buildroot.git
7 years agoapr-util: security bump to version 1.6.1
Baruch Siach [Mon, 30 Oct 2017 19:11:02 +0000 (21:11 +0200)]
apr-util: security bump to version 1.6.1

Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.

Switch to bz2 compressed tarball.

Use upstream provided SHA256 hash.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoapr: security bump to version 1.6.3
Baruch Siach [Mon, 30 Oct 2017 19:11:01 +0000 (21:11 +0200)]
apr: security bump to version 1.6.3

Fixes CVE-2017-12613: Out-of-bounds array deref in apr_time_exp*()
functions.

Use upstream provided SHA256 hash.

Add license has.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmediaart: bump to version 1.9.4
Fabrice Fontaine [Mon, 30 Oct 2017 17:02:43 +0000 (18:02 +0100)]
libmediaart: bump to version 1.9.4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/cryptodev-linux: bump to the latest version (0a54e38)
Antoine Tenart [Mon, 30 Oct 2017 14:44:30 +0000 (15:44 +0100)]
package/cryptodev-linux: bump to the latest version (0a54e38)

The build of the cryptodev-linux version used in Buildroot is currently
broken for kernels >= 4.13. A fix was pushed upstream:
https://github.com/cryptodev-linux/cryptodev-linux/commit/f0d69774afb27ffc62bf353465fba145e70cb85a

This patch bumps the cryptodev-linux package version to use the latest
available one, which includes the commit fixing the build for recent
kernels.

Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodomoticz: bump to version 3.8153
Fabrice Fontaine [Mon, 30 Oct 2017 10:37:26 +0000 (11:37 +0100)]
domoticz: bump to version 3.8153

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/Config.in: fix alphabetical order
Jerzy Grzegorek [Mon, 30 Oct 2017 07:26:40 +0000 (08:26 +0100)]
package/Config.in: fix alphabetical order

Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoDEVELOPERS: add myself as interested in socat
Baruch Siach [Mon, 30 Oct 2017 05:08:55 +0000 (07:08 +0200)]
DEVELOPERS: add myself as interested in socat

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolvm2: make basic package available under musl
Peter Korsgaard [Fri, 27 Oct 2017 11:47:16 +0000 (13:47 +0200)]
lvm2: make basic package available under musl

The basic lvm2 package (libdevmapper / dmsetup) does build under musl, only the
standard (full) installation doesn't.

Many setups only need the basic package, so move the !musl dependencies down
to the sub options and adjust the reverse dependencies (cryptsetup/dmraid)
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: adjust Config.in comments and dependencies.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/python-pyqt5: fix build with Qt 5.6.3
Scott Ellis [Sun, 29 Oct 2017 08:15:49 +0000 (04:15 -0400)]
package/python-pyqt5: fix build with Qt 5.6.3

This commit adds 5_6_3 to the Timeline patch that fixed the build with
Qt 5.6.2.

Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
[Thomas: adjust patch existing patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/restorecond: indentation cleanup
Jerzy Grzegorek [Fri, 27 Oct 2017 19:22:05 +0000 (21:22 +0200)]
package/restorecond: indentation cleanup

Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libnfs: allow parallel build
Bernd Kuhls [Sun, 29 Oct 2017 15:04:20 +0000 (16:04 +0100)]
package/libnfs: allow parallel build

Tested with BR2_JLEVEL=100.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libnfs: bump version to 2.0.0
Bernd Kuhls [Sun, 29 Oct 2017 15:04:19 +0000 (16:04 +0100)]
package/libnfs: bump version to 2.0.0

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/boinc: add optional dependency to freetype
Bernd Kuhls [Sun, 29 Oct 2017 16:12:56 +0000 (17:12 +0100)]
package/boinc: add optional dependency to freetype

No configure option present:
https://github.com/BOINC/boinc/blob/client_release/7.8/7.8.3/configure.ac#L497

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboinc: new package
Fabrice Fontaine [Sun, 29 Oct 2017 16:12:55 +0000 (17:12 +0100)]
boinc: new package

Open-source software for volunteer computing and grid computing.

Use the idle time on your computer to cure diseases, study global
warming, discover pulsars, and do many other types of scientific
research.

https://boinc.berkeley.edu

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Bernd:
- bumped to version 7.8.3
- removed patches which where applied upstream
- added myself to DEVELOPERS as well]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libbsd: not available for ARC
Yann E. MORIN [Sun, 29 Oct 2017 17:00:41 +0000 (18:00 +0100)]
package/libbsd: not available for ARC

libbsd has explicit, hard-coded checks about the architectures it can
work on, and ARC is not one of those.

We did not notice so far, because we only recently added support for
glibc on ARC (and only for a single variant) in 0633eb58a291 (toolchain:
add glibc support for ARCv2).

Add an explicit exclusion on arc.

