diff --git a/Documentation/kernel.md b/Documentation/kernel.md index 37fd0c993..3994111fe 100644 --- a/Documentation/kernel.md +++ b/Documentation/kernel.md @@ -5,15 +5,15 @@ Default Kernel tree: 5.4 | Board | Version | |-------|---------| -| Open Virtual Appliance | 5.4.63 | +| Open Virtual Appliance | 5.4.80 | | Raspberry Pi | 5.4.79 | | Raspberry Pi 0-W | 5.4.79 | | Raspberry Pi 2 | 5.4.79 | | Raspberry Pi 3 | 5.4.79 | | Raspberry Pi 4 | 5.4.79 | -| Tinker Board | 5.4.63 | -| Odroid-C2 | 5.9.6 | -| Odroid-C4 | 5.9.6 | -| Odroid-N2 | 5.9.6 | -| Odroid-XU4 | 5.9.6 | -| Intel NUC | 5.4.63 | +| Tinker Board | 5.4.80 | +| Odroid-C2 | 5.9.11 | +| Odroid-C4 | 5.9.11 | +| Odroid-N2 | 5.9.11 | +| Odroid-XU4 | 5.9.11 | +| Intel NUC | 5.4.80 | diff --git a/buildroot-external/board/hardkernel/patches/linux/0004-arm64-dts-meson-add-missing-g12-rng-clock.patch b/buildroot-external/board/hardkernel/patches/linux/0004-arm64-dts-meson-add-missing-g12-rng-clock.patch deleted file mode 100644 index 37c58d4c4..000000000 --- a/buildroot-external/board/hardkernel/patches/linux/0004-arm64-dts-meson-add-missing-g12-rng-clock.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f2eead311d9dd9ff7ee0846914147250d7711f98 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <734f52f38625ce29c964517255538b3b0b546e8d.1603528796.git.stefan@agner.ch> -References: <734f52f38625ce29c964517255538b3b0b546e8d.1603528796.git.stefan@agner.ch> -From: Scott K Logan -Date: Fri, 25 Sep 2020 01:43:53 -0700 -Subject: [PATCH 4/7] arm64: dts: meson: add missing g12 rng clock - -This adds the missing perpheral clock for the RNG for Amlogic G12. As -stated in amlogic,meson-rng.yaml, this isn't always necessary for the -RNG to function, but is better to have in case the clock is disabled for -some reason prior to loading. - -Signed-off-by: Scott K Logan -Suggested-by: Neil Armstrong -Reviewed-by: Neil Armstrong -Signed-off-by: Kevin Hilman -Link: https://lore.kernel.org/r/520a1a8ec7a958b3d918d89563ec7e93a4100a45.camel@cottsay.net ---- - arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi -index 1e83ec5b8c91..81f490e404ca 100644 ---- a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi -+++ b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi -@@ -282,6 +282,8 @@ apb_efuse: bus@30000 { - hwrng: rng@218 { - compatible = "amlogic,meson-rng"; - reg = <0x0 0x218 0x0 0x4>; -+ clocks = <&clkc CLKID_RNG0>; -+ clock-names = "core"; - }; - }; - --- -2.28.0 - diff --git a/buildroot-external/configs/intel_nuc_defconfig b/buildroot-external/configs/intel_nuc_defconfig index 6d475b202..db791a537 100644 --- a/buildroot-external/configs/intel_nuc_defconfig +++ b/buildroot-external/configs/intel_nuc_defconfig @@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80" BR2_LINUX_KERNEL_DEFCONFIG="x86_64" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/nuc/kernel.config" BR2_LINUX_KERNEL_LZ4=y diff --git a/buildroot-external/configs/odroid_c2_defconfig b/buildroot-external/configs/odroid_c2_defconfig index e2379cba0..a428789f6 100644 --- a/buildroot-external/configs/odroid_c2_defconfig +++ b/buildroot-external/configs/odroid_c2_defconfig @@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c2 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c2/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config" diff --git a/buildroot-external/configs/odroid_c4_defconfig b/buildroot-external/configs/odroid_c4_defconfig index 11a6c61c7..d9cd816a9 100644 --- a/buildroot-external/configs/odroid_c4_defconfig +++ b/buildroot-external/configs/odroid_c4_defconfig @@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c4 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-c4/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config" diff --git a/buildroot-external/configs/odroid_n2_defconfig b/buildroot-external/configs/odroid_n2_defconfig index a19317c76..5d1b43e51 100644 --- a/buildroot-external/configs/odroid_n2_defconfig +++ b/buildroot-external/configs/odroid_n2_defconfig @@ -22,7 +22,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/kernel-amlogic.config" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-n2/kernel.config" diff --git a/buildroot-external/configs/odroid_xu4_defconfig b/buildroot-external/configs/odroid_xu4_defconfig index 734a45efa..4d038c7c0 100644 --- a/buildroot-external/configs/odroid_xu4_defconfig +++ b/buildroot-external/configs/odroid_xu4_defconfig @@ -23,7 +23,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-xu4 $(BR2_EXTERNAL_HASSOS_PATH)/board/hardkernel/odroid-xu4/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.6" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.9.11" BR2_LINUX_KERNEL_DEFCONFIG="exynos" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config" BR2_LINUX_KERNEL_LZ4=y diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 9ace7b298..9f593b3b0 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -23,7 +23,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80" BR2_LINUX_KERNEL_DEFCONFIG="x86_64" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/intel/ova/kernel.config" BR2_LINUX_KERNEL_LZ4=y diff --git a/buildroot-external/configs/tinker_defconfig b/buildroot-external/configs/tinker_defconfig index 20cfdb8c8..5d9b3c7e9 100644 --- a/buildroot-external/configs/tinker_defconfig +++ b/buildroot-external/configs/tinker_defconfig @@ -24,7 +24,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/asus/tinker $(BR2_EXTERNAL_HASSOS_PATH)/board/asus/hassos-hook.sh" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.63" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.4.80" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSOS_PATH)/board/asus/tinker/kernel.config" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config" diff --git a/buildroot/CHANGES b/buildroot/CHANGES index 9957622c3..45c7ecc12 100644 --- a/buildroot/CHANGES +++ b/buildroot/CHANGES @@ -1,3 +1,23 @@ +2020.11-rc3, released November 28th, 2020 + + Fixes all over the tree. + + Updated/fixed packages: c-ares, cage, cdrkit, + dovecot-pigeonhole, efl, gvfs, harfbuzz, jpeg-turbo, + libcamera, libkrb5, libpam-tacplus, libxkbcommon, minidlna, + modem-manager, monkey, musl, ncurses, numactl, openntpd, + openrc, postgresql, proftpd, python-flask-cors, python-pip, + qemu, raptor, redis, slirp, spandsp, thermald, uhd, vsftpd, + webkitgtk, wireless-regdb, wlroots, wpewebkit, xen, xinetd, + xorriso + + Issues resolved (http://bugs.uclibc.org): + + #13296: host-libcap failed to build + #13331: openrc-0.42.1 compilation failure on gcc-10 + #13336: thermald-1.9.1 compilation failure with musl 1.2.1 + #13341: Mistake in /etc/init.d/S70vsftpd + 2020.11-rc2, released November 14th, 2020 Fixes all over the tree. @@ -106,6 +126,34 @@ #13236: Can't compile linux 5.4.8 (with gcc 10 on host) #13286: The system hangs in vmware workstation on the line.. +2020.08.2, released November 16th, 2020 + + Important / security related fixes. + + Toolchain-wrapper: Pass -fno-tree-loop-distribute-patterns to + fix kernel build on microblaze with gcc 10.x when + optimizations are enabled. + + Updated/fixed packages: apparmor, argp-standalone, asterisk, + bandwidthd, binutils, bitcoin, busybox, collectd, cryptsetup, + cups-filters, darkhttpd, davfs2, docker-cli, + docker-containerd, docker-engine, dovecot-pigeonhole, + dvb-apps, elf2flt, fastd, fbset, fbtft, freetype, gcc, + ghostscript, grpc, gst1-plugins-bad, jsoncpp, + kernel-module-imx-gpu-viv, keepalived, kmscube, libass, + libexif, libiqrf, libnetfilter_conntrack, libpam-tacplus, + libraw, linux-backports, linux-firmware, lzlib, mp4v2, + netsnmp, nginx, numactl, oniguruma, opencv3, openntpd, + patchelf, php, pistache, postgresql, python-pyqt5, qemu, + qt5base, rauc, redis, samba4, slirp, systemd, tcpdump, + tinyproxy, tmux, tor, waf, webkitgtk, wine, + wireguard-linux-compat, wireshark, wpewebkit, xen, xorriso, + xvisor, zeromq, zxing-cpp + + Issues resolved (http://bugs.uclibc.org): + + #11931: Bugs in support/scripts/apply-patches.sh + 2020.08.1, released October 12th, 2020 Important / security related fixes. @@ -612,6 +660,26 @@ #12796: Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967 #12811: bootstrap stuck and no login prompt +2020.02.8, released November 16th, 2020 + + Important / security related fixes. + + Updated/fixed packages: angularjs, argp-standalone, asterisk, + bandwidthd, bitcoin, busybox, cryptsetup, darkhttpd, davfs2, + docker-cli, docker-containerd, docker-engine, + dovecot-pigeonhole, fastd, fbset, fbtft, freetype, gcc, + ghostscript, gnuradio, grpc, gst1-plugins-bad, jsoncpp, + keepalived, libass, libexif, libiqrf, libpam-tacplus, libraw, + linux-backports, linux-firmware, lzlib, netsnmp, nginx, + oniguruma, opencv3, openntpd, patchelf, php, postgresql, + python-pyqt5, qt5base, rauc, redis, samba4, slirp, systemd, + tcpdump, tmux, tor, webkitgtk, wireguard-linux-compat, + wireshark, wpewebkit, xen, xorriso, zeromq, zxing-cpp + + Issues resolved (http://bugs.uclibc.org): + + #11931: Bugs in support/scripts/apply-patches.sh + 2020.02.7, released October 12th, 2020 Important / security related fixes. diff --git a/buildroot/DEVELOPERS b/buildroot/DEVELOPERS index 6b8083eb4..9ab1e125f 100644 --- a/buildroot/DEVELOPERS +++ b/buildroot/DEVELOPERS @@ -2127,7 +2127,7 @@ F: package/kf5/ N: Pierre Floury F: package/trace-cmd/ -N: Pierre-Jean Texier +N: Pierre-Jean Texier F: package/fping/ F: package/genimage/ F: package/haveged/ @@ -2606,9 +2606,6 @@ F: package/waf/ F: support/testing/tests/package/test_crudini.py F: support/testing/tests/package/test_redis.py -N: Trent Piepho -F: package/libp11/ - N: Tudor Holton F: package/openjdk/ diff --git a/buildroot/Makefile b/buildroot/Makefile index 2d911bcee..5105cd07f 100644 --- a/buildroot/Makefile +++ b/buildroot/Makefile @@ -92,9 +92,9 @@ all: .PHONY: all # Set and export the version string -export BR2_VERSION := 2020.11-rc2 +export BR2_VERSION := 2020.11-rc3 # Actual time the release is cut (for reproducible builds) -BR2_VERSION_EPOCH = 1605361000 +BR2_VERSION_EPOCH = 1606558000 # Save running make version since it's clobbered by the make package RUNNING_MAKE_VERSION := $(MAKE_VERSION) diff --git a/buildroot/boot/uboot/uboot.mk b/buildroot/boot/uboot/uboot.mk index 72d5df412..d2b4e8dc6 100644 --- a/buildroot/boot/uboot/uboot.mk +++ b/buildroot/boot/uboot/uboot.mk @@ -477,7 +477,7 @@ ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_URL)),) $(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_URL setting) endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_URL ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION)),) -$(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting) +$(error No custom U-Boot repository version specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting) endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_VERSION endif # BR2_TARGET_UBOOT_CUSTOM_GIT || BR2_TARGET_UBOOT_CUSTOM_HG diff --git a/buildroot/docs/manual/manual.html b/buildroot/docs/manual/manual.html index a7d52b6d9..b3e1d9d42 100644 --- a/buildroot/docs/manual/manual.html +++ b/buildroot/docs/manual/manual.html @@ -1,8 +1,8 @@ -The Buildroot user manual

The Buildroot user manual

Table of Contents

I. Getting started
1. About Buildroot
2. System requirements
2.1. Mandatory packages
2.2. Optional packages
3. Getting Buildroot
4. Buildroot quick start
5. Community resources
II. User guide
6. Buildroot configuration
6.1. Cross-compilation toolchain
6.2. /dev management
6.3. init system
7. Configuration of other components
8. General Buildroot usage
8.1. make tips
8.2. Understanding when a full rebuild is necessary
8.3. Understanding how to rebuild packages
8.4. Offline builds
8.5. Building out-of-tree
8.6. Environment variables
8.7. Dealing efficiently with filesystem images
8.8. Details about packages
8.9. Graphing the dependencies between packages
8.10. Graphing the build duration
8.11. Graphing the filesystem size contribution of packages
8.12. Top-level parallel build
8.13. Integration with Eclipse
8.14. Advanced usage
9. Project-specific customization
9.1. Recommended directory structure
9.2. Keeping customizations outside of Buildroot
9.3. Storing the Buildroot configuration
9.4. Storing the configuration of other components
9.5. Customizing the generated target filesystem
9.6. Adding custom user accounts
9.7. Customization after the images have been created
9.8. Adding project-specific patches
9.9. Adding project-specific packages
9.10. Quick guide to storing your project-specific customizations
10. Using SELinux in Buildroot
10.1. Enabling SELinux support
10.2. SELinux policy tweaking
11. Frequently Asked Questions & Troubleshooting
11.1. The boot hangs after Starting network…
11.2. Why is there no compiler on the target?
11.3. Why are there no development files on the target?
11.4. Why is there no documentation on the target?
11.5. Why are some packages not visible in the Buildroot config menu?
11.6. Why not use the target directory as a chroot directory?
11.7. Why doesn’t Buildroot generate binary packages (.deb, .ipkg…)?
11.8. How to speed-up the build process?
12. Known issues
13. Legal notice and licensing
13.1. Complying with open source licenses
13.2. Complying with the Buildroot license
14. Beyond Buildroot
14.1. Boot the generated images
14.2. Chroot
III. Developer guide
15. How Buildroot works
16. Coding style
16.1. Config.in file
16.2. The .mk file
16.3. The documentation
16.4. Support scripts
17. Adding support for a particular board
18. Adding new packages to Buildroot
18.1. Package directory
18.2. Config files
18.3. The .mk file
18.4. The .hash file
18.5. Infrastructure for packages with specific build systems
18.6. Infrastructure for autotools-based packages
18.7. Infrastructure for CMake-based packages
18.8. Infrastructure for Python packages
18.9. Infrastructure for LuaRocks-based packages
18.10. Infrastructure for Perl/CPAN packages
18.11. Infrastructure for virtual packages
18.12. Infrastructure for packages using kconfig for configuration files
18.13. Infrastructure for rebar-based packages
18.14. Infrastructure for Waf-based packages
18.15. Infrastructure for Meson-based packages
18.16. Integration of Cargo-based packages
18.17. Infrastructure for Go packages
18.18. Infrastructure for QMake-based packages
18.19. Infrastructure for packages building kernel modules
18.20. Infrastructure for asciidoc documents
18.21. Infrastructure specific to the Linux kernel package
18.22. Hooks available in the various build steps
18.23. Gettext integration and interaction with packages
18.24. Tips and tricks
18.25. Conclusion
19. Patching a package
19.1. Providing patches
19.2. How patches are applied
19.3. Format and licensing of the package patches
19.4. Integrating patches found on the Web
20. Download infrastructure
21. Debugging Buildroot
22. Contributing to Buildroot
22.1. Reproducing, analyzing and fixing bugs
22.2. Analyzing and fixing autobuild failures
22.3. Reviewing and testing patches
22.4. Work on items from the TODO list
22.5. Submitting patches
22.6. Reporting issues/bugs or getting help
22.7. Using the run-tests framework
23. DEVELOPERS file and get-developers
24. Release Engineering
24.1. Releases
24.2. Development
IV. Appendix
25. Makedev syntax documentation
26. Makeusers syntax documentation
27. Migrating from older Buildroot versions
27.1. Migrating to 2016.11
27.2. Migrating to 2017.08

