Yann E. MORIN [Sun, 23 Apr 2017 20:30:56 +0000 (22:30 +0200)]
package/qt5declarative: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for qt5declarative will be there to be consulted as
well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:55 +0000 (22:30 +0200)]
package/qt5connectivity: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for qt5connectivity will be there to be consulted as
well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:54 +0000 (22:30 +0200)]
package/qt5canvas: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for qt5canvas will be there to be consulted as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:53 +0000 (22:30 +0200)]
package/qt53d: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for qt53d will be there to be consulted as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:52 +0000 (22:30 +0200)]
package/qt5base: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for qt5base will be there to be consulted as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:51 +0000 (22:30 +0200)]
package/qt: always use the opensource license
We never ask the user to confirm their assent about the use of a free
license; there is no reason we do so for Qt.
The output of legal-info is there to gather all the licenses used in a
build; the license for Qt will be there to be consulted as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:50 +0000 (22:30 +0200)]
package/qt5base: default to approved license
The only license we can act upon in Buildroot is the publicly
available license.
Qt can come under non-free licenses, but we have no access to
such licenses. The conditions to access the code under those
non-free, non-public licenses is unknown.
Besides, Qt5 (with Qt) is the only package that has this choice;
for other packages in a similar situation, we only use the free,
publicly-known licenses.
Finally, the name of the tarballs we download clearly hint that
they can only be used under the free license.
Drop the prompt to the accepted license, and make it mandatory;
packages will be adapted in follow-up patches.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 23 Apr 2017 20:30:49 +0000 (22:30 +0200)]
package/qt: default to approved license
The only license we can act upon in Buildroot is the publicly
available license.
Qt can come under non-free licenses, but we have no access to
such licenses. The conditions to access the code under those
non-free, non-public licenses is unknown.
Besides, Qt (with Qt5) is the only package that has this choice;
for other packages in a similar situation, we only use the free,
publicly-known licenses.
Finally, the name of the tarballs we download clearly hint that
they can only be used under the free license.
Drop the prompt to the accepted license, and make it mandatory;
packages will be adapted in follow-up patches.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Martin Kepplinger [Sat, 29 Apr 2017 13:46:24 +0000 (15:46 +0200)]
DEVELOPERS: add Martin Kepplinger to relevant packages
* tslib: upstream maintainer
* xf86-input-tslib: upstream maintainer
* x11vnc: somewhat interested
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 13:43:16 +0000 (15:43 +0200)]
package/libsquish: fix .pc file name
squish.pc was renamed upstream to libsquish.pc
Fixes
http://autobuild.buildroot.net/results/
04c30f9a425d10111974a315a6d7474e243cbbd3/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Thu, 27 Apr 2017 20:19:08 +0000 (23:19 +0300)]
protobuf: fix musl build
Add upstream patch fixing conflict with musl defined major/minor macros.
Fixes:
http://autobuild.buildroot.net/results/fc5/
fc5ea266eecb6ecab011ea3542f0bb680fb8fb3b/
http://autobuild.buildroot.net/results/3b3/
3b3fe16978f19e65a6c6dc1712d72cb349eed0d5/
http://autobuild.buildroot.net/results/1da/
1dac9d5e49342700036c90ed4785fff7398b8966/
Cc: Mario J. Rugiero <mrugiero@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Mario J. Rugiero <mrugiero@gmail.com>
Tested-by: Mario J. Rugiero <mrugiero@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 13:28:34 +0000 (15:28 +0200)]
package/kodi: remove RPi-specific restriction from Config.in
Requested by Thomas:
http://lists.busybox.net/pipermail/buildroot/2017-April/190780.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Martin Kepplinger [Sat, 29 Apr 2017 13:00:34 +0000 (15:00 +0200)]
x11vnc: update to 0.9.14
This switches to x11vnc's new upstream location at github. Autoreconf is
added because it's only a code snapshot release. Subsequent releases
will most probably look the same, see
https://github.com/LibVNC/x11vnc/issues/35#issuecomment-
297474900
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 13:05:08 +0000 (15:05 +0200)]
package/kodi: extend comment about non-RPi options
Suggested by Thomas:
http://lists.busybox.net/pipermail/buildroot/2017-April/190767.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: improve wording.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Sat, 29 Apr 2017 13:07:22 +0000 (15:07 +0200)]
openocd: renumber patch
Patch 0001 was removed a while ago, so rename the 0002 patch to 0001.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Christophe PRIOUZEAU [Fri, 28 Apr 2017 14:34:34 +0000 (14:34 +0000)]
openocd: bump to 0.10.0
Some configure options have been renamed. Support for the deprecated
FT2232 devices has been removed in this release, so remove this option.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
[Thomas:
- Add Config.in.legacy handling, suggested by Arnout.
