Skip to content

Commit

Permalink
Revert "Update for 2021.02.7"
Browse files Browse the repository at this point in the history 
This rolls back to buildroot tag 2021.02. The process done was:

```
revert=$(git --no-pager log --oneline 2021.02..2021.02.7 | cut -d " "
-f1)
for r in ${revert}; do git revert --no-edit ${r}; done
```

Note that this is a squash of all those reverts. The reason for this is
that it will make the merge against 2022.02.3 much more reliable because
we have a linear history from 2021.02 to 2022.02.3. And we will get back
the things we are reverting anyways (just in a away that won't make git
confused or generate conflicts).
  • Loading branch information
@nunojsa
nunojsa committed Jul 19, 2022
1 parent 6d681cb commit cd80536
Show file tree
Hide file tree
Showing 1,303 changed files with 4,450 additions and 45,844 deletions.
283 changes: 0 additions & 283 deletions CHANGES
View file
Original file line number Diff line number Diff line change
@@ -1,286 +1,3 @@
2021.02.7, released November 10th, 2021

Important / security related fixes.

OpenJDK 16.x moved to 17.x as 16.x is EOL.

Updated/fixed packages: asterisk, audit, bind, bitcoin,
cryptsetup, dahdi-linux, dbus-python, dfu-util, docker-cli,
docker-containerd, docker-engine, earlyoom, exiv2, ffmpeg,
freerdp, gdb, gensio, gnupg2, go, gpsd, gst1-plugins-bad,
gst1-plugins-ugly, gst1-vaapi, hiredis, lftp, lightning,
lrzip, netdata, nodejs, olsr, openjdk, openjdk-bin, pango,
qemu, samba4, snort, strongswan, suricata, systemd, vim,
wf111, wireguard-linux-compat, xerces

Issues resolved (http://bugs.uclibc.org):

#14311: Cannot compile dahdi (part of Asterisk) for x86 (P1mmx)

2021.02.6, released October 11, 2021

Important / security related fixes.

gdbinit: Mark the sysroot as a "safe path" before configuring
it, so pretty printers work correctly without having to pass
-ix to gdb

Updated/fixed packages: alsa-lib, apache,
arm-trusted-firmware, atftp, bind, botan, cryptopp, dash,
dc3dd, docker-cli, docker-containerd, docker-engine, dovecot,
erlang, fetchmail, gdb, ghostscript, go, gst-omx,
gst1-devtools, gst1-interpipe, gst1-libav, gst1-plugins-bad,
gst1-plugins-base, gst1-plugins-good, gst1-plugins-ugly,
gst1-python, gst1-rtsp-server, gst1-vaapi, gstreamer1,
gstreamer1-editing-services, kodi-pvr-octonet, libcurl,
libkrb5, libressl, libsndfile, libyang, lxc, lynx, mesa3d,
micropython, minicom, mono, mtr, mv-ddr-marvell, net-tools,
nmap, nodejs, ntfs-3g, openjdk, openjdk-bin, openldap,
openssh, php, python-aioconsole, python-cffi, python-dateutil,
python-django, python-pip, python-texttable, python-urllib3,
python-webob, qt5location, redis, refpolicy, ripgrep, runc,
sispmctl, squid, strongswan, supervisor, syslinux, tinycbor,
trace-cmd, uboot-tools, uclibc, wavemon, wireless-regdb, xen,
xserver_xorg-server

Issues resolved (http://bugs.uclibc.org):

#14206: Kodi: even when not enabled, forcefully selects libevdev..
#14211: libffi-3.3.tar.gz repacked
#14221: mv-ddr-marvell fails license validation

2021.02.5, released September 15th, 2021

Important / security related fixes.

Toolchain: Disable fortify support for Microblaze as it is not
currently working.

Updated/fixed packages: alsa-utils, arm-trusted-firmware,
bayer2rgb-neon, belle-sip, busybox, c-ares, cjson, coreutils,
cpio, eigen, environt-setup, fetchmail, fluidsynth,
fontconfig, gd, gdb, gnuradio, gnutls, go, haproxy, ipmiutil,
iputils, jszip, kvm-unit-tests, libarchive, libexif,
libgcrypt, libmodsecurity, libopenssl, librsvg, libshout,
libssh, linux, localedef, mc, mesa3d, mosquitto, netsniff-ng,
nginx, nodejs, ogre, openmpi, openvmtools, php, postgresql,
prelink-cross, prosody, protobuf, python-keyring,
python-matplotlib, python-pillow, python-pyudev,
python-secretstorage, python3, qt5base, samba4, sdl2, sox,
swupdate, sylpheed, tor, uboot-tools, uhd, unbound, vim,
wlroots, xapp_xrdb, xapp_xwd, xen, xenomai, xlib_libXfont2,
xlib_libXft, zip

2021.02.4, released August 10th, 2021

Important / security related fixes.