List of Examples

18.1. Config script: divine package
18.2. Config script: imagemagick package:

Buildroot 2020.11-rc2 manual generated on 2020-11-14 -13:52:47 UTC from git revision 6a33ea03b4

The Buildroot manual is written by the Buildroot developers. +The Buildroot user manual

The Buildroot user manual

Table of Contents

I. Getting started
1. About Buildroot
2. System requirements
2.1. Mandatory packages
2.2. Optional packages
3. Getting Buildroot
4. Buildroot quick start
5. Community resources
II. User guide
6. Buildroot configuration
6.1. Cross-compilation toolchain
6.2. /dev management
6.3. init system
7. Configuration of other components
8. General Buildroot usage
8.1. make tips
8.2. Understanding when a full rebuild is necessary
8.3. Understanding how to rebuild packages
8.4. Offline builds
8.5. Building out-of-tree
8.6. Environment variables
8.7. Dealing efficiently with filesystem images
8.8. Details about packages
8.9. Graphing the dependencies between packages
8.10. Graphing the build duration
8.11. Graphing the filesystem size contribution of packages
8.12. Top-level parallel build
8.13. Integration with Eclipse
8.14. Advanced usage
9. Project-specific customization
9.1. Recommended directory structure
9.2. Keeping customizations outside of Buildroot
9.3. Storing the Buildroot configuration
9.4. Storing the configuration of other components
9.5. Customizing the generated target filesystem
9.6. Adding custom user accounts
9.7. Customization after the images have been created
9.8. Adding project-specific patches
9.9. Adding project-specific packages
9.10. Quick guide to storing your project-specific customizations
10. Using SELinux in Buildroot
10.1. Enabling SELinux support
10.2. SELinux policy tweaking
11. Frequently Asked Questions & Troubleshooting
11.1. The boot hangs after Starting network…
11.2. Why is there no compiler on the target?
11.3. Why are there no development files on the target?
11.4. Why is there no documentation on the target?
11.5. Why are some packages not visible in the Buildroot config menu?
11.6. Why not use the target directory as a chroot directory?
11.7. Why doesn’t Buildroot generate binary packages (.deb, .ipkg…)?
11.8. How to speed-up the build process?
12. Known issues
13. Legal notice and licensing
13.1. Complying with open source licenses
13.2. Complying with the Buildroot license
14. Beyond Buildroot
14.1. Boot the generated images
14.2. Chroot
III. Developer guide
15. How Buildroot works
16. Coding style
16.1. Config.in file
16.2. The .mk file
16.3. The documentation
16.4. Support scripts
17. Adding support for a particular board
18. Adding new packages to Buildroot
18.1. Package directory
18.2. Config files
18.3. The .mk file
18.4. The .hash file
18.5. Infrastructure for packages with specific build systems
18.6. Infrastructure for autotools-based packages
18.7. Infrastructure for CMake-based packages
18.8. Infrastructure for Python packages
18.9. Infrastructure for LuaRocks-based packages
18.10. Infrastructure for Perl/CPAN packages
18.11. Infrastructure for virtual packages
18.12. Infrastructure for packages using kconfig for configuration files
18.13. Infrastructure for rebar-based packages
18.14. Infrastructure for Waf-based packages
18.15. Infrastructure for Meson-based packages
18.16. Integration of Cargo-based packages
18.17. Infrastructure for Go packages
18.18. Infrastructure for QMake-based packages
18.19. Infrastructure for packages building kernel modules
18.20. Infrastructure for asciidoc documents
18.21. Infrastructure specific to the Linux kernel package
18.22. Hooks available in the various build steps
18.23. Gettext integration and interaction with packages
18.24. Tips and tricks
18.25. Conclusion
19. Patching a package
19.1. Providing patches
19.2. How patches are applied
19.3. Format and licensing of the package patches
19.4. Integrating patches found on the Web
20. Download infrastructure
21. Debugging Buildroot
22. Contributing to Buildroot
22.1. Reproducing, analyzing and fixing bugs
22.2. Analyzing and fixing autobuild failures
22.3. Reviewing and testing patches
22.4. Work on items from the TODO list
22.5. Submitting patches
22.6. Reporting issues/bugs or getting help
22.7. Using the run-tests framework
23. DEVELOPERS file and get-developers
24. Release Engineering
24.1. Releases
24.2. Development
IV. Appendix
25. Makedev syntax documentation
26. Makeusers syntax documentation
27. Migrating from older Buildroot versions
27.1. Migrating to 2016.11
27.2. Migrating to 2017.08

List of Examples

18.1. Config script: divine package
18.2. Config script: imagemagick package:

Buildroot 2020.11-rc3 manual generated on 2020-11-28 +10:11:19 UTC from git revision a418d0ac51

The Buildroot manual is written by the Buildroot developers. It is licensed under the GNU General Public License, version 2. Refer to the -COPYING +COPYING file in the Buildroot sources for the full text of this license.

Copyright © 2004-2020 The Buildroot developers

logo.png

Part I. Getting started

Chapter 1. About Buildroot

Buildroot is a tool that simplifies and automates the process of building a complete Linux system for an embedded system, using cross-compilation.

In order to achieve this, Buildroot is able to generate a diff --git a/buildroot/docs/manual/manual.pdf b/buildroot/docs/manual/manual.pdf index 3658d23cf..e60ed4617 100644 Binary files a/buildroot/docs/manual/manual.pdf and b/buildroot/docs/manual/manual.pdf differ diff --git a/buildroot/docs/manual/manual.text b/buildroot/docs/manual/manual.text index f5fec57bf..13bbcd8fc 100644 --- a/buildroot/docs/manual/manual.text +++ b/buildroot/docs/manual/manual.text @@ -174,13 +174,13 @@ List of Examples --------------------------------------------------------------------- -Buildroot 2020.11-rc2 manual generated on 2020-11-14 13:52:52 UTC -from git revision 6a33ea03b4 +Buildroot 2020.11-rc3 manual generated on 2020-11-28 10:11:23 UTC +from git revision a418d0ac51 The Buildroot manual is written by the Buildroot developers. It is licensed under the GNU General Public License, version 2. Refer to the COPYING [http://git.buildroot.org/buildroot/tree/COPYING?id= -6a33ea03b469a35f0dddcabd6e378819dc731024] file in the Buildroot +a418d0ac51e192adc54300f16b46b12a42b2b117] file in the Buildroot sources for the full text of this license. Copyright © 2004-2020 The Buildroot developers diff --git a/buildroot/docs/website/download.html b/buildroot/docs/website/download.html index 07627d0f3..beebbbea9 100644 --- a/buildroot/docs/website/download.html +++ b/buildroot/docs/website/download.html @@ -8,105 +8,105 @@

Download
-

Latest long term support release: 2020.02.7

+

Latest long term support release: 2020.02.8

- +
- +
-

buildroot-2020.02.7.tar.gz

-

PGP signature

+

buildroot-2020.02.8.tar.gz

+

PGP signature

- +
- +
-

buildroot-2020.02.7.tar.bz2

-

PGP signature

+

buildroot-2020.02.8.tar.bz2

+

PGP signature

-

Latest stable release: 2020.08.1

+

Latest stable release: 2020.08.2

- +
- +
-

buildroot-2020.08.1.tar.gz

-

PGP signature

+

buildroot-2020.08.2.tar.gz

+

PGP signature

- +
- +
-

buildroot-2020.08.1.tar.bz2

-

PGP signature

+

buildroot-2020.08.2.tar.bz2

+

PGP signature

-

Latest release candidate: 2020.11-rc2

+

Latest release candidate: 2020.11-rc3

- +
- +
-

buildroot-2020.11-rc2.tar.gz

-

PGP signature

+

buildroot-2020.11-rc3.tar.gz

+

PGP signature

- +
- +
-

buildroot-2020.11-rc2.tar.bz2

-

PGP signature

+

buildroot-2020.11-rc3.tar.bz2

+

PGP signature

diff --git a/buildroot/docs/website/news.html b/buildroot/docs/website/news.html index eab11e2f8..f15637c3b 100644 --- a/buildroot/docs/website/news.html +++ b/buildroot/docs/website/news.html @@ -9,6 +9,65 @@

News

    +
  • +
    +
    +
    +

    2020.11-rc3 released

    +

    28 November 2020

    +
    +
    +

    Another week, another release candidate with more cleanups and build fixes. See the + CHANGES + file for details.

    + +

    Head to the downloads page to pick up the + 2020.11-rc3 + release candidate, and report any problems found to the + mailing list or + bug tracker.

    +
    +
    +
    • + +
  • +
    +
    +
    +

    2020.02.8 released

    +

    17 November 2020

    +
    +
    +

    The 2020.02.8 bugfix release is out, fixing a number of important / + security related issues discovered since the 2020.02.7 release. See the + CHANGES + file for more details, read the + announcement + and go to the downloads page to pick up the + 2020.02.8 release.

    +
    +
    +
    • + +
  • +
    +
    +
    +

    2020.08.2 released

    +

    16 November 2020

    +
    +
    +

    The 2020.08.2 bugfix release is out, fixing a number of important / + security related issues discovered since the 2020.08.1 release. See the + CHANGES + file for more details, read the + announcement + and go to the downloads page to pick up the + 2020.08.2 release.