- Improve commit log with more details, suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 12:27:32 +0000 (14:27 +0200)]
package/kodi: optimise libva/libvdpau dependencies
Suggested by Thomas:
http://lists.busybox.net/pipermail/buildroot/2017-April/190703.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Andy Shevchenko [Tue, 21 Mar 2017 16:02:36 +0000 (18:02 +0200)]
package/uclibc: enable wordexp functionality
Wordexp support is needed by more and more packages, recently
bluez5_utils. It adds only ~16 KB to uClibc, so let's add it by default
to keep things simple.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: rework commit message.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Fri, 28 Apr 2017 14:07:58 +0000 (17:07 +0300)]
ola: mark as broken
Build with current protobuf is broken. Mark as broken until upstream resolves
this issue.
https://github.com/OpenLightingProject/ola/issues/1192
Fixes:
http://autobuild.buildroot.net/results/d9a/
d9a24f7b715100be1580a568a5e3ff72b0389165/
http://autobuild.buildroot.net/results/b31/
b314811dedce04ebdc779df67de6cb59a1880cac/
http://autobuild.buildroot.net/results/587/
5877b2301b7da43c50127a4c5f648acd3b0264cc/
Cc: Dave Skok <blanco.ether@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Martin Kepplinger [Fri, 28 Apr 2017 13:33:54 +0000 (15:33 +0200)]
x11r7: xdriver_xf86-input-tslib: update to 0.0.7
The patches are removed as they are part of this release. 0.0.7 is a
bugfix and compatibility release to keep this usable for on newer systems.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Martin Kepplinger [Fri, 28 Apr 2017 12:36:15 +0000 (14:36 +0200)]
x11r7: xdriver_xf86-input-tslib: new upstream location
This switches upstream to the Github project where xf86-input-tslib is
currently maintained - in cooperation with Pengutronix, who had hosted
the tarball release up until now.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
[Thomas: fix XDRIVER_XF86_INPUT_TSLIB_SITE value.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 11:14:10 +0000 (13:14 +0200)]
package/kodi: add optional support for pulseaudio
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 10:55:44 +0000 (12:55 +0200)]
package/kodi-visualisation-goom: bump version
This bump fixes a compile error on powerpc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:50 +0000 (10:37 +0200)]
package/libsquish: bump version to 1.15
Added md5 hash provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:49 +0000 (10:37 +0200)]
package/libsquish: Remove Kodi-specific patch
Kodi 17 does not depend on libsquish anymore:
https://github.com/xbmc/xbmc/commit/
ed03f828be3615d294eb4a4cfccc5cdccec22997
We can therefore remove the patch which was needed for Kodi <= 16.x.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:46 +0000 (10:37 +0200)]
package/kodi: add optional support for lcms2
Support was added by https://github.com/xbmc/xbmc/pull/11846
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:45 +0000 (10:37 +0200)]
package/kodi: add optional support for event clients
For details read
https://github.com/xbmc/xbmc/blob/master/tools/EventClients/README.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:43 +0000 (10:37 +0200)]
package/kodi: libxslt is an optional package
After this commit
https://github.com/xbmc/xbmc/commit/
bad3902b4a2538a433f858c97b2cf91c44c7feff
libxslt, together with libxml2, are an optional package.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:42 +0000 (10:37 +0200)]
package/kodi: add optional support for bluez5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: add missing dependency on BR2_TOOLCHAIN_HAS_SYNC_4 from
bluez5_utils.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:41 +0000 (10:37 +0200)]
package/kodi-visualisation-shadertoy: bump version
Rebased patch 0001.
