Commit Graph

70113 Commits

Author SHA1 Message Date
Peter Korsgaard
f1ee7015a4 support/dependencies/check-host-tar.sh: blacklist tar 1.35+
GNU tar 1.35 changed the behaviour for the devmajor/devminor fields,
breaking the download hash validation.  For details, see:

https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
https://patchwork.ozlabs.org/project/buildroot/patch/20231018141155.533944-1-vfazio@gmail.com/

To work around this issue, blacklist tar 1.35+ similar to how we do it for
pre-1.27 versions so Buildroot falls back to building host-tar (which is
currently 1.34).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:20 +01:00
Peter Korsgaard
ad0bb50dc7 package/tar: add upstream security patch for CVE-2022-48303
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:01 +01:00
Peter Korsgaard
f2b23a6320 Revert "package/tar: security bump to version 1.35"
This reverts commit d4d483451f.

Tar 1.35 unfortunately changes the behaviour for the devmajor/devminor
fields, breaking the download hash validation.  From the release notes:

* Leave the devmajor and devminor fields empty (rather than zero) for
  non-special files, as this is more compatible with traditional tar.

https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html

So revert the bump for now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:49:36 +01:00
Peter Korsgaard
b32a46e2a8 Revert "package/tar: allowing building even on non-Y2038 compliant systems"
This reverts commit 7f1088f9ca.

We're going back to tar 1.34, so this needs to be reverted as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:49:27 +01:00
Dario Binacchi
bcd879d5e2 package/uuu: bump to version 1.5.141
- Increase default timeout to 10s (1.5.140)
- Hot Fixed for SPDS crash for some images (1.5.141)

Release notes:
https://github.com/nxp-imx/mfgtools/releases/tag/uuu_1.5.140
https://github.com/nxp-imx/mfgtools/releases/tag/uuu_1.5.141

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:48:37 +01:00
Giulio Benetti
b368f78a4e DEVELOPERS: add Giulio Benetti to mongoose and swupdate
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:47:25 +01:00
Giulio Benetti
15bfec42c2 package/mongoose: bump to version 7.12
Update hash of license file (date updated with
d7eb3db60b)

https://github.com/cesanta/mongoose/releases/tag/7.12
https://github.com/cesanta/mongoose/releases/tag/7.11
https://github.com/cesanta/mongoose/releases/tag/7.10
https://github.com/cesanta/mongoose/releases/tag/7.9

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:43:09 +01:00
Frager, Neal
29fb06a3fb configs/zynq_zc702_defconfig: new defconfig
This patch adds support for Xilinx Zynq ZC702 starter kit.

ZC702 features can be found here:
https://www.xilinx.com/products/boards-and-kits/ek-z7-zc702-g.html

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:42:10 +01:00
Arnout Vandecappelle
3b65462631 support/testing: add missing systemd-overlay-fstab
Commit 083e65a67c introduced tests for the
various read-only root options under systemd, but while applying the
fs-overlay that is used in one of the tests wasn't included. Include it
now.

Fixes: 083e65a67c
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-13 12:17:43 +01:00
Thomas Devoogdt
d4d2805c7f package/at-spi2-core: bump to 2.50.0
News:
 - https://download.gnome.org/sources/at-spi2-core/2.48/at-spi2-core-2.48.4.news
 - https://download.gnome.org/sources/at-spi2-core/2.49/at-spi2-core-2.49.1.news
 - https://download.gnome.org/sources/at-spi2-core/2.49/at-spi2-core-2.49.90.news
 - https://download.gnome.org/sources/at-spi2-core/2.49/at-spi2-core-2.49.91.news
 - https://download.gnome.org/sources/at-spi2-core/2.50/at-spi2-core-2.50.0.news

Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 15:08:23 +01:00
Thomas Devoogdt
ed0be8ab1d package/libsoup3: bump to 3.4.4
News:
 - https://download.gnome.org/sources/libsoup/3.4/libsoup-3.4.3.news
 - https://download.gnome.org/sources/libsoup/3.4/libsoup-3.4.4.news

Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 15:08:06 +01:00
Damien Le Moal
01932fec17 package/gcc: Fix gcc finale library installation
Fixes:
http://autobuild.buildroot.net/results/98f/98fedf4969c260f73a01b937b9625e66dcd86b3c

When BR2_TOOLCHAIN_HAS_LIBATOMIC is "n", there is no gcc libatomic.so
library to install. For configurations with such settings, compilation
fails as gcc-final.mk unconditionally adds libatomic as an installation
target. This error, for instance, shows for all Canaan K210 riscv
configs, as they all use uclibc flat binary format which disabled
libatomic:

Fix this by modifying package/gcc/gcc-final/gcc-final.mk to add
libatomic to GCC_FINAL_LIBS only for configurations that have
BR2_TOOLCHAIN_HAS_LIBATOMIC set to "y".

Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 14:09:28 +01:00
Fabrice Fontaine
d23bcbd2bb package/libmemcached: force CMAKE_BUILD_TYPE
Force CMAKE_BUILD_TYPE to Release to avoid the following build failure
with c-icap or php-memcached raised since bump to version 1.1.4 and
switch to cmake-package in commit
7205df8a4f:

Fixes:
 - http://autobuild.buildroot.org/results/bca84915550a72f1dc89c8661cba2545d6bc96ef
 - http://autobuild.buildroot.org/results/b140d225208e7fa44b935a119e74347caf710e55

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use +=]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 14:07:42 +01:00
Maxim Kochetkov
82510279b0 package/libosmium: bump version to 2.20.0
Release-notes: https://github.com/osmcode/libosmium/releases/tag/v2.20.0

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 14:01:50 +01:00
Dario Binacchi
b4cbaf41bf package/uuu: bump to version 1.5.139
Release notes:
https://github.com/nxp-imx/mfgtools/releases/tag/uuu_1.5.139

The changes to README.md are not related to license modifications.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 13:59:11 +01:00
Hmaied Ben Abdellatif
f01bf0dbf1 package/openldap: bump version to 2.5.16
Stripping when cross-compiling and libtool static behavior are fixed in
2.5.16, so drop 0001-fix_cross_strip.patch and rename the remaining patches.

Signed-off-by: Hmaied Ben Abdellatif <hmaied.benabdellatif@etictelecom.com>
[Peter: extend commit message, update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 12:33:47 +01:00
Peter Korsgaard
4984d0f230 utils/add-custom-hashes: add script to manage global patch dir hashes
Add a script to manage the .hash files in the BR2_GLOBAL_PATCH_DIR for
packages using custom versions.

To use it, run in a configured Buildroot directory, E.G.

  make foo_defconfig; ./utils/add-custom-hashes

We support multiple patch directories in BR2_GLOBAL_PATCH_DIR.  If multiple
directories are specified then use the last one as that is likely to be the
most specific one.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: silence command -v invocation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 11:59:27 +01:00
Roberto Medina
fc2a425371 configs/roc_pc_rk3399: Bump Linux and U-Boot version
Bump version of Linux to 6.1.61 and U-Boot to 2023.10.
    U-Boot requires enabling pylibfdt and pyelftools
    We need to increase the size of the rootfs, and we get rid of a
64bit warning on `mke2fs` by passing `-O 64bit` as an argument.

Signed-off-by: Roberto Medina <robertoxmed@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 23:07:31 +01:00
Fabrice Fontaine
b692b285d9 package/json-c: fix build with gcc 5
Fix the following build failure with gcc 5 raised since bump to version
0.17 in commit 725580a26e:

/home/thomas/autobuild/instance-2/output-1/build/json-c-0.17/json_pointer.c: In function 'json_pointer_result_get_recursive':
/home/thomas/autobuild/instance-2/output-1/build/json-c-0.17/json_pointer.c:193:25: error: 'idx' may be used uninitialized in this function [-Werror=maybe-uninitialized]
    res->index_in_parent = idx;
                         ^

Fixes:
 - http://autobuild.buildroot.org/results/523b35a979d59121fe4e18c38171792b06233940

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 19:58:21 +01:00
Thomas Devoogdt
8ed9e2b055 package/lighttpd: bump to 1.4.73
News:
 - https://www.lighttpd.net/2023/10/30/1.4.73/

Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 19:56:48 +01:00
Oleg Lyovin
72c3f87efa package: dhcpcd: fix dhcpcd binary not stripped
By default dhcpcd installed with 555 permissions as it is
configured in its Makefile.inc. Since 'w' bit is missing,
strip fails and dhcpcd binary installed non-stripped.

On ARM GCC 12 glibc configuration strip saves over 1MB of disk space.

Signed-off-by: Oleg Lyovin <ovlevin@salutedevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:42:23 +01:00
Bernd Kuhls
af6eaaf234 package/kodi-pvr-mythtv: bump version to 20.5.6-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:39:58 +01:00
Bernd Kuhls
a77c291abb package/kodi-pvr-iptvsimple: bump version to 20.13.0-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:39:44 +01:00
Bernd Kuhls
9b410042a1 package/kodi-pvr-hts: bump version to 20.6.4-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:39:34 +01:00
Bernd Kuhls
437352bd5b package/openvpn: security bump version to 2.6.7
Fixes CVE-2023-46849 & CVE-2023-46850.

