buildroot.git
8 years agopackage/kodi-jsonschemabuilder: new host package
Bernd Kuhls [Sat, 29 Apr 2017 08:37:26 +0000 (10:37 +0200)]
package/kodi-jsonschemabuilder: new host package

Needed for upcoming kodi version bump to 17.1-Krypton which will also
switch the kodi build system to CMake.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not add texturepacker patch in this commit, use SPDX license
code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/xmlstarlet: add host variant
Bernd Kuhls [Sat, 29 Apr 2017 08:37:25 +0000 (10:37 +0200)]
package/xmlstarlet: add host variant

Needed for the Kodi skin package to control the default skin setup.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/libcec: bump version to 4.0.2
Bernd Kuhls [Sat, 29 Apr 2017 08:37:24 +0000 (10:37 +0200)]
package/libcec: bump version to 4.0.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/kodi-platform: bump version
Bernd Kuhls [Sat, 29 Apr 2017 08:37:23 +0000 (10:37 +0200)]
package/kodi-platform: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/libplatform: bump version
Bernd Kuhls [Sat, 29 Apr 2017 08:37:22 +0000 (10:37 +0200)]
package/libplatform: bump version

Replaced patch 0001 with an alternate solution.

Updated license info after
https://github.com/Pulse-Eight/platform/commit/a1e5905874d5cdbce110344558d21a2810dead9c

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/kodi-visualisation-fountain: remove package
Bernd Kuhls [Sat, 29 Apr 2017 08:37:21 +0000 (10:37 +0200)]
package/kodi-visualisation-fountain: remove package

Remove broken package:
https://github.com/notspiff/visualization.fountain/issues/1#issuecomment-166156021

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/libsodium: bump version to 1.0.12
Bernd Kuhls [Sat, 29 Apr 2017 09:04:49 +0000 (11:04 +0200)]
package/libsodium: bump version to 1.0.12

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/pure-ftpd: bump version to 1.0.46
Bernd Kuhls [Sat, 29 Apr 2017 09:02:03 +0000 (11:02 +0200)]
package/pure-ftpd: bump version to 1.0.46

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoghostscript: add upstream security fixes for CVE-2017-8291
Peter Korsgaard [Fri, 28 Apr 2017 07:49:30 +0000 (09:49 +0200)]
ghostscript: add upstream security fixes for CVE-2017-8291

CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoAdd defconfig for MIPS Creator ci40
Abhimanyu Vishwakarma [Mon, 24 Apr 2017 05:26:53 +0000 (10:56 +0530)]
Add defconfig for MIPS Creator ci40

Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agogenimage.sh: fix calling from BR2_ROOTFS_POST_IMAGE_SCRIPT
Abhimanyu Vishwakarma [Mon, 24 Apr 2017 05:24:45 +0000 (10:54 +0530)]
genimage.sh: fix calling from BR2_ROOTFS_POST_IMAGE_SCRIPT

When called from BR2_ROOTFS_POST_IMAGE_SCRIPT, this script
ends up with following error:

Error: Missing argument

This is because, an extra positional argument is also passed
along with BR2_ROOTFS_POST_SCRIPT_ARGS. genimage.sh didn't
have support to parse positional and optional arguments
together.

Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agodocs/manual: PEP8 coding style for Python scripts
Ricardo Martincoski [Mon, 24 Apr 2017 01:33:56 +0000 (22:33 -0300)]
docs/manual: PEP8 coding style for Python scripts

The advantages of using a pre-existing coding style instead of creating
our own are:
- documenting on the manual takes a single sentence;
- there are automatic tools to help during development/review.

So document that PEP8 recommendation should be followed.

Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopython-django: security bump to version 1.10.7
Peter Korsgaard [Thu, 27 Apr 2017 07:37:18 +0000 (09:37 +0200)]
python-django: security bump to version 1.10.7

Fixes the following security issues:

Since 1.10.3:

CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle

Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.

CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True

Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled.  A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.

Since 1.10.7:

CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs

It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe.  A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.

CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()

Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view.  Note that this view is not intended for
production use.

Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/live555: bump version to 2017.04.26
Bernd Kuhls [Thu, 27 Apr 2017 14:40:41 +0000 (16:40 +0200)]
package/live555: bump version to 2017.04.26

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolinux: bump default version to 4.10.13
Vicente Olivert Riera [Thu, 27 Apr 2017 13:43:29 +0000 (14:43 +0100)]
linux: bump default version to 4.10.13

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolinux-headers: bump 4.{4,9,10}.x series
Vicente Olivert Riera [Thu, 27 Apr 2017 13:43:28 +0000 (14:43 +0100)]
linux-headers: bump 4.{4,9,10}.x series

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/libqmi: bump version to 1.18.0
Matt Weber [Thu, 27 Apr 2017 12:52:02 +0000 (07:52 -0500)]
package/libqmi: bump version to 1.18.0

udev support was added with this bump, however
the support was disabled, as Buildroot currently
doesn't support the gudev package.  libqmi is
looking for the Gobject bindings provided by
that package to access libudev.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoaircrack-ng: don't build SSE code for non SSE target
Baruch Siach [Thu, 27 Apr 2017 11:30:14 +0000 (14:30 +0300)]
aircrack-ng: don't build SSE code for non SSE target

Fixes:
http://autobuild.buildroot.net/results/763/7631470016f923e8f4a7696e65437c71b8668b6e/
http://autobuild.buildroot.net/results/621/621588651b5cf54726bbf5361399a2dc301b8a29/
http://autobuild.buildroot.net/results/628/628a66ef766308fba699f1faa942306e600e5575/

Cc: Laurent Cans <laurent.cans@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolibnl: add upstream security fix
Baruch Siach [Thu, 27 Apr 2017 10:50:58 +0000 (13:50 +0300)]
libnl: add upstream security fix

CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1511855.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agotiff: add upstream security fixes
Peter Korsgaard [Wed, 26 Apr 2017 21:58:14 +0000 (23:58 +0200)]
tiff: add upstream security fixes

Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoicu: add upstream security fix for utf-8 handling
Peter Korsgaard [Wed, 26 Apr 2017 12:57:13 +0000 (14:57 +0200)]
icu: add upstream security fix for utf-8 handling

Fixes:

CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.

CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.

Upstream: http://bugs.icu-project.org/trac/changeset/39671

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agotslib: speed up the build by skipping autoreconf
Martin Kepplinger [Thu, 27 Apr 2017 09:15:13 +0000 (11:15 +0200)]
tslib: speed up the build by skipping autoreconf

We are not carrying any patches modifying auto* files, so autoreconf isn't
needed.

[Peter: extend commit message]
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agotovid: bump version to 0.35.2
Steve Kenton [Thu, 27 Apr 2017 05:29:21 +0000 (05:29 +0000)]
tovid: bump version to 0.35.2

Signed-off-by: Steve Kenton <skenton@ou.edu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolibmpeg2: fix sparc32 build
Waldemar Brodkorb [Thu, 27 Apr 2017 05:36:09 +0000 (07:36 +0200)]
libmpeg2: fix sparc32 build

The output detection recognized wrong target output, because
sparcv9 optimization flags used for sparcv8 build.

Fixes:
  http://autobuild.buildroot.net/results/1b3158b03f7eaf5afb5a4dab9526091888f6c9b8

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoDEVELOPERS: remove bouncing email address
Baruch Siach [Wed, 26 Apr 2017 12:31:23 +0000 (15:31 +0300)]
DEVELOPERS: remove bouncing email address

The DEVELOPERS email address of Waldemar Rymarkiewicz is bouncing. Remove his
entry.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolibsndfile: security bump to version 1.0.28
Peter Korsgaard [Wed, 26 Apr 2017 11:52:14 +0000 (13:52 +0200)]
libsndfile: security bump to version 1.0.28

Fixes:

CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies.  Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoncftp: use tar.gz to workaround upstream changing tarball post-release
Peter Korsgaard [Wed, 26 Apr 2017 06:48:24 +0000 (08:48 +0200)]
ncftp: use tar.gz to workaround upstream changing tarball post-release

As explained here:
http://lists.busybox.net/pipermail/buildroot/2017-March/185550.html

