buildroot.git
6 years agopackage/samba4: security bump version to 4.10.8
Bernd Kuhls [Wed, 4 Sep 2019 17:58:48 +0000 (19:58 +0200)]
package/samba4: security bump version to 4.10.8

Release notes: https://www.samba.org/samba/history/samba-4.10.8.html

Fixes CVE-2019-10197
 Combination of parameters and permissions can allow user
 to escape from the share path definition.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/mpd: bump to version 0.21.14
Jörg Krause [Mon, 2 Sep 2019 19:34:59 +0000 (21:34 +0200)]
package/mpd: bump to version 0.21.14

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/unzip: add security patch from Debian
Sébastien Szymanski [Tue, 3 Sep 2019 09:20:24 +0000 (11:20 +0200)]
package/unzip: add security patch from Debian

Fix the URL and add a new patch. Quoting changelog [1]:

unzip (6.0-25) unstable; urgency=medium

  * Apply one more patch by Mark Adler:
  - Do not raise a zip bomb alert for a misplaced central directory.
    This should allow Firefox to build again. Closes: #932404.
    Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.

 -- Santiago Vila <sanvila@debian.org>  Sat, 27 Jul 2019 18:01:36 +0200

[1] https://sources.debian.org/data/main/u/unzip/6.0-25/debian/changelog

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoDEVELOPERS: add Giulio Benetti to libnspr and libnss package
Giulio Benetti [Tue, 3 Sep 2019 10:27:38 +0000 (12:27 +0200)]
DEVELOPERS: add Giulio Benetti to libnspr and libnss package

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/axel: bump to version 2.17.6
Ismael Luceno [Tue, 3 Sep 2019 19:07:03 +0000 (21:07 +0200)]
package/axel: bump to version 2.17.6

Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/logrotate: bump to version 3.15.1
Pierre-Jean Texier [Tue, 3 Sep 2019 20:32:48 +0000 (22:32 +0200)]
package/logrotate: bump to version 3.15.1

See https://github.com/logrotate/logrotate/releases/tag/3.15.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libvips: remove unrecognized --enable-cxx
Fabrice Fontaine [Tue, 3 Sep 2019 18:08:04 +0000 (20:08 +0200)]
package/libvips: remove unrecognized --enable-cxx

Remove --enable-cxx, this option has been removed since version 8.1 and
https://github.com/libvips/libvips/commit/346a9e70c0b096f84127449488e7dce6968d91c7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/micropython: remove unneeded patch
Fabrice Fontaine [Tue, 3 Sep 2019 17:08:36 +0000 (19:08 +0200)]
package/micropython: remove unneeded patch

Remove patch which is already in version

Fixes:
 - http://autobuild.buildroot.org/results/01da2ad39ea01c522fc5b431c4544bd91f58ac4a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/giflib: drop unneeded patches
Fabrice Fontaine [Tue, 3 Sep 2019 16:57:49 +0000 (18:57 +0200)]
package/giflib: drop unneeded patches

Remove patches which are already included in version 5.2.1

Fixes:
 - http://autobuild.buildroot.org/results/a558f21cb1d9ad8618a1c64464e0cf1ccba7608b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/qemu: fixup patches after 3.1.1 bump
Peter Korsgaard [Tue, 3 Sep 2019 14:30:58 +0000 (16:30 +0200)]
package/qemu: fixup patches after 3.1.1 bump

Commit a0b032ad859b2e6e8cd (package/qemu: security bump to version 3.1.1)
bumped the version but didn't update the patch subdirectory name, so the
patches are now ignored.

Fix that by renaming the directory.  Drop
0002-configure-improve-usbfs-check.patch as that is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoMerge branch 'next'
Peter Korsgaard [Tue, 3 Sep 2019 13:03:02 +0000 (15:03 +0200)]
Merge branch 'next'

6 years agodocs/website: update for 2019.05.2
Peter Korsgaard [Tue, 3 Sep 2019 11:16:32 +0000 (13:16 +0200)]
docs/website: update for 2019.05.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoUpdate for 2019.05.2
Peter Korsgaard [Tue, 3 Sep 2019 10:37:46 +0000 (12:37 +0200)]
Update for 2019.05.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop Makefile changes]
(cherry picked from commit b9e671a558f106d57ed3c7f0cd0b89359c6b1567)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agodocs/website: update for 2019.02.5
Peter Korsgaard [Mon, 2 Sep 2019 21:02:44 +0000 (23:02 +0200)]
docs/website: update for 2019.02.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoUpdate for 2019.02.5
Peter Korsgaard [Mon, 2 Sep 2019 20:15:58 +0000 (22:15 +0200)]
Update for 2019.02.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop Makefile changes]
(cherry picked from commit b1408d04a383eacadf1518886d216325304569ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoCHANGES: Add missing issues header for 2019.02.3
Peter Korsgaard [Mon, 2 Sep 2019 20:06:43 +0000 (22:06 +0200)]
CHANGES: Add missing issues header for 2019.02.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96502c2a46a440926c975711110e387ff226349f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoKickoff 2019.11 cycle
Peter Korsgaard [Mon, 2 Sep 2019 20:54:38 +0000 (22:54 +0200)]
Kickoff 2019.11 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agodocs/website/news.html: add 2019.08 announcement link
Peter Korsgaard [Sun, 1 Sep 2019 21:35:27 +0000 (23:35 +0200)]
docs/website/news.html: add 2019.08 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoUpdate for 2019.08
Peter Korsgaard [Sun, 1 Sep 2019 21:06:01 +0000 (23:06 +0200)]
Update for 2019.08