Fixes:
    http://autobuild.buildroot.org/results/603baa77e95620ad1416e0d1dc4202c334801efc
    http://autobuild.buildroot.org/results/8a2ee5431501615cb150233e6d7bc9e7c3c5c1eb
    http://autobuild.buildroot.org/results/ea52364f536485ff4e43e3bc37f2175eb6178c5a
    http://autobuild.buildroot.org/results/32581f7a79372b525e4ad21e029ff0ede743ba94

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosocat: bump down to version 1.7.3.2
Baruch Siach [Sun, 29 Oct 2017 14:33:49 +0000 (16:33 +0200)]
socat: bump down to version 1.7.3.2

Upstream socat2 branch seems to be dead. Last commit is from January
2016 . Over the last few years socat2 received only fixes cherry picked
from the master 1.x branch. Most major general purpose distros only
package socat 1.x.

Drop the threads dependency; not needed for 1.x.

Mention the OpenSSL exception in the license. Add hashes for license
files.

Correct the autoconf comment. The tarball configure script is recent
enough. But since we patch configure.in and Makefile.in we still need to
autoconf.

All patches we carry for socat2 are also needed for socat 1.x.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/glibc: switch to using the maintenance branch
Yann E. MORIN [Sun, 29 Oct 2017 09:52:48 +0000 (10:52 +0100)]
package/glibc: switch to using the maintenance branch

glibc upstream has ruled against doing regular point-releases, but they
do have a lot of interesting and important fixes for regressions and
security.

Backporting each patch, or cherry-picking individual patches is off
limits for us, so we just switch to using the currently-latest HEAD of
the maintenance branch instead.

The version number is obtained with:
    $ git describe --match 'glibc-*' --abbrev=40 origin/release/2.26/master

The alternative options were:
  - download the tarball from the git tree
    --> does not work; not an option
  - download the 2.26 tarball, and bundle the individual patches in
    Buildroot
    --> maintenance of patches is a burden; not an option
  - download the 2.26 tarball, maintain the list of patches to download from
    the git tree
    --> not an option for the same reason

So we end up just doing a git clone. The git tree is today about ten
times the size of the tarball, so a rough estimate makes it at about ten
times the download time.

Also upstream doesn't officially provide an https download location [1].
There is one but it's not reliable, sometimes the connection time out and
end-up with a corrupted git repo:

fatal: unable to access 'https://sourceware.org/git/glibc.git/': Failed to connect to sourceware.org port 443: Connection timed out

So switch to using a git mirror from github which is updated once a day [2].
This allow at the same time to clone the git repository faster.

Note: The glibc 2.26 patches are not kept for the arc toolchain since they
are fixing an issue with the new float128 support introduced in x86, x86_64
and powerpc64le.

[1] https://sourceware.org/git/?p=glibc.git;a=summary
[2] https://github.com/bminor/glibc.git

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Evgeniy Didin <didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
[Romain: bump 4b692dffb95ac4812b161eb6a16113d7e824982e]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr: update comment to never decide on the mirror]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/glibc: remove mips r6 nan208 hook
Romain Naour [Sun, 29 Oct 2017 11:49:42 +0000 (12:49 +0100)]
package/glibc: remove mips r6 nan208 hook

This hook is not needed since glibc 2.23 [1] and can be safely removed.

[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5f2798a0ac9d5ad8ad7a506a2f840035135e2d2

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/tvheadend: transcoding depends on ffmpeg
Bernd Kuhls [Sun, 29 Oct 2017 13:08:38 +0000 (14:08 +0100)]
package/tvheadend: transcoding depends on ffmpeg

Commit
https://git.buildroot.net/buildroot/commit/package/tvheadend?id=a9a14dc4357d32f705a52a5da73c782576ce6bc8
forgot to add the reverse dependency from ffmpeg.

Fixes
http://autobuild.buildroot.net/results/91a/91a08e63690421a0c197e987af15e91e78afb96f/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboost: add help messages to libraries
Adam Duskett [Tue, 24 Oct 2017 15:15:06 +0000 (11:15 -0400)]
boost: add help messages to libraries

All of the help messages come from http://www.boost.org/doc/libs/1_65_1/

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboost: add option for the stacktrace library
Adam Duskett [Tue, 24 Oct 2017 15:15:05 +0000 (11:15 -0400)]
boost: add option for the stacktrace library

stacktrace requires dynamic library support, which was causing the
following build errors:

http://autobuild.buildroot.net/results/692ffad93a7bd867ecc7ccbfc8c6280735d29435/
http://autobuild.buildroot.net/results/6058ece804889abaaab0a29258e1de2904162d26/
http://autobuild.buildroot.net/results/12df9b345a90a4e011b8bb4cb1d1ef1c2c7040c0/
http://autobuild.buildroot.net/results/7473c433e93b3e785e44d9868fec517437f59847/

Adding an option for it allows to have it disabled by default, and
make sure it only gets enabled when shared library support is
available.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodocs/website: update for 2017.02.7
Peter Korsgaard [Sat, 28 Oct 2017 19:26:15 +0000 (21:26 +0200)]
docs/website: update for 2017.02.7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoUpdate for 2017.02.7
Peter Korsgaard [Sat, 28 Oct 2017 18:55:26 +0000 (20:55 +0200)]
Update for 2017.02.7

