buildroot.git
7 years agolibgpiod: bump version to v0.3
Bartosz Golaszewski [Sat, 24 Jun 2017 09:30:25 +0000 (11:30 +0200)]
libgpiod: bump version to v0.3

Add host-pkgconf to dependencies as we now use PKG_CHECK_MODULES in
configure.ac.

Changelog for v0.3:

New features:
- gpiomon can now watch multiple lines at the same time and supports custom
  output formats which can be specified using the --format argument
- testing framework can now test external programs: test cases for gpio-tools
  have been added

Improvements:
- improve error messages
- improve README examples
- configure script improvements

Bug fixes:
- use correct UAPI flags when requesting line events

Also includes bug fixes from v0.2.1:

Bug fixes:
- capitalize 'GPIO' in error messages in gpioset, gpioget & gpiomon
- tweak the error message on invalid arguments in gpiofind
- don't ignore superfluous arguments and fix the displayed name for falling
  edge events in gpiomon

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/dt-utils: new package
Marcin Niestroj [Fri, 23 Jun 2017 10:37:57 +0000 (12:37 +0200)]
package/dt-utils: new package

Add two upstreamable patches for this package to fix uClibc
and musl builds.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoglmark2: Bump to the latest version
Fabio Estevam [Fri, 23 Jun 2017 13:28:10 +0000 (10:28 -0300)]
glmark2: Bump to the latest version

The two patches are no longer needed with the latest upstream version,
so bump to the latest one.

Tested on imx6.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoutil-linux: bump to version 2.30
Carlos Santos [Fri, 23 Jun 2017 02:52:31 +0000 (23:52 -0300)]
util-linux: bump to version 2.30

- Update the "basic set" description to include fincore, which is built
  by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Add a patch to revert the assumption that ncursesw headers are under
  /usr/include/ncursesw/ only. That's necessary to have both versions
  for ABI/API compatibility but does not make sense on embedded systems.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.

The patch is a bit drastic but it solves the problem of using ncursews
while we discuss a better solution in the util-linux mailing list.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agouclibc: fix knock build issue
Waldemar Brodkorb [Thu, 22 Jun 2017 22:07:23 +0000 (00:07 +0200)]
uclibc: fix knock build issue

This patch sync's with GNU C library and removes __FAVOR_BSD.

Fixes:
  http://autobuild.buildroot.net/results/908/90863b5adb769a346acd3dc4bbe8d5fa497a0581/build-end.log

Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenvpn: security bump to version 2.4.3
Baruch Siach [Thu, 22 Jun 2017 17:54:57 +0000 (20:54 +0300)]
openvpn: security bump to version 2.4.3

Fixes:

CVE-2017-7508 - Remotely-triggerable ASSERT() on malformed IPv6 packet

CVE-2017-7520 - Pre-authentication remote crash/information disclosure for
clients

CVE-2017-7521 - Potential double-free in --x509-alt-username

CVE-2017-7521 - Remote-triggerable memory leaks

CVE-2017-7522 - Post-authentication remote DoS when using the --x509-track
option

Details at

  https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agospice: add post-0.12.8 upstream security fixes
Peter Korsgaard [Wed, 21 Jun 2017 22:07:44 +0000 (00:07 +0200)]
spice: add post-0.12.8 upstream security fixes

Fixes the following security issues:

CVE-2016-9577

    Frediano Ziglio of Red Hat discovered a buffer overflow
    vulnerability in the main_channel_alloc_msg_rcv_buf function. An
    authenticated attacker can take advantage of this flaw to cause a
    denial of service (spice server crash), or possibly, execute
    arbitrary code.

CVE-2016-9578

    Frediano Ziglio of Red Hat discovered that spice does not properly
    validate incoming messages. An attacker able to connect to the
    spice server could send crafted messages which would cause the
    process to crash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agospice: security bump to version 0.12.8
Peter Korsgaard [Wed, 21 Jun 2017 22:07:43 +0000 (00:07 +0200)]
spice: security bump to version 0.12.8

Fixes the following security issues:

CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.

CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.

The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agospice: security bump to version 0.12.6
Peter Korsgaard [Wed, 21 Jun 2017 22:07:42 +0000 (00:07 +0200)]
spice: security bump to version 0.12.6

Fixes the following security issues:

CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.

CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.

CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.

Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.

Lz4 is a new optional dependency, so handle it.

The spice protocol definition is no longer included and instead used from
spice-protocol.  The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help.  The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agospice: bump to version 0.12.5
Peter Korsgaard [Wed, 21 Jun 2017 22:07:41 +0000 (00:07 +0200)]
spice: bump to version 0.12.5

Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.

Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.

Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.

Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.

A user manual is now generated by default if asciidoc is available, so
explicitly disable that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/linuxconsoletools: always select a sub-option
Koen Martens [Thu, 22 Jun 2017 13:03:00 +0000 (15:03 +0200)]
package/linuxconsoletools: always select a sub-option

This patch forces BR2_PACKAGE_LINUXCONSOLETOOLS_INPUTATTACH
to be selected if none of the other sub-options are
selected. This fixes build failures when using
'make randpackageconfig', where selecting
BR2_PACKAGE_LINUXCONSOLETOOLS without selecting any sub-option
would break in the 'install to target' phase.

Fixes:
http://autobuild.buildroot.net/results/94b/94bc050f291cc42a4fdcf02157320576feb03654/
http://autobuild.buildroot.net/results/f62/f62c5e8bd63d21211eb0e658c4e84135bd59b8cb/

And many more.

