happen when testing a development, an rc-class, or a newly
released kernel, either in an external toolchain, or with an internal
toolchain with custom headers (same-as-kernel, custom version, custom
git, custom tarball).

In the current state, Buildroot would refuse to use such toolchains,
because the test is for strict equality.

We'd like to make that situation possible, but we also want the user not
to be lenient at the same time, and select the right headers version
when it is known.

So, we add a new Kconfig blind option that the latest kernel headers
version selects. This options is then used to decide whether we do a
strict or loose check of the kernel headers.

Suggested-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
  - only do a loose check for the latest version
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:25:10 +01:00
Carlos Santos
fbe18eb246 package/skeleton-init-sysv: conditionally enable swapon/swapoff in inittab
The default inittab files added by busybox and sysvinit runs 'swapon -a'
during init and 'swapoff -a' during shutdown, but those programs are not
guaranteed to be available, so the boot log may become polluted by error
messages like this:

    swapon: not found

Add a target-finalize hook to skeleton-init-sysv that enables or disables
the swapon/swapoff lines in /etc/inittab, depending on the existence of
$(TARGET_DIR)/sbin/swap{on,off}.

Based on a previous patch sent by Thomas De Schampheleire.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:17:57 +01:00
Carlos Santos
ffb189ed5a Revert "system: don't attempt swapon/swapoff in inittab if not available"
This reverts commit c4dce0ae0f.

A different fix will be provided in a forthcoming patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:13:07 +01:00
Yann E. MORIN
03a8884c46 package/sdl_mixer: fix build after aclocal include revamp
After d255b67972 (autotools: do not overwrite first include path), the
ordering of include paths has changed: the system directories are
specified with explicit options passed to autoreconf, which means that
any directory specified in the package _AUTORECONF_OPTS are no longer
first:

  - in package/autoconf/autoconf.mk, we define AUTORECONF as:
    AUTOCONF = $(HOST_DIR)/bin/autoconf -I "$(ACLOCAL_DIR)" -I "$(ACLOCAL_HOST_DIR)"

  - in package/pkg-autotools.mk, we call AUTORECONF with:
    $($(PKG)_AUTORECONF_ENV) $(AUTORECONF) $($(PKG)_AUTORECONF_OPTS)

So, the include directory specified by SDL_MIXER_AUTORECONF_OPTS is now
lagging behind the system headers, and the very issue that d255b67972
was suposed to fix in a generic way, pops up back for this specific
case.

We fix that by patching sdl_mixer so that it uses the bog-down standard
mechanisms, to specify the macro directory from within configure.in,
instead of specifying it on the command line, so that the magic
introduced by d255b67972 does happen.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 20:01:10 +01:00
Matt Weber
281bfbcaea package/localedef: relax required toolchain version
The glibc package has been updating the toolchain version
dependency since 2.28.x. The dependencies don't currently
apply to the localedef build of the package, so this
patchset relaxes the restriction such that builds can still
occur on older host machines.

The current supported minimum versions after this patch
is applied are:
GCC 4.8
Binutils 2.24

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 19:56:12 +01:00
Francois Perrad
e3d9ca7a63 package/luarocks: fix buildroot addon vs 3.3.x
an internal API change introduced by version 3.3.0 causes the following failure:
```
Error: LuaRocks 3.3.1 bug (please report at https://github.com/luarocks/luarocks/issues).
Arch.: linux-x86_64
.../user/build/qarm/host/share/lua/5.3/luarocks/queries.lua:55: assertion failed!
stack traceback:
	[C]: in function 'assert'
	.../user/build/qarm/host/share/lua/5.3/luarocks/queries.lua:55: in function 'luarocks.queries.new'
	...m/host/share/lua/5.3/luarocks/cmd/external/buildroot.lua:322: in function 'luarocks.cmd.external.buildroot.command'
	(...tail calls...)
	[C]: in function 'xpcall'
	/home/user/build/qarm/host/share/lua/5.3/luarocks/cmd.lua:620: in function 'luarocks.cmd.run_command'
	/home/user/build/qarm/host/bin/luarocks:38: in main chunk
	[C]: in ?
```

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 19:54:01 +01:00
Carlos Santos
3052da3eac package/util-linux: upgrade to version 2.35.1
Drop patches already applied upstream and, consequently, AUTORECONF.

util-linux 2.35.1 Release Notes
===============================

build-sys:
   - add --disable-hwclock-gplv3  [Karel Zak]
chrt:
   - Use sched_setscheduler system call directly  [jonnyh64]
lib/randutils:
   - use explicit data types for bit ops  [Karel Zak]
libfdisk:
   - fix __copy_partition()  [Karel Zak]
   - make sure we use NULL after free  [Karel Zak]
libmount:
   - fix x- options use for non-root users  [Karel Zak]
po:
   - update uk.po (from translationproject.org)  [Yuri Chornoivan]
sfdisk:
   - make sure we do not overlap on --move  [Karel Zak]
   - remove broken step alignment for --move  [Karel Zak]

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 08:47:27 +01:00
Bartosz Bilas
694d134a49 boot/barebox: bump version to 2020.01.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 08:45:08 +01:00
Max Filippov
8723c5e7a6 package/uclibc: fix ctype.h is*_l definitions
ctype locale-specific macro definitions are broken because they result
in dereference of pointer to structure of incomplete type.
Drop these macros since they are optional and let applications use
functions with the same names.