[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 05a2e38af23ecdb04f54da97f5ce2b1f7f41b842)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/util-linux: drop _VERSION_MINOR variable
Jerzy Grzegorek [Sat, 28 Oct 2017 08:28:20 +0000 (10:28 +0200)]
package/util-linux: drop _VERSION_MINOR variable

Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/libdrm: bump version to 2.4.85
Bernd Kuhls [Sat, 28 Oct 2017 07:53:35 +0000 (09:53 +0200)]
package/libdrm: bump version to 2.4.85

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/ffmpeg: bump version to 3.3.5
Bernd Kuhls [Sat, 28 Oct 2017 07:52:22 +0000 (09:52 +0200)]
package/ffmpeg: bump version to 3.3.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/php: bump version to 7.1.11
Bernd Kuhls [Sat, 28 Oct 2017 07:40:01 +0000 (09:40 +0200)]
package/php: bump version to 7.1.11

Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/samba4: bump version to 4.6.9
Bernd Kuhls [Sat, 28 Oct 2017 07:36:07 +0000 (09:36 +0200)]
package/samba4: bump version to 4.6.9

Release notes: https://www.samba.org/samba/history/samba-4.6.9.html

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/tzdata: bump version to 2017c
Martin Bark [Thu, 26 Oct 2017 10:18:48 +0000 (11:18 +0100)]
package/tzdata: bump version to 2017c

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/zic: bump version to 2017c
Martin Bark [Thu, 26 Oct 2017 10:18:47 +0000 (11:18 +0100)]
package/zic: bump version to 2017c

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoqt5wayland: fix config option indentation
Joshua Henderson [Wed, 25 Oct 2017 15:50:57 +0000 (08:50 -0700)]
qt5wayland: fix config option indentation

Reorganize so the optional composer option for the qt5wayland package shows up
as an indented option.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agowget: add optional zlib support
Peter Korsgaard [Fri, 27 Oct 2017 12:18:58 +0000 (14:18 +0200)]
wget: add optional zlib support

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agowget: security bump to version 1.19.2
Peter Korsgaard [Fri, 27 Oct 2017 12:02:08 +0000 (14:02 +0200)]
wget: security bump to version 1.19.2

Fixes the following security issues:

CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects.  When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number.  The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read().  As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.

CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses.  When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number.  The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read().  As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument.  The
attacker can corrupt malloc metadata after the allocated buffer.

Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/tor: bump version to 0.3.1.8
Bernd Kuhls [Sat, 28 Oct 2017 06:57:29 +0000 (08:57 +0200)]
package/tor: bump version to 0.3.1.8

Release notes:
https://blog.torproject.org/new-stable-tor-releases-0318-03012-02913-02816-02515

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.13.10
Bernd Kuhls [Sat, 28 Oct 2017 06:52:49 +0000 (08:52 +0200)]
linux: bump default to version 4.13.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{4, 9, 13}.x series
Bernd Kuhls [Sat, 28 Oct 2017 06:52:48 +0000 (08:52 +0200)]
linux-headers: bump 4.{4, 9, 13}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agowebkitgtk: security bump to version 2.18.2
Adrian Perez de Castro [Fri, 27 Oct 2017 16:10:33 +0000 (19:10 +0300)]
webkitgtk: security bump to version 2.18.2

This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.

Release notes:

    https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html

Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agobarebox: bump to version 2017.09.0
Peter Seiderer [Fri, 27 Oct 2017 15:57:34 +0000 (17:57 +0200)]
barebox: bump to version 2017.09.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage: fix license typos
Jerzy Grzegorek [Fri, 27 Oct 2017 11:16:55 +0000 (13:16 +0200)]
package: fix license typos

Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-paho-mqtt: bump version to 1.3.1
Yegor Yefremov [Fri, 27 Oct 2017 07:07:29 +0000 (09:07 +0200)]
python-paho-mqtt: bump version to 1.3.1

Remove upstreamed patch and add licence checksums.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-zope-interface: bump version to 4.4.3
Yegor Yefremov [Fri, 27 Oct 2017 07:07:28 +0000 (09:07 +0200)]
python-zope-interface: bump version to 4.4.3

Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoopenssh: security bump to version 7.6p1
Peter Korsgaard [Thu, 26 Oct 2017 12:52:47 +0000 (14:52 +0200)]
openssh: security bump to version 7.6p1

Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH
before 7.6 does not properly prevent write operations in readonly mode,
which allows attackers to create zero-length files.

For more details, see the release notes:
https://www.openssh.com/txt/release-7.6

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoredis: bump to version 3.2.11
Peter Korsgaard [Thu, 26 Oct 2017 12:44:15 +0000 (14:44 +0200)]
redis: bump to version 3.2.11

3.2.11 fixes important issues. From the release notes:

================================================================================
Redis 3.2.11     Released Thu Sep 21 15:47:53 CEST 2017
================================================================================

Upgrade urgency HIGH: Potentially critical bugs fixed.

AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agosdl2: security bump to version 2.0.7
Peter Korsgaard [Thu, 26 Oct 2017 12:18:43 +0000 (14:18 +0200)]
sdl2: security bump to version 2.0.7

Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5.  A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution.  An
attacker can provide a specially crafted image file to trigger this
vulnerability.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agosdl2: explicitly disable raspberry pi video backend
Peter Korsgaard [Wed, 25 Oct 2017 16:03:26 +0000 (18:03 +0200)]
sdl2: explicitly disable raspberry pi video backend

Fixes:
http://autobuild.buildroot.net/results/d59/d5992dcc9a49ee77afaebdcc9448ac1868fa7de1/
http://autobuild.buildroot.net/results/e89/e894f21ce1983ee3bd8d65a8e59e1adab9a62707/

The configure script automatically enables support for the raspberry pi
video backend if it detects the rpi-userland package.  Unfortunately it
hardcodes a number of include/linker paths unsuitable for cross compilation,
breaking the build:

    if test x$enable_video = xyes -a x$enable_video_rpi = xyes; then
..
     RPI_CFLAGS="-I/opt/vc/include -I/opt/vc/include/interface/vcos/pthreads -I/opt/vc/include/interface/vmcs_host/linux"
     RPI_LDFLAGS="-L/opt/vc/lib -lbcm_host"
    fi

So explicitly disable it until the configure script is fixed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/nodejs: bump version to 8.8.1
Martin Bark [Thu, 26 Oct 2017 10:07:31 +0000 (11:07 +0100)]
package/nodejs: bump version to 8.8.1

Fixes a regression introduced in 8.8.0.
See https://nodejs.org/en/blog/release/v8.8.1/

Peter: apply on top of 8.8.0, mention that it fixes regression]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agonodejs: security bump to version 8.8.0
Peter Korsgaard [Thu, 26 Oct 2017 06:59:33 +0000 (08:59 +0200)]
nodejs: security bump to version 8.8.0

Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8.  On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception.  Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard &lt;<a href="mailto:peter@korsgaard.com">peter@korsgaard.com</a>&gt;<br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agos6-rc: bump version to 0.3.0.0
Eric Le Bihan [Mon, 23 Oct 2017 19:52:03 +0000 (21:52 +0200)]
s6-rc: bump version to 0.3.0.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agos6: bump version to 2.6.1.1
Eric Le Bihan [Mon, 23 Oct 2017 19:52:02 +0000 (21:52 +0200)]
s6: bump version to 2.6.1.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoexecline: bump version to 2.3.0.3
Eric Le Bihan [Mon, 23 Oct 2017 19:52:01 +0000 (21:52 +0200)]
execline: bump version to 2.3.0.3

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoskalibs: bump version to 2.6.0.1
Eric Le Bihan [Mon, 23 Oct 2017 19:52:00 +0000 (21:52 +0200)]
skalibs: bump version to 2.6.0.1

Bump version to 2.6.0.1 and refresh patches.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agojanus-gateway: bump to v0.2.5
Adam Duskett [Tue, 24 Oct 2017 16:51:58 +0000 (12:51 -0400)]
janus-gateway: bump to v0.2.5

Also add hash for license file.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibcurl: security bump to version 7.56.1
Peter Korsgaard [Mon, 23 Oct 2017 23:13:17 +0000 (01:13 +0200)]
libcurl: security bump to version 7.56.1

Fixes CVE-2017-1000257 - IMAP FETCH response out of bounds read

https://curl.haxx.se/docs/adv_20171023.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoirssi: security bump to version 1.0.5
Peter Korsgaard [Mon, 23 Oct 2017 23:08:36 +0000 (01:08 +0200)]
irssi: security bump to version 1.0.5

Fixes the following security issues:

(a) When installing themes with unterminated colour formatting
    sequences, Irssi may access data beyond the end of the
    string. (CWE-126) Found by Hanno Böck.

    CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
    incorrectly fail to remove destroyed channels from the query list,
    resulting in use after free conditions when updating the state
    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

    CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
    pointer dereference. Found by Joseph Bisch. This is a separate,
    but similar issue to CVE-2017-9468. (CWE-690)

    CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
    while splitting the message. Found by Joseph Bisch. (CWE-690)

    CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
    is long enough, causing reads beyond the end of the string. Found
    by Joseph Bisch. (CWE-126)

    CVE-2017-15722 was assigned to this issue.