    +
    +
    +
    • +
  • diff --git a/buildroot/linux/Config.in b/buildroot/linux/Config.in index 434623a72..8b753e6c1 100644 --- a/buildroot/linux/Config.in +++ b/buildroot/linux/Config.in @@ -125,7 +125,7 @@ endif config BR2_LINUX_KERNEL_VERSION string - default "5.9.8" if BR2_LINUX_KERNEL_LATEST_VERSION + default "5.9.11" if BR2_LINUX_KERNEL_LATEST_VERSION default "4.19.152-cip37" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION default "4.19.152-cip37-rt16" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \ diff --git a/buildroot/linux/linux.hash b/buildroot/linux/linux.hash index 4219c7f31..00bbf3d1c 100644 --- a/buildroot/linux/linux.hash +++ b/buildroot/linux/linux.hash @@ -1,12 +1,12 @@ # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc -sha256 7656733b316562662026ac82a7c0be41440e16bbf1bdc5447b119e34ff3b86a6 linux-5.9.8.tar.xz +sha256 5eb20a65a410669928f94b3975872e493fa6d0fe441c6a78b7564affa2a5d260 linux-5.9.11.tar.xz sha256 4ab4a3f694b7b4cfbe78871eab34c8039ad33692144c45c669827a594da85534 linux-5.8.18.tar.xz -sha256 a3e03e6970240dddc8174bf9f49b56d774c40125eabe1582d2ebe85b01addbf7 linux-5.4.77.tar.xz +sha256 49da425c1f3c530fd3ff31d85a0461f6b6dc6e459f7faf3eee23e49a98ce64c7 linux-5.4.80.tar.xz # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc -sha256 95de46b6bd72f66169629eb0e343b005778539864598eae76c3ca999645d58b5 linux-4.4.243.tar.xz -sha256 d3aa189ca7fcc6e52d6c0333a0d7acd8789e9a492b32dbf9476e926ffaa73984 linux-4.9.243.tar.xz -sha256 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac linux-4.14.206.tar.xz -sha256 76dca365255c1a13778c3b24f0eae14f4e66bc12fe79f5e6592b116fc57ef755 linux-4.19.157.tar.xz +sha256 9e0bdebf18a12d0c899e5e4042e715e24a70ab0fd986a3f4c67c8ec2710bad97 linux-4.4.246.tar.xz +sha256 49e266c7d72d388e8ce6aa486a1018cc0595ae1b9e99934bce5b484fd8dba9f5 linux-4.9.246.tar.xz +sha256 cb02465cc8f1972cc14707b25d779c8668d220c39e68a24bb23afd4c58182b9c linux-4.14.209.tar.xz +sha256 18345206f9c61e8adafa5204d0ca0b8619f1d9aafd70cbd5cb0fbf1faf521585 linux-4.19.160.tar.xz # Locally computed sha256 d2a06f52143deb929b8d513cf9afc9bd065951389a80fa70bc4d63025b5b3fb9 linux-cip-4.19.152-cip37.tar.gz sha256 bc1dacd3d0f526de3e8754a444e8e02a54521527af639ddb907cb35cda775a8c linux-cip-4.19.152-cip37-rt16.tar.gz diff --git a/buildroot/package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch b/buildroot/package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch new file mode 100644 index 000000000..02422dde3 --- /dev/null +++ b/buildroot/package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch @@ -0,0 +1,37 @@ +From e2180d95fb67f57b6ffba01fefb4844a1ca4f792 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Wed, 18 Nov 2020 08:12:45 +0100 +Subject: [PATCH] src/lib/Makefile.am: install ares_dns.h + +This will avoid the following build failure with resiprocate: + +In file included from dns/DnsCnameRecord.cxx:7: +dns/AresCompat.hxx:5:10: fatal error: ares_dns.h: No such file or directory + #include "ares_dns.h" + ^~~~~~~~~~~~ + +Fixes: + - http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059 + +Signed-off-by: Fabrice Fontaine +[Upstream status: https://github.com/c-ares/c-ares/pull/376] +--- + src/lib/Makefile.am | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am +index c918667..92a4152 100644 +--- a/src/lib/Makefile.am ++++ b/src/lib/Makefile.am +@@ -14,6 +14,8 @@ lib_LTLIBRARIES = libcares.la + + man_MANS = $(MANPAGES) + ++include_HEADERS = ares_dns.h ++ + # adig and ahost are just sample programs and thus not mentioned with the + # regular sources and headers + EXTRA_DIST = Makefile.inc config-win32.h CMakeLists.txt \ +-- +2.29.2 + diff --git a/buildroot/package/c-ares/c-ares.hash b/buildroot/package/c-ares/c-ares.hash index 04a87402e..a24f3d72e 100644 --- a/buildroot/package/c-ares/c-ares.hash +++ b/buildroot/package/c-ares/c-ares.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -sha256 d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce c-ares-1.16.1.tar.gz +sha256 1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d c-ares-1.17.0.tar.gz # Hash for license file sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md diff --git a/buildroot/package/c-ares/c-ares.mk b/buildroot/package/c-ares/c-ares.mk index f07a7e566..ca1baf8af 100644 --- a/buildroot/package/c-ares/c-ares.mk +++ b/buildroot/package/c-ares/c-ares.mk @@ -4,12 +4,14 @@ # ################################################################################ -C_ARES_VERSION = 1.16.1 +C_ARES_VERSION = 1.17.0 C_ARES_SITE = http://c-ares.haxx.se/download C_ARES_INSTALL_STAGING = YES C_ARES_CONF_OPTS = --with-random=/dev/urandom C_ARES_LICENSE = MIT C_ARES_LICENSE_FILES = LICENSE.md +# We're patching src/lib/Makefile.am +C_ARES_AUTORECONF = YES $(eval $(autotools-package)) $(eval $(host-autotools-package)) diff --git a/buildroot/package/cage/Config.in b/buildroot/package/cage/Config.in index c8097751f..3bef08f03 100644 --- a/buildroot/package/cage/Config.in +++ b/buildroot/package/cage/Config.in @@ -3,16 +3,14 @@ comment "cage needs udev, mesa3d w/ EGL and GLES support" !BR2_PACKAGE_MESA3D_OPENGL_ES || \ !BR2_PACKAGE_HAS_UDEV -comment "cage needs a toolchain w/ threads, locale, dynamic library" +comment "cage needs a toolchain w/ threads, dynamic library" depends on !BR2_TOOLCHAIN_HAS_THREADS || \ - !BR2_ENABLE_LOCALE || \ BR2_STATIC_LIBS config BR2_PACKAGE_CAGE bool "cage" depends on !BR2_STATIC_LIBS # wlroots depends on BR2_TOOLCHAIN_HAS_THREADS # wlroots - depends on BR2_ENABLE_LOCALE # wlroots depends on BR2_PACKAGE_HAS_UDEV # wlroots depends on BR2_PACKAGE_MESA3D_OPENGL_EGL # wlroots depends on BR2_PACKAGE_MESA3D_OPENGL_ES # wlroots diff --git a/buildroot/package/cdrkit/cdrkit.mk b/buildroot/package/cdrkit/cdrkit.mk index f49d5150f..67814f141 100644 --- a/buildroot/package/cdrkit/cdrkit.mk +++ b/buildroot/package/cdrkit/cdrkit.mk @@ -18,5 +18,14 @@ else CDRKIT_CONF_OPTS += -DBITFIELDS_HTOL=0 endif +ifeq ($(BR2_PACKAGE_FILE),y) +CDRKIT_DEPENDENCIES += host-pkgconf file +CDRKIT_CONF_OPTS += \ + -DUSE_MAGIC=ON \ + -DEXTRA_LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libmagic`" +else +CDRKIT_CONF_OPTS += -DUSE_MAGIC=OFF +endif + $(eval $(cmake-package)) $(eval $(host-cmake-package)) diff --git a/buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk b/buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk index d7068cd87..462c99290 100644 --- a/buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk +++ b/buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk @@ -13,4 +13,12 @@ DOVECOT_PIGEONHOLE_DEPENDENCIES = dovecot DOVECOT_PIGEONHOLE_CONF_OPTS = --with-dovecot=$(STAGING_DIR)/usr/lib +ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y) +define DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG + $(SED) 's,$(PER_PACKAGE_DIR)/dovecot/,$(PER_PACKAGE_DIR)/dovecot-pigeonhole/,g' \ + $(STAGING_DIR)/usr/lib/dovecot-config +endef +DOVECOT_PIGEONHOLE_PRE_CONFIGURE_HOOKS = DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG +endif + $(eval $(autotools-package)) diff --git a/buildroot/package/efl/Config.in b/buildroot/package/efl/Config.in index e4e4c7216..d4a8762de 100644 --- a/buildroot/package/efl/Config.in +++ b/buildroot/package/efl/Config.in @@ -256,6 +256,7 @@ config BR2_PACKAGE_EFL_TIFF config BR2_PACKAGE_EFL_WEBP bool "libevas webp image loader" select BR2_PACKAGE_WEBP + select BR2_PACKAGE_WEBP_DEMUX help This enables the loader code that loads images using WebP. diff --git a/buildroot/package/gvfs/Config.in b/buildroot/package/gvfs/Config.in index 5a6b3e73e..68ad29143 100644 --- a/buildroot/package/gvfs/Config.in +++ b/buildroot/package/gvfs/Config.in @@ -20,4 +20,4 @@ config BR2_PACKAGE_GVFS comment "gvfs needs a toolchain w/ wchar, threads, dynamic library" depends on BR2_USE_MMU depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ - !BR2_STATIC_LIBS + BR2_STATIC_LIBS diff --git a/buildroot/package/harfbuzz/0002-meson.build-check-for-pthread.h.patch b/buildroot/package/harfbuzz/0002-meson.build-check-for-pthread.h.patch new file mode 100644 index 000000000..128876dfb --- /dev/null +++ b/buildroot/package/harfbuzz/0002-meson.build-check-for-pthread.h.patch @@ -0,0 +1,49 @@ +From 96bbf3a3af45d86f790afdf91a6686c37421e92b Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Sun, 15 Nov 2020 10:57:37 +0100 +Subject: [PATCH] meson.build: check for pthread.h + +Check for pthread.h otherwise the build will fail with some toolchains +that have libphtread.so but not pthread.h: + +Run-time dependency threads found: YES + +../src/hb-mutex.hh:53:10: fatal error: pthread.h: No such file or directory + #include + ^~~~~~~~~~~ + +Moreover, fix detection of pthread fallback + +Fixes: + - http://autobuild.buildroot.org/results/70c98e89b1d5e5b651d1f6928dc53f465103f57a + +Signed-off-by: Fabrice Fontaine +--- + meson.build | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index bf3925db..6d263d48 100644 +--- a/meson.build ++++ b/meson.build +@@ -284,13 +284,15 @@ endif + # threads + thread_dep = null_dep + if host_machine.system() != 'windows' +- thread_dep = dependency('threads', required: false) ++ if cpp.has_header('pthread.h') ++ thread_dep = dependency('threads', required: false) ++ endif + + if thread_dep.found() + conf.set('HAVE_PTHREAD', 1) + else + check_headers += ['sched.h'] +- check_funcs += ['sched_yield', {'link_with': 'rt'}] ++ check_funcs += [['sched_yield', {'link_with': 'rt'}]] + endif + endif + +-- +2.29.2 + diff --git a/buildroot/package/jpeg-turbo/jpeg-turbo.hash b/buildroot/package/jpeg-turbo/jpeg-turbo.hash index 874f04fc8..1a22b1d6f 100644 --- a/buildroot/package/jpeg-turbo/jpeg-turbo.hash +++ b/buildroot/package/jpeg-turbo/jpeg-turbo.hash @@ -1,7 +1,7 @@ -# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.4/ -sha1 163d8f96d0999526a117de0388624241b54dcd67 libjpeg-turbo-2.0.4.tar.gz -md5 d01d9e0c28c27bc0de9f4e2e8ff49855 libjpeg-turbo-2.0.4.tar.gz +# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.6/ +sha1 5406c7676d7df89fb4da791ad5af51202910fb25 libjpeg-turbo-2.0.6.tar.gz +md5 4cada3f0bdc93d826fa31bf9e4469ef6 libjpeg-turbo-2.0.6.tar.gz # Locally computed -sha256 33dd8547efd5543639e890efbf2ef52d5a21df81faf41bb940657af916a23406 libjpeg-turbo-2.0.4.tar.gz -sha256 69e570a251515ced17d4492256d57c89db77ed949652f88a44c80c1ca9607920 LICENSE.md -sha256 82fece2bff2669c476495f0fe70096b154e8bc5b40916a64e99836d9a01c3110 README.ijg +sha256 d74b92ac33b0e3657123ddcf6728788c90dc84dcb6a52013d758af3c4af481bb libjpeg-turbo-2.0.6.tar.gz +sha256 0b7a24c3906d26dfbe24e96e9415549b387c3227140dc6b7ab2fb924254e37a1 LICENSE.md +sha256 01ccef626ec864773c681d4a4056f72af9052d619e0609df0d369117f8b3efdf README.ijg diff --git a/buildroot/package/jpeg-turbo/jpeg-turbo.mk b/buildroot/package/jpeg-turbo/jpeg-turbo.mk index 65debb251..cd1275661 100644 --- a/buildroot/package/jpeg-turbo/jpeg-turbo.mk +++ b/buildroot/package/jpeg-turbo/jpeg-turbo.mk @@ -4,7 +4,7 @@ # ################################################################################ -JPEG_TURBO_VERSION = 2.0.4 +JPEG_TURBO_VERSION = 2.0.6 JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz JPEG_TURBO_SITE = https://downloads.sourceforge.net/project/libjpeg-turbo/$(JPEG_TURBO_VERSION) JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD) diff --git a/buildroot/package/libcamera/Config.in b/buildroot/package/libcamera/Config.in index aadea56d1..b9c243084 100644 --- a/buildroot/package/libcamera/Config.in +++ b/buildroot/package/libcamera/Config.in @@ -2,7 +2,7 @@ config BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS bool default y # Invalid packing size of ControlValue struct on m68k - depends on BR2_m68k + depends on !BR2_m68k menuconfig BR2_PACKAGE_LIBCAMERA bool "libcamera" diff --git a/buildroot/package/libkrb5/libkrb5.hash b/buildroot/package/libkrb5/libkrb5.hash index 658c4539f..e5b24a3f7 100644 --- a/buildroot/package/libkrb5/libkrb5.hash +++ b/buildroot/package/libkrb5/libkrb5.