Toolchain: Disable PIC/PIE for Microblaze (like for NIOS II)
as it is not currently working.

binutils: fix linker assert failure on OpenRisc, or1k build
issue with gcc < 5

gdb: Enable on NIOS II

utils/scanpypi: Various improvements

Defconfigs: stm32f469_disco: Fix kernel boot issue, Microchip
sam9x60ek mmc_dev: Add missing toolchain/system options

Updated/fixed packages: apache, arm-trusted-firmware, audit,
avahi, bind, binutils, bird, bluez5_utils, boinc, busybox,
chrony, clamav, cryptsetup, cwiid, dnsmasq, docker-cli,
docker-engine, dovecot, dovecot-pigeonhole, e2fsprogs, exiv2,
fail2ban, fb-test-app, feh, fetchmail, flac, fluxbox, gawk,
gcc, gcr, gdb, gdk-pixbuf, gesftpserver, glibc, go, gptfdisk,
granite, grub2, gqrx, guile, hdparm, heirloom-mailx,
ibrcommon, ibrdtn, ibrdtn-tools, ibrdtnd, intel-microcode,
iodine, irqbalance, keepalived, libass, libconfig, libcurl,
libfreeimage, libfuse3, libgcrypt, libgtk3, libgudev, libhtp,
libjson, libkrb5, libloki, libmodsecurity, libndp,
libnetfilter-log, libnfnetlink, libnice, libodb, libodb-boost,
libodb-mysql, libodb-pgsql, libpcap, libqmi, libressl,
librsvg, libtasn1, libtirpc, libuci, libxmlrpc,
linux-firmware, linuxptp, lrzsz, ltp-testsuite, lvm2, mariadb,
mbedtls, monit, mono, mosquitto, mpd, mpg123, mpv, nbd, neard,
netsnmp, nettle, nginx-modsecurity, nmap, nodejs, ntp,
openntpd, openpgm, openswan, pango, pcre2,
perl-crypt-openssl-rsa, php, pixman, polkit, postgresql,
proxychains-ng, putty, python, python-django,
python-dataproperty, python-pysftp, python-urllib3, python3,
qpdf, redis, ripgrep, ruby, samba4, spice, slirp, suricata,
sysdig, tcpdump, tftpd, thrift, tor, tpm2-tools, trinity,
uboot, uboot-tools, uclibc, util-linux, vlc, wireless-regdb,
wireshark, wolfssl, xapp_fonttosfnt, xlib_libX11,
xlib_libxshmfence, xserver_xorg-server

Issues resolved (http://bugs.uclibc.org):

#13586: grub failure with BR2_OPTIMIZE_3
#13661: host-python2 build fails on aarch64
#13836: package build failure when target install set to no..
#13846: BR2_PACKAGE_LVM2_STANDARD_INSTALL should be default to..

2021.02.3, released June 12th, 2021

Important / security related fixes.