For more details, see the advisory:
https://irssi.org/security/irssi_sa_2017_10.txt

While we're at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/kodi: bump version to 17.5
Bernd Kuhls [Mon, 23 Oct 2017 19:07:57 +0000 (21:07 +0200)]
package/kodi: bump version to 17.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/libpciaccess: bump version to 0.14
Bernd Kuhls [Mon, 23 Oct 2017 19:09:25 +0000 (21:09 +0200)]
package/libpciaccess: bump version to 0.14

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/apache: bump version to 2.4.29
Bernd Kuhls [Mon, 23 Oct 2017 19:14:36 +0000 (21:14 +0200)]
package/apache: bump version to 2.4.29

Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agodocs/website: update for 2017.08.1
Peter Korsgaard [Mon, 23 Oct 2017 22:13:23 +0000 (00:13 +0200)]
docs/website: update for 2017.08.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoUpdate for 2017.08.1
Peter Korsgaard [Mon, 23 Oct 2017 21:41:14 +0000 (23:41 +0200)]
Update for 2017.08.1

[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20b6624f4bb84353e690d897688fd7ac12d6a881)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoboost: add fiber module
Adam Duskett [Mon, 23 Oct 2017 18:48:24 +0000 (14:48 -0400)]
boost: add fiber module

This module requires NPTL. Without support for the module, it is built
unconditionally, which was causing the following build errors:
http://autobuild.buildroot.net/results/029/0298038fc126d15733d81c54e0bb7cb00be48b92/build-end.log
http://autobuild.buildroot.net/results/6f3/6f3a218c47204e431100799482a3ed0ec159fa15/build-end.log
http://autobuild.buildroot.net/results/63e/63e5569a90d3ace97cb6102509cbd04aeab6f5f7/build-end.log

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Arnout: add empty line in Config.in, reword commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agolinux-tools/perf: fix build for MIPS by using the right emulation on LD
Vicente Olivert Riera [Fri, 17 Feb 2017 10:59:05 +0000 (10:59 +0000)]
linux-tools/perf: fix build for MIPS by using the right emulation on LD

Passing just the endianness flag to LD is not enough. We need to pass
the right emulation flag which will set everything for us, not only the
endianness.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agompd: bump to version 0.20.11
Jörg Krause [Sun, 22 Oct 2017 18:00:49 +0000 (20:00 +0200)]
mpd: bump to version 0.20.11

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.13.9
Bernd Kuhls [Sun, 22 Oct 2017 17:04:12 +0000 (19:04 +0200)]
linux: bump default to version 4.13.9

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{4, 9, 13}.x series
Bernd Kuhls [Sun, 22 Oct 2017 17:04:11 +0000 (19:04 +0200)]
linux-headers: bump 4.{4, 9, 13}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/x264: bump version
Bernd Kuhls [Sun, 22 Oct 2017 15:23:43 +0000 (17:23 +0200)]
package/x264: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobluez5_utils: define FIRMWARE_DIR for hciattach_bcm43xx
Jörg Krause [Thu, 31 Aug 2017 09:49:31 +0000 (11:49 +0200)]
bluez5_utils: define FIRMWARE_DIR for hciattach_bcm43xx

The tool hciattach_bcm43xx defines the default firmware path in `/etc/firmware`,
but the Broadcom firmware blobs are usually stored in `/lib/firmware`.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoCHANGES: update after netsnmp changes
Julien Floret [Thu, 14 Sep 2017 12:53:16 +0000 (14:53 +0200)]
CHANGES: update after netsnmp changes

Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosqlite: add security patches
Baruch Siach [Sun, 22 Oct 2017 14:00:08 +0000 (16:00 +0200)]
sqlite: add security patches

CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows
remote attackers to cause a denial of service (EXC_BAD_ACCESS and
application crash) via a crafted file.

CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in shell.c
because it fails to consider certain cases where
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
initialized.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboost: fix build on ppc64le host
Peter Korsgaard [Sun, 22 Oct 2017 12:18:06 +0000 (14:18 +0200)]
boost: fix build on ppc64le host

Fixes:
http://autobuild.buildroot.net/results/57d/57d9f0ea27e5c8ba73002bd1d0b33027f27a3779/
http://autobuild.buildroot.net/results/7c3/7c3133e822c997879fe00923ba0ad7903656c2e1/

bootstrap by default runs ./tools/build/src/engine/build.sh --guess-toolset
to detect what toolchain (compiler variant).  On x86 this returns gcc, but
on the ppc64le gcc112 autobuilder this returns xlcpp causing bootstrap.sh to
get confused and bail out:

./bootstrap.sh ..
Building Boost.Build engine with toolset ... tools/build/src/engine/###
\### No toolset specified. Please use --toolset option.
\###
\### Known toolsets are: acc, borland, cc, como, clang, darwin, gcc, gcc-nocygwin, intel-darwin, intel-linux, intel-win32, kcc, kylix, metrowerks, mipspro, msvc, qcc, pathscale, pgi, sun, sunpro, tru64cxx, vacpp, xlcpp, vc7, vc8, vc9, vc10, vc11, vc12, vc14, vc141, vmsdecc
\###/b2