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -sha256 02a4e700f10936f937cd1a4c303cab8687a11abecc6107bd4b706b9329cd5400 krb5-1.18.1.tar.gz +sha256 e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 krb5-1.18.3.tar.gz # Hash for license file: -sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE +sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE diff --git a/buildroot/package/libkrb5/libkrb5.mk b/buildroot/package/libkrb5/libkrb5.mk index f7cd677de..b46e7c6c5 100644 --- a/buildroot/package/libkrb5/libkrb5.mk +++ b/buildroot/package/libkrb5/libkrb5.mk @@ -5,7 +5,7 @@ ################################################################################ LIBKRB5_VERSION_MAJOR = 1.18 -LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1 +LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).3 LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR) LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz LIBKRB5_SUBDIR = src diff --git a/buildroot/package/libpam-tacplus/libpam-tacplus.mk b/buildroot/package/libpam-tacplus/libpam-tacplus.mk index 9dd8466bf..b9630d8b3 100644 --- a/buildroot/package/libpam-tacplus/libpam-tacplus.mk +++ b/buildroot/package/libpam-tacplus/libpam-tacplus.mk @@ -12,10 +12,9 @@ LIBPAM_TACPLUS_DEPENDENCIES = \ linux-pam \ $(if $(BR2_PACKAGE_OPENSSL),openssl) # Fetching from github, we need to generate the configure script +# 0001-Add-an-option-to-disable-Werror.patch LIBPAM_TACPLUS_AUTORECONF = YES LIBPAM_TACPLUS_INSTALL_STAGING = YES -# We're patching configure.ac -LIBPAM_TACPLUS_AUTORECONF = YES LIBPAM_TACPLUS_CONF_ENV = \ ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no) LIBPAM_TACPLUS_CONF_OPTS = --disable-werror diff --git a/buildroot/package/libxkbcommon/libxkbcommon.hash b/buildroot/package/libxkbcommon/libxkbcommon.hash index c643f1c4a..1725eaecf 100644 --- a/buildroot/package/libxkbcommon/libxkbcommon.hash +++ b/buildroot/package/libxkbcommon/libxkbcommon.hash @@ -1,5 +1,5 @@ -# From https://lists.freedesktop.org/archives/wayland-devel/2020-September/041609.html -sha256 ab68b25341c99f2218d7cf3dad459c1827f411219901ade05bbccbdb856b6c8d libxkbcommon-1.0.1.tar.xz +# From https://lists.freedesktop.org/archives/wayland-devel/2020-November/041659.html +sha256 0ea2f88f4472bbf8170c5a7112f5af8848a908ca15df9e9086c3de0189612b2b libxkbcommon-1.0.2.tar.xz # License file: sha256 086caee279449369d41c1157911ec7696e707b93feba7280de757d3c470b2dfb LICENSE diff --git a/buildroot/package/libxkbcommon/libxkbcommon.mk b/buildroot/package/libxkbcommon/libxkbcommon.mk index bf1bd058c..cce5c0273 100644 --- a/buildroot/package/libxkbcommon/libxkbcommon.mk +++ b/buildroot/package/libxkbcommon/libxkbcommon.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBXKBCOMMON_VERSION = 1.0.1 +LIBXKBCOMMON_VERSION = 1.0.2 LIBXKBCOMMON_SITE = http://xkbcommon.org/download LIBXKBCOMMON_SOURCE = libxkbcommon-$(LIBXKBCOMMON_VERSION).tar.xz LIBXKBCOMMON_LICENSE = MIT/X11 diff --git a/buildroot/package/linux-headers/Config.in.host b/buildroot/package/linux-headers/Config.in.host index 8bd4449ef..2dc2457e2 100644 --- a/buildroot/package/linux-headers/Config.in.host +++ b/buildroot/package/linux-headers/Config.in.host @@ -346,13 +346,13 @@ endchoice config BR2_DEFAULT_KERNEL_HEADERS string - default "4.4.243" if BR2_KERNEL_HEADERS_4_4 - default "4.9.243" if BR2_KERNEL_HEADERS_4_9 - default "4.14.206" if BR2_KERNEL_HEADERS_4_14 - default "4.19.157" if BR2_KERNEL_HEADERS_4_19 - default "5.4.77" if BR2_KERNEL_HEADERS_5_4 + default "4.4.246" if BR2_KERNEL_HEADERS_4_4 + default "4.9.246" if BR2_KERNEL_HEADERS_4_9 + default "4.14.209" if BR2_KERNEL_HEADERS_4_14 + default "4.19.160" if BR2_KERNEL_HEADERS_4_19 + default "5.4.80" if BR2_KERNEL_HEADERS_5_4 default "5.8.18" if BR2_KERNEL_HEADERS_5_8 - default "5.9.8" if BR2_KERNEL_HEADERS_5_9 + default "5.9.11" if BR2_KERNEL_HEADERS_5_9 default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \ diff --git a/buildroot/package/minidlna/0001-fix-build-with-gcc-10.patch b/buildroot/package/minidlna/0001-fix-build-with-gcc-10.patch deleted file mode 100644 index 521d17f0c..000000000 --- a/buildroot/package/minidlna/0001-fix-build-with-gcc-10.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 90e88764f0fb3d981cd0c3cfd07d63323cc64090 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Tue, 1 Sep 2020 22:55:24 +0200 -Subject: [PATCH] fix build with gcc 10 - -Define setjmp_buffer as static to avoid the following build failure with -gcc 10 (which defaults to -fno-common): - -/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/10.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: image_utils.o:(.bss+0x0): multiple definition of `setjmp_buffer'; metadata.o:(.bss+0x0): first defined here -collect2: error: ld returned 1 exit status - -Fixes: - - http://autobuild.buildroot.org/results/8754bb4f7d749f999d5f8ddfec587470ceec4476 - -Signed-off-by: Fabrice Fontaine ---- - image_utils.c | 2 +- - metadata.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/image_utils.c b/image_utils.c -index 24cfd08..e8d9635 100644 ---- a/image_utils.c -+++ b/image_utils.c -@@ -190,7 +190,7 @@ jpeg_memory_src(j_decompress_ptr cinfo, const unsigned char * buffer, size_t buf - src->pub.bytes_in_buffer = bufsize; - } - --jmp_buf setjmp_buffer; -+static jmp_buf setjmp_buffer; - /* Don't exit on error like libjpeg likes to do */ - static void - libjpeg_error_handler(j_common_ptr cinfo) -diff --git a/metadata.c b/metadata.c -index 9cd86dc..4781db7 100644 ---- a/metadata.c -+++ b/metadata.c -@@ -502,7 +502,7 @@ GetAudioMetadata(const char *path, const char *name) - } - - /* For libjpeg error handling */ --jmp_buf setjmp_buffer; -+static jmp_buf setjmp_buffer; - static void - libjpeg_error_handler(j_common_ptr cinfo) - { --- -2.28.0 - diff --git a/buildroot/package/minidlna/0002-upnphttp.c-fix-CallStranger-a.k.a.-CVE-2020-12695.patch b/buildroot/package/minidlna/0002-upnphttp.c-fix-CallStranger-a.k.a.-CVE-2020-12695.patch deleted file mode 100644 index 7406ce2e9..000000000 --- a/buildroot/package/minidlna/0002-upnphttp.c-fix-CallStranger-a.k.a.-CVE-2020-12695.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 51bfbee51fd0376b5a66c944134af3e9972d8592 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Sun, 6 Sep 2020 11:22:48 +0200 -Subject: [PATCH] upnphttp.c: fix CallStranger a.k.a. CVE-2020-12695 - -Import CheckCallback function from miniupnpd source code: -https://github.com/miniupnp/miniupnp/commit/0d9634658860c3c8c209e466cc0ef7002bad3b0a - -IPv6 code was kept even if minidlna does not support it currently. - -This code is licensed under BSD-3-Clause like minidlna. - -Signed-off-by: Fabrice Fontaine -[Upstream status: -https://sourceforge.net/p/minidlna/support-requests/71] ---- - upnphttp.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 82 insertions(+), 10 deletions(-) - -diff --git a/upnphttp.c b/upnphttp.c -index 974434e..3be793e 100644 ---- a/upnphttp.c -+++ b/upnphttp.c -@@ -742,6 +742,70 @@ check_event(struct upnphttp *h) - return type; - } - -+/** -+ * returns 0 if the callback header value is not valid -+ * 1 if it is valid. -+ */ -+static int -+checkCallbackURL(struct upnphttp * h) -+{ -+ char addrstr[48]; -+ int ipv6; -+ const char * p; -+ int i; -+ -+ if(!h->req_Callback || h->req_CallbackLen < 8) -+ return 0; -+ if(memcmp(h->req_Callback, "http://", 7) != 0) -+ return 0; -+ ipv6 = 0; -+ i = 0; -+ p = h->req_Callback + 7; -+ if(*p == '[') { -+ p++; -+ ipv6 = 1; -+ while(*p != ']' && i < (sizeof(addrstr)-1) -+ && p < (h->req_Callback + h->req_CallbackLen)) -+ addrstr[i++] = *(p++); -+ } else { -+ while(*p != '/' && *p != ':' && i < (sizeof(addrstr)-1) -+ && p < (h->req_Callback + h->req_CallbackLen)) -+ addrstr[i++] = *(p++); -+ } -+ addrstr[i] = '\0'; -+ if(ipv6) { -+ struct in6_addr addr; -+ if(inet_pton(AF_INET6, addrstr, &addr) <= 0) -+ return 0; -+#ifdef ENABLE_IPV6 -+ if(!h->ipv6 -+ || (0!=memcmp(&addr, &(h->clientaddr_v6), sizeof(struct in6_addr)))) -+ return 0; -+#else -+ return 0; -+#endif -+ } else { -+ struct in_addr addr; -+ if(inet_pton(AF_INET, addrstr, &addr) <= 0) -+ return 0; -+#ifdef ENABLE_IPV6 -+ if(h->ipv6) { -+ if(!IN6_IS_ADDR_V4MAPPED(&(h->clientaddr_v6))) -+ return 0; -+ if(0!=memcmp(&addr, ((const char *)&(h->clientaddr_v6) + 12), 4)) -+ return 0; -+ } else { -+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr))) -+ return 0; -+ } -+#else -+ if(0!=memcmp(&addr, &(h->clientaddr), sizeof(struct in_addr))) -+ return 0; -+#endif -+ } -+ return 1; -+} -+ - static void - ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path) - { -@@ -759,17 +823,25 @@ ProcessHTTPSubscribe_upnphttp(struct upnphttp * h, const char * path) - * - respond HTTP/x.x 200 OK - * - Send the initial event message */ - /* Server:, SID:; Timeout: Second-(xx|infinite) */ -- sid = upnpevents_addSubscriber(path, h->req_Callback, -- h->req_CallbackLen, h->req_Timeout); -- h->respflags = FLAG_TIMEOUT; -- if (sid) -- { -- DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid); -- h->respflags |= FLAG_SID; -- h->req_SID = sid; -- h->req_SIDLen = strlen(sid); -+ /* Check that the callback URL is on the same IP as -+ * the request, and not on the internet, nor on ourself (DOS attack ?) */ -+ if(checkCallbackURL(h)) { -+ sid = upnpevents_addSubscriber(path, h->req_Callback, -+ h->req_CallbackLen, h->req_Timeout); -+ h->respflags = FLAG_TIMEOUT; -+ if (sid) -+ { -+ DPRINTF(E_DEBUG, L_HTTP, "generated sid=%s\n", sid); -+ h->respflags |= FLAG_SID; -+ h->req_SID = sid; -+ h->req_SIDLen = strlen(sid); -+ } -+ BuildResp_upnphttp(h, 0, 0); -+ } else { -+ DPRINTF(E_WARN, L_HTTP, "Invalid Callback in SUBSCRIBE %.*s", -+ h->req_CallbackLen, h->req_Callback); -+ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0); - } -- BuildResp_upnphttp(h, 0, 0); - } - else if (type == E_RENEW) - { --- -2.28.0 - diff --git a/buildroot/package/minidlna/minidlna.hash b/buildroot/package/minidlna/minidlna.hash index 608970b1c..175fe6730 100644 --- a/buildroot/package/minidlna/minidlna.hash +++ b/buildroot/package/minidlna/minidlna.hash @@ -1,7 +1,6 @@ -# From https://sourceforge.net/projects/minidlna/files/minidlna/1.2.1/ -md5 a968d3d84971322471cabda3669cc0f8 minidlna-1.2.1.tar.gz -sha1 79d0032c7055aefd4c8e5178bc86fbf258d449d2 minidlna-1.2.1.tar.gz +# From https://sourceforge.net/projects/minidlna/files/minidlna/1.3.0/ +sha1 6563a881884879b2aef52611934e08bb42985964 minidlna-1.3.0.tar.gz # Locally computed -sha256 67388ba23ab0c7033557a32084804f796aa2a796db7bb2b770fb76ac2a742eec minidlna-1.2.1.tar.gz +sha256 47d9b06b4c48801a4c1112ec23d24782728b5495e95ec2195bbe5c81bc2d3c63 minidlna-1.3.0.tar.gz sha256 79146b7f558e56510b9a714ff75318c05ab93aeccfd6597497b9bce212cf92ea COPYING sha256 94876d7886116e176e702b4902bd9f19731a6883db5f229ac2a7058a22aa6529 LICENCE.miniupnpd diff --git a/buildroot/package/minidlna/minidlna.mk b/buildroot/package/minidlna/minidlna.mk index c66e97b07..0bb3dd350 100644 --- a/buildroot/package/minidlna/minidlna.mk +++ b/buildroot/package/minidlna/minidlna.mk @@ -4,7 +4,7 @@ # ################################################################################ -MINIDLNA_VERSION = 1.2.1 +MINIDLNA_VERSION = 1.3.0 MINIDLNA_SITE = https://downloads.sourceforge.net/project/minidlna/minidlna/$(MINIDLNA_VERSION) MINIDLNA_LICENSE = GPL-2.0, BSD-3-Clause MINIDLNA_LICENSE_FILES = COPYING LICENCE.miniupnpd diff --git a/buildroot/package/modem-manager/modem-manager.hash b/buildroot/package/modem-manager/modem-manager.hash index 30c4c6988..81a08295f 100644 --- a/buildroot/package/modem-manager/modem-manager.hash +++ b/buildroot/package/modem-manager/modem-manager.hash @@ -1,4 +1,4 @@ # Locally computed -sha256 783d5da925b2ca69f6233fcead691dd0f5cba06aa479d71495efdc07053fc0fd ModemManager-1.14.6.tar.xz +sha256 fe1a26ba51b4bda7abd09ad4dadedd87d8b8154809fc9d88e94f75fdfff19295 ModemManager-1.14.8.tar.xz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB diff --git a/buildroot/package/modem-manager/modem-manager.mk b/buildroot/package/modem-manager/modem-manager.mk index 372e7da1e..47d4eed82 100644 --- a/buildroot/package/modem-manager/modem-manager.mk +++ b/buildroot/package/modem-manager/modem-manager.mk @@ -4,7 +4,7 @@ # ################################################################################ -MODEM_MANAGER_VERSION = 1.14.6 +MODEM_MANAGER_VERSION = 1.14.8 MODEM_MANAGER_SOURCE = ModemManager-$(MODEM_MANAGER_VERSION).tar.xz MODEM_MANAGER_SITE = http://www.freedesktop.org/software/ModemManager MODEM_MANAGER_LICENSE = GPL-2.0+ (programs, plugins), LGPL-2.0+ (libmm-glib) @@ -12,7 +12,6 @@ MODEM_MANAGER_LICENSE_FILES = COPYING COPYING.LIB MODEM_MANAGER_DEPENDENCIES = host-pkgconf libglib2 $(TARGET_NLS_DEPENDENCIES) MODEM_MANAGER_INSTALL_STAGING = YES MODEM_MANAGER_CONF_OPTS = --disable-more-warnings -MODEM_MANAGER_CONF_ENV = ac_cv_prog_XSLTPROC_CHECK=yes ifeq ($(BR2_PACKAGE_MODEM_MANAGER_LIBQMI),y) MODEM_MANAGER_DEPENDENCIES += libqmi diff --git a/buildroot/package/monkey/monkey.mk b/buildroot/package/monkey/monkey.mk index 6159f5522..526471312 100644 --- a/buildroot/package/monkey/monkey.mk +++ b/buildroot/package/monkey/monkey.mk @@ -10,10 +10,6 @@ MONKEY_SITE = http://monkey-project.com/releases/$(MONKEY_VERSION_MAJOR) MONKEY_LICENSE = Apache-2.0 MONKEY_LICENSE_FILES = LICENSE -# This package has a configure script, but it's not using -# autoconf/automake, so we're using the generic-package -# infrastructure. - MONKEY_CONF_OPTS = \ -DINSTALL_SYSCONFDIR=/etc/monkey \ -DINSTALL_WEBROOTDIR=/var/www \ diff --git a/buildroot/package/musl/0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch b/buildroot/package/musl/0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch new file mode 100644 index 000000000..2fb29940a --- /dev/null +++ b/buildroot/package/musl/0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch @@ -0,0 +1,114 @@ +From 3ab2a4e02682df1382955071919d8aa3c3ec40d4 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 19 Nov 2020 17:12:43 -0500 +Subject: [PATCH] rewrite wcsnrtombs to fix buffer overflow and other bugs + +the original wcsnrtombs implementation, which