Upstream removed the optional dependency to libglew:
https://github.com/notspiff/visualization.shadertoy/commit/
11371c4e85f6eebdb8717c6e08d292e0e9b1841d
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:40 +0000 (10:37 +0200)]
package/kodi-visualisation-waveforhue: bump version
Changed upstream repo as per:
https://github.com/notspiff/visualization.waveforhue/pull/3#issuecomment-
221105720
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:39 +0000 (10:37 +0200)]
package/kodi-visualisation-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:38 +0000 (10:37 +0200)]
package/kodi-screensaver-rsxs: bump version
ac_cv_type__Bool=yes is needed to fix compilation with gcc >= 5.
Added patch to fix X.org includes.
Added dependency for libpng previously provided by Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:37 +0000 (10:37 +0200)]
package/kodi-screensaver-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:36 +0000 (10:37 +0200)]
package/kodi-audiodecoder-timidity: bump version
kodi-platform is not a dependency anymore:
https://github.com/notspiff/audiodecoder.timidity/commit/
b7ae86ad860b562f08ab02d9e87a546d99f1bb51
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:35 +0000 (10:37 +0200)]
package/kodi-audiodecoder-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:34 +0000 (10:37 +0200)]
package/kodi-audioencoder-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:33 +0000 (10:37 +0200)]
package/kodi-adsp-freesurround: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:32 +0000 (10:37 +0200)]
package/kodi-adsp-basic: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:31 +0000 (10:37 +0200)]
package/kodi-pvr-nextpvr: bump version to 2.4.11
Removed patch applied upstream:
https://github.com/kodi-pvr/pvr.nextpvr/commit/
9e042807f1ce18df6937312cb0abded24d09bfb7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:30 +0000 (10:37 +0200)]
package/kodi-pvr-mythtv: bump version to 4.15.0
Upstream repo was changed:
https://github.com/xbmc/repo-binary-addons/commit/
cf93c8be639a3122db3ecb11c0b42d76e2e1da98
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:29 +0000 (10:37 +0200)]
package/kodi-pvr-*: mass version bump
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:28 +0000 (10:37 +0200)]
package/kodi: bump to version 17.1-Krypton
Removed unneeded patches
- 0001-Fixup-include-path.patch (not needed after CMake switch)
- 0005-native-TexturePacker-fix-compilation-with-gcc-4.6.patch
(applied upstream)
- 0006-ffmpeg30.patch (was backported from 17.0-Krypton to 16.0-Jarvis)
- 0007-exif-Fix-for-out-of-memory-errors-with-large-numbers.patch
(was backported from 17.0-Krypton to 16.0-Jarvis)
- 0008-Fix-nullpadding-issue-when-reading-certain-id3v1-tag.patch
(was backported from 17.0-Krypton to 16.0-Jarvis)
- 0009-lib-cximage-6.0-fix-compilation-with-gcc6.patch
(cximage was removed in bump from 16.x to 17.0)
- 0010-curl-support-version-7.5.0-and-upwards.patch
(applied upstream)
- 0011-xbmc_pvr_types.h-Fix-compilation-with-gcc6.patch
(applied upstream)
- 0012-Fix_includes_in_amcodec.patch
(was backported from 17.0-Krypton to 16.0-Jarvis)
Rebased patches
- 0004-kodi-config.cmake-use-CMAKE_FIND_ROOT_PATH-to-fix-cr.patch
also renamed to 0001-...