Fix it by explicitly specifying the gcc toolset mode to bootstrap, similar
to how it was already done for the bjam invocations.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: add maintainer for pc_x86_64_* defconfigs
Erico Nunes [Sun, 22 Oct 2017 13:54:26 +0000 (15:54 +0200)]
DEVELOPERS: add maintainer for pc_x86_64_* defconfigs

I've been using this packages to test changes in the grub package, so
I can maintain them.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoboard/pc: add documentation for testing with qemu
Erico Nunes [Sun, 22 Oct 2017 13:54:25 +0000 (15:54 +0200)]
board/pc: add documentation for testing with qemu

Add some documentation about running the pc defconfigs in qemu.
In particular, document the use of the -bios parameter to use the OVMF
firmware to test the UEFI image.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/pc: refactor to use genimage and grub.cfg
Erico Nunes [Sun, 22 Oct 2017 13:54:24 +0000 (15:54 +0200)]
configs/pc: refactor to use genimage and grub.cfg

This simplifies the pc configs and respective post image scripts to use
the shared genimage script and separate grub config files.
Separate grub files are cleaner to maintain and easier to copy and
modify, for example to support booting the pc defconfigs in qemu.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotoolchain/wrapper: fake __DATE_ and __TIME__ for older gcc
Yann E. MORIN [Sat, 21 Oct 2017 20:31:02 +0000 (22:31 +0200)]
toolchain/wrapper: fake __DATE_ and __TIME__ for older gcc

Starting with version 7, gcc automatically recognises and enforces the
environment variable SOURCE_DATE_EPOCH, and fakes __DATE__ and __TIME__
accordingly, to produce reproducible builds (at least in regards to date
and time).

However, older gcc versions do not offer this feature.

So, we use our toolchain wrapper to force-feed __DATE__ and __TIME__ as
macros, which will take precedence over those that gcc may compute
itself. We compute them according to the specs:
    https://reproducible-builds.org/specs/source-date-epoch/
    https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html

Since we define macros otherwise internal to gcc, we have to tell it not
to warn about that. The -Wno-builtin-macro-redefined flag was introduced
in gcc-4.4.0. Therefore, we make BR2_REPRODUCIBLE depend on GCC >= 4.4.

gcc-7 will ignore SOURCE_DATE_EPOCH when __DATE__ and __TIME__ are
user-defined. Anyway, this is of no consequence: whether __DATE__ and
__TIME__ or SOURCE_DATE_EPOCH takes precedence, it would yield the
exact same end result since we use the same logic to compute it. Note
that we didn't copy the code for it from gcc so using the same logic
doesn't imply that we're inheriting GPL-3.0.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Arnout: rewrite commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibffi: add patch to fix MIPS support
Mauro Condarelli [Fri, 21 Apr 2017 10:33:08 +0000 (12:33 +0200)]
libffi: add patch to fix MIPS support

Building Python 3.x on MIPS with musl fails because the libffi code
uses a "#ifdef linux" test to decide if we're building on Linux or
not. When building with -std=c99, "linux" is not defined, so instead
of including <asm/sgidefs.h>, libffi's code tries to include
<sgidefs.h>, which doesn't exist on musl.

The right fix is to use __linux__, which is POSIX compliant, and
therefore defined even when -std=c99 is used.

Note that glibc and uClibc were not affected because they do provide a
<sgidefs.h> header in addition to the <asm/sgidefs.h> one.

Signed-off-by: Mauro Condarelli <mc5686@mclink.it>
[Thomas: reformat patch with Git, add a better commit log and description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoAdd DEPENDENCIES_HOST_PREREQ to the list of packages
Alfredo Alvarez Fernandez [Fri, 28 Apr 2017 09:35:21 +0000 (11:35 +0200)]
Add DEPENDENCIES_HOST_PREREQ to the list of packages

That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agodependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ
Alfredo Alvarez Fernandez [Fri, 28 Apr 2017 09:35:20 +0000 (11:35 +0200)]
dependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ

Currently, HOSTCC and HOSTCXX are set to their _NOCACHE variants in the
'dependencies' target. This is needed because at that time, ccache is
not built yet - host-ccache is one of the dependencies. However, because
this override is only specified for the 'dependencies' target (and
thereby gets inherited by its dependencies), the override is only
applied when the package is reached through the 'dependencies' target.
This is not the case when one of DEPENDENCIES_HOST_PREREQ is built
directly from the command line, e.g. when doing 'make host-ccache'. So
in that case, ccache will be built with ccache... which fails of
course.

To fix this, directly apply the override to the DEPENCIES_HOST_PREREQ
targets.

Note that this only fixes the issue for 'make host-ccache', NOT for
e.g. 'make host-ccache-configure'.

