aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update for 2020.08.32020.08.32020.08.xGravatar Peter Korsgaard2020-12-272-2/+38
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/opencv3: fix build with protobuf and gcc < 6Gravatar Fabrice Fontaine2020-12-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | Fix the folloing build failure with protobuf (enabled since commit 31c68a449ecd7da61ecfd909bea7ce799f9a6450) and gcc 5.3.0: [ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0, from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115, from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23, from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4: /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options. #error This file requires compiler and library support \ ^ Fixes: - http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit bf96f4e8d327a8d7a4b1ab732486aced3d1d8da8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/opencv3: do not detect ccacheGravatar Yann E. MORIN2020-12-271-0/+1
| | | | | | | | | | | | | | | | | OpenCV-3's buildsystem will try to detect ccache and use it if available. This may yield a system-installed ccache. However, in Buildroot, ccache is entirely hidden away and handled in the toolchain wrapper. Forcibly disable detection of ccache. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 505e7f47715c77d8586444a4fefe4a190b77aaad) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/freescale-imx/imx-gpu-viv: install Vendor ICDs file (Vivante.icd)Gravatar Romain Naour2020-12-271-0/+1
| | | | | | | | | | | | | | Without this file, the clinfo binary provided by the package doesn't detect the opencl support. Fixes: https://github.com/boundarydevices/buildroot-external-boundary/issues/5 Signed-off-by: Romain Naour <romain.naour@smile.fr> Cc: Gary Bisson <gary.bisson@boundarydevices.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b37cd79daf874e0af7931510821444af2ff0ed51) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* board/boundarydevices: promote buildroot-external-boundary projectGravatar Romain Naour2020-12-271-0/+6
| | | | | | | | | | | | | | | | | It may be useful for users using Boundary Devices boards to find more advanced defconfigs than the one provided by Buildroot. See: https://github.com/boundarydevices/buildroot-external-boundary#configurations-details Update the readme.txt to add the link to the br2_external maintained by Boundary Devices. Signed-off-by: Romain Naour <romain.naour@smile.fr> Cc: Gary Bisson <gary.bisson@boundarydevices.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 75543322843f9ce72a4f39f1ee6239059c061e6c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/pkg-meson: force-disable binary strippingGravatar Gleb Mazovetskiy2020-12-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | In buildroot, stripping for the target is configured and implemented with the global `BR2_STRIP_strip` option that drive the stripping in the target-finalize step. So, we explicitly disable stripping at build time for the target variants. For the host variants, however, we don't much care about symbols and stuff, but smaller executables will hopefully load faster than bigger ones (disputable, given that sections in ELF files are paged-in on-demand), so we explictly enable stripping. Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com> [yann.morin.1998@free.fr: - add burb about the target-finalize step - enable stripping for host variants ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 3f39f902b3cd685c3c971941138e0df50947737c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/dhcpcd: add udev optional dependencyGravatar Fabrice Fontaine2020-12-271-0/+7
| | | | | | | | | | udev is an optional dependency (enabled by default) since version 6.1.0: https://github.com/rsmarples/dhcpcd/commit/12bbc8cb5c7507be15a7e0af4140c3d81125c46c Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 580eac946886d04afa0d14e8cc90bd24bb10e191) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/dhcpcd: create dhcpcd userGravatar Fabrice Fontaine2020-12-271-1/+6
| | | | | | | | | | | | | | | | | | privsep is supported since version 9.0.0 and https://github.com/rsmarples/dhcpcd/commit/d5786118da1bad4c247631cae86344f1b249a8cb It is enabled by default since https://github.com/rsmarples/dhcpcd/commit/3a4c2e5604d72151b06ed365aa71493740a3ad75 So use --privsepuser to avoid that the detection mechanism finds a wrong value from host and create it on the target Fixes: - https://bugs.buildroot.org/show_bug.cgi?id=13416 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 9e20f0910902d3f2af2c8fd0b44110d088ebc1e1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/dhcpcd: enhance syntaxGravatar Fabrice Fontaine2020-12-271-7/+6