[Peter: add autobuilder references and wrap Config.in line]
Signed-off-by: Koen Martens <koen.martens@transport.alstom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/cubieboard2_defconfig: use U-Boot boot script generation logic
Thomas Petazzoni [Wed, 21 Jun 2017 21:41:43 +0000 (23:41 +0200)]
configs/cubieboard2_defconfig: use U-Boot boot script generation logic

Instead of a custom post-build script, use the boot script generation
logic of the U-Boot package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agouboot: add support for generating U-Boot boot scripts
Thomas Petazzoni [Wed, 21 Jun 2017 21:41:42 +0000 (23:41 +0200)]
uboot: add support for generating U-Boot boot scripts

More and more of our defconfigs need to generate a U-Boot boot
script. It's a simple call to mkimage, but we already have 12
instances of this logic in board/, and there are patch series waiting
in patchwork adding 3 more boards that need this.

So let's add an option in the U-Boot package to generate such a boot
script image easily.

Note that we assume a single script needs to be generated, and the
output file name is boot.scr. The only platform for which it seems to
not be the case are the Boundary Devices platforms: they generate two
boot scripts, 6x_bootscript and 6x_upgrade, but they are anyway
installed inside TARGET_DIR, not BINARIES_DIR.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoupmpdcli: needs gcc >= 4.9
Jörg Krause [Thu, 22 Jun 2017 06:01:38 +0000 (08:01 +0200)]
upmpdcli: needs gcc >= 4.9

Commit 5d043799cd changed the dependency for libupnpp on GCC to 4.9, but
did not propagate the dependency to upmpdcli.

Fixes:
http://autobuild.buildroot.net/results/df2/df23cd5e77f61caf3f30cf43c91bc161a88def3a/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/{mesa3d, mesa3d-headers}: bump version to 17.1.3
Fabio Estevam [Thu, 22 Jun 2017 00:08:50 +0000 (21:08 -0300)]
package/{mesa3d, mesa3d-headers}: bump version to 17.1.3

Patch 0006 is no longer needed as the fix is already upstream.
Confirmed that the colors are displayed correctly when running the
Qt5CinematicDemo application on i.mx6.

Patch 0007 is already applied upstream.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/olimex_a13_olinuxino: new defconfig
Chakra Divi [Sun, 18 Jun 2017 16:28:09 +0000 (21:58 +0530)]
configs/olimex_a13_olinuxino: new defconfig

Add initial support for a13_olinuxino board
with below features
- U-Boot 2017.05
- Linux 4.11.5
- Default packages from buildroot

Signed-off-by: Chakra Divi <chakra@openedev.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas:
 - use full name in DEVELOPERS file
 - remove parametrization of the post-build.sh script, just hardcode
   the boot.cmd file used as input
 - add missing dosfstools and mtools host packages in defconfig,
   needed because a vfat partition is defined in the genimage.cfg
   file
 - minor tweaks to readme.txt file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoapr: bump version to 1.6.2
Adam Duskett [Wed, 21 Jun 2017 20:30:57 +0000 (16:30 -0400)]
apr: bump version to 1.6.2

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojansson: bump to version 2.10
Adam Duskett [Wed, 21 Jun 2017 20:30:56 +0000 (16:30 -0400)]
jansson: bump to version 2.10

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosyslog-ng: bump to version 3.10.1
Adam Duskett [Wed, 21 Jun 2017 20:30:55 +0000 (16:30 -0400)]
syslog-ng: bump to version 3.10.1

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agommc-utils: bump version to 37c86e60c0442fef570b75cd81aeb1db4d0cbafd
Adam Duskett [Wed, 21 Jun 2017 20:30:54 +0000 (16:30 -0400)]
mmc-utils: bump version to 37c86e60c0442fef570b75cd81aeb1db4d0cbafd

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibcurl: bump version to 7.54.1
Adam Duskett [Wed, 21 Jun 2017 20:30:53 +0000 (16:30 -0400)]
libcurl: bump version to 7.54.1

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosqlite: bump to version 3190300
Adam Duskett [Wed, 21 Jun 2017 20:30:52 +0000 (16:30 -0400)]
sqlite: bump to version 3190300

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostrace: bump version to 4.17
Adam Duskett [Wed, 21 Jun 2017 20:30:51 +0000 (16:30 -0400)]
strace: bump version to 4.17

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoorangepi_zero_defconfig: add xradio wireless driver
Sergey Matyukevich [Sun, 18 Jun 2017 18:42:00 +0000 (21:42 +0300)]
orangepi_zero_defconfig: add xradio wireless driver

Add xradio driver to enable on-board SDIO WiFi chip XR819.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoxr819-xradio: new package
Sergey Matyukevich [Sun, 18 Jun 2017 18:41:59 +0000 (21:41 +0300)]
xr819-xradio: new package

This patch adds xradio wireless driver for SDIO WiFi chip XR819.
The out-of-tree driver is sourced from fifteenhex's work
on github https://github.com/fifteenhex/xradio

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/lua-flu: new package
Marcin Niestroj [Tue, 20 Jun 2017 15:16:31 +0000 (17:16 +0200)]
package/lua-flu: new package

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: "depends on" before "select" in Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenssh: fix sshd for MIPS64 n32
Vicente Olivert Riera [Tue, 20 Jun 2017 16:15:19 +0000 (17:15 +0100)]
openssh: fix sshd for MIPS64 n32

This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.

The first patch adds support for detecting the MIPS ABI during the
configure phase.

The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.

Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.

Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:

[pid   194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid   194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid   193] <... poll resumed> )        = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid   194] +++ killed by SIGSYS +++

Pull request: https://github.com/openssh/openssh-portable/pull/71

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobarebox: support multiple image files
Marcin Niestroj [Wed, 21 Jun 2017 07:03:53 +0000 (09:03 +0200)]
barebox: support multiple image files

Add support for specifying multiple image files in
BR2_TARGET_BAREBOX_IMAGE_FILE config option.