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
[Arnout: improve commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agoxen: add upstream post-4.9.0 security fix for XSA-245
Peter Korsgaard [Sat, 21 Oct 2017 18:04:07 +0000 (20:04 +0200)]
xen: add upstream post-4.9.0 security fix for XSA-245

Fixes XA-245: ARM: Some memory not scrubbed at boot

https://xenbits.xenproject.org/xsa/advisory-245.html

Notice: Not applying XSA-237..244 as they are x86 only and have patch file
name conflicts between 2017.02.x and master.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibtomcrypt: fix build without wchar
Baruch Siach [Tue, 17 Oct 2017 12:12:55 +0000 (15:12 +0300)]
libtomcrypt: fix build without wchar

GCC defines wchar_t even when wchar support is disabled in uClibc. The
LTC_NO_WCHAR macro triggers a local definition of wchar_t that conflicts
with the GCC defined one. Remove LTC_NO_WCHAR to avoid that.

See also https://github.com/libtom/libtomcrypt/issues/313 for more
discussion about this.

Fixes:
http://autobuild.buildroot.net/results/4ff/4ffb593185f7520d2d9a9cc988aa9c510f253930/

Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenssl: unconditionally define BR2_PACKAGE_PROVIDES_HOST_OPENSSL
Peter Korsgaard [Sun, 22 Oct 2017 11:56:01 +0000 (13:56 +0200)]
openssl: unconditionally define BR2_PACKAGE_PROVIDES_HOST_OPENSSL

Fixes:
http://autobuild.buildroot.net/results/207/207d0ca1fe5328e675246c851fcb0d5685f8c0bd/
http://autobuild.buildroot.net/results/546/546a56d6dd39e5e9ecfe25fd36a00510e6c0c45b/

host-openssl may be used without openssl being enabled for the target, so
move BR2_PACKAGE_PROVIDES_HOST_OPENSSL outside the BR2_PACKAGE_OPENSSL
conditional.

While we're at it, add a comment explaining what this magic config symbol does.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolame: security bump to version 3.100
Peter Korsgaard [Sun, 22 Oct 2017 11:15:08 +0000 (13:15 +0200)]
lame: security bump to version 3.100

Fixes the following security issues:

CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap

CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash

CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash

Drop patches now upstream or no longer needed:

0001-configure.patch: Upstream as mentioned in patch description

0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:

Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.

With these removed, autoreconf is no longer needed.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolua-sdl2: refactor with cmake
Francois Perrad [Mon, 12 Jun 2017 08:21:44 +0000 (10:21 +0200)]
lua-sdl2: refactor with cmake

that allows optional dependencies

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas:
 - use "luainterpreter" instead of "lua" in the dependencies
 - replace with a Git formatted patch that doesn't comment code but
   removes it.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/pc: bump kernel version
Erico Nunes [Sun, 22 Oct 2017 09:38:39 +0000 (11:38 +0200)]
configs/pc: bump kernel version

Bump the kernel version to 4.13.8.
Tested with qemu 2.9.1 on bios and UEFI virtual machines.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/efl: bump to 1.20.5
Romain Naour [Sun, 22 Oct 2017 07:25:38 +0000 (09:25 +0200)]
package/efl: bump to 1.20.5

https://www.enlightenment.org/news/efl-1.20.5

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agorunc: bump to v1.0.0-rc4
Christian Stewart [Thu, 19 Oct 2017 00:22:53 +0000 (20:22 -0400)]
runc: bump to v1.0.0-rc4

This is a dependency of docker-engine v2017.07.0-ce.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agogo: bump version to 1.9
Christian Stewart [Thu, 19 Oct 2017 00:22:52 +0000 (20:22 -0400)]
go: bump version to 1.9

Go 1.9 is required for docker-engine and other Go packages in Buildroot.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenldap: correct openssl handling
Peter Korsgaard [Sat, 21 Oct 2017 22:08:55 +0000 (00:08 +0200)]
openldap: correct openssl handling

Fixes:
http://autobuild.buildroot.net/results/ffc/ffc9c10c55c2838ab7002c5ec35244e9bfe46189/

Commit dfa1817d31a (openldap: supports only the real OpenSSL, not LibreSSL)
tried to ensure openldap would only use openssl, but changed the wrong
variable. OPENLDAP_TLS is passed to configure, so it shouldn't be changed:

./configure --target=aarch64-buildroot-linux-gnu .. --with-tls=libopenssl ..
Configuring OpenLDAP 2.4.45-Release ...
checking build system type... x86_64-pc-linux-gnu
checking host system type... aarch64-buildroot-linux-gnu
checking target system type... aarch64-buildroot-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for aarch64-buildroot-linux-gnu-strip... /usr/lfs/v0/rc-buildroot-test/scripts/instance-0/output/host/bin/aarch64-linux-gnu-strip
checking configure arguments... configure: error: bad value libopenssl for --with-tls

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agobusybox: add upstream post-1.27.2 httpd fix
Peter Korsgaard [Sat, 21 Oct 2017 17:20:33 +0000 (19:20 +0200)]
busybox: add upstream post-1.27.2 httpd fix

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibdrm: make Etnaviv arch-independent
Alexey Brodkin [Sat, 21 Oct 2017 20:49:11 +0000 (23:49 +0300)]
libdrm: make Etnaviv arch-independent