| | | | | | | | | | Add all configure options through DHCP_CONFIG_OPTS and avoid splitting lines when they are less than 80 characters Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 909432e0bb55b1bcf7c90e8b60c47ebc02b36a6c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mutt: add zlib optional dependencyGravatar Fabrice Fontaine2020-12-271-0/+7
| | | | | | | | | | | zlib is an optional dependency which is enabled by default since version 1.14.1 and https://gitlab.com/muttmua/mutt/-/commit/136ae0add512f21bc418f9e31a2f1b970ad1a490 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 554610803c3807775c1d9e153187ee99ccfd11ad) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mutt: fix activation of openssl on imapGravatar Fabrice Fontaine2020-12-271-1/+1
| | | | | | | | | | | Activation of openssl for imap is broken since commit 0fcd010a2db771c259224ad1d025fb4c5a9baf3b because of the following typo: BR2_PACKAGET_MUTT_IMAP Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit dc1ec5b78bb9cc6ccc1ffb7367eb8ce68dc04fa8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libcurl: security bump to version 7.74.0Gravatar Baruch Siach2020-12-273-49/+3
| | | | | | | | | | | | | | | | | | Fixes security issues: CVE-2020-8286: Inferior OCSP verification CVE-2020-8285: FTP wildcard stack overflow CVE-2020-8284: trusting FTP PASV responses Drop upstream patch. Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 365ab820085ce683613eae7279c1983f7c20b643) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libcurl: fix build with libssh2 and disabled proxyGravatar Baruch Siach2020-12-271-0/+46
| | | | | | | | | | | | | | | | Add patch fixing build of libssh2 support when BR2_PACKAGE_LIBCURL_PROXY_SUPPORT is disabled. Fixes: http://autobuild.buildroot.net/results/113407c1721b601cf2b721d0b78392622000cc3f/ http://autobuild.buildroot.net/results/a5abdcc6a12d2326da0fe3daf9ecbb96e5c6cac3/ http://autobuild.buildroot.net/results/ab1f7b9837ac74fad359e6c239f45ed25ad31df3/ Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 0fa9af8be0763cf32d7a2d55a7d3e04a7f9e2cb7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libcurl: bump to version 7.73.0Gravatar Baruch Siach2020-12-272-3/+3
| | | | | | | | Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2d0be6577e8df799f94a900975b1db8f7a5be2d6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/{libuv, uvw}: bump to versions 1.40.0, 2.8.0_libuv_v1.40Gravatar Asaf Kahlon2020-12-264-4/+4
| | | | | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 1931f9abf9821140bc9e2685fbf10861234b633a) [Peter: needed for nodejs] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openldap: security bump to version 2.4.56Gravatar Francois Perrad2020-12-244-9/+9
| | | | | | | | | | | | | | | | | | | Fixes the following security issue: - CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. - CVE-2020-25709: Assertion failure in CSN normalization with invalid input - CVE-2020-25710: Assertion failure in CSN normalization with invalid input Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Peter: add CVE info] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 09a565d9408f47e219972b0a71f3cbe0d801225c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-crc16: allow to build with python3Gravatar Marcin Niestroj2020-12-241-1/+0
| | | | | | | | | | | | python3 is officially supported by package, as there is a usage example at [1]. Simply remove dependency on BR2_PACKAGE_PYTHON. [1] https://pypi.org/project/crc16/ Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a7fdc5686bb269cc3797d7c550f10f75074f2e71) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/rauc: fix build with headers < 4.14Gravatar Fabrice Fontaine2020-12-241-0/+43
| | | | | | | | | | Fixes: - http://autobuild.buildroot.org/results/829ae7ed66686c11a941ac99bd08a06f754affb4 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 45a09e9041cf22196ae4b1f6c4f22731967abb0c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/nodejs: security bump to version 12.19.1Gravatar Peter Korsgaard2020-12-242-3/+3
| | | | | | | | | | | | | | | Fixes the following security issue: - CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses. https://nodejs.org/en/blog/release/v12.19.1/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f359580796a7d0295680821213ed562c4f8ca24e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/apitrace: disable unit testsGravatar Fabrice Fontaine2020-12-241-0/+104
| | | | | | | | | | | | | | | | | | This will avoid the following build failure with xtensa: [ 62%] Linking CXX executable ../../guids_test [ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation collect2: error: ld returned 1 exit status lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed Fixes: - http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0d209dce35d3484ac94d949cfd656d81c21cd41d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mongodb: bump to version 4.2.11Gravatar Fabrice Fontaine2020-12-242-2/+2