Backported from:
  https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=d1a3ca7ca56630fddde7311a0474eed4a21335a7
Fixes:
  http://autobuild.buildroot.net/results/b7ba1210d5aa184b133f0171da621d2b0083ec39

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-08 08:44:13 +01:00
Francois Perrad
5d004460fe package/luarocks: bump to version 3.3.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 16:53:20 +01:00
Yegor Yefremov
bb5ffe3c90 package/ninja: fix build for cmake 3.10
If the host cmake is 3.10, the configuration step produces
the following error:

CMake Error at CMakeLists.txt:87 (target_link_libraries):
Target "libninja" of type OBJECT_LIBRARY may not be linked into another
target. One may link only to STATIC or SHARED libraries, or to executables
with the ENABLE_EXPORTS property set.

This patch fixes CMakeLists.txt to use the object library as it was intended
in cmake 3.10.

Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12546

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Damian Tometzki <dti@familie-tometzki.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 15:59:07 +01:00
Peter Korsgaard
0d41be5f6c package/wireguard-tools: bump to version 1.0-20200206
Drop libmnl dependency. From the announcement:

 * netlink: remove libmnl requirement

We no longer require libmnl.  It turns out that inlining the small subset of
libmnl that we actually use results in a smaller binary than the overhead of
linking to the external library.

pkg-config is still used for the systemd support though, so move the
host-pkgconf dependency there.

For more details, see the announcement:

https://lists.zx2c4.com/pipermail/wireguard/2020-February/004963.html

While we are at it, adjust the white space in the .hash file to match the
new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 15:54:59 +01:00
Peter Korsgaard
235520084a package/wireguard-linux-compat: bump version to 0.0.20200205
Includes fixes for issues found through fuzzing.  For details, see the
announcement:

https://lists.zx2c4.com/pipermail/wireguard/2020-February/004962.html

While we are at it, adjust the white space in the .hash file to match the
new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 15:54:56 +01:00
Adrian Perez de Castro
1f027a771b package/wpebackend-fdo: bump to version 1.4.1
This is a bugfix release which solves a couple of build issues.
Full release notes:

  https://wpewebkit.org/release/wpebackend-fdo-1.4.1.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 15:54:10 +01:00
Yegor Yefremov
df734533cf package/libftdi1: fix python support
Add an upstreamed patch that reorders find_package() commands.
This way Python interpreter will be detected first and based on
it the Python libraries can be found.

Fixes the following CMake error:

Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 15:54:02 +01:00
Peter Korsgaard
e5e84823bb {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 10:04:38 +01:00
Yegor Yefremov
5e0c98aa56 DEVELOPERS: add Yegor Yefremov as contact for swig and libftdi1
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-07 10:04:12 +01:00
Bernd Kuhls
19748514b8 package/clamav: security bump version to 0.102.2
Fixes CVE-2020-3123: A vulnerability in the Data-Loss-Prevention (DLP)
module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0
could allow an unauthenticated, remote attacker to cause a denial of service
condition on an affected device.  The vulnerability is due to an
out-of-bounds read affecting users that have enabled the optional DLP
feature.  An attacker could exploit this vulnerability by sending a crafted
email file to an affected device.  An exploit could allow the attacker to
cause the ClamAV scanning process crash, resulting in a denial of service
condition.

Release notes:
https://lists.clamav.net/pipermail/clamav-announce/2020/000045.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 21:01:56 +01:00
Yann E. MORIN
3091d334e7 boot/optee-os: license files hashes only valid for latest version
We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for optee-os as was done for other packages in the recent past,
and only define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 20:42:02 +01:00
Yann E. MORIN
130329cb7b boot/at91bootstrap3: license files hashes only valid for latest version
We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for at91bootstrap3 as was done for other packages in the recent
past, and only define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 20:38:13 +01:00
Yann E. MORIN
2ffaaea70c boot/barebox: license files hashes only valid for latest version
We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for Barebox as was done for ATF, linux, and linux-headers, and
only define the list of license files for the latest version.