has been largely +untouched since 0.5.0, attempted to build input-length-limiting +conversion on top of wcsrtombs, which only limits output length. as +best I recall, this choice was made out of a mix of disdain over +having yet another variant function to implement (added in POSIX 2008; +not standard C) and preference not to switch things around and +implement the wcsrtombs in terms of the more general new function, +probably over namespace issues. the strategy employed was to impose +output limits that would ensure the input limit wasn't exceeded, then +finish up the tail character-at-a-time. unfortunately, none of that +worked correctly. + +first, the logic in the wcsrtombs loop was wrong in that it could +easily get stuck making no forward progress, by imposing an output +limit too small to convert even one character. + +the character-at-a-time loop that followed was even worse. it made no +effort to ensure that the converted multibyte character would fit in +the remaining output space, only that there was a nonzero amount of +output space remaining. it also employed an incorrect interpretation +of wcrtomb's interface contract for converting the null character, +thereby failing to act on end of input, and remaining space accounting +was subject to unsigned wrap-around. together these errors allow +unbounded overflow of the destination buffer, controlled by input +length limit and input wchar_t string contents. + +given the extent to which this function was broken, it's plausible +that most applications that would have been rendered exploitable were +sufficiently broken not to be usable in the first place. however, it's +also plausible that common (especially ASCII-only) inputs succeeded in +the wcsrtombs loop, which mostly worked, while leaving the wildly +erroneous code in the second loop exposed to particular non-ASCII +inputs. + +CVE-2020-28928 has been assigned for this issue. + +Signed-off-by: Peter Korsgaard +--- + src/multibyte/wcsnrtombs.c | 46 ++++++++++++++++---------------------- + 1 file changed, 19 insertions(+), 27 deletions(-) + +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include ++#include ++#include + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(nn) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; +-- +2.20.1 + diff --git a/buildroot/package/ncurses/ncurses.mk b/buildroot/package/ncurses/ncurses.mk index c11650c76..f4e4784a3 100644 --- a/buildroot/package/ncurses/ncurses.mk +++ b/buildroot/package/ncurses/ncurses.mk @@ -50,6 +50,9 @@ NCURSES_PATCH = \ ncurses-6.1-20200118.patch.gz \ ) +# ncurses-6.1-20191012.patch.gz +NCURSES_IGNORE_CVES += CVE-2019-17594 CVE-2019-17595 + NCURSES_CONF_OPTS = \ --without-cxx \ --without-cxx-binding \ diff --git a/buildroot/package/numactl/numactl.mk b/buildroot/package/numactl/numactl.mk index d0dd5c26f..cf9c75969 100644 --- a/buildroot/package/numactl/numactl.mk +++ b/buildroot/package/numactl/numactl.mk @@ -10,5 +10,6 @@ NUMACTL_LICENSE = LGPL-2.1 (libnuma), GPL-2.0 (programs) NUMACTL_LICENSE_FILES = README.md NUMACTL_INSTALL_STAGING = YES NUMACTL_AUTORECONF = YES +NUMACTL_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -fPIC" $(eval $(autotools-package)) diff --git a/buildroot/package/openntpd/openntpd.mk b/buildroot/package/openntpd/openntpd.mk index f2eaee7ef..9076f3ddd 100644 --- a/buildroot/package/openntpd/openntpd.mk +++ b/buildroot/package/openntpd/openntpd.mk @@ -8,6 +8,7 @@ OPENNTPD_VERSION = 6.2p3 OPENNTPD_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenNTPD OPENNTPD_LICENSE = MIT-like, BSD-2-Clause, BSD-3-Clause OPENNTPD_LICENSE_FILES = COPYING +OPENNTPD_DEPENDENCIES = host-bison # Need to autoreconf for our libtool patch to apply properly OPENNTPD_AUTORECONF = YES diff --git a/buildroot/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch b/buildroot/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch new file mode 100644 index 000000000..9fded3ca9 --- /dev/null +++ b/buildroot/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch @@ -0,0 +1,52 @@ +From 375ef42393f3dc6edbaa2cb70c79b2366072db38 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Sun, 19 Jan 2020 15:24:20 +0000 +Subject: [PATCH] src/rc/rc-logger.h: fix build failure against gcc-10 + +On gcc-10 (and gcc-9 -fno-common) build fails as: + +``` +cc -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \ + -Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \ + -Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \ + -Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \ + -Wsequence-point -Werror=implicit-function-declaration \ + -Wl,-rpath=/lib -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl +ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16: + multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here +ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17: + multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here +``` + +gcc-10 will change the default from -fcommon to fno-common: +https://gcc.gnu.org/PR85678. + +The error also happens if CFLAGS=-fno-common passed explicitly. + +This fixes #348. + +[Patch taken from upstream: +https://github.com/OpenRC/openrc/commit/375ef42393f3dc6edbaa2cb70c79b2366072db38] +Signed-off-by: Heiko Thiery +--- + src/rc/rc-logger.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/rc/rc-logger.h b/src/rc/rc-logger.h +index bf6e3e57..1da294b0 100644 +--- a/src/rc/rc-logger.h ++++ b/src/rc/rc-logger.h +@@ -13,8 +13,8 @@ + #ifndef RC_LOGGER_H + #define RC_LOGGER_H + +-pid_t rc_logger_pid; +-int rc_logger_tty; ++extern pid_t rc_logger_pid; ++extern int rc_logger_tty; + extern bool rc_in_logger; + + void rc_logger_open(const char *runlevel); +-- +2.20.1 + diff --git a/buildroot/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch b/buildroot/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch new file mode 100644 index 000000000..121f22986 --- /dev/null +++ b/buildroot/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch @@ -0,0 +1,251 @@ +From b6fef599bf8493480664b766040fa9b0d4b1e335 Mon Sep 17 00:00:00 2001 +From: William Hubbs +Date: Fri, 20 Nov 2020 09:15:59 -0600 +Subject: [PATCH] checkpath: fix CVE-2018-21269 + +This walks the directory path to the file we are going to manipulate to make +sure that when we create the file and change the ownership and permissions +we are working on the same file. +Also, all non-terminal symbolic links must be owned by root. This will +keep a non-root user from making a symbolic link as described in the +bug. If root creates the symbolic link, it is assumed to be trusted. + +On non-linux platforms, we no longer follow non-terminal symbolic links +by default. If you need to do that, add the -s option on the checkpath +command line, but keep in mind that this is not secure. + +This fixes #201. + +[Patch taken from upstream: +https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335] +Signed-off-by: Heiko Thiery +--- + man/openrc-run.8 | 6 +++ + src/rc/checkpath.c | 103 ++++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 102 insertions(+), 7 deletions(-) + +diff --git a/man/openrc-run.8 b/man/openrc-run.8 +index 1102daaa..ec4b88de 100644 +--- a/man/openrc-run.8 ++++ b/man/openrc-run.8 +@@ -461,6 +461,7 @@ Mark the service as inactive. + .Op Fl p , -pipe + .Op Fl m , -mode Ar mode + .Op Fl o , -owner Ar owner ++.Op Fl s , -symlinks + .Op Fl W , -writable + .Op Fl q , -quiet + .Ar path ... +@@ -481,6 +482,11 @@ or with names, and are separated by a colon. + The truncate options (-D and -F) cause the directory or file to be + cleared of all contents. + .Pp ++If -s is not specified on a non-linux platform, checkpath will refuse to ++allow non-terminal symbolic links to exist in the path. This is for ++security reasons so that a non-root user can't create a symbolic link to ++a root-owned file and take ownership of that file. ++.Pp + If -W is specified, checkpath checks to see if the first path given on + the command line is writable. This is different from how the test + command in the shell works, because it also checks to make sure the file +diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c +index 448c9cf8..ff54a892 100644 +--- a/src/rc/checkpath.c ++++ b/src/rc/checkpath.c +@@ -16,6 +16,7 @@ + * except according to the terms contained in the LICENSE file. + */ + ++#define _GNU_SOURCE + #include + #include + +@@ -23,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -44,7 +46,7 @@ typedef enum { + + const char *applet = NULL; + const char *extraopts ="path1 [path2] [...]"; +-const char *getoptstring = "dDfFpm:o:W" getoptstring_COMMON; ++const char *getoptstring = "dDfFpm:o:sW" getoptstring_COMMON; + const struct option longopts[] = { + { "directory", 0, NULL, 'd'}, + { "directory-truncate", 0, NULL, 'D'}, +@@ -53,6 +55,7 @@ const struct option longopts[] = { + { "pipe", 0, NULL, 'p'}, + { "mode", 1, NULL, 'm'}, + { "owner", 1, NULL, 'o'}, ++ { "symlinks", 0, NULL, 's'}, + { "writable", 0, NULL, 'W'}, + longopts_COMMON + }; +@@ -64,15 +67,92 @@ const char * const longopts_help[] = { + "Create a named pipe (FIFO) if not exists", + "Mode to check", + "Owner to check (user:group)", ++ "follow symbolic links (irrelivent on linux)", + "Check whether the path is writable or not", + longopts_help_COMMON + }; + const char *usagestring = NULL; + ++static int get_dirfd(char *path, bool symlinks) { ++ char *ch; ++ char *item; ++ char *linkpath = NULL; ++ char *path_dupe; ++ char *str; ++ int components = 0; ++ int dirfd; ++ int flags = 0; ++ int new_dirfd; ++ struct stat st; ++ ssize_t linksize; ++ ++ if (!path || *path != '/') ++ eerrorx("%s: empty or relative path", applet); ++ dirfd = openat(dirfd, "/", O_RDONLY); ++ if (dirfd == -1) ++ eerrorx("%s: unable to open the root directory: %s", ++ applet, strerror(errno)); ++ path_dupe = xstrdup(path); ++ ch = path_dupe; ++ while (*ch) { ++ if (*ch == '/') ++ components++; ++ ch++; ++ } ++ item = strtok(path_dupe, "/"); ++#ifdef O_PATH ++ flags |= O_PATH; ++#endif ++ if (!symlinks) ++ flags |= O_NOFOLLOW; ++ flags |= O_RDONLY; ++ while (dirfd > 0 && item && components > 1) { ++ str = xstrdup(linkpath ? linkpath : item); ++ new_dirfd = openat(dirfd, str, flags); ++ if (new_dirfd == -1) ++ eerrorx("%s: %s: could not open %s: %s", applet, path, str, ++ strerror(errno)); ++ if (fstat(new_dirfd, &st) == -1) ++ eerrorx("%s: %s: unable to stat %s: %s", applet, path, item, ++ strerror(errno)); ++ if (S_ISLNK(st.st_mode) ) { ++ if (st.st_uid != 0) ++ eerrorx("%s: %s: synbolic link %s not owned by root", ++ applet, path, str); ++ linksize = st.st_size+1; ++ if (linkpath) ++ free(linkpath); ++ linkpath = xmalloc(linksize); ++ memset(linkpath, 0, linksize); ++ if (readlinkat(new_dirfd, "", linkpath, linksize) != st.st_size) ++ eerrorx("%s: symbolic link destination changed", applet); ++ /* ++ * now follow the symlink. ++ */ ++ close(new_dirfd); ++ } else { ++ close(dirfd); ++ dirfd = new_dirfd; ++ free(linkpath); ++ linkpath = NULL; ++ item = strtok(NULL, "/"); ++ components--; ++ } ++ } ++ free(path_dupe); ++ if (linkpath) { ++ free(linkpath); ++ linkpath = NULL; ++ } ++ return dirfd; ++} ++ + static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, +- inode_t type, bool trunc, bool chowner, bool selinux_on) ++ inode_t type, bool trunc, bool chowner, bool symlinks, bool selinux_on) + { + struct stat st; ++ char *name = NULL; ++ int dirfd; + int fd; + int flags; + int r; +@@ -93,14 +173,16 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + #endif + if (trunc) + flags |= O_TRUNC; +- readfd = open(path, readflags); ++ xasprintf(&name, "%s", basename_c(path)); ++ dirfd = get_dirfd(path, symlinks); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1 || (type == inode_file && trunc)) { + if (type == inode_file) { + einfo("%s: creating file", path); + if (!mode) /* 664 */ + mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; + u = umask(0); +- fd = open(path, flags, mode); ++ fd = openat(dirfd, name, flags, mode); + umask(u); + if (fd == -1) { + eerror("%s: open: %s", applet, strerror(errno)); +@@ -122,7 +204,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + strerror (errno)); + return -1; + } +- readfd = open(path, readflags); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1) { + eerror("%s: unable to open directory: %s", applet, + strerror(errno)); +@@ -140,7 +222,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + strerror (errno)); + return -1; + } +- readfd = open(path, readflags); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1) { + eerror("%s: unable to open fifo: %s", applet, + strerror(errno)); +@@ -259,6 +341,7 @@ int main(int argc, char **argv) + int retval = EXIT_SUCCESS; + bool trunc = false; + bool chowner = false; ++ bool symlinks = false; + bool writable = false; + bool selinux_on = false; + +@@ -293,6 +376,11 @@ int main(int argc, char **argv) + eerrorx("%s: owner `%s' not found", + applet, optarg); + break; ++ case 's': ++#ifndef O_PATH ++ symlinks = true; ++#endif ++ break; + case 'W': + writable = true; + break; +@@ -320,7 +408,8 @@ int main(int argc, char **argv) + while (optind < argc) { + if (writable) + exit(!is_writable(argv[optind])); +- if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, selinux_on)) ++ if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, ++ symlinks, selinux_on)) + retval = EXIT_FAILURE; + optind++; + } +-- +2.20.1 + diff --git a/buildroot/package/openrc/openrc.mk b/buildroot/package/openrc/openrc.mk index 97536dad3..ba1691e70 100644 --- a/buildroot/package/openrc/openrc.mk +++ b/buildroot/package/openrc/openrc.mk @@ -9,6 +9,9 @@ OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION)) OPENRC_LICENSE = BSD-2-Clause OPENRC_LICENSE_FILES = LICENSE +# 0007-checkpath-fix-CVE-2018-21269.patch +OPENRC_IGNORE_CVES += CVE-2018-21269 + OPENRC_DEPENDENCIES = ncurses # set LIBNAME so openrc puts files in proper directories and sets proper diff --git a/buildroot/package/php/0002-iconv-tweak-iconv-detection.patch b/buildroot/package/php/0002-iconv-tweak-iconv-detection.patch index a12041603..959afd80d 100644 --- a/buildroot/package/php/0002-iconv-tweak-iconv-detection.patch +++ b/buildroot/package/php/0002-iconv-tweak-iconv-detection.patch @@ -16,7 +16,7 @@ Signed-off-by: Gustavo Zacarias Signed-off-by: Adam Duskett [aduskett@gmail.com: Update for 7.3.0] Signed-off-by: Bernd Kuhls -[Bernd: rebased for 7.4.10] +[Bernd: rebased for 7.4.10 & 7.4.13] --- build/php.m4 | 2 +- ext/iconv/config.m4 | 22 ---------------------- @@ -26,7 +26,7 @@ diff --git a/build/php.m4 b/build/php.m4 index 9586c490..8b3d47ed 100644 --- a/build/php.m4 +++ b/build/php.m4 -@@ -1965,7 +1965,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [ +@@ -1967,7 +1967,7 @@ AC_DEFUN([PHP_SETUP_ICONV], [ dnl Check external libs for iconv funcs. if test "$found_iconv" = "no"; then diff --git a/buildroot/package/php/0003-configure-disable-the-phar-tool.patch b/buildroot/package/php/0003-configure-disable-the-phar-tool.patch index aface92d7..4a25ec05c 100644 --- a/buildroot/package/php/0003-configure-disable-the-phar-tool.patch +++ b/buildroot/package/php/0003-configure-disable-the-phar-tool.patch @@ -13,7 +13,7 @@ Signed-off-by: Gustavo Zacarias Signed-off-by: Adam Duskett [Aduskett: update for 7.3.0] Signed-off-by: Bernd Kuhls -[Bernd: rebased for 7.4.10] +[Bernd: rebased for 7.4.10 & 7.4.13] --- configure.ac | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) @@ -22,7 +22,7 @@ diff --git a/configure.ac b/configure.ac index 0dfab302..6026fb66 100644 --- a/configure.ac +++ b/configure.ac -@@ -1453,13 +1453,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag" +@@ -1454,13 +1454,8 @@ CFLAGS="\$(CFLAGS_CLEAN) $standard_libtool_flag" INLINE_CFLAGS="$INLINE_CFLAGS $standard_libtool_flag" CXXFLAGS="$CXXFLAGS $standard_libtool_flag \$(PROF_FLAGS)" diff --git a/buildroot/package/php/php.hash b/buildroot/package/php/php.hash index 8e8131d30..5078228f4 100644 --- a/buildroot/package/php/php.hash +++ b/buildroot/package/php/php.hash @@ -1,5 +1,5 @@ # From https://www.php.net/downloads.php -sha256 e82d2bcead05255f6b7d2ff4e2561bc334204955820cabc2457b5239fde96b76 php-7.4.12.tar.xz +sha256 aead303e3abac23106529560547baebbedba0bb2943b91d5aa08fff1f41680f4 php-7.4.13.tar.xz # License file sha256 0967ad6cf4b7fe81d38709d7aaef3fecb3bd685be7eebb37b864aa34c991baa7 LICENSE diff --git a/buildroot/package/php/php.mk b/buildroot/package/php/php.mk index ce0e3e4a4..0feb96e97 100644 --- a/buildroot/package/php/php.mk +++ b/buildroot/package/php/php.mk @@ -4,7 +4,7 @@ # ################################################################################ -PHP_VERSION = 7.4.12 +PHP_VERSION = 7.4.13 PHP_SITE = http://www.php.net/distributions PHP_SOURCE = php-$(PHP_VERSION).tar.xz PHP_INSTALL_STAGING = YES diff --git a/buildroot/package/postgresql/postgresql.hash b/buildroot/package/postgresql/postgresql.hash index 4e410d187..64fa22071 100644 --- a/buildroot/package/postgresql/postgresql.hash +++ b/buildroot/package/postgresql/postgresql.hash @@ -1,7 +1,7 @@ -# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.md5 -md5 80ebbf0e55193b123760e5f8e48c6cff postgresql-12.4.tar.bz2 -# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.sha256 -sha256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc postgresql-12.4.tar.bz2 +# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.md5 +md5 f19e48090bbd59ea81826b5fd99e7e97 postgresql-12.5.tar.bz2 +# From https://ftp.postgresql.org/pub/source/v12.5/postgresql-12.5.tar.bz2.sha256 +sha256 bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95 postgresql-12.5.tar.bz2 # License file, Locally calculated sha256 739e5d454d81d31a482469338b7c856f1f5c6b4cdda1551cea6f0f6d18eef62c COPYRIGHT diff --git a/buildroot/package/postgresql/postgresql.mk b/buildroot/package/postgresql/postgresql.mk index 3630b5a38..4c5f200bd 100644 --- a/buildroot/package/postgresql/postgresql.mk +++ b/buildroot/package/postgresql/postgresql.mk @@ -4,7 +4,7 @@ # ################################################################################ -POSTGRESQL_VERSION = 12.4 +POSTGRESQL_VERSION = 12.5 POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2 POSTGRESQL_SITE = https://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION) POSTGRESQL_LICENSE = PostgreSQL diff --git a/buildroot/package/proftpd/proftpd.hash b/buildroot/package/proftpd/proftpd.hash index 1ac54de4c..983500bb8 100644 --- a/buildroot/package/proftpd/proftpd.hash +++ b/buildroot/package/proftpd/proftpd.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 fa3541c4b34136a7b80cb12a2f6f9a0cab5118a5b0a1653d40af49c6479c35ad proftpd-1.3.6c.tar.gz +sha256 2dbe684034ab592742ebdb778a8a234b70f959efeb30feedee3ea77f26f74fbb proftpd-1.3.6e.tar.gz sha256 391a473d755c29b5326fb726326ff3c37e42512f53a8f5789fc310232150bf80 COPYING diff --git a/buildroot/package/proftpd/proftpd.mk b/buildroot/package/proftpd/proftpd.mk index e126d0e0a..e35e78607 100644 --- a/buildroot/package/proftpd/proftpd.mk +++ b/buildroot/package/proftpd/proftpd.mk @@ -4,7 +4,7 @@ # ################################################################################ -PROFTPD_VERSION = 1.3.6c +PROFTPD_VERSION = 1.3.6e PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION)) PROFTPD_LICENSE = GPL-2.0+ PROFTPD_LICENSE_FILES = COPYING diff --git a/buildroot/package/python-flask-cors/python-flask-cors.hash b/buildroot/package/python-flask-cors/python-flask-cors.hash index a893b7c89..15b7d41a3 100644 --- a/buildroot/package/python-flask-cors/python-flask-cors.hash +++ b/buildroot/package/python-flask-cors/python-flask-cors.hash @@ -1,5 +1,4 @@ -# md5, sha256 from https://pypi.org/pypi/flask-cors/json -md5 551cc4c0305a171d28caa2b3bc838867 Flask-Cors-3.0.8.tar.gz -sha256 72170423eb4612f0847318afff8c247b38bd516b7737adfc10d1c2cdbb382d16 Flask-Cors-3.0.8.tar.gz +# sha256 from https://pypi.org/pypi/flask-cors/json +sha256 6bcfc100288c5d1bcb1dbb854babd59beee622ffd321e444b05f24d6d58466b8 Flask-Cors-3.0.9.tar.gz # Locally computed sha256 checksums -sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE +sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE diff --git a/buildroot/package/python-flask-cors/python-flask-cors.mk b/buildroot/package/python-flask-cors/python-flask-cors.mk index 60454e27c..d71210900 100644 --- a/buildroot/package/python-flask-cors/python-flask-cors.mk +++ b/buildroot/package/python-flask-cors/python-flask-cors.mk @@ -4,9 +4,9 @@ # ################################################################################ -PYTHON_FLASK_CORS_VERSION = 3.0.8 +PYTHON_FLASK_CORS_VERSION = 3.0.9 PYTHON_FLASK_CORS_SOURCE = Flask-Cors-$(PYTHON_FLASK_CORS_VERSION).tar.gz -PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/9e/11/ca8b95c5bf9644471601e425f0de8cbd09a506bb6c24842cb17a6cd1eea8 +PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/99/fc/cd117ea122e28037a5ec60356a7ffae8b77af527713f7b5e4eb63089f669 PYTHON_FLASK_CORS_SETUP_TYPE = setuptools PYTHON_FLASK_CORS_LICENSE = MIT PYTHON_FLASK_CORS_LICENSE_FILES = LICENSE diff --git a/buildroot/package/python-pip/Config.in b/buildroot/package/python-pip/Config.in index d1b7e7f74..61d8d7d31 100644 --- a/buildroot/package/python-pip/Config.in +++ b/buildroot/package/python-pip/Config.in @@ -1,5 +1,6 @@ config BR2_PACKAGE_PYTHON_PIP bool "python-pip" + select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime select BR2_PACKAGE_PYTHON_SSL if BR2_PACKAGE_PYTHON # runtime select BR2_PACKAGE_PYTHON3_SSL if BR2_PACKAGE_PYTHON3 # runtime diff --git a/buildroot/package/qemu/0002-Fix-build-with-64-bits-time_t.patch b/buildroot/package/qemu/0002-Fix-build-with-64-bits-time_t.patch new file mode 100644 index 000000000..7a7204713 --- /dev/null +++ b/buildroot/package/qemu/0002-Fix-build-with-64-bits-time_t.patch @@ -0,0 +1,98 @@ +From 839e51aa452345b440f8d2d0df84ab58bdedfcd1 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Sat, 14 Nov 2020 21:54:17 +0100 +Subject: [PATCH] Fix build with 64 bits time_t + +time element is deprecated on new input_event structure in kernel's +input.h [1] + +This will avoid the following build failure: + +hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status': +hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time' + 198 | if (gettimeofday(&evdev.time, NULL)) { + | ^ + +Fixes: + - http://autobuild.buildroot.org/results/a538167e288c14208d557cd45446df86d3d599d5 + - http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb + +[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=152194fe9c3f + +Signed-off-by: Fabrice Fontaine +--- + contrib/vhost-user-input/main.c | 10 +++++++++- + hw/input/virtio-input-host.c | 10 +++++++++- + 2 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c +index 6020c6f33a..e688c3e0a9 100644 +--- a/contrib/vhost-user-input/main.c ++++ b/contrib/vhost-user-input/main.c +@@ -17,6 +17,11 @@ + #include "standard-headers/linux/virtio_input.h" + #include "qapi/error.h" + ++#ifndef input_event_sec ++#define input_event_sec time.tv_sec ++#define input_event_usec time.tv_usec ++#endif ++ + enum { + VHOST_USER_INPUT_MAX_QUEUES = 2, + }; +@@ -115,13 +120,16 @@ vi_evdev_watch(VuDev *dev, int condition, void *data) + static void vi_handle_status(VuInput *vi, virtio_input_event *event) + { + struct input_event evdev; ++ struct timeval tval; + int rc; + +- if (gettimeofday(&evdev.time, NULL)) { ++ if (gettimeofday(&tval, NULL)) { + perror("vi_handle_status: gettimeofday"); + return; + } + ++ evdev.input_event_sec = tval.tv_sec; ++ evdev.input_event_usec = tval.tv_usec; + evdev.type = le16toh(event->type); + evdev.code = le16toh(event->code); + evdev.value = le32toh(event->value); +diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c +index 85daf73f1a..2e261737e1 100644 +--- a/hw/input/virtio-input-host.c ++++ b/hw/input/virtio-input-host.c +@@ -16,6 +16,11 @@ + #include + #include "standard-headers/linux/input.h" + ++#ifndef input_event_sec ++#define input_event_sec time.tv_sec ++#define input_event_usec time.tv_usec ++#endif ++ + /* ----------------------------------------------------------------- */ + + static struct virtio_input_config virtio_input_host_config[] = { +@@ -193,13 +198,16 @@ static void virtio_input_host_handle_status(VirtIOInput *vinput, + { + VirtIOInputHost *vih = VIRTIO_INPUT_HOST(vinput); + struct input_event evdev; ++ struct timeval tval; + int rc; + +- if (gettimeofday(&evdev.time, NULL)) { ++ if (gettimeofday(&tval, NULL)) { + perror("virtio_input_host_handle_status: gettimeofday"); + return; + } + ++ evdev.input_event_sec = tval.tv_sec; ++ evdev.input_event_usec = tval.tv_usec; + evdev.type = le16_to_cpu(event->type); + evdev.code = le16_to_cpu(event->code); + evdev.value = le32_to_cpu(event->value); +-- +2.29.2 + diff --git a/buildroot/package/qemu/Config.in b/buildroot/package/qemu/Config.in index 33d4cccd7..391fd5faa 100644 --- a/buildroot/package/qemu/Config.in +++ b/buildroot/package/qemu/Config.in @@ -58,6 +58,7 @@ comment "Networking options" config BR2_PACKAGE_QEMU_SLIRP bool "Enable user mode networking (SLIRP)" + select BR2_PACKAGE_SLIRP help Enable user mode network stack, which is the default networking backend. It requires no administrator privileges diff --git a/buildroot/package/qemu/qemu.mk b/buildroot/package/qemu/qemu.mk index 69850ec93..2bac96bd6 100644 --- a/buildroot/package/qemu/qemu.mk +++ b/buildroot/package/qemu/qemu.mk @@ -51,8 +51,10 @@ endif endif -# There is no "--enable-slirp" -ifeq ($(BR2_PACKAGE_QEMU_SLIRP),) +ifeq ($(BR2_PACKAGE_QEMU_SLIRP),y) +QEMU_OPTS += --enable-slirp=system +QEMU_DEPENDENCIES += slirp +else QEMU_OPTS += --disable-slirp endif diff --git a/buildroot/package/raptor/0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch b/buildroot/package/raptor/0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch new file mode 100644 index 000000000..406e265cf --- /dev/null +++ b/buildroot/package/raptor/0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch @@ -0,0 +1,47 @@ +From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 +From: Dave Beckett +Date: Sun, 16 Apr 2017 23:15:12 +0100 +Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer + +(raptor_xml_writer_start_element_common): Calculate max including for +each attribute a potential name and value. + +Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 +and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 + +[Peter: fixes CVE-2017-18926, upstream: + https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f] +Signed-off-by: Peter Korsgaard +--- + src/raptor_xml_writer.