| | | | | | | | | https://docs.mongodb.com/master/release-notes/4.2-changelog/#id1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5a4f13b8a8dbb9970a6b8f502bd8bfd160e60a3f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/netsnmp: fix memory leak in IP-MIB when running without IPv6Gravatar Adam Wujek2020-12-241-0/+37
| | | | | | | | | | | | | | In a Linux system without IPv6 support (or booted with "ipv6.disable=1") file /proc/net/snmp6 is not present. If such file is not present an allocated memory is not freed. Memory leak occurs even without snmp queries. Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1). Patch backported from netsnmp 5.9, where the problem does not appear any more. Signed-off-by: Adam Wujek <dev_public@wujek.eu> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5e6f6e074508ece2207b02545a8ede5a296978c9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mutt: fix CVE-2020-28896Gravatar Fabrice Fontaine2020-12-232-0/+51
| | | | | | | | | | | | | | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 89a9f74fa85a8f0e080328393a356181033f4ad9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mutt: bump to version 1.14.7Gravatar Fabrice Fontaine2020-12-232-2/+2
| | | | | | | | | | | This is a bug-fix release, fixing a variety of small issues. https://gitlab.com/muttmua/mutt/raw/stable/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit af757d959431eb57efe7de1fa8e8b09de5790f3c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mutt: bump version to 1.14.6Gravatar Sergio Prado2020-12-232-2/+2
| | | | | | | Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b9f31a32ecfd4daabf50df7088de12028fe4afb9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/rauc: security bump to version 1.5Gravatar Peter Korsgaard2020-12-222-3/+3
| | | | | | | | | | | | | Fixes the following security issue: - CVE-2020-25860: Time-of-Check-Time-of-Use Vulnerability in code that checks and installs a firmware bundle. For more details, see the advisory: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 41bbe8df540e2c630ad04f8db7383a7e7705f368) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-pyqt5: fix qt5 openssl conditionalGravatar Peter Korsgaard2020-12-221-1/+1
| | | | | | | | | | BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873 (package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to match. Fix that. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 54854dc44e6ff937834bf00a2b63186fd066477c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ti-sgx-*: fix s/correpsonds/corresponds/ typoGravatar Peter Korsgaard2020-12-223-3/+3
| | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 292475976f20df8c105aa3af1854f582ab0bbab5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ghostscript: bump to version 9.53.3Gravatar Fabrice Fontaine2020-12-222-3/+3
| | | | | | | | | https://www.ghostscript.com/doc/9.53.3/News.htm Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d1c5397e9e7576ededb25c6d48b45f5783977615) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/imagemagick: security bump to version 7.10.51Gravatar Fabrice Fontaine2020-12-222-3/+3
| | | | | | | | | | | | | | | | | - Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. - Update license hash (correct wording to match Apache 2 license: https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c) https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b898e80639988d2da9e4a432337e3c914dc0859c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/cryptopp: security bump to version 8.3.0Gravatar Fabrice Fontaine2020-12-222-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | - Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. For details, see: https://github.com/weidai11/cryptopp/issues/869 - Update license hash due to the addition of ARM SHA1 and SHA256 asm implementation from Cryptogams https://github.com/weidai11/cryptopp/commit/1a63112faf5af60e0ebcc60654eef806e7f6f11a https://github.com/weidai11/cryptopp/commit/4c9ca6b723b5ec5aab7eec720ad4d22598abe941 https://www.cryptopp.com/release830.html [Peter: adjust CVE info, issue is fixes in 8.3.0] Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit e7c789d48fe10265a392a7af42cf3439a7c726c9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ncurses: don't attempt calling ldconfig in host-ncursesGravatar Thomas De Schampheleire2020-12-221-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | The host-ncurses install step attempts to run ldconfig, causing a permission failure: cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; ) test -z "" && /sbin/ldconfig /sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored) The error is non-fatal and ignored, but confusing. The ncurses makefiles already avoid calling ldconfig when DESTDIR is set (target case) but for host-ncurses DESTDIR is empty and the output/host path is passed via --prefix. Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is not called. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 389f48fe90cc8ed77a76a245d3e3ec1fa965df64) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/opkg-utils: needs Python3 on the hostGravatar Thomas De Schampheleire2020-12-221-0/+2