Removed dependencies not needed anymore:
- boost
https://github.com/xbmc/xbmc/commit/
41ae93f0913f7ba72087a48370f8d66a3eac9fcc
- giflib
https://github.com/xbmc/xbmc/commit/
d44338baf1f6d1e6b76cd7dbab6453d76cc2ac31
- jasper/tiff
https://github.com/xbmc/xbmc/commit/
00724eb109a702f0098089d849f7c02ea173a4a9
- jpeg
https://github.com/xbmc/xbmc/commit/
7d5bdfb9a09348bde92b323ef6077b5e75edaca7
- libdcadec
https://github.com/xbmc/xbmc/commit/
378eb2687c1da5f97ef47c78431033b52f0d4417
- libglew
https://github.com/xbmc/xbmc/commit/
03ff0d5ea02963b1283fe8bc7c1bad18f2dd97b6
- libgcrypt
was already an optional dependency in Kodi 16, not part of the CMake
buildsystem anymore
- libmpeg2
https://github.com/xbmc/xbmc/commit/
d22c829d67937e8d03fdac8f8b0bf2d1fa8fbf70
- libogg/libvorbis
https://github.com/xbmc/xbmc/commit/
4c609691776ab845d83153e19d191b7fd445edb9
- libpng
https://github.com/xbmc/xbmc/commit/
be6b50c6c3f91809a9045c199d054cbc1d637d5d
- librtmp, the new rtmp inputstream addon will be added later
https://github.com/xbmc/xbmc/commit/
d04f43a4eb6f920cc42a28627b580f17e2be1bb5
- libsquish
https://github.com/xbmc/xbmc/commit/
ed03f828be3615d294eb4a4cfccc5cdccec22997
- xlib_libXmu
- xlib_libXt
Switched to CMake, autoconf was deprecated:
https://github.com/xbmc/xbmc/pull/10797
The dependency for egl/gles on arm, formerly enforced by the automake
build system, was not ported to CMake.
Bumped BR2_TOOLCHAIN_GCC_AT_LEAST to 4.8 to fix build errors with
gcc-4.7 found while testing
http://autobuild.buildroot.net/toolchains/configs/sourcery-x86.config
For details please read
http://lists.busybox.net/pipermail/buildroot/2017-April/190195.html
Added hard-dependency for libegl, needed after
https://github.com/xbmc/xbmc/commit/
0ac305f7cf82e98021b6e0d70c3d4c51fc1cf18a
Libva support depends on X11
https://github.com/xbmc/xbmc/blob/Krypton/project/cmake/modules/FindVAAPI.cmake#L42
and OpenGL/EGL
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/cores/VideoPlayer/DVDCodecs/Video/VAAPI.h#L23
Libvdpau support depends on X11
https://github.com/xbmc/xbmc/blob/Krypton/project/cmake/modules/FindVDPAU.cmake#L21
and OpenGL/EGL
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/cores/VideoPlayer/DVDCodecs/Video/VDPAU.h#L43
Updated clean-up hook and added host-xmlstarlet as dependency to
manipulate the list of default system addons in addon-manifest.xml.
Added dependency to BR2_ENABLE_LOCALE, needs iconv_open:
https://github.com/xbmc/xbmc/blob/Krypton/xbmc/utils/CharsetConverter.cpp#L200
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:27 +0000 (10:37 +0200)]
package/kodi-texturepacker: new host package
Needed for upcoming kodi version bump to 17.1-Krypton which will also
switch the kodi build system to CMake.