Vivante GPU could be a part of SoC along with any CPU architecture
thus get rid of nonsense dependency.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agomesa3d: make Etnaviv arch-independent
Alexey Brodkin [Sat, 21 Oct 2017 20:49:10 +0000 (23:49 +0300)]
mesa3d: make Etnaviv arch-independent

Vivante GPU could be a part of SoC along with any CPU architecture
thus get rid of nonsense dependency.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agomusl: add upstream security fix for CVE-2017-15650
Peter Korsgaard [Sat, 21 Oct 2017 19:12:59 +0000 (21:12 +0200)]
musl: add upstream security fix for CVE-2017-15650

>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5

Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoboard: Add Bananapi M1 support
Jagan Teki [Thu, 19 Oct 2017 09:45:23 +0000 (11:45 +0200)]
board: Add Bananapi M1 support

Add initial support for bananapi M1 board with below features:
- U-Boot 2017.09
- Linux 4.13.7
- Default packages from buildroot

Cc: Jason <manager@sinovoip.com.cn>
Cc: hailymei@banana-pi.com <hailymei@banana-pi.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agogst1-plugins-bad: fix patch 0001-openjpeg-Support-building-with-openjpeg-2.3-simpler...
Peter Seiderer [Sat, 21 Oct 2017 20:11:56 +0000 (22:11 +0200)]
gst1-plugins-bad: fix patch 0001-openjpeg-Support-building-with-openjpeg-2.3-simpler.patch

The previous version was by mistake mixed up with the patch 'gst-plugins-bad:
openjpeg: Remove compatibility with openjpeg 2.0'

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosupport/config-fragments/autobuild: add ARC glibc fragment
Alexey Brodkin [Fri, 13 Oct 2017 16:09:09 +0000 (19:09 +0300)]
support/config-fragments/autobuild: add ARC glibc fragment

glibc is now supported for ARC so let's kick-start autobuilders
with glibc toolchain for ARC HS.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/go: fix cross-compilation settings
Angelo Compagnucci [Mon, 16 Oct 2017 17:08:45 +0000 (19:08 +0200)]
package/go: fix cross-compilation settings

This patch fixes a bug with the BR2_TOOLCHAIN_HAS_THREADS variable
handling which causes CGO_ENABLED to be always 0.

Furthermore, it fixes the cross compilation options for the go
compiler: setting CGO_ENABLED should be done only for the target
compiler not the host one.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Christian Stewart <christian@paral.in>
7 years agoqt5base: make harfbuzz support selectable
Peter Seiderer [Sat, 18 Feb 2017 11:32:02 +0000 (12:32 +0100)]
qt5base: make harfbuzz support selectable

If selected use:

 - system/buildroot harfbuzz in case __sync for 4 bytes is supported
 - qt harfbuzz otherwise (using QAtomic instead)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agoraspberrypi: post-image.sh fix gpu_mem option
Gaël PORTAY [Sat, 21 Oct 2017 13:52:14 +0000 (09:52 -0400)]
raspberrypi: post-image.sh fix gpu_mem option

The gpu_mem option is not using the proper option argument which causes sed to
fail.

+ case "${arg}" in
+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
sed: -e expression #1, char 8: extra characters after command
+ case "${arg}" in
+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
sed: -e expression #1, char 8: extra characters after command

The issue comes from the use of $1 instead of $arg to extract the gpu_mem
value. $1 is the $(BINARIES_DIR) which leads to a sed expression error.

Also, it adds the error flag to the shell script to prevent from such situation
and terminate the build in error.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agowine: Bump to version 2.0.3
André Hentschel [Sat, 21 Oct 2017 19:18:03 +0000 (21:18 +0200)]
wine: Bump to version 2.0.3

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-numpy: Add support of ARC architecture
Alexey Brodkin [Sat, 21 Oct 2017 18:47:26 +0000 (21:47 +0300)]
python-numpy: Add support of ARC architecture

This enables support for ARC cores in numpy.
Cherry-picked from
https://github.com/numpy/numpy/commit/8edd610ffa3499eea3580f98f296ec80578fba73

Hopefully becomes a part of the next major release (like 1.14).

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-numpy: Bump version to 1.13.3
Alexey Brodkin [Sat, 21 Oct 2017 18:15:46 +0000 (21:15 +0300)]
python-numpy: Bump version to 1.13.3

This is just a bug-fix release.

Removing 0003-BUG-Ensure-_npy_scaled_cexp-f-l-is-defined-when-need.patch
as it is a part of the release.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoopenssl: add libressl as a provider
Adam Duskett [Wed, 18 Oct 2017 02:32:40 +0000 (22:32 -0400)]
openssl: add libressl as a provider

At this point, libressl can be added to the openssl virtual package.

- Remove the entry package/libressl/Config.in from package/Config.in
- Remove the file: package/libressl/Config.in
- Add libressl entry to package/openssl/Config.in

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>