Add the hash for that license file, and align hashes to the new spacing
convention.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 19:19:23 +01:00
Yann E. MORIN
ff1a03ab28 boot/uboot: license files hashes only valid for latest version
We can only know the details of the license files for known versions.  For
custom, older or newer versions, the license files may change, or may be
moved around.

So, do for U-Boot as was done for ATF, linux, and linux-headers, and only
define the list of license files for the latest version.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 18:38:35 +01:00
Yann E. MORIN
c2009e9f75 package/linux-headers: license files hashes only valid for latest version
Like we did for the linux kernel, change linux-headers to only check the
license hashes for the latest known version as the content of COPYING has
changed between versions.

To simplify the test, we introduce an intermediate, blind option that get
selected when the latest kernel sources are used.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 11:49:02 +01:00
Markus Mayer
af33b1c293 linux: license files hashes are only valid for latest known version
The content of COPYING changed between v4.16 and v4.17. Since kernels
before and after the change are supported, storing the hash for this
file will cause an error during "make legal-info" when a kernel with the
respective other hash is being used.

So, for the kernel, we do like we did for ATF: the license file is only
listed for the latest version.

In the process, add the missing license files referenced from COPYING
and align the fields to the new spacing convention.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
  - only list the licenses files for the latest version
  - restore the hash for COPYING
  - introduce hashes for the two new license files
  - expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-06 11:46:46 +01:00
Julien Olivain
f201ca9d0d package/glslsandbox-player: new package
GLSL Sandbox standalone player allow one to run and render
(most of) nice shaders available online on the
http://glslsandbox.com/ website, but without the need of an
Internet connection, a web browser or any of its
dependencies. Instead, the only requirement of
glslsandbox-player is a working EGL and GLESv2 libraries.

This package is useful for stressing and testing GLES shader
compiler in GPU drivers.

https://github.com/jolivain/glslsandbox-player

Signed-off-by: Julien Olivain <juju@cotds.org>
[Arnout: add dependency on threads and make BUSYBOX_SHOW_OTHERS
 conditional]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-02-05 23:23:21 +01:00
Titouan Christophe
9d08154442 package/wireshark: security bump to version 3.2.1
This fixes CVE-2020-7044:
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.
This was addressed in epan/dissectors/packet-wassp.c by using
>= and <= to resolve off-by-one errors.

Also change the hash file to the new spacing convention introduced
by Yann E. Morin.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-05 20:33:36 +01:00
Titouan Christophe
31b8b08b47 package/e2fsprogs: security bump to version 1.45.5
This fixes CVE-2019-5188:
A code execution vulnerability exists in the directory rehashing
functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4
directory can cause an out-of-bounds write on the stack, resulting
in code execution. An attacker can corrupt a partition to trigger
this vulnerability.

Also change the hash file to the new spacing convention introduced
by Yann E. Morin.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-05 20:33:34 +01:00
Alistair Francis
f17792ed53 package/xen: fix hash of license file
Xen was bumped from 4.12 to 4.13 in commit
268e5689b5, but the license file hash
was not updated. However, the license file has changed, with a new
paragraph about the Sphinx documentation being licensed under CC-BY
4.0 was added.  Update the SHA to match the new license.

Take this opportunity to re-align the hashes.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-05 20:28:33 +01:00
Heiko Thiery
ec060ced7a docs/manual: fields in hash files must be separated by two sapces
The seperation of the fields in the hash file should be 2 spaces for
consitency

Update the manual accordingly.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
  - drop the notes part, reword the first hunk
  - update the examples
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 18:06:12 +01:00
Titouan Christophe
58a8e48e60 package/norm: make wscript Python3 compatible
This makes slight modifications to the waf build definition files
that make possible to compile norm with Waf running on Python3.

This has been tested on my experimental Python3 waf-package
infrastructure, and still works with the actual Py2 setup.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 17:43:51 +01:00
Titouan Christophe
49c112e16c package/norm: switch to Github hosted archive
The original download server (downloads.pf.itd.nrl.navy.mil)
is quite unreliable, which lead to the download being very slow
or even failing. Since the project is now hosted on Github, we
switch to that site, which makes the download tractable.

Update the hash, and use the opportunity to realign fields to the new
spacing convention.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[yann.morin.1998@free.fr: spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 17:43:51 +01:00
Fabrice Fontaine
4d0f3dd870 package/opencv3: disable VFPv3 options
Commit a17402e42d has conditionally
enabled NEON and VFPv3 optimizations. However, the VFPv3 logic is
causing issues on some targets such as Cortex-A5 with VFPv4-D16 but
not VFPv4.

Since the ENABLE_VFPV3=ON option only adds CFLAGS, we can always set
it to OFF, and let Buildroot pass appropriate CFLAGS.

However, the ENABLE_NEON option also adds the build of NEON-specific
code, so we keep this logic.