"-std=c++0x" is needed to maintain compatability with host-gcc 4.6.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: move texturepacker patch from Kodi package, use SPDX license
code, minor tweaks.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:26 +0000 (10:37 +0200)]
package/kodi-jsonschemabuilder: new host package
Needed for upcoming kodi version bump to 17.1-Krypton which will also
switch the kodi build system to CMake.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not add texturepacker patch in this commit, use SPDX license
code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:25 +0000 (10:37 +0200)]
package/xmlstarlet: add host variant
Needed for the Kodi skin package to control the default skin setup.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:24 +0000 (10:37 +0200)]
package/libcec: bump version to 4.0.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:23 +0000 (10:37 +0200)]
package/kodi-platform: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:22 +0000 (10:37 +0200)]
package/libplatform: bump version
Replaced patch 0001 with an alternate solution.
Updated license info after
https://github.com/Pulse-Eight/platform/commit/
a1e5905874d5cdbce110344558d21a2810dead9c
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 08:37:21 +0000 (10:37 +0200)]
package/kodi-visualisation-fountain: remove package
Remove broken package:
https://github.com/notspiff/visualization.fountain/issues/1#issuecomment-
166156021
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 09:04:49 +0000 (11:04 +0200)]
package/libsodium: bump version to 1.0.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 29 Apr 2017 09:02:03 +0000 (11:02 +0200)]
package/pure-ftpd: bump version to 1.0.46
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 28 Apr 2017 07:49:30 +0000 (09:49 +0200)]
ghostscript: add upstream security fixes for CVE-2017-8291
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.
For more details, see https://bugzilla.suse.com/show_bug.cgi?id=
1036453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Abhimanyu Vishwakarma [Mon, 24 Apr 2017 05:26:53 +0000 (10:56 +0530)]
Add defconfig for MIPS Creator ci40
Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Abhimanyu Vishwakarma [Mon, 24 Apr 2017 05:24:45 +0000 (10:54 +0530)]
genimage.sh: fix calling from BR2_ROOTFS_POST_IMAGE_SCRIPT
When called from BR2_ROOTFS_POST_IMAGE_SCRIPT, this script
ends up with following error:
Error: Missing argument
This is because, an extra positional argument is also passed
along with BR2_ROOTFS_POST_SCRIPT_ARGS. genimage.sh didn't
have support to parse positional and optional arguments
together.
Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.V@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ricardo Martincoski [Mon, 24 Apr 2017 01:33:56 +0000 (22:33 -0300)]
docs/manual: PEP8 coding style for Python scripts
The advantages of using a pre-existing coding style instead of creating
our own are:
- documenting on the manual takes a single sentence;
- there are automatic tools to help during development/review.
So document that PEP8 recommendation should be followed.
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 27 Apr 2017 07:37:18 +0000 (09:37 +0200)]
python-django: security bump to version 1.10.7
Fixes the following security issues:
Since 1.10.3:
CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle
Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.
CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True
Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled. A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.
Since 1.10.7:
CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs
It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe. A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.
CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()
Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view. Note that this view is not intended for
production use.
Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 27 Apr 2017 14:40:41 +0000 (16:40 +0200)]
package/live555: bump version to 2017.04.26
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Thu, 27 Apr 2017 13:43:29 +0000 (14:43 +0100)]
linux: bump default version to 4.10.13
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Thu, 27 Apr 2017 13:43:28 +0000 (14:43 +0100)]
linux-headers: bump 4.{4,9,10}.x series
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Thu, 27 Apr 2017 12:52:02 +0000 (07:52 -0500)]
package/libqmi: bump version to 1.18.0
udev support was added with this bump, however
the support was disabled, as Buildroot currently
doesn't support the gudev package. libqmi is
looking for the Gobject bindings provided by
that package to access libudev.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 27 Apr 2017 11:30:14 +0000 (14:30 +0300)]
aircrack-ng: don't build SSE code for non SSE target
Fixes:
http://autobuild.buildroot.net/results/763/
7631470016f923e8f4a7696e65437c71b8668b6e/
http://autobuild.buildroot.net/results/621/
621588651b5cf54726bbf5361399a2dc301b8a29/
http://autobuild.buildroot.net/results/628/
628a66ef766308fba699f1faa942306e600e5575/
Cc: Laurent Cans <laurent.cans@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 27 Apr 2017 10:50:58 +0000 (13:50 +0300)]
libnl: add upstream security fix
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a
local malicious application to execute arbitrary code within the context of
the Wi-Fi service
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1511855.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 21:58:14 +0000 (23:58 +0200)]
tiff: add upstream security fixes
Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:
CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.
CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.
CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.
CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.
CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.
CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.
CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.
CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.
CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.
CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.
CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.
CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 12:57:13 +0000 (14:57 +0200)]
icu: add upstream security fix for utf-8 handling
Fixes:
CVE-2017-7867 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_setNativeIndex* function.
CVE-2017-7868 - International Components for Unicode (ICU) for C/C++ before
2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow
related to the utf8TextAccess function in common/utext.cpp and the
utext_moveIndex32* function.
Upstream: http://bugs.icu-project.org/trac/changeset/39671
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Kepplinger [Thu, 27 Apr 2017 09:15:13 +0000 (11:15 +0200)]
tslib: speed up the build by skipping autoreconf
We are not carrying any patches modifying auto* files, so autoreconf isn't
needed.
[Peter: extend commit message]
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Steve Kenton [Thu, 27 Apr 2017 05:29:21 +0000 (05:29 +0000)]
tovid: bump version to 0.35.2
Signed-off-by: Steve Kenton <skenton@ou.edu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Waldemar Brodkorb [Thu, 27 Apr 2017 05:36:09 +0000 (07:36 +0200)]
libmpeg2: fix sparc32 build
The output detection recognized wrong target output, because
sparcv9 optimization flags used for sparcv8 build.
Fixes:
http://autobuild.buildroot.net/results/
1b3158b03f7eaf5afb5a4dab9526091888f6c9b8
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Wed, 26 Apr 2017 12:31:23 +0000 (15:31 +0300)]
DEVELOPERS: remove bouncing email address
The DEVELOPERS email address of Waldemar Rymarkiewicz is bouncing. Remove his
entry.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 11:52:14 +0000 (13:52 +0200)]
libsndfile: security bump to version 1.0.28
Fixes:
CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 26 Apr 2017 06:48:24 +0000 (08:48 +0200)]
ncftp: use tar.gz to workaround upstream changing tarball post-release
As explained here:
http://lists.busybox.net/pipermail/buildroot/2017-March/185550.html
Upstream has silently updated their 3.2.6 tarball some time between our
version bump in late November and December 4th. The changed tarball also
contains a significant amount of source changes:
libncftp/c_opennologin.c | 4
libncftp/ftp.c | 31
libncftp/ftw.c | 2
libncftp/io_getmem.c | 2
libncftp/io_list.c | 6
libncftp/io_sendfile.c | 4
libncftp/io_util.c | 4
libncftp/ncftp.h | 2
libncftp/open.c | 4
libncftp/rftw.c | 2
libncftp/rglobr.c | 2
libncftp/u_decodehost.c | 2
libncftp/u_decodeurl.c | 2
libncftp/u_getpass.c | 2
libncftp/u_misc.c | 2
libncftp/u_pathcat.c | 4
libncftp/u_scram.c | 2
libncftp/wincfg.h | 1
ncftp/cmds.c | 38 -
ncftp/gl_getline.c | 26
ncftp/ls.c | 9
ncftp/ls.h | 9
ncftp/progress.c | 9
ncftp/readln.c | 4
ncftp/shell.h | 10
ncftp/spoolutil.c | 8
ncftp/version.c | 2
sh/mksrctar.sh | 1
sh_util/gpshare.c | 12
sh_util/ncftpbatch.c | 110 --
sh_util/ncftpget.c | 6
sh_util/ncftpls.c | 5
sh_util/ncftpput.c | 14
sio/DNSUtil.c | 4
sio/Makefile.in | 16
sio/SBind.c | 35
sio/SConnect.c | 9
sio/SNew.c | 115 ---
sio/SRead.c | 6
sio/StrAddr.c | 6
sio/config.h.in | 24
sio/configure.in | 8
sio/sio.h | 18
sio/wincfg.h | 1
vis/bmed.c | 13
vis/wgets.c | 12
vis/wgets.h | 7
vis/wutil.c | 6
vis/wutil.h | 6
Upstream has been contacted to verify if this change was intentional and the
reason why. From the mail:
> Is this update intentional? Why was the tarball regenerated?