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 693b9468..0d3a36a5 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + size_t nspace_declarations_count = 0; + unsigned int i; + +- /* max is 1 per element and 1 for each attribute + size of declared */ + if(nstack) { +- int nspace_max_count = element->attribute_count+1; ++ int nspace_max_count = element->attribute_count * 2; /* attr and value */ ++ if(element->name->nspace) ++ nspace_max_count++; + if(element->declared_nspaces) + nspace_max_count += raptor_sequence_size(element->declared_nspaces); + if(element->xml_language) +@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + } + } + +- /* Add the attribute + value */ ++ /* Add the attribute's value */ + nspace_declarations[nspace_declarations_count].declaration= + raptor_qname_format_as_xml(element->attributes[i], + &nspace_declarations[nspace_declarations_count].length); +-- +2.20.1 + diff --git a/buildroot/package/raptor/raptor.mk b/buildroot/package/raptor/raptor.mk index 4c7135fc6..d674627f9 100644 --- a/buildroot/package/raptor/raptor.mk +++ b/buildroot/package/raptor/raptor.mk @@ -15,6 +15,9 @@ RAPTOR_INSTALL_STAGING = YES # Flag is added to make sure the patch is applied for the configure.ac of raptor. RAPTOR_AUTORECONF = YES +# 0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch +RAPTOR_IGNORE_CVES += CVE-2017-18926 + RAPTOR_CONF_OPTS =\ --with-xml2-config=$(STAGING_DIR)/usr/bin/xml2-config \ --with-xslt-config=$(STAGING_DIR)/usr/bin/xslt-config diff --git a/buildroot/package/redis/0001-uclibc.patch b/buildroot/package/redis/0001-uclibc.patch index 3329a60ed..197f43e7a 100644 --- a/buildroot/package/redis/0001-uclibc.patch +++ b/buildroot/package/redis/0001-uclibc.patch @@ -10,6 +10,8 @@ Signed-off-by: Daniel Price Signed-off-by: Martin Bark [Titouan: adapt to 5.0.4] Signed-off-by: Titouan Christophe +[Fabrice: update for 6.0.9] +Signed-off-by: Fabrice Fontaine ========================================================================= diff -ur old/src/config.h new/src/config.h @@ -21,6 +23,6 @@ diff -ur old/src/config.h new/src/config.h /* Test for backtrace() */ -#if defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__)) || \ +#if defined(__APPLE__) || (defined(__linux__) && defined(__GLIBC__) && !defined(__UCLIBC__)) || \ - defined(__FreeBSD__) || (defined(__OpenBSD__) && defined(USE_BACKTRACE))\ + defined(__FreeBSD__) || ((defined(__OpenBSD__) || defined(__NetBSD__)) && defined(USE_BACKTRACE))\ || defined(__DragonFly__) #define HAVE_BACKTRACE 1 diff --git a/buildroot/package/redis/redis.hash b/buildroot/package/redis/redis.hash index d686d5984..a16bf9dff 100644 --- a/buildroot/package/redis/redis.hash +++ b/buildroot/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 04fa1fddc39bd1aecb6739dd5dd73858a3515b427acd1e2947a66dadce868d68 redis-6.0.8.tar.gz +sha256 dc2bdcf81c620e9f09cfd12e85d3bc631c897b2db7a55218fd8a65eaa37f86dd redis-6.0.9.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/buildroot/package/redis/redis.mk b/buildroot/package/redis/redis.mk index c567d3200..b0d8e1cd5 100644 --- a/buildroot/package/redis/redis.mk +++ b/buildroot/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 6.0.8 +REDIS_VERSION = 6.0.9 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING diff --git a/buildroot/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch b/buildroot/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch new file mode 100644 index 000000000..404614471 --- /dev/null +++ b/buildroot/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch @@ -0,0 +1,60 @@ +From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Thu, 26 Nov 2020 19:27:06 +0530 +Subject: [PATCH] slirp: check pkt_len before reading protocol header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input' +routines, ensure that pkt_len is large enough to accommodate the +respective protocol headers, lest it should do an OOB access. +Add check to avoid it. + +CVE-2020-29129 CVE-2020-29130 + QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets + -> https://www.openwall.com/lists/oss-security/2020/11/27/1 + +Reported-by: Qiuhao Li +Signed-off-by: Prasad J Pandit +Message-Id: <20201126135706.273950-1-ppandit@redhat.com> +Reviewed-by: Marc-André Lureau +Signed-off-by: Peter Korsgaard +--- + src/ncsi.c | 4 ++++ + src/slirp.c | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/src/ncsi.c b/src/ncsi.c +index 3c1dfef..75dcc08 100644 +--- a/src/ncsi.c ++++ b/src/ncsi.c +@@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) + uint32_t checksum; + uint32_t *pchecksum; + ++ if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) { ++ return; /* packet too short */ ++ } ++ + memset(ncsi_reply, 0, sizeof(ncsi_reply)); + + memset(reh->h_dest, 0xff, ETH_ALEN); +diff --git a/src/slirp.c b/src/slirp.c +index 9bead0c..abb6f9a 100644 +--- a/src/slirp.c ++++ b/src/slirp.c +@@ -860,6 +860,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) + return; + } + ++ if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) { ++ return; /* packet too short */ ++ } ++ + ar_op = ntohs(ah->ar_op); + switch (ar_op) { + case ARPOP_REQUEST: +-- +2.20.1 + diff --git a/buildroot/package/slirp/slirp.mk b/buildroot/package/slirp/slirp.mk index ed6d8855e..33c568c05 100644 --- a/buildroot/package/slirp/slirp.mk +++ b/buildroot/package/slirp/slirp.mk @@ -14,4 +14,7 @@ SLIRP_LICENSE_FILES = COPYRIGHT SLIRP_INSTALL_STAGING = YES SLIRP_DEPENDENCIES = libglib2 +# 0001-slirp-check-pkt_len-before-reading-protocol-header.patch +SLIRP_IGNORE_CVES += CVE-2020-29129 CVE-2020-29130 + $(eval $(meson-package)) diff --git a/buildroot/package/spandsp/0001-configure.ac-fix-AVX-SSE-and-MMX-options.patch b/buildroot/package/spandsp/0001-configure.ac-fix-AVX-SSE-and-MMX-options.patch new file mode 100644 index 000000000..50eecfbf4 --- /dev/null +++ b/buildroot/package/spandsp/0001-configure.ac-fix-AVX-SSE-and-MMX-options.patch @@ -0,0 +1,60 @@ +From e7330bfe63efd0062fa51d50a4aaa0f1abd5ff75 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Sun, 22 Nov 2020 17:02:43 +0100 +Subject: [PATCH] configure.ac: fix AVX, SSE and MMX options + +AVX, SSE and MMX options are broken since +https://github.com/freeswitch/spandsp/commit/87a900c70df73e128a5926587047f529105f5f64 + +For example, when the user enables SSE, it will also enable MMX and the +user can't disable MMX + +Signed-off-by: Fabrice Fontaine +[Upstream status: https://github.com/freeswitch/spandsp/pull/20] +--- + configure.ac | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 83fb3fd..ac2592e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -486,35 +486,27 @@ armv7[bl] | armv7-*) + x86_64-* | i386-* | i686-*) + if test "$enable_avx2" = "yes" ; then + AC_DEFINE([SPANDSP_USE_AVX2], [1], [Use the AVX2 instruction set (i386 and x86_64 only).]) +- enable_avx="yes" + fi + if test "$enable_avx" = "yes" ; then + AC_DEFINE([SPANDSP_USE_AVX], [1], [Use the AVX instruction set (i386 and x86_64 only).]) +- enable_sse4_2="yes" + fi + if test "$enable_sse4_2" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSE4_2], [1], [Use the SSE4.2 instruction set (i386 and x86_64 only).]) +- enable_sse4_1="yes" + fi + if test "$enable_sse4_1" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSE4_1], [1], [Use the SSE4.1 instruction set (i386 and x86_64 only).]) +- enable_ssse3="yes" + fi + if test "$enable_ssse3" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSSE3], [1], [Use the SSSE3 instruction set (i386 and x86_64 only).]) +- enable_sse3="yes" + fi + if test "$enable_sse3" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSE3], [1], [Use the SSE3 instruction set (i386 and x86_64 only).]) +- enable_sse2="yes" + fi + if test "$enable_sse2" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSE2], [1], [Use the SSE2 instruction set (i386 and x86_64 only).]) +- enable_sse="yes" + fi + if test "$enable_sse" = "yes" ; then + AC_DEFINE([SPANDSP_USE_SSE], [1], [Use the SSE instruction set (i386 and x86_64 only).]) +- enable_mmx="yes" + fi + if test "$enable_mmx" = "yes" ; then + AC_DEFINE([SPANDSP_USE_MMX], [1], [Use the MMX instruction set (i386 and x86_64 only).]) +-- +2.29.2 + diff --git a/buildroot/package/spandsp/spandsp.mk b/buildroot/package/spandsp/spandsp.mk index 42c0e3bb6..4735212f3 100644 --- a/buildroot/package/spandsp/spandsp.mk +++ b/buildroot/package/spandsp/spandsp.mk @@ -8,14 +8,17 @@ SPANDSP_VERSION = 3.0.0-6ec23e5a7e SPANDSP_SITE = https://files.freeswitch.org/downloads/libs SPANDSP_LICENSE = LGPL-2.1 (library), GPL-2.0 (test suite) SPANDSP_LICENSE_FILES = COPYING +# We're patching configure.ac +SPANDSP_AUTORECONF = YES SPANDSP_DEPENDENCIES = tiff host-pkgconf SPANDSP_INSTALL_STAGING = YES SPANDSP_CONF_ENV = LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libtiff-4`" +# MMX on i686 raises a build failure SPANDSP_CONF_OPTS = \ --disable-builtin-tiff \ - $(if $(BR2_X86_CPU_HAS_MMX),--enable-mmx,--disable-mmx) \ + $(if $(BR2_x86_64),--enable-mmx,--disable-mmx) \ $(if $(BR2_X86_CPU_HAS_SSE),--enable-sse,--disable-sse) \ $(if $(BR2_X86_CPU_HAS_SSE2),--enable-sse2,--disable-sse2) \ $(if $(BR2_X86_CPU_HAS_SSE3),--enable-sse3,--disable-sse3) \ diff --git a/buildroot/package/thermald/0001-thd_trip_point-fix-32-bit-build-error-with-musl-v1.2.patch b/buildroot/package/thermald/0001-thd_trip_point-fix-32-bit-build-error-with-musl-v1.2.patch new file mode 100644 index 000000000..db5bc99a9 --- /dev/null +++ b/buildroot/package/thermald/0001-thd_trip_point-fix-32-bit-build-error-with-musl-v1.2.patch @@ -0,0 +1,53 @@ +From 074575bf3640485ab6d43ae1efed3eff9cebae13 Mon Sep 17 00:00:00 2001 +From: Naveen Saini +Date: Thu, 5 Mar 2020 13:45:57 +0800 +Subject: [PATCH] thd_trip_point: fix 32-bit build error with musl v1.2.0 + +Error log: + ../git/src/thd_trip_point.cpp: In member function 'bool cthd_trip_point::thd_trip_point_check(int, unsigned int, int, bool*)': +| ../git/src/thd_trip_point.cpp:250:19: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'time_t' {aka 'long long int'} [-Werror=format=] +| 250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n", + +musl 1.2.0 have new feature: +time_t is now 64-bit on all archs (not just 64-bit archs) + +Commit id: +https://git.musl-libc.org/cgit/musl/commit/?id=38143339646a4ccce8afe298c34467767c899f51 + +Release note link for musl 1.2.0: +https://git.musl-libc.org/cgit/musl/diff/ + +use %jd and typecast with intmax_t which is maximum width integer type + +Signed-off-by: Naveen Saini +[Upstream: https://github.com/intel/thermal_daemon/commit/a7136682b9e6ebdb53c3c8b472bcd5039d62dc78.patch] +Signed-off-by: Peter Seiderer +--- + src/thd_trip_point.cpp | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/src/thd_trip_point.cpp b/src/thd_trip_point.cpp +index 46f692d..6358c27 100644 +--- a/src/thd_trip_point.cpp ++++ b/src/thd_trip_point.cpp +@@ -242,15 +242,9 @@ bool cthd_trip_point::thd_trip_point_check(int id, unsigned int read_temp, + time_t tm; + time(&tm); + if ((tm - cdevs[i].last_op_time) < cdevs[i].sampling_priod) { +-#if defined __x86_64__ && defined __ILP32__ +- thd_log_info("Too early to act zone:%d index %d tm %lld\n", ++ thd_log_info("Too early to act zone:%d index %d tm %jd\n", + zone_id, cdev->thd_cdev_get_index(), +- tm - cdevs[i].last_op_time); +-#else +- thd_log_info("Too early to act zone:%d index %d tm %ld\n", +- zone_id, cdev->thd_cdev_get_index(), +- tm - cdevs[i].last_op_time); +-#endif ++ (intmax_t)tm - cdevs[i].last_op_time); + break; + } + cdevs[i].last_op_time = tm; +-- +2.29.2 + diff --git a/buildroot/package/uhd/uhd.mk b/buildroot/package/uhd/uhd.mk index adb757901..2a40efdd2 100644 --- a/buildroot/package/uhd/uhd.mk +++ b/buildroot/package/uhd/uhd.mk @@ -23,7 +23,7 @@ UHD_CONF_OPTS = \ -DRUNTIME_PYTHON_EXECUTABLE=/usr/bin/python \ -DENABLE_C_API=ON \ -DENABLE_DOXYGEN=OFF \ - -DENABLE_DPKD=OFF \ + -DENABLE_DPDK=OFF \ -DENABLE_LIBUHD=ON \ -DENABLE_N230=OFF \ -DENABLE_N300=OFF \ diff --git a/buildroot/package/vsftpd/S70vsftpd b/buildroot/package/vsftpd/S70vsftpd index 38bcfd431..62f9a1b74 100644 --- a/buildroot/package/vsftpd/S70vsftpd +++ b/buildroot/package/vsftpd/S70vsftpd @@ -9,12 +9,12 @@ DAEMON=/usr/sbin/$NAME case "$1" in start) printf "Starting $DESC: " - start-stop-daemon -S -b -x $NAME + start-stop-daemon -S -b -x $DAEMON echo "OK" ;; stop) printf "Stopping $DESC: " - start-stop-daemon -K -x $NAME + start-stop-daemon -K -x $DAEMON echo "OK" ;; restart|force-reload) diff --git a/buildroot/package/webkitgtk/webkitgtk.hash b/buildroot/package/webkitgtk/webkitgtk.hash index 30b8e4f11..1849d9eff 100644 --- a/buildroot/package/webkitgtk/webkitgtk.hash +++ b/buildroot/package/webkitgtk/webkitgtk.hash @@ -1,7 +1,7 @@ -# From https://webkitgtk.org/releases/webkitgtk-2.30.2.tar.xz.sums -md5 2163f1f982c63cb8fa75bf1b36396304 webkitgtk-2.30.2.tar.xz -sha1 e27d336570226645f861b5a00116c17da39f9df4 webkitgtk-2.30.2.tar.xz -sha256 c467e0bc2bc610c2570928e3fd63cedaadc4719cbf9b04aa99f79dd71ad5682a webkitgtk-2.30.2.tar.xz +# From https://webkitgtk.org/releases/webkitgtk-2.30.3.tar.xz.sums +md5 3db32cffeab82efcade1ce77f94865c2 webkitgtk-2.30.3.tar.xz +sha1 6eed6e8a3c2f47533821169679fe381ceb0550be webkitgtk-2.30.3.tar.xz +sha256 6dea14f03916882816f2fed9497a5103fc54b2ab8602ab145ca991e4951e5e7f webkitgtk-2.30.3.