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=11996

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-05 17:38:56 +01:00
Peter Korsgaard
10fae9624b package/ncurses: add upstream (security) patches up to 20200118
Fixes the following security issues:

- CVE-2018-10754: In ncurses before 6.1.20180414, there is a NULL Pointer
  Dereference in the _nc_parse_entry function of tinfo/parse_entry.c.  It
  could lead to a remote denial of service if the terminfo library code is
  used to process untrusted terminfo data in which a use-name is invalid
  syntax (REJECTED).

- CVE-2018-19211: In ncurses 6.1, there is a NULL pointer dereference at
  function _nc_parse_entry in parse_entry.c that will lead to a denial of
  service attack.  The product proceeds to the dereference code path even
  after a "dubious character `*' in name or alias field" detection.

- CVE-2018-19217: In ncurses, possibly a 6.x version, there is a NULL
  pointer dereference at the function _nc_name_match that will lead to a
  denial of service attack.  NOTE: the original report stated version 6.1,
  but the issue did not reproduce for that version according to the
  maintainer or a reliable third-party.

- CVE-2019-17594: There is a heap-based buffer over-read in the
  _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in
  ncurses before 6.1-20191012.

- CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry
  function in tinfo/comp_hash.c in the terminfo library in ncurses before
  6.1-20191012.

Ncurses upstream uses a fairly special way of releasing (security) bugfixes.
Approximately once a week an incremental .patch.gz is released, and once in
a while these incremental patches are bundled up to a bigger patch relative
to the current release in .patch.sh.bz2 format (a bzip2 compressed patch
with a small shell script prepended, luckily apply-patches can handle that),
and the relative patch files deleted.

For details of this process, see the upstream FAQ:
https://invisible-island.net/ncurses/ncurses.faq.html#applying_patches

Apply the latest .patch.sh.bz2 and incremental patches up to 20200118 to fix
a number of (security) issues.  Notice that these patch files are NOT
available on the GNU mirrors.

The license file COPYING is updated with the new Copyright year (2019 ->
2020), so update the hash accordingly.

While we are at it, adjust the white space in the .hash file to match
sha256sum output for consistency.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[fix whitespace inconsistency after 'sha256' keyword]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: fix license hash for (C) year]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 17:17:15 +01:00
Gwenhael Goavec-Merou
3d99cdcc86 package/gr-osmosdr: fix dependencies
gr-osmosdr fails with:
CMake Error at /somewhere/buildroot/output/host/mipsel-buildroot-linux-gnu/sysroot/usr/lib/cmake/gnuradio/GnuradioConfig.cmake:116 (include):
  include could not find load file:

    /somewhere/buildroot/output/host/mipsel-buildroot-linux-gnu/sysroot/usr/lib/cmake/gnuradio/gnuradio-filterConfig.cmake
Call Stack (most recent call first):
  CMakeLists.txt:45 (find_package)

gr-osmosdr depends on BR2_PACKAGE_GNURADIO_BLOCKS, BR2_PACKAGE_GNURADIO_FFT and
BR2_PACKAGE_GNURADIO_FILTER.

fix:
- http://autobuild.buildroot.net/results/1781db2b8c28641167f7a39a4d799930db13f9bf/

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 17:10:44 +01:00
Arnout Vandecappelle (Essensium/Mind)
4e0bc29993 package/pkg-meson.mk: explicitly specify pkg-config settings
meson is able to distinguish between host (= native) and target (=
cross) compilation. It will explicitly pass different options to
pkg-config to distinguish them. Therefore, we don't need to use the
pkg-config wrapper when using meson, and can instead pass the pkg-config
settings through the cross-compilation.conf.

This is important because in some situations (e.g. for the Python
configuration), meson sets the PKG_CONFIG_LIBDIR variable to a different
value before calling pkg-config. Relying on our wrapper script doesn't
work in that case (except if the script would unconditionally set
PKG_CONFIG_LIBDIR, which it doesn't do at the moment).

Add the sys_root and pkg_config_lib settings to cross-compilation.conf
and use pkgconf directly instead of the wrapper.

Note that this requires us to substitute STAGING_DIR as well, with an
absolute path. This is not a big deal since cross-compilation.conf is
regenerated for every package.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 16:56:43 +01:00
Arnout Vandecappelle (Essensium/Mind)
339fe6742e package/meson: add upstream patch to support pkg_config_libdir
To allow meson to distinguish between pkg-config for host (= native)
and pkg-config for target (= cross), we want to be able to give a
different pkg_config_libdir for host and for target. meson already has a
'sys_root' option that sets the sysroot that is used by pkg-config, but
we also need explicit search directories for pkg-config.

Therefore, back-port an upstream patch (will be included in 0.54) that
adds this feature.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-05 16:56:43 +01:00