This is useful for boards with several RAM size variants.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: rename internal variable from $(1)_IMAGE_FILE to
$(1)_IMAGE_FILES.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/atmel: bump to linux4sam_5.6
Ludovic Desroches [Wed, 21 Jun 2017 08:12:01 +0000 (10:12 +0200)]
configs/atmel: bump to linux4sam_5.6

Bump at91sam9x5ek, atmel_sama5d2_xplained, atmel_sama5d3_xplained and
atmel_sama5d4_xplained to linux4sam_5.6.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboard/atmel: provide u-boot env for at91sam9x5ek_mmc
Ludovic Desroches [Wed, 21 Jun 2017 08:12:00 +0000 (10:12 +0200)]
board/atmel: provide u-boot env for at91sam9x5ek_mmc

Default bootargs have changed in U-Boot for this board. Build U-Boot
environment and add it to the SD card image to update bootargs.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboard/atmel: at91sam9x5ek_mmc: add 1M offset for FAT partition
Ludovic Desroches [Wed, 21 Jun 2017 08:11:59 +0000 (10:11 +0200)]
board/atmel: at91sam9x5ek_mmc: add 1M offset for FAT partition

at91sam9x5ek_mmc board was missing in the previous patch adding 1M
offset for FAT partition to solve some boot issues with the ROM code.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agokmsxx: update version
Venkateswara Rao Mandela [Wed, 21 Jun 2017 14:33:45 +0000 (20:03 +0530)]
kmsxx: update version

Updating version to latest as on 26 June 2017 to include kmstest utility

Signed-off-by: Venkateswara Rao Mandela <venkat.mandela@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoiperf: fix tarball hashes changed upstream
Alexander Dahl [Wed, 21 Jun 2017 04:06:58 +0000 (06:06 +0200)]
iperf: fix tarball hashes changed upstream

Upstream uploaded a new tarball with the same version number 2016-09-08,
some time after the update to v2.0.9 in buildroot. Someone noticed, but
upstream set the ticket to wontfix, and promised to do better in the
future: https://sourceforge.net/p/iperf2/tickets/20/

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoc-ares: security bump to version 1.13.0
Peter Korsgaard [Tue, 20 Jun 2017 21:24:21 +0000 (23:24 +0200)]
c-ares: security bump to version 1.13.0

Fixes the following security issues:

CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.

https://c-ares.haxx.se/adv_20170620.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/input-tools: remove package
Koen Martens [Tue, 20 Jun 2017 18:54:49 +0000 (20:54 +0200)]
package/input-tools: remove package

remove input-tools, it has been obsoleted by linuxconsoletools

linuxconsoletools uses the same name as upstream and carries
the latest version of the tools installed by input-tools.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoapache: security bump to version 2.4.26
Peter Korsgaard [Tue, 20 Jun 2017 21:13:45 +0000 (23:13 +0200)]
apache: security bump to version 2.4.26

Fixes the following security issues:

CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.

CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.

CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string.  By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.

CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.

While we're at it, use the upstream sha256 checksum instead of sha1.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobind: security bump to version 9.11-P1
Peter Korsgaard [Tue, 20 Jun 2017 20:55:34 +0000 (22:55 +0200)]
bind: security bump to version 9.11-P1

Fixes the following security issues:

CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.

https://kb.isc.org/article/AA-01495/74/CVE-2017-3140

CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1.  The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.

https://kb.isc.org/article/AA-01496/74/CVE-2017-3141

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/kvazaar: needs threads
Alexandre Esse [Tue, 20 Jun 2017 20:39:05 +0000 (22:39 +0200)]
package/kvazaar: needs threads

Fixes:

  http://autobuild.buildroot.net/results/6e1eabd691b8674f61898bc0fe734208d226f965/

Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: Add janus-gateway to Adam Duskett
Adam Duskett [Thu, 15 Jun 2017 12:13:14 +0000 (08:13 -0400)]
DEVELOPERS: Add janus-gateway to Adam Duskett

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojanus-gateway: add unix-sockets to transport section
Adam Duskett [Thu, 15 Jun 2017 12:13:13 +0000 (08:13 -0400)]
janus-gateway: add unix-sockets to transport section

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojanus-gateway: add mqtt to transport section
Adam Duskett [Thu, 15 Jun 2017 12:13:12 +0000 (08:13 -0400)]
janus-gateway: add mqtt to transport section

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate paho-mqtt dependencies, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojanus-gateway: add rabbitmq to transports section
Adam Duskett [Thu, 15 Jun 2017 12:13:11 +0000 (08:13 -0400)]
janus-gateway: add rabbitmq to transports section

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate rabbitmq-c dependency, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojanus-gateway: add websockets to transport section
Adam Duskett [Thu, 15 Jun 2017 12:13:10 +0000 (08:13 -0400)]
janus-gateway: add websockets to transport section

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate BR2_USE_MMU dependency.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agojanus-gateway: add HTTP/REST to a new transport config section
Adam Duskett [Thu, 15 Jun 2017 12:13:09 +0000 (08:13 -0400)]
janus-gateway: add HTTP/REST to a new transport config section

janus-gateway supports many different transports, and currently there
is no implicit way to turn them off or on. Instead, if the dependency
happens to be built, then the transport is enabled.