Upstream has silently updated their 3.2.6 tarball some time between our
version bump in late November and December 4th.  The changed tarball also
contains a significant amount of source changes:

 libncftp/c_opennologin.c  |    4
 libncftp/ftp.c            |   31
 libncftp/ftw.c            |    2
 libncftp/io_getmem.c      |    2
 libncftp/io_list.c        |    6
 libncftp/io_sendfile.c    |    4
 libncftp/io_util.c        |    4
 libncftp/ncftp.h          |    2
 libncftp/open.c           |    4
 libncftp/rftw.c           |    2
 libncftp/rglobr.c         |    2
 libncftp/u_decodehost.c   |    2
 libncftp/u_decodeurl.c    |    2
 libncftp/u_getpass.c      |    2
 libncftp/u_misc.c         |    2
 libncftp/u_pathcat.c      |    4
 libncftp/u_scram.c        |    2
 libncftp/wincfg.h         |    1
 ncftp/cmds.c              |   38 -
 ncftp/gl_getline.c        |   26
 ncftp/ls.c                |    9
 ncftp/ls.h                |    9
 ncftp/progress.c          |    9
 ncftp/readln.c            |    4
 ncftp/shell.h             |   10
 ncftp/spoolutil.c         |    8
 ncftp/version.c           |    2
 sh/mksrctar.sh            |    1
 sh_util/gpshare.c         |   12
 sh_util/ncftpbatch.c      |  110 --
 sh_util/ncftpget.c        |    6
 sh_util/ncftpls.c         |    5
 sh_util/ncftpput.c        |   14
 sio/DNSUtil.c             |    4
 sio/Makefile.in           |   16
 sio/SBind.c               |   35
 sio/SConnect.c            |    9
 sio/SNew.c                |  115 ---
 sio/SRead.c               |    6
 sio/StrAddr.c             |    6
 sio/config.h.in           |   24
 sio/configure.in          |    8
 sio/sio.h                 |   18
 sio/wincfg.h              |    1
 vis/bmed.c                |   13
 vis/wgets.c               |   12
 vis/wgets.h               |    7
 vis/wutil.c               |    6
 vis/wutil.h               |    6

Upstream has been contacted to verify if this change was intentional and the
reason why. From the mail:

> Is this update intentional? Why was the tarball regenerated?

Yes.

The old hash was unfortunately already used in the 2017.02 (and .1)
releases, so just changing the hash and updating the tarball on
sources.buildroot.org would break ncftp for users of those releases.
Instead change to use the .tar.gz tarball as suggested by Arnout.

Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/pcsc-lite: bump version to 1.8.20
Bernd Kuhls [Fri, 21 Apr 2017 13:53:51 +0000 (15:53 +0200)]
package/pcsc-lite: bump version to 1.8.20

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoxorriso: disable libcdio
Baruch Siach [Sat, 22 Apr 2017 20:10:44 +0000 (23:10 +0300)]
xorriso: disable libcdio

xorriso and libcdio define identically named symbols. This breaks static
linking.

Besides, upstream suggested that on Linux the built-in libburn adapter is much
better tested than libcdio.

Disable libcdio.

Fixes:
http://autobuild.buildroot.net/results/430/430a6b548fcc311f20ea71cecaa11fafac1d5a19/
http://autobuild.buildroot.net/results/a5d/a5d0f8bec0d39e48f6dfe4ecc07fe0ca3c6bd70a/

Cc: Steve Kenton <skenton@ou.edu>
Suggested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Steve Kenton <skenton@ou.edu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agouclibc: update to 1.0.24
Waldemar Brodkorb [Sat, 22 Apr 2017 22:57:32 +0000 (00:57 +0200)]
uclibc: update to 1.0.24

Fixes aarch64 C++ issue. Removes old implementations for fnmatch/regex.
Allow long double wrappers for all architectures.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/bullet: bump to version 2.86.1
Romain Naour [Tue, 25 Apr 2017 21:32:02 +0000 (23:32 +0200)]
package/bullet: bump to version 2.86.1

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/xenomai: fallback to http
Romain Naour [Tue, 25 Apr 2017 21:26:12 +0000 (23:26 +0200)]
package/xenomai: fallback to http

The https protocol return:
"ERROR 503: Service Temporarily Unavailable"

Fixes:
http://autobuild.buildroot.net/results/120/12034603c46c8bd69590c88bbfe85261460b699c

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoimagemagick: add upstream security fix for CVE-2017-7606
Peter Korsgaard [Tue, 25 Apr 2017 15:35:54 +0000 (17:35 +0200)]
imagemagick: add upstream security fix for CVE-2017-7606

This is not yet part of any release.

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolibcroco: bump to version 0.6.12
Peter Korsgaard [Tue, 25 Apr 2017 14:17:00 +0000 (16:17 +0200)]
libcroco: bump to version 0.6.12

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolibcroco: add upstream security fixes
Peter Korsgaard [Tue, 25 Apr 2017 14:16:59 +0000 (16:16 +0200)]
libcroco: add upstream security fixes

These have been added to upstream git after 0.6.12 was released.

CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopython-web2py: security bump to version 2.14.6
Peter Korsgaard [Tue, 25 Apr 2017 13:44:23 +0000 (15:44 +0200)]
python-web2py: security bump to version 2.14.6

CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.

CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).

CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.

CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agominicom: security bump to version 2.7.1
Peter Korsgaard [Tue, 25 Apr 2017 11:44:34 +0000 (13:44 +0200)]
minicom: security bump to version 2.7.1

Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.

For more details about the issue, see the nice writeup on oss-security:

http://www.openwall.com/lists/oss-security/2017/04/18/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agobusybox: no need to disable clear and reset
Arnout Vandecappelle [Mon, 24 Apr 2017 20:13:23 +0000 (22:13 +0200)]
busybox: no need to disable clear and reset

Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.

Since commit 802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
  but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
  and busybox will no longer install them.

We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.

This partially reverts commit 33c72344a8686a136c1da6a056ed6c0945bbf8b7.

Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/aircrack-ng: bump version to 1.2-rc4
Bernd Kuhls [Fri, 21 Apr 2017 14:12:33 +0000 (16:12 +0200)]
package/aircrack-ng: bump version to 1.2-rc4

Removed patches applied upstream:

0001-Makefile-use-pkg-config-to-find-libpcre-it-s-more-cros.patch
http://trac.aircrack-ng.org/changeset/2445

0002-Optionally-use-LIBPCAP-for-required-libpcap-libraries.patch
http://trac.aircrack-ng.org/changeset/2446

0003-Wesside-ng-Use-termios-instead-of-sys-termios.patch
http://trac.aircrack-ng.org/changeset/2533

Added option to disable stack-protector support auto-detection in gcc.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/ccid: bump version to 1.4.26
Bernd Kuhls [Fri, 21 Apr 2017 13:53:03 +0000 (15:53 +0200)]
package/ccid: bump version to 1.4.26

Changed _SITE according to
http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20170102/000780.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/acsccid: bump version to 1.1.4
Bernd Kuhls [Fri, 21 Apr 2017 13:51:42 +0000 (15:51 +0200)]
package/acsccid: bump version to 1.1.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/acpica: bump version to 20170303
Bernd Kuhls [Fri, 21 Apr 2017 13:36:37 +0000 (15:36 +0200)]
package/acpica: bump version to 20170303

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/libgpgme: bump version to 1.9.0
Bernd Kuhls [Fri, 21 Apr 2017 13:25:44 +0000 (15:25 +0200)]
package/libgpgme: bump version to 1.9.0

Removed configure option --with-gpg, it was removed upstream in 2013:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=02ba35c1b6a2cbb3361b2f2ad507c53564b2be0b#patch3

[Peter: drop comment referring to --with-gpg option]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agosg3_utils: improve license description
Rahul Bedarkar [Fri, 21 Apr 2017 11:18:52 +0000 (16:48 +0530)]
sg3_utils: improve license description

Library is licensed under BSD-3-Clause. Some programs are licensed
under GPL-2.0+ while other are BSD-3-Clause. Annotate licenses with
components and improve readability of license strings when
conditionally specifying license for programs using := instead of +=.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolinux: bump default version to 4.10.12
Vicente Olivert Riera [Fri, 21 Apr 2017 09:07:46 +0000 (10:07 +0100)]
linux: bump default version to 4.10.12

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agolinux-headers: bump 4.{4,9,10}.x series
Vicente Olivert Riera [Fri, 21 Apr 2017 09:07:45 +0000 (10:07 +0100)]
linux-headers: bump 4.{4,9,10}.x series

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopython-pyopenssl: bump version to 17.0.0
Vicente Olivert Riera [Fri, 21 Apr 2017 09:36:24 +0000 (10:36 +0100)]
python-pyopenssl: bump version to 17.0.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agotcpreplay: bump version to 4.2.3
Vicente Olivert Riera [Fri, 21 Apr 2017 09:32:31 +0000 (10:32 +0100)]
tcpreplay: bump version to 4.2.3

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopackage/python-json-schema-validator: remove Python2 dependency
Andrey Smirnov [Tue, 25 Apr 2017 18:48:24 +0000 (11:48 -0700)]
package/python-json-schema-validator: remove Python2 dependency

python-json-schema-validator supports Python 3, so there's no reason
to limit it to Python 2 only.

Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/python-versiontools: remove Python2 dependency
Andrey Smirnov [Tue, 25 Apr 2017 18:48:06 +0000 (11:48 -0700)]
package/python-versiontools: remove Python2 dependency

python-versiontools supports Python 3, so there's no reason to limit
it to Python 2 only.

Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agobinutils: arc: fix 0301-PATCH-check-ldrunpath-length.patch after version bump
Zakharov Vlad [Mon, 24 Apr 2017 13:21:54 +0000 (16:21 +0300)]
binutils: arc: fix 0301-PATCH-check-ldrunpath-length.patch after version bump

This commit fixes another brown-paper-bag issue that I've introduced by
my following patch:
toolchain: Bump ARC tools to arc-2017.03-rc1
(5f8ef7e25c5cc5c2e4ae4c8b6e8caa029ddf9a94)

arc-2017.03-rc1 differs a bit from 2.28. And so corresponding
of-the-tree patch should be updated appropriately.

Fixes target binutils build for arc:
http://autobuild.buildroot.net/results/f67/f67c905979870936d8050a505b61186be6dad85d//

[Peter: tweak commit message]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agomongoose: bump to version 6.7
Davide Viti [Sun, 23 Apr 2017 20:33:10 +0000 (22:33 +0200)]
mongoose: bump to version 6.7

Signed-off-by: Davide Viti <zinosat@tiscali.it>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agompv: bump version to 0.25.0
Vicente Olivert Riera [Mon, 24 Apr 2017 09:42:18 +0000 (10:42 +0100)]
mpv: bump version to 0.25.0

Remove 0003-fix-build-with-have-gl.patch which is already included in
this release.

Remove --{enable|disable}-standard-gl configure option because it
doesn't exist.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopoppler: bump version to 0.54.0
Vicente Olivert Riera [Mon, 24 Apr 2017 09:33:11 +0000 (10:33 +0100)]
poppler: bump version to 0.54.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoharfbuzz: bump version to 1.4.6
Vicente Olivert Riera [Mon, 24 Apr 2017 09:25:02 +0000 (10:25 +0100)]
harfbuzz: bump version to 1.4.6

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agopython-dataproperty: bump version to 0.18.1
Vicente Olivert Riera [Mon, 24 Apr 2017 09:43:16 +0000 (10:43 +0100)]
python-dataproperty: bump version to 0.18.1

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agox265: bump version to 2.4
Vicente Olivert Riera [Mon, 24 Apr 2017 09:45:21 +0000 (10:45 +0100)]
x265: bump version to 2.4

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agoperl-gd: bump to version 2.66
Francois Perrad [Mon, 24 Apr 2017 07:15:43 +0000 (09:15 +0200)]
perl-gd: bump to version 2.66

remove last patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 years agosyslog-ng: disable mongodb
Baruch Siach [Fri, 21 Apr 2017 14:55:13 +0000 (17:55 +0300)]
syslog-ng: disable mongodb

libbson is a dependency of the mongo-c-driver that syslog-ng uses. Buildroot
doesn't package mongo-c-driver so syslog-ng uses the bundled one. The bundled
mongo-c-driver in turn may optionally use a bundled libbson. When Buildroot
builds libbson mongo-c-driver detects that and does not configure its bundled
libbson. This breaks the build of the syslog-ng mongodb module because it adds
the bundled libbson to the headers search path.

Disable the mongodb module to avoid this issue.

Fixes:
http://autobuild.buildroot.net/results/843/84331e9a168d8bdf2cceca8e9e1480611c1ecaed/
http://autobuild.buildroot.net/results/b5b/b5bad64abbf5764faf2a7129a1a25ad75c34980b/
http://autobuild.buildroot.net/results/3c3/3c32f4eb7436da06f3fb59f928363959df2a5e86/

Cc: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage makefiles: clean up backslash spacing.
Adam Duskett [Fri, 21 Apr 2017 15:24:48 +0000 (11:24 -0400)]
package makefiles: clean up backslash spacing.