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/radxa_rock_pi4: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:51 +0000 (14:00 +0200)]
configs/radxa_rock_pi4: remove defconfig

This defconfig tries to build an ARM Trusted Firmware version that
needs an ARM32 toolchain, which is not available as the platform is an
ARM64 one. The correct solution for this is to have a package in
Buildroot for an ARM32 bare-metal toolchain, but this wasn't done in
time for the 2019.08 release.

In order to not release 2019.08 with a broken defconfig, let's remove
it. It can be re-added later once the ARM32 bare-metal toolchain
problem has been resolved.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489410

Cc: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/pine64_rockpro64: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:50 +0000 (14:00 +0200)]
configs/pine64_rockpro64: remove defconfig

This defconfig tries to build an ARM Trusted Firmware version that
needs an ARM32 toolchain, which is not available as the platform is an
ARM64 one. The correct solution for this is to have a package in
Buildroot for an ARM32 bare-metal toolchain, but this wasn't done in
time for the 2019.08 release.

In order to not release 2019.08 with a broken defconfig, let's remove
it. It can be re-added later once the ARM32 bare-metal toolchain
problem has been resolved.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489367

Cc: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/nanopi_m4: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:49 +0000 (14:00 +0200)]
configs/nanopi_m4: remove defconfig

This defconfig tries to build an ARM Trusted Firmware version that
needs an ARM32 toolchain, which is not available as the platform is an
ARM64 one. The correct solution for this is to have a package in
Buildroot for an ARM32 bare-metal toolchain, but this wasn't done in
time for the 2019.08 release.

In order to not release 2019.08 with a broken defconfig, let's remove
it. It can be re-added later once the ARM32 bare-metal toolchain
problem has been resolved.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489328

Cc: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/nanopi_neo4: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:48 +0000 (14:00 +0200)]
configs/nanopi_neo4: remove defconfig

This defconfig tries to build an ARM Trusted Firmware version that
needs an ARM32 toolchain, which is not available as the platform is an
ARM64 one. The correct solution for this is to have a package in
Buildroot for an ARM32 bare-metal toolchain, but this wasn't done in
time for the 2019.08 release.

In order to not release 2019.08 with a broken defconfig, let's remove
it. It can be re-added later once the ARM32 bare-metal toolchain
problem has been resolved.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489329

Cc: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/nanopc_t4: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:47 +0000 (14:00 +0200)]
configs/nanopc_t4: remove defconfig

This defconfig tries to build an ARM Trusted Firmware version that
needs an ARM32 toolchain, which is not available as the platform is an
ARM64 one. The correct solution for this is to have a package in
Buildroot for an ARM32 bare-metal toolchain, but this wasn't done in
time for the 2019.08 release.

In order to not release 2019.08 with a broken defconfig, let's remove
it. It can be re-added later once the ARM32 bare-metal toolchain
problem has been resolved.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489325

Cc: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoboot/ts4800-mrboot: remove package
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:46 +0000 (14:00 +0200)]
boot/ts4800-mrboot: remove package

Since the ts4800_defconfig has been removed, the ts4800-mrboot package
is no longer useful, therefore we drop it.

Cc: Patrick Keroulas <patrick.keroulas@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/ts4800: remove defconfig
Thomas Petazzoni [Thu, 29 Aug 2019 12:00:45 +0000 (14:00 +0200)]
configs/ts4800: remove defconfig

This defconfig has been failing to build since we switched the default
gcc version to gcc 8.x, as the Linux kernel version is too old and
doesn't contain the necessary fixes to build with gcc >= 8.x.

Despite several pings to the original submitter of the defconfig
(which is not listed in MAINTAINERS), no fix has been sent, so it is
time to drop this defconfig before the 2019.08 release.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/278489442

Cc: Patrick Keroulas <patrick.keroulas@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/python-numpy: add reverse dependency on packages using python-numpy
Alexandre PAYEN [Thu, 8 Aug 2019 15:19:50 +0000 (17:19 +0200)]
package/python-numpy: add reverse dependency on packages using python-numpy

Since commit 1aa59097e61d524bb55ab1fcd4fbe5098b3e0bed[1] is merged, a
new build failure occurs when selecting packages which needs
python-numpy as dependency.