Create a transports section in the config file and add
BR2_PACKAGE_JANUS_REST as the first transport.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate thread dependency.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agomtd: switch to a foreach loop for installation
Thomas Petazzoni [Thu, 8 Jun 2017 21:05:09 +0000 (23:05 +0200)]
mtd: switch to a foreach loop for installation

Such a construct allows to bail out if the installation of one of the
program fails, which the current shell-based for loop doesn't do.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agomtd: bump to version 2.0.0
Adam Duskett [Thu, 8 Jun 2017 21:05:08 +0000 (23:05 +0200)]
mtd: bump to version 2.0.0

This revision includes:
  - Moving from a handwritten makefile to autotools.
  - Restructuring and cleaning up the source tree.
  - Fixing the problems that the patches in the package/mtd directory fixed.

Changes:
  - Move from generic-package to autotools-package in mtd.mk.
  - Remove no longer necessary patches.
  - Update binary locations in mtd.mk
  - Update library/header locations in mtd.mk
  - Remove MTD_ADD_MISSING_LINTL definition from mtd.mk, as it's no longer
    needed.

Tested with toolchains compiled with musl, uclibc, and glibc.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: additional improvements
 - introduce hidden options BR2_PACKAGE_MTD_JFFS_UTILS,
   BR2_PACKAGE_MTD_UBIFS_UTILS and BR2_PACKAGE_MTD_TESTS that match the
   ./configure options of mtd. Those hidden options select the
   appropriate dependencies checked by the configure script, and are
   selected by the existing per-tool Config.in options.
 - .mk file is changed to handle properly the new hidden options
   BR2_PACKAGE_MTD_JFFS_UTILS, BR2_PACKAGE_MTD_UBIFS_UTILS and
   BR2_PACKAGE_MTD_TESTS.
 - .mk file is changed to properly handle BR2_PACKAGE_ACL, by passing
   --with-xattr/--without-xattr.
 - remove HOST_MTD_BUILD_CMDS and HOST_MTD_INSTALL_CMDS, those are no
   longer needed since we have an autotools-package now.
 - MTD_STAGING_y and MTD_INSTALL_STAGING_CMDS are removed, we use the
   default staging installation commands, that install everything that
   is needed.
 - the MTD_TARGETS_UBI_y variable is merged into MTD_TARGETS_y, as we no
   longer need to distinguish both.
 - integck installation logic is moved into MTD_TARGETS_y.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x264: bump version
Bernd Kuhls [Mon, 5 Jun 2017 16:22:38 +0000 (18:22 +0200)]
package/x264: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: update hash file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x264: disable optional ffmpeg support
Bernd Kuhls [Mon, 5 Jun 2017 16:22:37 +0000 (18:22 +0200)]
package/x264: disable optional ffmpeg support

In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.

If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.

To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.

Fixes
http://autobuild.buildroot.net/results/36a/36abb5b8f3aab57fb7b63056b216b4a58143ee3e/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolirc-tools: no need to check for clock_gettime
Baruch Siach [Fri, 16 Jun 2017 03:32:58 +0000 (06:32 +0300)]
lirc-tools: no need to check for clock_gettime

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.

Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenipmi: no need to check for clock_gettime
Baruch Siach [Fri, 16 Jun 2017 03:32:57 +0000 (06:32 +0300)]
openipmi: no need to check for clock_gettime

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoliboping: no need to check for clock_gettime
Baruch Siach [Fri, 16 Jun 2017 03:32:56 +0000 (06:32 +0300)]
liboping: no need to check for clock_gettime

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoe2fsprogs: don't link with librt
Baruch Siach [Fri, 16 Jun 2017 03:32:55 +0000 (06:32 +0300)]
e2fsprogs: don't link with librt

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibv4l: don't link with librt
Baruch Siach [Fri, 16 Jun 2017 03:32:54 +0000 (06:32 +0300)]
libv4l: don't link with librt

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.

The following patches are not renumbered. The noise is too high.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoaiccu: don't link with librt
Baruch Siach [Fri, 16 Jun 2017 03:32:53 +0000 (06:32 +0300)]
aiccu: don't link with librt

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.

Cc: Michael Rommel <rommel@layer-7.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoswupdate: don't link with librt
Baruch Siach [Fri, 16 Jun 2017 03:32:52 +0000 (06:32 +0300)]
swupdate: don't link with librt

Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.

Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodocs/manual: drop mention of removed external toolchains
Baruch Siach [Fri, 16 Jun 2017 03:32:51 +0000 (06:32 +0300)]
docs/manual: drop mention of removed external toolchains

The CodeSourcery x86 and sh, the ADI Blackfin, and the Xilinx Mircoblaze
external toolchain profiles have all been removed. Update the manual.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotoolchain-external: update list of toolchains
Baruch Siach [Fri, 16 Jun 2017 03:32:50 +0000 (06:32 +0300)]
toolchain-external: update list of toolchains

Remove mention of toolchains the we don't have.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage: remove CodeSourcery sh dependencies
Baruch Siach [Fri, 16 Jun 2017 03:32:49 +0000 (06:32 +0300)]
package: remove CodeSourcery sh dependencies

The CodeSourcery sh toolchain has been removed. Drop negative dependencies on
that toolchain.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotoolchain: remove CodeSourcery sh toolchain
Baruch Siach [Fri, 16 Jun 2017 03:32:48 +0000 (06:32 +0300)]
toolchain: remove CodeSourcery sh toolchain

Since glibc 2.17, executable link command need not include the -lrt option for
clock_* system calls. As a result, over time less and less software packages
bother to check whether to toolchain needs -lrt. We are now at a point where
maintainers refuse to add this complexity into their build system. This
requires Buildroot to carry patches fixing this issue indefinitely.

glibc 2.17 is now 4.5 years old. There is no reason to use an older version
with current software.