The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/qt: fix header
Adam Duskett [Fri, 21 Apr 2017 15:24:52 +0000 (11:24 -0400)]
package/qt: fix header

The header was non-standard according to check-package.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/qt5: add comment header
Adam Duskett [Fri, 21 Apr 2017 15:24:51 +0000 (11:24 -0400)]
package/qt5: add comment header

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/xenomai: properly indent XENOMAI_DEVICES variable
Adam Duskett [Fri, 21 Apr 2017 15:24:50 +0000 (11:24 -0400)]
package/xenomai: properly indent XENOMAI_DEVICES variable

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/busybox: fix unexpected indent with tabs
Adam Duskett [Fri, 21 Apr 2017 15:24:49 +0000 (11:24 -0400)]
package/busybox: fix unexpected indent with tabs

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agotoolchain: Bump ARC tools to arc-2017.03-rc1
Zakharov Vlad [Fri, 21 Apr 2017 19:35:31 +0000 (22:35 +0300)]
toolchain: Bump ARC tools to arc-2017.03-rc1

This commit bumps ARC toolchain to arc-2017.03-rc1

Please note that it is a release candidate and it might contain some
breakages, please don't use it for production builds.

Also I have updated patches for binutils as our source files in
binutils differ comparing to 2.28.

Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage{protobuf,python-protobuf}: bump to v3.2.0
Mario J. Rugiero [Fri, 21 Apr 2017 16:06:37 +0000 (13:06 -0300)]
package{protobuf,python-protobuf}: bump to v3.2.0

Both packages are coupled, so both are bumped and build-tested.

The atomics' support patch is no longer needed, and neither is the
autoreconf option, and SPARC64 is no longer broken.

To make sure of this, one config of each of the following archs was
tested (base defconfig in parens):

 - PowerPC (qemu_ppc_g3beige_defconfig)
 - SPARC (qemu_sparc_ss10_defconfig)
 - SPARC64 (qemu_sparc64_sun4u_defconfig)

Signed-off-by: Mario J. Rugiero <mrugiero@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoperl-gd: bump to version 2.59
Francois Perrad [Sat, 22 Apr 2017 06:34:06 +0000 (08:34 +0200)]
perl-gd: bump to version 2.59

remove patches merged upstream

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: renumber patches.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agouboot: fix target uboot defconfig warning
Christian Stewart [Fri, 21 Apr 2017 19:57:07 +0000 (15:57 -0400)]
uboot: fix target uboot defconfig warning

The warning currently reads:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_DEFCONFIG setting.

It should read:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoe2fsprogs: use libblkid and libuuid from util-linux for host
Carlos Santos [Sat, 22 Apr 2017 11:59:48 +0000 (13:59 +0200)]
e2fsprogs: use libblkid and libuuid from util-linux for host

We have a host-util-linux, so we can use it to provide libblkid and
libuuid. This makes it consistent with the target package.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoe2fsprogs: remove uuidgen support
Carlos Santos [Sat, 22 Apr 2017 11:59:47 +0000 (13:59 +0200)]
e2fsprogs: remove uuidgen support

In fact, uuidgen was never built because we pass --disable-libuuid. So
the option was a NOP.

Remove the license info for libuuid.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout:
 - do not remove --disable-uuidd - even though that is implied by
   --disable-libuuid, it's better to be explicit about it;
 - remove license info of libuuid]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoe2fsprogs: change into menuconfig
Carlos Santos [Sat, 22 Apr 2017 11:59:46 +0000 (13:59 +0200)]
e2fsprogs: change into menuconfig

We decided some time ago that config entries with 5 or more suboptions
should be turned into a menuconfig. e2fsprogs has many more than that.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoe2fsprogs: add missing arch depends to comment
Carlos Santos [Sat, 22 Apr 2017 11:59:45 +0000 (13:59 +0200)]
e2fsprogs: add missing arch depends to comment

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoe2fsprogs: change upstream URL sf.net -> sourceforge.net
Carlos Santos [Sat, 22 Apr 2017 11:59:44 +0000 (13:59 +0200)]
e2fsprogs: change upstream URL sf.net -> sourceforge.net

sf.net redirects to sourceforge.net, so directly use that as upstream
URL. Config.in.host already uses that URL.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout: remove trailing /]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/xen: Use POSIX complaint header includes
Alistair Francis [Fri, 21 Apr 2017 17:29:33 +0000 (10:29 -0700)]
package/xen: Use POSIX complaint header includes

To fix build issues when using the musl library use POSIX compatible
library inclues.