CPE meta data has been added for a large number of packages

Updated/fixed packages: acpid, apache, apcupsd, assimp, bird,
bitcoin, blktrace, boost, capnproto, chrony, dc3dd, dhcp,
directfb, dmalloc, docker-engine, ebtables, efibootmgr,
enlightenment, enscript, environment-setup, exempi, expat,
findutils, flatcc, fluidsynth, frr, gdb, go, gptfdisk, grpc,
gst1-plugins-bad, gst1-rtsp-server, gstreamer1, gupnp,
hostapd, hwloc, i2c-tools, iftop, imagemagick, imx-gpu-viv,
intel-mediadriver, intel-microcode, jquery-validation,
keepalived, kodi, less, libcamera, libcurl, libcutl, libesmtp,
libeXosip2, libffi, libfuse, libfuse3, libgeos, libgtk2,
libgtk3, libical, libidn, libidn2, libkcapi, libldns, libmms,
libmodbus, libmspack, libnids, libopenh264, liboping, libraw,
librelp, libsamplerate, libtirpc, libusb, libuv, libxcb,
libxml2, libxslt, live555, llvm, lmbench, localedef,
lttng-tools, lvm2, lz4, mesa3d, mimic, mini-snmpd, minidlna,
minissdpd, minizip, mono-gtksharp3, mpg123, mpv, msmtp, musl,
mutt, nasm, nbd, netperf, netsurf, nginx, odb, opencv3,
openssh, opentyrian, oprofile, p7zip, paho-mqtt-c, perl,
php-imagick, pifmrds, picocom, pigz, pngquant, poco,
postgresql, prosody, proxychains-ng, pulseaudio, putty, pwgen,
python-autobahn, python-bluezero, python-engineio,
python-keyring, python-pillow, python-requests, python-tqdm,
qemu, qpdf, qt5base, redis, refpolicy, rt-tests, runc,
shellinabox, squid, strace, supervisor, synergy, taglib,
tclap, terminology, thermald, tini, tinyproxy, tinyxml2,
tpm2-tss, uclibc, udisks, uhd, unscd, vlc, waylandpp,
webkitgtk, weston, wireshark, wpa_supplicant, wpewebkit,
xlib_libdmx, xlib_libFS, xlib_libICE, xlib_libX11,
xlib_libXcursor, xlib_libXdmcp, xlib_libXext, xlib_libXfixes,
xlib_libXfont2, xlib_libXinerama, xlib_libXpm, xlib_libXres,
xlib_libXt, xlib_libXtst, xlib_libXxf86dga, xlib_libXxf86vm,
xterm

Issues resolved (http://bugs.uclibc.org):

#13781: isc dhcp-server package don't create file /usr/bin/dhcpd
#13801: toolchainfile.cmake CMAKE_BUILD_TYPE
#13806: Building host-localedef fails on fedora 34/gcc 11

2021.02.2, released May 12th, 2021

Important / security related fixes.

Toolchain: Add logic to mark toolchains affected by binutils
bug 27597 (Nios II).

support/scripts/cve.py: Use the (significantly) faster yajl2
ijson backend for older (< 2.5) ijson versions rather than the
slow python default, speeding up pkg-stats by ~2x.

CMake infrastructure: Use CMAKE_EXE_LINKER_FLAGS rather than
CMAKE_CXX_FLAGS to link with libatomic to fix an compatibility
issue with poppler.

Infrastructure: Expose CONFIG_DIR to post-build/post-image
scripts, so they can call the Buildroot Makefile in the
correct directory for both in-tree / out-of-tree builds.

Updated/fixed packages: at91bootstrap, avahi, bash, bind,
bridge-utils, boost, cegui, cifs-utils, clamav, cmake,
coremark-pro, coreutils, cryptsetup, dmalloc, dnsmasq,
docker-cli, docker-engine, domoticz, efl, exim, ffmpeg, flex,
gcc, genext2fs, go, gst1-interpipe, haproxy, hostapd,
i2c-tools, imx-vpu, kexec, kf5-kcoreaddons, kismet, libcamera,
libcurl, libdrm, libfreefare, libfuse3, libgeos, libgpiod,
libnpupnp, libopenssl, libp11, librsync, libtomcrypt, libupnp,
localedef, lvm2, lxc, m4, makedevs, mender, mesa3d,
mesa3d-headers, mkpasswd, mkpimage, modem-manager, monkey,
mpd, ncurses, nettle, network-manager, nginx, numactl,
openjdk, openjdk-bin, openldap, openvpn, php, pipewire,
python-aioconsole, python-asgiref, python-botocore,
python-django, python-dnspython, python-flup, python-httplib2,
python-markdown2, python-mbrstrdecoder, python3, quickjs,
readline, rsyslog, ruby, rust, samba4, sconeserver, snort,
sox, systemd, tar, timescaledb, tio, tor, usb_modeswitch,
wpa_supplicant, xdriver_xf86-video-ati, xen, xlib_libXaw,
xserver_xorg-server

Issues resolved (http://bugs.uclibc.org):

#13271: systemd-resolved: /etc/resolv.conf link broken on per-pa..
#13551: 2021.02.rc2: Unicode not work on qt 5.15.2
#13651: pkg-golang cannot build when main.go is in the root
#13661: host-python2 build fails on aarch64
#13721: c-stack.c:55:26: error: missing binary operator before ..
#13731: Readline Patch is missing Author Information
#13741: genext2fs does not allow to set perms of root node
#13751: libopenssl (static): huge drop in performance in newer ..
#13771: package htop has undeclared dependency on host python

2021.02.1, released April 7, 2021

Important / security related fixes.