This commit removes the predefined profile for CodeSourcery sh toolchain that
is based on glibc 2.16. One may still use the custom external toolchain
support in Buildroot to get this toolchain back, and deal with any build
issues that this toolchain causes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotoolchain: remove CodeSourcery x86 toolchain
Baruch Siach [Fri, 16 Jun 2017 03:32:47 +0000 (06:32 +0300)]
toolchain: remove CodeSourcery x86 toolchain

Since glibc 2.17, executable link command need not include the -lrt option for
clock_* system calls. As a result, over time less and less software packages
bother to check whether to toolchain needs -lrt. We are now at a point where
maintainers refuse to add this complexity into their build system. This
requires Buildroot to carry patches fixing this issue indefinitely.

glibc 2.17 is now 4.5 years old. There is no reason to use an older version
with current software.

This commit removes the predefined profile for CodeSourcery x86 toolchain that
is based on glibc 2.16. One may still use the custom external toolchain
support in Buildroot to get this toolchain back, and deal with any build
issues that this toolchain causes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodocs/manual: update external toolchain advantages list
Baruch Siach [Fri, 16 Jun 2017 03:32:46 +0000 (06:32 +0300)]
docs/manual: update external toolchain advantages list

Buildroot can build non-uClibc toolchains internally for quite some time now.
Update the manual text.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibtirpc: Fix build error due to missing stdint.h inclusion
Dmitrii Kolesnichenko [Tue, 20 Jun 2017 16:55:31 +0000 (19:55 +0300)]
libtirpc: Fix build error due to missing stdint.h inclusion

Add patch to fix following error:
| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
|   if (len < (uintptr_t)xdrs->x_base) {
|              ^~~~~~~~~

This error occurs with the latest glibc master version (during the testing I had
glibc commit 92bd70fb85bce57ac47ba5d8af008736832c955a), but doesn't occur with
version 2.25.

Patch includes stdint.h to provide uintptr_t.

It has been submitted upstream:
https://sourceforge.net/p/libtirpc/mailman/message/35850276/

Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
[Thomas: reformat as Git formatted patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-cherrypy: bump to version 10.2.2
Yegor Yefremov [Fri, 16 Jun 2017 07:27:58 +0000 (09:27 +0200)]
python-cherrypy: bump to version 10.2.2

Fix license info, add new dependencies and change setup type.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-cheroot: new package
Yegor Yefremov [Fri, 16 Jun 2017 07:27:57 +0000 (09:27 +0200)]
python-cheroot: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-portend: new package
Yegor Yefremov [Fri, 16 Jun 2017 07:27:56 +0000 (09:27 +0200)]
python-portend: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-tempora: new package
Yegor Yefremov [Fri, 16 Jun 2017 07:27:55 +0000 (09:27 +0200)]
python-tempora: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoroseapplepi: backport upstream patches to fix build with gcc 6
Peter Korsgaard [Tue, 20 Jun 2017 11:49:52 +0000 (13:49 +0200)]
roseapplepi: backport upstream patches to fix build with gcc 6

The recent change to default to gcc 6 for the internal toolchain broke this
defconfig as the u-boot and linux kernel are too old to build with gcc 6.

Fit it by backporting the following commits:

- u-boot: 9b2c282b34 (compiler*.h: sync include/linux/compiler*.h with Linux 4.5-rc6)
- linux:  cb984d101b (compiler-gcc: integrate the various compiler-gcc[345].h files)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agov4l2loopback: new package
Alexandre Esse [Tue, 20 Jun 2017 19:11:38 +0000 (21:11 +0200)]
v4l2loopback: new package

This package provides a kernel module and utilities in order to use
v4l2loopback virtual devices.  This module allows you to create
"virtual video devices" normal (v4l2) applications will read these
devices as if they were ordinary video devices, but the video will not
be read from e.g. a capture card but instead it is generated by
another application.

Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/nodejs: don't build cctest target
Martin Bark [Tue, 20 Jun 2017 08:39:01 +0000 (09:39 +0100)]
package/nodejs: don't build cctest target

cctest is a test package that is built by default.  We don't use of it
and recently it has been failing to build in the host-nodejs builds
so disable it.

Fixes:
http://autobuild.buildroot.net/results/1d7642073d169de941e74dc3a0efba6e992e2de7
http://autobuild.buildroot.net/results/8801109c1976e1c7a08dc4036c6a38efdbb8cd7e
http://autobuild.buildroot.net/results/6d52bc9fef4c9f12f0091e93c020ab2cd4c4c5a1
http://autobuild.buildroot.net/results/a8b8a781bdea668b657311c68b6f0ca0f74169c7

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/nodejs: bump version to 8.1.2
Martin Bark [Tue, 20 Jun 2017 08:39:00 +0000 (09:39 +0100)]
package/nodejs: bump version to 8.1.2

See https://nodejs.org/en/blog/release/v8.1.2/

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoexpat: fix patch that doesn't apply properly
Thomas Petazzoni [Tue, 20 Jun 2017 05:40:25 +0000 (07:40 +0200)]
expat: fix patch that doesn't apply properly

Fixes:

  http://autobuild.buildroot.net/results/23f799009ae10c5de2b06a7747a28804818204c2/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agontp: enable/disable sntp support depending on BR2_PACKAGE_NTP_SNTP
Vicente Olivert Riera [Mon, 19 Jun 2017 14:33:25 +0000 (15:33 +0100)]
ntp: enable/disable sntp support depending on BR2_PACKAGE_NTP_SNTP

We already have an option for selecting sntp support in ntp that can be
chosen from the menuconfig, and ntp's configure script has a --with-sntp
option (with its --without counterpart) which can be used for disabling
sntp support in ntp. However, we are not using it. This patch will make
use of it.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoirssi: drop obsolete configure option
Rodrigo Rebello [Mon, 19 Jun 2017 06:02:43 +0000 (03:02 -0300)]
irssi: drop obsolete configure option

The configure option --with-ncurses has been removed in version 1.0.0
and thus is no longer needed.

Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoirssi: security bump to version 1.0.3
Peter Korsgaard [Sun, 18 Jun 2017 21:35:02 +0000 (23:35 +0200)]
irssi: security bump to version 1.0.3

Fixes:

CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host.  A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a  denial of
service.

CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files.  A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.

See https://irssi.org/security/irssi_sa_2017_06.txt for more details.

Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoexpat: security bump to version 2.2.1
Peter Korsgaard [Sun, 18 Jun 2017 21:20:04 +0000 (23:20 +0200)]
expat: security bump to version 2.2.1

Fixes:

- CVE-2017-9233 - External entity infinite loop DoS. See:
  https://libexpat.github.io/doc/cve-2017-9233/

- CVE-2016-9063 -- Detect integer overflow

And further more:

- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

- Extend fix for CVE-2016-5300 (use getrandom() if available).

- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
  version of SipHash).

Also add an upstream patch to fix detection of getrandom().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoRevert "util-linux: bump to version 2.30"
Carlos Santos [Mon, 19 Jun 2017 12:42:38 +0000 (09:42 -0300)]
Revert "util-linux: bump to version 2.30"

This reverts commit 088292cfc16359b966882f66b6e94dbc2c9813cb to prevent
breaking the build while we search for the root cause of the problem.

Fixes:
  http://autobuild.buildroot.net/results/7b0b1d8ba0015308724a9677f890e6e63f77e0ad
  http://autobuild.buildroot.net/results/11476388b8b774dc5ca7c9ceb34ea9ad1a4314b9
  http://autobuild.buildroot.net/results/9730d0c4a4001314351a0a116164ba854272db4d
  http://autobuild.buildroot.net/results/4d1440360bddfd0ddbbdddf6077bca0e796f2949
  http://autobuild.buildroot.net/results/f3089d8b8727a526eeb553964711e0066287422e
  http://autobuild.buildroot.net/results/ace6aaad6bee0f4bed44126fea57a090ff2541f9
  http://autobuild.buildroot.net/results/ff460fff5da05d38776eb04e8ada947290248f42
  http://autobuild.buildroot.net/results/a4979169d78938e0cc06e6a69eaac0ab13dc3084
  http://autobuild.buildroot.net/results/84e8c23ecb77a99f9bb70fca9de4a5062414037d
  http://autobuild.buildroot.net/results/d3433ef125b5cfbf8a4b8824c256dbd0ea34b6bb
  http://autobuild.buildroot.net/results/92bc3ae63709dae8cdb8860bd997f72c92ede442
  http://autobuild.buildroot.net/results/d9122512b0d0802c19184eccb5056bf985f74e5b
  http://autobuild.buildroot.net/results/dad980abe5dc72df436b21270797b32435b55392
  http://autobuild.buildroot.net/results/7def156b29011b90a20579b4bad436a7acde498c
  http://autobuild.buildroot.net/results/0bb97b8edc5cea657992cdb083ce9ae79c969f03
  http://autobuild.buildroot.net/results/8f76af2caf7dd08919a20cc1fd848c920512e988
  http://autobuild.buildroot.net/results/3a8ecda0ce63dd67a73d66fbd238072ddb079900
  http://autobuild.buildroot.net/results/8d43e6f00be41fde7163868c5fbc3235097629ed
  http://autobuild.buildroot.net/results/5049aab863707aae09bde540d98ea8063c017e7e
  http://autobuild.buildroot.net/results/e227393a29590b298112dfd8efa4aebe2ffa9294
  http://autobuild.buildroot.net/results/8ad4455dcdfcd991dff728910bdbcfa57f5774a4
  http://autobuild.buildroot.net/results/27947db73e4875df1dbeee35a6ea8ad6a31af0b5
  http://autobuild.buildroot.net/results/5a9cc647e648a61e3c24f929987df356abcdc104
  http://autobuild.buildroot.net/results/eb01bb21f6c942cf8cf067450f016fd3893cc7cd
  http://autobuild.buildroot.net/results/6f7e3f6b4acc93ce695c07199cf6bf643db4386e

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoaudit: bump to version 2.7.7
Adam Duskett [Mon, 19 Jun 2017 15:02:47 +0000 (11:02 -0400)]
audit: bump to version 2.7.7

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agogdb: fix full gdb build for MIPS musl
Vicente Olivert Riera [Mon, 19 Jun 2017 16:00:08 +0000 (17:00 +0100)]
gdb: fix full gdb build for MIPS musl

Currently building full gdb for MIPS musl fails because it's trying to
include <sgidefs.h> which is provided by glibc and uClibc, but not by
musl.

However, the kernel headers provide <asm/sgidefs.h> which has the same
definitions, so we can use that one instead.

Backporting a patch that has been sent upstream. Taken from here:

https://sourceware.org/bugzilla/show_bug.cgi?id=21070

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinuxconsoletools: new package
Koen Martens [Mon, 19 Jun 2017 16:55:06 +0000 (18:55 +0200)]
linuxconsoletools: new package

Linuxconsoletools contains the inputattach utility
to attach legacy serial devices to the Linux kernel
input layer and joystick utilities to calibrate and
test joysticks and joypads.