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/buildroot/package/webkitgtk/webkitgtk.mk b/buildroot/package/webkitgtk/webkitgtk.mk index 84078f8b9..0310f058f 100644 --- a/buildroot/package/webkitgtk/webkitgtk.mk +++ b/buildroot/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.30.2 +WEBKITGTK_VERSION = 2.30.3 WEBKITGTK_SITE = https://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES diff --git a/buildroot/package/wireless-regdb/wireless-regdb.hash b/buildroot/package/wireless-regdb/wireless-regdb.hash index 9271073fd..5403110be 100644 --- a/buildroot/package/wireless-regdb/wireless-regdb.hash +++ b/buildroot/package/wireless-regdb/wireless-regdb.hash @@ -1,4 +1,4 @@ # From https://www.kernel.org/pub/software/network/wireless-regdb/sha256sums.asc -sha256 89fd031aed5977c219a71501e144375a10e7c90d1005d5d086ea7972886a2c7a wireless-regdb-2020.04.29.tar.xz +sha256 b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52 wireless-regdb-2020.11.20.tar.xz # Locally computed sha256 678b0df753c86198fc496d1f1033429bbd57f101472132ee7eaaf9f5e0a7fae1 LICENSE diff --git a/buildroot/package/wireless-regdb/wireless-regdb.mk b/buildroot/package/wireless-regdb/wireless-regdb.mk index 52a0e0cff..e40c4beb1 100644 --- a/buildroot/package/wireless-regdb/wireless-regdb.mk +++ b/buildroot/package/wireless-regdb/wireless-regdb.mk @@ -4,7 +4,7 @@ # ################################################################################ -WIRELESS_REGDB_VERSION = 2020.04.29 +WIRELESS_REGDB_VERSION = 2020.11.20 WIRELESS_REGDB_SOURCE = wireless-regdb-$(WIRELESS_REGDB_VERSION).tar.xz WIRELESS_REGDB_SITE = $(BR2_KERNEL_MIRROR)/software/network/wireless-regdb WIRELESS_REGDB_LICENSE = ISC diff --git a/buildroot/package/wlroots/Config.in b/buildroot/package/wlroots/Config.in index eb4c4725a..2f72fd494 100644 --- a/buildroot/package/wlroots/Config.in +++ b/buildroot/package/wlroots/Config.in @@ -3,16 +3,14 @@ comment "wlroots needs udev, mesa3d w/ EGL and GLES support" !BR2_PACKAGE_MESA3D_OPENGL_ES || \ !BR2_PACKAGE_HAS_UDEV -comment "wlroots needs a toolchain w/ threads, locale, dynamic library" +comment "wlroots needs a toolchain w/ threads, dynamic library" depends on !BR2_TOOLCHAIN_HAS_THREADS || \ - !BR2_ENABLE_LOCALE || \ BR2_STATIC_LIBS config BR2_PACKAGE_WLROOTS bool "wlroots" depends on !BR2_STATIC_LIBS # wayland depends on BR2_TOOLCHAIN_HAS_THREADS # libdrm, wayland - depends on BR2_ENABLE_LOCALE # libinput depends on BR2_PACKAGE_HAS_UDEV # libinput # Technically wlroots should work with any OpenGL implementation # which provides EGL, GLES2, and libgbm; but in practice only diff --git a/buildroot/package/wpewebkit/0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch b/buildroot/package/wpewebkit/0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch deleted file mode 100644 index e684c4e3e..000000000 --- a/buildroot/package/wpewebkit/0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1ca7dea56db25969844699bc82fe7c78cb3d2eda Mon Sep 17 00:00:00 2001 -From: Peter Seiderer -Date: Tue, 10 Nov 2020 23:06:45 +0100 -Subject: [PATCH] WebProcess/InjectedBundle: fix compile without video support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: - - .../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’? - page->settings().setGenericCueAPIEnabled(enabled); - ^~~~~~~~~~~~~~~~~~~~~~~ - setBeaconAPIEnabled - -Signed-off-by: Peter Seiderer ---- - Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp -index 61326f2e..d7776997 100644 ---- a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp -+++ b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp -@@ -236,12 +236,14 @@ void InjectedBundle::overrideBoolPreferenceForTestRunner(WebPageGroupProxy* page - RuntimeEnabledFeatures::sharedFeatures().setWebRTCMDNSICECandidatesEnabled(enabled); - #endif - -+#if ENABLE(VIDEO) - if (preference == "WebKitGenericCueAPIEnabled") { - WebPreferencesStore::overrideBoolValueForKey(WebPreferencesKey::genericCueAPIEnabledKey(), enabled); - for (auto* page : pages) - page->settings().setGenericCueAPIEnabled(enabled); - return; - } -+#endif - - #if ENABLE(GPU_PROCESS) - if (preference == "WebKitUseGPUProcessForMedia" || preference == "WebKitCaptureAudioInGPUProcessEnabledKey") { --- -2.29.2 - diff --git a/buildroot/package/wpewebkit/wpewebkit.hash b/buildroot/package/wpewebkit/wpewebkit.hash index 2bd5fd3fb..3534abf0e 100644 --- a/buildroot/package/wpewebkit/wpewebkit.hash +++ b/buildroot/package/wpewebkit/wpewebkit.hash @@ -1,7 +1,7 @@ -# From https://wpewebkit.org/releases/wpewebkit-2.30.2.tar.xz.sums -md5 5b0fed3333b53dbb36e572935fd54a7b wpewebkit-2.30.2.tar.xz -sha1 a143723fb77c2ea20bad888b95ccc37a7dd5b375 wpewebkit-2.30.2.tar.xz -sha256 c94925ca2d655c7fc07dbc2d4b7a47a822c7699816a8cca35ed9efd676b5ba86 wpewebkit-2.30.2.tar.xz +# From https://wpewebkit.org/releases/wpewebkit-2.30.3.tar.xz.sums +md5 75f6ef1819b182043a25b916272ebec6 wpewebkit-2.30.3.tar.xz +sha1 2ed723f779513205449e0c5b7c080eb19d635aee wpewebkit-2.30.3.tar.xz +sha256 f2dfc1a6279810353f601bb9bd0d8ef671b41b38352d679b93d01631c2bf7b4b wpewebkit-2.30.3.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/buildroot/package/wpewebkit/wpewebkit.mk b/buildroot/package/wpewebkit/wpewebkit.mk index 6f83775e9..66f86edf4 100644 --- a/buildroot/package/wpewebkit/wpewebkit.mk +++ b/buildroot/package/wpewebkit/wpewebkit.mk @@ -4,7 +4,7 @@ # ################################################################################ -WPEWEBKIT_VERSION = 2.30.2 +WPEWEBKIT_VERSION = 2.30.3 WPEWEBKIT_SITE = http://www.wpewebkit.org/releases WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz WPEWEBKIT_INSTALL_STAGING = YES diff --git a/buildroot/package/xen/xen.hash b/buildroot/package/xen/xen.hash index 709eeb3d4..eb5b18b41 100644 --- a/buildroot/package/xen/xen.hash +++ b/buildroot/package/xen/xen.hash @@ -1,3 +1,27 @@ # Locally computed sha256 06839f68ea7620669dbe8b67861213223cc2a7d02ced61b56e5249c50e87f035 xen-4.14.0.tar.gz sha256 ecca9538e9d3f7e3c2bff827502f4495e2ef9e22c451298696ea08886b176c2c COPYING +# https://xenbits.xenproject.org/xsa/advisory-333.html +sha256 8edec914fbdf036fba8cb54a75d3a9b025fac936e0af35512954a2dc2b12a26f xsa333.patch +# https://xenbits.xenproject.org/xsa/advisory-334.html +sha256 323cd9d24b2e95643833865a9943172c56edd25dfd170e4741034d28dfd0d4bd xsa334.patch +# https://xenbits.xenproject.org/xsa/advisory-336.html +sha256 ecb59876fb92cfe0916ed5f3227a30efe038224c1f6ec36bc3706c4e2214552c xsa336.patch +# https://xenbits.xenproject.org/xsa/advisory-337.html +sha256 98c48781dd46bf6ff6cc46246c6c9f2e2be6ec696c0e7918d4b82845588ce04e xsa337-1.patch +sha256 9e8ae24222371379f2ea62e14fcc7f7282e01c356dff230c22c9ab1d2fb941e2 xsa337-2.patch +# https://xenbits.xenproject.org/xsa/advisory-338.html +sha256 7345eac1cbad23b082523e9cbd0331f8a9f16c6e459fb2a686606253f5514c9b xsa338.patch +# https://xenbits.xenproject.org/xsa/advisory-339.html +sha256 b6ffa7671d905aa12498ad64915be3b7cba74ce1c5bf6bce18b1f106ebf6d715 xsa339.patch +# https://xenbits.xenproject.org/xsa/advisory-340.html +sha256 2bb088fcc1f8f79bf5ddb7b4e101cb1db76a343d2fb1cdafb7cd54612e4009da xsa340.patch +# https://xenbits.xenproject.org/xsa/advisory-342.html +sha256 060caee3fb5971fca0f2fbdef622c52d9bc6e0ed9efad33de5b6b504651c2112 xsa342.patch +# https://xenbits.xenproject.org/xsa/advisory-343.html +sha256 d714a542bae9d96b6a061c5a8f754549d699dcfb7bf2a766b721f6bbe33aefd2 xsa343-1.patch +sha256 657c44c8ea13523d2e59776531237bbc20166c9b7c3960e0e9ad381fce927344 xsa343-2.patch +sha256 2b275e3fa559167c1b59e6fd4a20bc4d1df9d9cb0cbd0050a3db9c3d0299b233 xsa343-3.patch +# https://xenbits.xenproject.org/xsa/advisory-344.html +sha256 5f9dbdc48bed502d614a76e5819afa41a72cec603c5a2c9491d73873a991a5ed xsa344-1.patch +sha256 381ca5c51bc120bfd5c742be3988f570abb870c4b75c8a48cf49ae4fa1046d73 xsa344-2.patch diff --git a/buildroot/package/xen/xen.mk b/buildroot/package/xen/xen.mk index 8cbe532d2..0c3ecbb90 100644 --- a/buildroot/package/xen/xen.mk +++ b/buildroot/package/xen/xen.mk @@ -6,6 +6,43 @@ XEN_VERSION = 4.14.0 XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION) +XEN_PATCH = \ + https://xenbits.xenproject.org/xsa/xsa333.patch \ + https://xenbits.xenproject.org/xsa/xsa334.patch \ + https://xenbits.xenproject.org/xsa/xsa336.patch \ + https://xenbits.xenproject.org/xsa/xsa337/xsa337-1.patch \ + https://xenbits.xenproject.org/xsa/xsa337/xsa337-2.patch \ + https://xenbits.xenproject.org/xsa/xsa338.patch \ + https://xenbits.xenproject.org/xsa/xsa339.patch \ + https://xenbits.xenproject.org/xsa/xsa340.patch \ + https://xenbits.xenproject.org/xsa/xsa342.patch \ + https://xenbits.xenproject.org/xsa/xsa343/xsa343-1.patch \ + https://xenbits.xenproject.org/xsa/xsa343/xsa343-2.patch \ + https://xenbits.xenproject.org/xsa/xsa343/xsa343-3.patch \ + https://xenbits.xenproject.org/xsa/xsa344/xsa344-1.patch \ + https://xenbits.xenproject.org/xsa/xsa344/xsa344-2.patch + +# xsa333.patch +XEN_IGNORE_CVES += CVE-2020-25602 +# xsa334.patch +XEN_IGNORE_CVES += CVE-2020-25598 +# xsa336.patch +XEN_IGNORE_CVES += CVE-2020-25604 +# xsa337-1.patch, xsa337-2.patch +XEN_IGNORE_CVES += CVE-2020-25595 +# xsa338.patch +XEN_IGNORE_CVES += CVE-2020-25597 +# xsa339.patch +XEN_IGNORE_CVES += CVE-2020-25596 +# xsa340.patch +XEN_IGNORE_CVES += CVE-2020-25603 +# xsa342.patch +XEN_IGNORE_CVES += CVE-2020-25600 +# xsa343-1.patch, xsa-343-2.patch, xsa-343-3.patch +XEN_IGNORE_CVES += CVE-2020-25599 +# xsa344-1.patch, xsa344-2.patch +XEN_IGNORE_CVES += CVE-2020-25601 + XEN_LICENSE = GPL-2.0 XEN_LICENSE_FILES = COPYING XEN_DEPENDENCIES = host-acpica host-python3 diff --git a/buildroot/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch b/buildroot/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch new file mode 100644 index 000000000..bb2ee1fc9 --- /dev/null +++ b/buildroot/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch @@ -0,0 +1,29 @@ +From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 +From: Thomas Swan +Date: Wed, 2 Oct 2013 23:17:17 -0500 +Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for + TCPMUX services + +Originally reported to Debian in 2005 and rediscovered , xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). + +Signed-off-by: Peter Korsgaard +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +2.20.1 + diff --git a/buildroot/package/xinetd/xinetd.mk b/buildroot/package/xinetd/xinetd.mk index a2ba10df7..6d6767766 100644 --- a/buildroot/package/xinetd/xinetd.mk +++ b/buildroot/package/xinetd/xinetd.mk @@ -9,6 +9,9 @@ XINETD_SITE = $(call github,xinetd-org,xinetd,xinetd-$(XINETD_VERSION)) XINETD_LICENSE = xinetd license XINETD_LICENSE_FILES = COPYRIGHT +# 0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch +XINETD_IGNORE_CVES += CVE-2013-4342 + XINETD_CFLAGS = $(TARGET_CFLAGS) # Three cases here: diff --git a/buildroot/package/xorriso/xorriso.mk b/buildroot/package/xorriso/xorriso.mk index 56bf39f76..472623ea5 100644 --- a/buildroot/package/xorriso/xorriso.mk +++ b/buildroot/package/xorriso/xorriso.mk @@ -14,7 +14,7 @@ XORRISO_LICENSE_FILES = COPYING COPYRIGHT HOST_XORRISO_CONF_OPTS = \ --disable-xattr-h-pref-attr \ --disable-zlib \ - --disable-bzip2 \ + --disable-libbz2 \ --disable-libcdio \ --disable-libreadline \ --disable-libedit \ diff --git a/buildroot/support/dependencies/check-host-bison-flex.mk b/buildroot/support/dependencies/check-host-bison-flex.mk index 233b6c51c..14a232fd4 100644 --- a/buildroot/support/dependencies/check-host-bison-flex.mk +++ b/buildroot/support/dependencies/check-host-bison-flex.mk @@ -1,5 +1,9 @@ # If the system lacks bison or flex, add # dependencies to suitable host packages +# +# BR2_{BISON,FLES}_HOST_DEPENDENCY should only be used to build code +# that runs on host, e.g. Kconfig. To build code for target use plain +# host-{bison,flex}. ifeq ($(shell which bison 2>/dev/null),) BR2_BISON_HOST_DEPENDENCY = host-bison diff --git a/buildroot/utils/getdeveloperlib.py b/buildroot/utils/getdeveloperlib.py index dc0cc07cc..f57f41887 100644 --- a/buildroot/utils/getdeveloperlib.py +++ b/buildroot/utils/getdeveloperlib.py @@ -126,6 +126,7 @@ class Developer: def hasfile(self, f): f = os.path.abspath(f) for fs in self.files: + fs = os.path.abspath(fs) if f.startswith(fs): return True return False