This fixes this autobuilder issue:
http://autobuild.buildroot.net/results/1aa/1aa1303f60372f51aa5a7eb18caac4a5b5c1d9d4/build-end.log

These two patches have been by accepted upstream Xen and will be in 4.9:
http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=b4cd5173183fbc118e2dc2a0d2e0d5038daf4fb5
http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=4703a9ba9bb0c9c2804813ffe0943177d5f96039

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agotslib: update to 1.9
Martin Kepplinger [Fri, 21 Apr 2017 06:26:47 +0000 (08:26 +0200)]
tslib: update to 1.9

The curious ones will find the release notes here:

    https://github.com/kergoth/tslib/releases

Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agonetsniff-ng: bump to version 0.6.3
Baruch Siach [Wed, 19 Apr 2017 18:31:47 +0000 (21:31 +0300)]
netsniff-ng: bump to version 0.6.3

Drop upstream patch.

Add two more patches to deal with musl build issues.

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agonetsniff-ng: fix static build with netfilter_conntrack
Baruch Siach [Wed, 19 Apr 2017 18:31:46 +0000 (21:31 +0300)]
netsniff-ng: fix static build with netfilter_conntrack

Use pkg-config to determine link flags.

Fixes:
http://autobuild.buildroot.net/results/0ef/0efb90d69fdffafe0630e6507d40198bfb1c5818/
http://autobuild.buildroot.net/results/0ea/0eaf15dd387961641b42d977c49804fe8872074b/
http://autobuild.buildroot.net/results/43d/43d3f2d54deb9d095a4f8cbf70a7b933c09ed618/

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agonetsniff-ng: use upstream provided tarball
Baruch Siach [Wed, 19 Apr 2017 18:31:45 +0000 (21:31 +0300)]
netsniff-ng: use upstream provided tarball

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agolibcurl: bump version to 7.54.0 (security)
Vicente Olivert Riera [Wed, 19 Apr 2017 09:07:42 +0000 (10:07 +0100)]
libcurl: bump version to 7.54.0 (security)

Security fixes:
 - CVE-2017-7468: switch off SSL session id when client cert is used

Full changelog: https://curl.haxx.se/changes.html

Removing 0001-CVE-2017-7407.patch. It's included in this release:
  https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agocjson: bump version to v1.4.7
Vicente Olivert Riera [Wed, 19 Apr 2017 09:02:29 +0000 (10:02 +0100)]
cjson: bump version to v1.4.7

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: add string option for additional configure options
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:07 +0000 (22:00 +0200)]
xenomai: add string option for additional configure options

Xenomai has many configure options that users may or may not want to set.
Providing individual Buildroot config options for every single one of them
is not maintainable.

Therefore, add a string option to allow the needed flexibility.
Important options, or those that have 'select/depends on' impact, can still
be turned into real Buildroot config options.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: rewrap Config.in help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: add support for registry
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:06 +0000 (22:00 +0200)]
xenomai: add support for registry

Add a config option to enable the Xenomai registry, which allows accessing
internal Xenomai state.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas:
 - add missing Config.in comment.
 - rewrap Config.in help text.
 - tweak the .mk file logic for the registry path to avoid the super
   long line.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: restrict installed files further
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:05 +0000 (22:00 +0200)]
xenomai: restrict installed files further

Xenomai 3 installs quite some utils and other programs to the target
filesystem, many of which will not be used by most users.

As it is currently unclear which utils are effectively useful, and as it is
undesirable to create config options for each individual util, remove all
remaining utils such that only the Xenomai libraries remain.

At the point it becomes clear that certain utils _are_ desired by some
users, we can identify how to group them in relevant config options.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: update list of testsuite files
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:04 +0000 (22:00 +0200)]
xenomai: update list of testsuite files

Since Xenomai 3, the list of installed binaries/scripts of the testsuite is
different than before.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: update list of Analogy installed files
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:03 +0000 (22:00 +0200)]
xenomai: update list of Analogy installed files

Since Xenomai 3, the list of files installed for Analogy is longer, causing
the extra files to remain on the target filesystem even if Analogy is not
selected.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: add option for Smokey skin
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:02 +0000 (22:00 +0200)]
xenomai: add option for Smokey skin

Xenomai has a skin 'Smokey' that Buildroot is currently unaware of, which
means that the associated files are present on target even though most users
will not need them.

Add a config option and associated logic to remove the skin if not selected.

Additionally, fixup order of VxWorks skin removal entry.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: group skin selection in separate menu and cleanup
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:01 +0000 (22:00 +0200)]
xenomai: group skin selection in separate menu and cleanup

Clarify the Xenomai config options by grouping the skin-related options in a
separate menu.