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/ChangeLog
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:39:05 +01:00
Bernd Kuhls
e1741bcdd0 package/tor: security bump version to 0.4.8.9
Release notes:
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
https://forum.torproject.org/t/security-release-0-4-8-9/10155

Fixes TROVE-2023-006.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:38:44 +01:00
Bernd Kuhls
b8c92f7d48 {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 5, 6}.x series
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-11 14:38:16 +01:00
James Hilliard
90cfa7b1e9 package/python-lmdb: bump to version 1.4.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:17:54 +01:00
James Hilliard
d8ae2986a0 package/python-libusb1: bump to version 3.1.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:17:22 +01:00
James Hilliard
26b8b6c7cf package/python-lark: bump to version 1.1.8
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:17:00 +01:00
James Hilliard
b23e072065 package/python-kiwisolver: bump to version 1.4.5
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:16:41 +01:00
Adam Duskett
ab3d5a5f5e package/scons: bump version to 4.5.2
- Switch to setuptools
- Update License hash due to a year change: 2019 -> 2021
- Install the packages to the site-packages directory, or else packages using
  scons fail to build with import errors.

Tested with benejson, gpsd, and mongodb.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:09:24 +01:00
Adam Duskett
6273b2f85d package/python-constantly: bump version to 23.10.4
This package now requires host-python-versioneer to build.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:06:16 +01:00
Adam Duskett
53931943eb package/python-versioneer: new package
Used with the latest version of python-constantly. It is only needed as a
host package.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:06:12 +01:00
Adam Duskett
80adc6bee2 package/python-systemd: bump version to 235
Remove the "# Should be kept in sync with $(SYSTEMD_VERSION)" line from
python-systemd.mk, as this package is not updated on a regular basis and does
not keep up to date with systemd.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:06:00 +01:00
James Hilliard
37a1a194b1 package/python-keyring: bump to version 24.2.0
Add new python-jaraco-classes runtime dependency.

Add new python-jeepney runtime dependency.

License hash changed due to copyright notice removal:
5957d58266

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:50 +01:00
James Hilliard
554ecdf49a package/python-jeepney: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:49 +01:00
James Hilliard
64fc2dd727 package/python-jsonschema: bump to version 4.19.2
Drop no longer required python-pyrsistent runtime dependency.

Add new python-jsonschema-specifications runtime dependency.

Add new python-referencing runtime dependency.

Add new python-rpds-py runtime dependency.

Propagate python-rpds-py target rust support requirement to
python-jsonschema reverse dependencies.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:48 +01:00
James Hilliard
94e985fdc3 package/python-jsonschema-specifications: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:47 +01:00
James Hilliard
2a36024a63 package/python-referencing: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:46 +01:00
James Hilliard
aaa315b6a7 package/python-filelock: bump to version 3.13.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:45 +01:00
James Hilliard
013061755d package/python-hatchling: bump to version 1.18.0
Add new host-python-trove-classifiers build dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:44 +01:00
James Hilliard
10e7866f39 package/python-trove-classifiers: new host package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:43 +01:00
James Hilliard
257c88b75e package/python-calver: new host package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-10 22:01:42 +01:00
Adam Duskett
c079912374 package/python-pyxb: Drop package
The last time python-pyxb was updated according to pypi.org is in 2017.
As there are no maintainers listed for the package, and the package uses
distutils which has been removed in Python 3.12.0, remove the package.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 22:49:45 +01:00
James Hilliard
e759e927b3 package/python-pygame: switch from distutils to setuptools
distutils will be dropped with python 3.12.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 22:49:36 +01:00
Yann E. MORIN
74ceb71a52 package/python-kmod: fix licensing
Commit 2add559e50 (package/python-kmod: new package) listed LGPL-2.1+
(aka -or-later) as the licensed applicable. However, thode contains the
following blurbs:

    # python-kmod is free software: you can redistribute it and/or modify it under
    # the terms of the GNU Lesser General Public License version 2.1 as published
    # by the Free Software Foundation.

There is no mention of the usual "or, at your option, any later
version".

As such, the license is reall LGPL-2.1-only.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 22:32:08 +01:00
Adam Duskett
2add559e50 package/python-kmod: new package
This package is currently used in Fedora39 to provide python bindings
for kmod, and it is Python 3.12.0 compatible.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: LGPL in in COPYING.LESSER]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 22:26:18 +01:00
Adam Duskett
e5467ad9f5 package/kmod: drop python support
The python bindings provided by kmod were last updated 9 years ago.
  - They are not compatible with Python 3.12.
  - No major distribution uses this option.

Remove the option.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 22:13:28 +01:00
James Hilliard
1c56620ee9 package/python-networkx: bump to version 3.2.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 21:58:49 +01:00