Yes.
The old hash was unfortunately already used in the 2017.02 (and .1)
releases, so just changing the hash and updating the tarball on
sources.buildroot.org would break ncftp for users of those releases.
Instead change to use the .tar.gz tarball as suggested by Arnout.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 13:53:51 +0000 (15:53 +0200)]
package/pcsc-lite: bump version to 1.8.20
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sat, 22 Apr 2017 20:10:44 +0000 (23:10 +0300)]
xorriso: disable libcdio
xorriso and libcdio define identically named symbols. This breaks static
linking.
Besides, upstream suggested that on Linux the built-in libburn adapter is much
better tested than libcdio.
Disable libcdio.
Fixes:
http://autobuild.buildroot.net/results/430/
430a6b548fcc311f20ea71cecaa11fafac1d5a19/
http://autobuild.buildroot.net/results/a5d/
a5d0f8bec0d39e48f6dfe4ecc07fe0ca3c6bd70a/
Cc: Steve Kenton <skenton@ou.edu>
Suggested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Steve Kenton <skenton@ou.edu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Waldemar Brodkorb [Sat, 22 Apr 2017 22:57:32 +0000 (00:57 +0200)]
uclibc: update to 1.0.24
Fixes aarch64 C++ issue. Removes old implementations for fnmatch/regex.
Allow long double wrappers for all architectures.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Tue, 25 Apr 2017 21:32:02 +0000 (23:32 +0200)]
package/bullet: bump to version 2.86.1
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Tue, 25 Apr 2017 21:26:12 +0000 (23:26 +0200)]
package/xenomai: fallback to http
The https protocol return:
"ERROR 503: Service Temporarily Unavailable"
Fixes:
http://autobuild.buildroot.net/results/120/
12034603c46c8bd69590c88bbfe85261460b699c
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 15:35:54 +0000 (17:35 +0200)]
imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 14:17:00 +0000 (16:17 +0200)]
libcroco: bump to version 0.6.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 14:16:59 +0000 (16:16 +0200)]
libcroco: add upstream security fixes
These have been added to upstream git after 0.6.12 was released.
CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.
CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 13:44:23 +0000 (15:44 +0200)]
python-web2py: security bump to version 2.14.6
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.
CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).
CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.
CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 25 Apr 2017 11:44:34 +0000 (13:44 +0200)]
minicom: security bump to version 2.7.1
Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.
For more details about the issue, see the nice writeup on oss-security:
http://www.openwall.com/lists/oss-security/2017/04/18/5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Arnout Vandecappelle [Mon, 24 Apr 2017 20:13:23 +0000 (22:13 +0200)]
busybox: no need to disable clear and reset
Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.
Since commit
802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
and busybox will no longer install them.
We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.
This partially reverts commit
33c72344a8686a136c1da6a056ed6c0945bbf8b7.