The buildroot package adds options to build only certain
tools.

website: http://sf.net/projects/linuxconsole/

Signed-off-by: Koen Martens <gmc@sonologic.nl>
[Thomas: minor tweaks to Config.in and .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agofcgiwrap: disable -Werror in CFLAGS
Thomas Claveirole [Mon, 19 Jun 2017 16:26:05 +0000 (18:26 +0200)]
fcgiwrap: disable -Werror in CFLAGS

fcgiwrap's configure script appends -Werror to AM_CFLAGS, then use it
to build the package.  This is an issue when Buildroot supports a new
compiler version and this version makes some warnings appear.
Luckily, one can provide CFLAGS=-Wno-error to the configure script so
it appends -Wno-error to AM_CFLAGS.

Fixes:

  http://autobuild.buildroot.net/results/8e04bf5a85ecd7f120bc9dedeedc891def6c46c1/

Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/qemu_sh4*: rename back the linux config file to linux-4.9.config
Thomas Petazzoni [Mon, 19 Jun 2017 07:26:12 +0000 (09:26 +0200)]
configs/qemu_sh4*: rename back the linux config file to linux-4.9.config

In commit 28d97609b25cb534a55b6cf6b1945428e817c54a ("configs/qemu:
bump to the latest kernel version") updated most qemu defconfigs to
use Linux 4.11. However, for the SH4 configurations, Linux 4.9 was
kept, because 4.11 apparently has an issue.

Unfortunately, while the defconfigs for SH4 were unchanged, the Linux
kernel configuration file was renamed from linux-4.9.config to
linux-4.11.config.

This commit renames the Linux configuration files back to their
previous name, linux-4.9.config, matching what the Qemu SH4 defconfigs
specify.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboard: move nanopi-neo under friendlyarm
Chakra Divi [Sun, 18 Jun 2017 18:23:09 +0000 (23:53 +0530)]
board: move nanopi-neo under friendlyarm

As the vendor folder friendlyarm is created, move board nanopi-neo
also under vendor folder.

Signed-off-by: Chakra Divi <chakra@openedev.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agokvazaar: new package
Alexandre Esse [Fri, 16 Jun 2017 23:29:27 +0000 (01:29 +0200)]
kvazaar: new package

Kvazaar is an open-source HEVC encoder licensed under LGPLv2.1.
This provides tools to encode raw video into HEVC stream.

website: http://ultravideo.cs.tut.fi/

Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
[Thomas: add --without-cryptopp to explicitly disable support for this
optional dependency, use SPDX license code, fix Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/freeswitch: bump version to 1.6.18
Bernd Kuhls [Sat, 17 Jun 2017 14:48:14 +0000 (16:48 +0200)]
package/freeswitch: bump version to 1.6.18

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libunwind: bump version to 1.2.1
Bernd Kuhls [Sat, 17 Jun 2017 14:38:08 +0000 (16:38 +0200)]
package/libunwind: bump version to 1.2.1

Backported patch from master branch which implements --disable-tests
configure option, removed original patch 0001, added _CONF_OPTS.

Removed patch 0003, applied upstream:
https://github.com/libunwind/libunwind/commit/f1684379dfaf8018d5d4c1945e292a56d0fab245

Added upstream patch to fix musl build.

Tested using this defconfig

BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_LTRACE=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_WESTON=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XSERVER_XORG_SERVER=y
BR2_PACKAGE_LIBJPEG=y
BR2_PACKAGE_LIBUNWIND=y

with test-pkg

                armv5-ctng-linux-gnueabi [ 1/49]: OK
              armv7-ctng-linux-gnueabihf [ 2/49]: OK
                        br-aarch64-glibc [ 3/49]: SKIPPED
                           br-arcle-hs38 [ 4/49]: SKIPPED
                            br-arm-basic [ 5/49]: SKIPPED
                  br-arm-cortex-a9-glibc [ 6/49]: OK
                   br-arm-cortex-a9-musl [ 7/49]: SKIPPED
                   br-arm-cortex-m4-full [ 8/49]: SKIPPED
                             br-arm-full [ 9/49]: OK
                    br-arm-full-nothread [10/49]: SKIPPED
                      br-arm-full-static [11/49]: SKIPPED
                            br-bfin-full [12/49]: SKIPPED
                   br-i386-pentium4-full [13/49]: SKIPPED
                br-i386-pentium-mmx-musl [14/49]: SKIPPED
                       br-m68k-5208-full [15/49]: SKIPPED
                      br-m68k-68040-full [16/49]: SKIPPED
                    br-microblazeel-full [17/49]: SKIPPED
                 br-mips32r6-el-hf-glibc [18/49]: OK
                      br-mips64-n64-full [19/49]: SKIPPED
                 br-mips64r6-el-hf-glibc [20/49]: SKIPPED
                      br-mipsel-o32-full [21/49]: OK
                          br-nios2-glibc [22/49]: SKIPPED
                      br-openrisc-uclibc [23/49]: SKIPPED
               br-powerpc-603e-basic-cpp [24/49]: SKIPPED
             br-powerpc64le-power8-glibc [25/49]: SKIPPED
               br-powerpc64-power7-glibc [26/49]: SKIPPED
                  br-powerpc-e500mc-full [27/49]: SKIPPED
                             br-sh4-full [28/49]: SKIPPED
                        br-sparc64-glibc [29/49]: SKIPPED
                         br-sparc-uclibc [30/49]: SKIPPED
                    br-x86-64-core2-full [31/49]: OK
                          br-x86-64-musl [32/49]: SKIPPED
                          br-xtensa-full [33/49]: SKIPPED
                     i686-ctng-linux-gnu [34/49]: OK
                          linaro-aarch64 [35/49]: SKIPPED
                              linaro-arm [36/49]: OK
             mips64el-ctng_n32-linux-gnu [37/49]: SKIPPED
             mips64el-ctng_n64-linux-gnu [38/49]: SKIPPED
        powerpc-ctng_e500v2-linux-gnuspe [39/49]: OK
                     sourcery-arm-armv4t [40/49]: OK
                            sourcery-arm [41/49]: OK
                     sourcery-arm-thumb2 [42/49]: OK
                         sourcery-mips64 [43/49]: SKIPPED
                           sourcery-mips [44/49]: OK
                          sourcery-nios2 [45/49]: SKIPPED
                             sourcery-sh [46/49]: SKIPPED
                         sourcery-x86-64 [47/49]: OK
                            sourcery-x86 [48/49]: OK
           x86_64-ctng_locales-linux-gnu [49/49]: OK