Dependencies: Explicitly detect and bail out if PATH contains
spaces or tabs. A number of packages fail to build in such
setups, so explicitly inform about this.

utils/scanpypi: Explicitly use python3 for compatibility with
packages using python3 syntax in setup.py

support/download: Fix tarball generation (from git/svn repos)
including symlinks pointing to ./<something>. Fix svn download
for <1.9 clients or repos using CVS-style keywords.

Meson: Use correct C++ host compiler (rather than C compiler)

Toolchain: Add logic to work around binutils bug 21464,
affecting OpenRISC, and drop the now longer applicable bug
19615 / 20006 handling.

Python{,3}: Fix byte compiling python files with short (single
character before .py) file names.

CPE meta data has been added for a large number of packages

Defconfigs: Correct Beaglebone QT file system overlay

Updated/fixed packages: alsa-utils, at91bootstrap3,
batman-adv, binutils, botan, bridge-utils, busybox,
ca-certificates, cog, coreutils, diffutils, dmidecode,
docker-cli, docker-containerd, docker-engine, efivar,
fetchmail, frr, genimage, git, gnutls, go, grub2, gst-omx,
gst1-devtools, gst1-libav, gst1-plugins-bad,
gst1-plugins-base, gst1-plugins-good, gst1-plugins-ugly,
gst1-python, gst1-rtsp-server, gst1-vaapi, gstreamer1,
gstreamer1-editing-services, haproxy, haserl, hwloc,
irqbalance, jasper, kexec, kexec-lite, kismet, kodi, libcurl,
libfreeglut, libgcrypt, libgeos, libglib2, libopenssl, libqmi,
libressl, libupnp, libvips, libvpx, libwebsockets, linux,
lldpd, logrotate, lttng-libust, lttng-tools, mariadb, mbedtls,
mcelog, mender, micropython, mongoose, mosquitto, mpd,
netsnmp, nodejs, openmpi, openssh, openvpn, opkg-utils,
optee-client, optee-test, perl, php, proftpd, protobuf,
python-django, python-jinja2, python-lxml, python-paramiko,
python-py, python-pygments, python-rpi-ws281x, python-urllib3,
python3, qt5webkit, qwt, rpm, samba4, sconeserver, sdl2, shim,
sqlcipher, squid, sysklogd, syslinux, sysvinit, tor,
transmission, tzdata, uboot, uclibc, upx, webkitgtk,
wireshark, wpebackend-fdo, wpewebkit, xen, zstd

New packages: perl-parse-yapp

Issues resolved (http://bugs.uclibc.org):

#13516: utils/scanpypi: Failure when parsing diffoscope
#13576: Issues compiling buildroot for 5x86
#13601: Gen image :Iappropriate ioctl error
#13616: tar file from git repository generation issue
#13641: glibc on raspberrypi
#13646: Gen image version 14 error : no sub -section title/..
#13671: openSSH server closes connection before authentication..

2021.02, released March 6th, 2021

Various fixes.
Expand Down
20 changes: 0 additions & 20 deletions Config.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -713,25 +713,15 @@ endmenu

comment "Security Hardening Options"

config BR2_PIC_PIE_ARCH_SUPPORTS
bool
default y
# Microblaze glibc toolchains don't work with PIC/PIE enabled
depends on !BR2_microblaze
# Nios2 toolchains produce non working binaries with -fPIC
depends on !BR2_nios2

config BR2_PIC_PIE
bool "Build code with PIC/PIE"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
depends on BR2_SHARED_LIBS
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
help
Generate Position-Independent Code (PIC) and link
Position-Independent Executables (PIE).

comment "PIC/PIE needs a toolchain w/ PIE"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
depends on BR2_SHARED_LIBS
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

Expand Down Expand Up @@ -818,7 +808,6 @@ config BR2_RELRO_PARTIAL

config BR2_RELRO_FULL
bool "Full"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
select BR2_PIC_PIE
help
Expand All @@ -827,23 +816,15 @@ config BR2_RELRO_FULL
program loading, i.e every time an executable is started.

comment "RELRO Full needs a toolchain w/ PIE"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

endchoice

comment "RELocation Read Only (RELRO) needs shared libraries"
depends on !BR2_SHARED_LIBS

config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
bool
default y
# Microblaze glibc toolchains don't work with Fortify Source enabled
depends on !BR2_microblaze

choice
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on !BR2_OPTIMIZE_0
help
Expand Down Expand Up @@ -884,7 +865,6 @@ config BR2_FORTIFY_SOURCE_2
endchoice

comment "Fortify Source needs a glibc toolchain and optimization"
depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu

Expand Down
Loading

0 comments on commit cd80536

Please sign in to comment.