Additionally:
- update proper capitalization of skin names
- sort entries
- replace 'skin library' by 'skin' to match the terminology in Xenomai
  sources

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: native skin is now called alchemy
Thomas De Schampheleire [Wed, 19 Apr 2017 20:00:00 +0000 (22:00 +0200)]
xenomai: native skin is now called alchemy

Since the introduction of Xenomai 3, the native skin is dubbed Alchemy.
Update the config menu (but leave the symbol name to avoid hurting existing
users needlessly) and fix the unselected-skin cleanup code.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agoxenomai: update LICENSE_FILES
Thomas De Schampheleire [Wed, 19 Apr 2017 19:59:59 +0000 (21:59 +0200)]
xenomai: update LICENSE_FILES

Xenomai sources contain much more license files than we currently list, so
complete the current list.

Based on:
    find | grep -Ei 'copying|license|copyright' | sort

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agomutt: bump version to 1.8.2
Vicente Olivert Riera [Wed, 19 Apr 2017 09:25:51 +0000 (10:25 +0100)]
mutt: bump version to 1.8.2

0001-nodoc.patch is no longer necessary since a new --disable-doc
configure option has been added by this commit:
  https://dev.mutt.org/hg/mutt/rev/b45bfce1bb0e

Use that option and remove the patch. Since we are not patching
Makefile.am we also don't need to autoreconf.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agogtest: fix usage on ARM platforms
Carlos Santos [Wed, 19 Apr 2017 11:51:52 +0000 (08:51 -0300)]
gtest: fix usage on ARM platforms

Ensure that GTest is compiled with -fPIC to allow linking the static
libraries with dynamically linked programs. This is not a requirement
for most architectures but is mandatory for ARM.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agocheck-package: move parts to subdirectory
Ricardo Martincoski [Wed, 19 Apr 2017 18:06:21 +0000 (15:06 -0300)]
check-package: move parts to subdirectory

Currently the check-package script uses many files in the same
directory. This commit keeps the main script in support/scripts/ and
moves the rest into a subdirectory.

The modules were previously prefixed to make it easy to identify which
script they belong to. This is no longer needed when using a
subdirectory, so the prefix is removed.

Note: if this commit is checked out and the script is run, and later on
a previous version is checked out, the file
support/scripts/checkpackagelib/__init__.pyc needs to be manually
removed to prevent Python interpreter to look for checkpackagelib
package when only the checkpackagelib module is available.

Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agopackage/eudev: bump version to 3.2.2
Bernd Kuhls [Thu, 20 Apr 2017 07:06:13 +0000 (09:06 +0200)]
package/eudev: bump version to 3.2.2

Removed patch 0001 applied upstream:
https://github.com/gentoo/eudev/commit/c0f63850ad29ec978d070a08b816dc2bfca337e3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agodownload/git: clarify why .git is removed
Ricardo Martincoski [Thu, 20 Apr 2017 06:36:47 +0000 (03:36 -0300)]
download/git: clarify why .git is removed

The removal of the .git dir before creating the tarball is not anymore
just an optimization. It is necessary to make the tarball reproducible.
Also, without the removal, large tarballs (gigabytes) would be created
for some linux trees.

Update the comment accordingly.

Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agotzdata: bump to version 2017b
Baruch Siach [Thu, 20 Apr 2017 12:02:46 +0000 (15:02 +0300)]
tzdata: bump to version 2017b

Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agozic: bump to version 2017b
Baruch Siach [Thu, 20 Apr 2017 12:02:45 +0000 (15:02 +0300)]
zic: bump to version 2017b

Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agodbus: bump to version 1.10.18
Baruch Siach [Thu, 20 Apr 2017 11:21:29 +0000 (14:21 +0300)]
dbus: bump to version 1.10.18

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agolibnss: security bump to version 3.30.2
Baruch Siach [Thu, 20 Apr 2017 17:34:29 +0000 (20:34 +0300)]
libnss: security bump to version 3.30.2

CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).

CVE-2017-5462 - DRBG flaw in NSS

Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.

Drop upstream 0003-it-uninitialized-fix.patch.

Renumber the remaining patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agolibnspr: bump to version 4.14
Baruch Siach [Thu, 20 Apr 2017 17:34:28 +0000 (20:34 +0300)]
libnspr: bump to version 4.14

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
8 years agozsh: bump to version 5.3.1
Baruch Siach [Thu, 20 Apr 2017 12:33:52 +0000 (15:33 +0300)]
zsh: bump to version 5.3.1

Cc: Phil Eichinger <phil.eichinger@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>