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoutil-linux: bump to version 2.30
Carlos Santos [Sat, 17 Jun 2017 18:43:06 +0000 (15:43 -0300)]
util-linux: bump to version 2.30

- Update the "basic set" description to include fincore, which is built
  by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Remove patch already applied upstream.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libbluray: fix build when host has no java support
Bernd Kuhls [Sun, 18 Jun 2017 07:27:37 +0000 (09:27 +0200)]
package/libbluray: fix build when host has no java support

Fixes
http://autobuild.buildroot.net/results/630/630cfe62798d0f35fdfaed8547038ba7673cc149/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/imagemagick: bump version to 7.0.6-0
Bernd Kuhls [Sun, 18 Jun 2017 07:45:38 +0000 (09:45 +0200)]
package/imagemagick: bump version to 7.0.6-0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/imagemagick: change download url to github
Bernd Kuhls [Sun, 18 Jun 2017 07:45:37 +0000 (09:45 +0200)]
package/imagemagick: change download url to github

Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux-headers: bump 4.{1, 4, 9, 11}.x series
Fabio Estevam [Sat, 17 Jun 2017 13:47:44 +0000 (10:47 -0300)]
linux-headers: bump 4.{1, 4, 9, 11}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux: bump default version to 4.11.6
Fabio Estevam [Sat, 17 Jun 2017 13:47:43 +0000 (10:47 -0300)]
linux: bump default version to 4.11.6

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/python-idna: bump version to 2.5
Bernd Kuhls [Sat, 17 Jun 2017 13:13:02 +0000 (15:13 +0200)]
package/python-idna: bump version to 2.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux-firmware: Add support for i.MX SDMA
Fabio Estevam [Fri, 16 Jun 2017 20:52:32 +0000 (17:52 -0300)]
linux-firmware: Add support for i.MX SDMA

Allow the i.MX SDMA firmwares to be installed.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux-firmware: Bump to the latest version
Fabio Estevam [Fri, 16 Jun 2017 20:52:31 +0000 (17:52 -0300)]
linux-firmware: Bump to the latest version

Update to commit ec58d9aaf3.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agocjson: bump to version 1.5.5
Fabrice Fontaine [Sat, 17 Jun 2017 11:34:11 +0000 (13:34 +0200)]
cjson: bump to version 1.5.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodropwatch: bump to master and fix site
Alexander Dahl [Sat, 17 Jun 2017 07:27:26 +0000 (09:27 +0200)]
dropwatch: bump to master and fix site

The tool was hosted at fedorahosted.org which was shut down in early
2017. According to a private conversation with the upstream maintainer,
the new home for this tool is on infradead.org so far. So the SITE was
adapted accordingly.

Additionally the version was bumped from 1.4 to current master. This
allows to drop one build patch. The other patches were recreated with
Git.

Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/mesa3d: always pass --with-platforms
Bernd Kuhls [Sat, 17 Jun 2017 07:19:57 +0000 (09:19 +0200)]
package/mesa3d: always pass --with-platforms

If --with-platforms is not used mesa3d defaults to x11:
https://cgit.freedesktop.org/mesa/mesa/tree/configure.ac?h=17.1#n1641
https://cgit.freedesktop.org/mesa/mesa/tree/configure.ac?h=17.1#n1659

This will break configure when x11 is not needed because the defconfig
has no mesa3d drivers enabled. To solve the problem we always pass
--with-platforms, even with empty values and also for non-egl builds.

Fixes
http://autobuild.buildroot.net/results/d16/d16b39d16b5bee5c09b1e996941a275a4337c3c1/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/mesa3d: rename MESA3D_EGL_PLATFORMS to MESA3D_PLATFORMS
Bernd Kuhls [Sat, 17 Jun 2017 07:19:56 +0000 (09:19 +0200)]
package/mesa3d: rename MESA3D_EGL_PLATFORMS to MESA3D_PLATFORMS

No code changes, this patch prepares for updates to platform handling
after upstream deprecated --with-egl-platforms in favour of
--with-platforms
https://cgit.freedesktop.org/mesa/mesa/commit/?h=17.1&id=7748c3f5eb1d98ca97d2cf6e516ff54a5d75130a

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoscanpypi: fix comment typo
Bernd Kuhls [Sat, 17 Jun 2017 10:03:50 +0000 (12:03 +0200)]
scanpypi: fix comment typo

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopandaboard_defconfig: bump u-boot to 2017.05 to fix build with gcc 6
Peter Korsgaard [Fri, 16 Jun 2017 21:24:04 +0000 (23:24 +0200)]
pandaboard_defconfig: bump u-boot to 2017.05 to fix build with gcc 6

The recent change to default to gcc 6 for the internal toolchain broke this
defconfig as the u-boot doesn't contain commit 9b2c282b34 (compiler*.h: sync
include/linux/compiler*.h with Linux 4.5-rc6) which was added during the
2016.03 cycle.

Fix the build by bumping u-boot to 2017.05.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>