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 14:12:33 +0000 (16:12 +0200)]
package/aircrack-ng: bump version to 1.2-rc4
Removed patches applied upstream:
0001-Makefile-use-pkg-config-to-find-libpcre-it-s-more-cros.patch
http://trac.aircrack-ng.org/changeset/2445
0002-Optionally-use-LIBPCAP-for-required-libpcap-libraries.patch
http://trac.aircrack-ng.org/changeset/2446
0003-Wesside-ng-Use-termios-instead-of-sys-termios.patch
http://trac.aircrack-ng.org/changeset/2533
Added option to disable stack-protector support auto-detection in gcc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 13:53:03 +0000 (15:53 +0200)]
package/ccid: bump version to 1.4.26
Changed _SITE according to
http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-
20170102/000780.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 13:51:42 +0000 (15:51 +0200)]
package/acsccid: bump version to 1.1.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 13:36:37 +0000 (15:36 +0200)]
package/acpica: bump version to
20170303
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 21 Apr 2017 13:25:44 +0000 (15:25 +0200)]
package/libgpgme: bump version to 1.9.0
Removed configure option --with-gpg, it was removed upstream in 2013:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=
02ba35c1b6a2cbb3361b2f2ad507c53564b2be0b#patch3
[Peter: drop comment referring to --with-gpg option]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rahul Bedarkar [Fri, 21 Apr 2017 11:18:52 +0000 (16:48 +0530)]
sg3_utils: improve license description
Library is licensed under BSD-3-Clause. Some programs are licensed
under GPL-2.0+ while other are BSD-3-Clause. Annotate licenses with
components and improve readability of license strings when
conditionally specifying license for programs using := instead of +=.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Fri, 21 Apr 2017 09:07:46 +0000 (10:07 +0100)]
linux: bump default version to 4.10.12
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Fri, 21 Apr 2017 09:07:45 +0000 (10:07 +0100)]
linux-headers: bump 4.{4,9,10}.x series
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Fri, 21 Apr 2017 09:36:24 +0000 (10:36 +0100)]
python-pyopenssl: bump version to 17.0.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Fri, 21 Apr 2017 09:32:31 +0000 (10:32 +0100)]
tcpreplay: bump version to 4.2.3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Andrey Smirnov [Tue, 25 Apr 2017 18:48:24 +0000 (11:48 -0700)]
package/python-json-schema-validator: remove Python2 dependency
python-json-schema-validator supports Python 3, so there's no reason
to limit it to Python 2 only.
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Andrey Smirnov [Tue, 25 Apr 2017 18:48:06 +0000 (11:48 -0700)]
package/python-versiontools: remove Python2 dependency
python-versiontools supports Python 3, so there's no reason to limit
it to Python 2 only.
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Zakharov Vlad [Mon, 24 Apr 2017 13:21:54 +0000 (16:21 +0300)]
binutils: arc: fix 0301-PATCH-check-ldrunpath-length.patch after version bump
This commit fixes another brown-paper-bag issue that I've introduced by
my following patch:
toolchain: Bump ARC tools to arc-2017.03-rc1
(
5f8ef7e25c5cc5c2e4ae4c8b6e8caa029ddf9a94)
arc-2017.03-rc1 differs a bit from 2.28. And so corresponding
of-the-tree patch should be updated appropriately.
Fixes target binutils build for arc:
http://autobuild.buildroot.net/results/f67/
f67c905979870936d8050a505b61186be6dad85d//
[Peter: tweak commit message]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Davide Viti [Sun, 23 Apr 2017 20:33:10 +0000 (22:33 +0200)]
mongoose: bump to version 6.7
Signed-off-by: Davide Viti <zinosat@tiscali.it>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 24 Apr 2017 09:42:18 +0000 (10:42 +0100)]
mpv: bump version to 0.25.0
Remove 0003-fix-build-with-have-gl.patch which is already included in
this release.
Remove --{enable|disable}-standard-gl configure option because it
doesn't exist.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 24 Apr 2017 09:33:11 +0000 (10:33 +0100)]
poppler: bump version to 0.54.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 24 Apr 2017 09:25:02 +0000 (10:25 +0100)]
harfbuzz: bump version to 1.4.6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 24 Apr 2017 09:43:16 +0000 (10:43 +0100)]
python-dataproperty: bump version to 0.18.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>