| | | | | | | | | | | | | | | The 'opkg.py' script installed by host-opkg-utils has as shebang: #!/usr/bin/env python3 which may not be available on all host machines. Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY, which will only add the host-python3 dependency if no python3 is already available on the host. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 7dcd20f9d5cca7dba2c510988b457c93532108cd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* DEVELOPERS: remove Thomas DavisGravatar Thomas Petazzoni2020-12-221-3/+0
| | | | | | | | | | | | His e-mail has been bouncing for quite a while: <sunsetbrew@sunsetbrew.com>: connect to sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is unreachable Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit fd5eeabac03c98672230e079ac1a73104565470f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* DEVELOPERS: remove Owen WalpoleGravatar Thomas Petazzoni2020-12-221-3/+0
| | | | | | | | | | | His e-mail has been bouncing for quite a while: <owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection timed out Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit d98e906dfced8fac5f8f733ce3e1d0b34f4a9401) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/pkg-golang.mk: postpone evaluation of TARGET_DIR and HOST_DIRGravatar Tian Yuanhao2020-12-221-2/+2
| | | | | | | | | | | When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as $(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as $(BASE_DIR)/per-package/$(PKG)_NAME/target. Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 8d595c0d926d6b352b0e08366095bb92c7318c4c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/tinycbor: fix build on muslGravatar Fabrice Fontaine2020-12-221-0/+39
| | | | | | | | | | Fixes: - http://autobuild.buildroot.org/results/c23b694442e7f86cbdd14d8789b12e6a8fd26a70 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit eaff5c39c15e3ec071a16c47911f72e9be9168c0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/wireshark: security bump to version 3.2.10Gravatar Peter Korsgaard2020-12-222-4/+4
| | | | | | | | | | | | | | The following vulnerabilities have been fixed: - wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739. CVE-2020-26418. - wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421. - wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994. CVE-2020-26420. https://www.wireshark.org/docs/relnotes/wireshark-3.2.9.html https://www.wireshark.org/docs/relnotes/wireshark-3.2.10.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* pkg-cmake.mk: fix host ccache support for CMake 3.19Gravatar Bernd Amend2020-12-221-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Starting with CMake 3.4 CMake supports setting a compiler launcher like ccache. The feature is described in https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html This should be safe since everything is built for the host using make or ninja. The use of *_ARG1 is discouraged by the cmake developers https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented . Without this patch I get the following error message with CMake 3.19.1 on Arch Linux. Disabling BR2_CCACHE also resolves the issue. /usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache" -DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF ) -- The C compiler identification is unknown -- Detecting C compiler ABI info -- Detecting C compiler ABI info - failed -- Check for working C compiler: [...]/bin/ccache -- Check for working C compiler: [...]/bin/ccache - broken CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message): The C compiler Signed-off-by: Bernd Amend <bernd.amend@gmail.com> Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com> Tested-by: Christian Stewart <christian@paral.in> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 0e310b4fd0ca14547356645b184a21f52b0c881b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x seriesGravatar Peter Korsgaard2020-12-222-10/+10
| | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0675498b5d6dfce208cb1bbeb38f3a83611e62c8) [Peter: drop 5.9.x bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/shadowsocks-libev: fix static build with netfilter_conntrackGravatar Fabrice Fontaine2020-12-212-0/+64
| | | | | | | | | | Fixes: - http://autobuild.buildroot.org/results/6cad497a7ab941a0ee3fd7007defc81e30cdcbe0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit 1294447142d73b8f0766abb638979867b314b600) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot/arm-trusted-firmware: Forward stack protection configurationGravatar Christoph Müllner2020-12-211-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TF-A supports stack smashing protection (-fstack-protector-*). However, that feature is currently silently disabled because ENABLE_STACK_PROTECTOR is not set during build time. As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR is required to enable stack protection support. When enabled the symbols for the stack protector (e.g. __stack_chk_guard) are built. This needs to be done because TF-A does not link against an external library that provides that symbols (e.g. libc). So in case we see that BR2_SSP_* is enabled, let's enable the corresponding ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide. This patch also fixes a the following linker errors with older TF-A versions if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag) and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing stack protector symbols: [...] params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard' aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail' aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend': pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard' [...] TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent these issue by explicitliy and silently disabling the stack protector by appending '-fno-stack-protector' to the compiler flags in case ENABLE_STACK_PROTECTOR is not set. Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master). Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com> Reviewed-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit 7b3fcbcdaa8cb6a99208399d1402c837685d7639) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/haproxy: bump to version 2.2.6Gravatar Fabrice Fontaine2020-12-212-3/+3
| | | | | | | | | | | | Two major bugs were fixed in this versions, both leading to a memory corruption and random crashes. https://www.mail-archive.com/haproxy@formilux.org/msg39068.html Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit ed5082f012daedad6049491383215fc46af9979b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/haproxy: bump to version 2.2.5Gravatar Fabrice Fontaine2020-12-212-3/+3
| | | | | | | | | https://www.mail-archive.com/haproxy@formilux.org/msg38809.html Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 17a220d1543ee34a2e292ccbac001b5ffaba407c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/haproxy: bump to version 2.2.4Gravatar Fabrice Fontaine2020-12-212-3/+3
| | | | | | | | | | https://www.mail-archive.com/haproxy@formilux.org/msg38543.html http://www.haproxy.org/download/2.2/src/CHANGELOG Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b5881e19e4108fa1090c7d6bfcd458190eae0ce6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libglib2: correct upstream status for patch 0001Gravatar Thomas De Schampheleire2020-12-211-1/+1
| | | | | | | | | | | | | Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but this is not true. The linked issue is closed with 'Needs information', and the code itself is effectively not merged. Clarify the 'Upstream-status' line to make this more clear. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 43021dfb77b1a841305f625d923688316dc53d4a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/unbound: security bump to version 1.13.0Gravatar Fabrice Fontaine2020-12-212-3/+5
| | | | | | | | | | | | | | | | | | This version has fixes to connect for UDP sockets, slowing down potential ICMP side channel leakage. The fix can be controlled with the option udp-connect: yes, it is enabled by default. Additionally CVE-2020-28935 is fixed, this solves a problem where the pidfile is altered by a symlink, and fails if a symlink is encountered. See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more information. https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 4eb320112037445b8310f0fde1cde511ed05ecb3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/unbound: bump version to 1.12.0Gravatar Stefan Ott2020-12-212-2/+2
| | | | | | | Signed-off-by: Stefan Ott <stefan@ott.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit eb4ff9f11fe3585ca5f0e0b7bfd31b93dafd2dd1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-lxml: security bump to version 4.6.2Gravatar Peter Korsgaard2020-12-212-3/+3
| | | | | | | | | | | | | | | | | | | Fixes the following security issues: * 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. * 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. For more details, see the changes file: https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit ea41a5faab3fda4589956b24d4731292872934a5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sqlcipher: security bump to version 4.4.2Gravatar Fabrice Fontaine2020-12-212-2/+2
| | | | | | | | | | | | | | | Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f38893f8dd7c9fb13b14cf4fe471eb62d345c5f0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>