This fix a build issue[2] by adding the correct reverse dependencies
to the following packages :
- gnuradio (for python support)
- opencv3 (for python support)
- piglit
- python-matplotlib

So :
- adding to every listed packages
  `depends on !(BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL)`
  and add a comment to explain what happend.

[1] https://git.buildroot.net/buildroot/commit/?id=1aa59097e61d524bb55ab1fcd4fbe5098b3e0bed
[2] http://autobuild.buildroot.org/results/b76/b76b6cf9602bcf5df69a7276762eab54cf74007b

Signed-off-by: Alexandre PAYEN <alexandre.payen@smile.fr>
Cc: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Damien DUVAL <damien.duval@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/php: security bump version to 7.3.9
Bernd Kuhls [Fri, 30 Aug 2019 17:15:19 +0000 (19:15 +0200)]
package/php: security bump version to 7.3.9

Release notes: https://www.php.net/archive/2019.php#2019-08-29-1
Changelog: https://www.php.net/ChangeLog-7.php#7.3.9

Fixes CVE-2019-13224 & CVE-2019-13225:
https://bugs.mageia.org/show_bug.cgi?id=25380

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/mx53loco: Bump U-Boot and kernel versions
Fabio Estevam [Fri, 30 Aug 2019 16:38:26 +0000 (13:38 -0300)]
configs/mx53loco: Bump U-Boot and kernel versions

Bump to U-Boot 2019.07 and kernel 5.2.9 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Bernd Kuhls [Fri, 30 Aug 2019 17:00:53 +0000 (19:00 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/wpewebkit: security bump to version 2.24.3
Adrian Perez de Castro [Fri, 30 Aug 2019 14:15:28 +0000 (17:15 +0300)]
package/wpewebkit: security bump to version 2.24.3

This is a minor release which includes fixes for CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669,
CVE-2019-8673, CVE-2019-8676, CVE-2019-8678, CVE-2019-8680,
CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8687,
CVE-2019-8688, CVE-2019-8689, and CVE-2019-8690.

This release also contains many build fixes, a few media playback
improvements, and a Web compatibility fix. For a complete list,
the full release notes are available at:

  https://wpewebkit.org/release/wpewebkit-2.24.3.html

The detailed security advisory can be found at:

  https://wpewebkit.org/security/WSA-2019-0004.html

Patch "0001-Build-failure-after-r243644-in-GTK-Li.patch" is now unneeded
because it is one of the build fixes included in this release.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/webkitgtk: security bump to version 2.24.4
Adrian Perez de Castro [Fri, 30 Aug 2019 12:04:32 +0000 (15:04 +0300)]
package/webkitgtk: security bump to version 2.24.4

This is a minor release which includes fixes for CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8676,
CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, and
CVE-2019-8688.

This release also contains many build fixes, a few media playback
improvements, and a Web compatibility fix. For a complete list,
the full release notes at:

  https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html

The detailed security advisory can be found at:

  https://webkitgtk.org/security/WSA-2019-0004.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/tinc: bump to 1.0.36
Zoltan Gyarmati [Tue, 27 Aug 2019 09:16:36 +0000 (11:16 +0200)]
package/tinc: bump to 1.0.36

Update the COPYING hash, since the copyright year was updated:

-Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
+Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
[Thomas: update license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/glmark2: bump to the latest version
Neil Armstrong [Wed, 28 Aug 2019 12:40:11 +0000 (14:40 +0200)]
package/glmark2: bump to the latest version

Bump to the latest git version, containing multiple fixes and support
for render-only GPUs (lima, panfrost, ...) and missing DRM driver
names to run like meson, rockchip, sun4i-drm.

Tested on Khadas VIM2 (aarch64) and Panfrost.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/stella: bump version to 6.0.1
Sergio Prado [Wed, 28 Aug 2019 05:47:22 +0000 (02:47 -0300)]
package/stella: bump version to 6.0.1

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/zic: bump to version 2019b
Christopher McCrory [Wed, 28 Aug 2019 22:29:33 +0000 (15:29 -0700)]
package/zic: bump to version 2019b

Changed _SITE to https.

Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Peter: fix license hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/tzdata: bump to version 2019b
Christopher McCrory [Wed, 28 Aug 2019 22:28:51 +0000 (15:28 -0700)]
package/tzdata: bump to version 2019b

Changed _SITE to https.

Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Peter: fix LICENSE hash, only use for the host package]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/python-xmltodict: bump to version 0.12.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:12 +0000 (20:28 +0300)]
package/python-xmltodict: bump to version 0.12.0

Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-xlwt: bump to version 1.3.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:11 +0000 (20:28 +0300)]
package/python-xlwt: bump to version 1.3.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-xlrd: bump to version 1.2.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:10 +0000 (20:28 +0300)]
package/python-xlrd: bump to version 1.2.0

The license file was changed from xlrd/licences.py to LICENSE in the
following upstream commit:

  https://github.com/python-excel/xlrd/commit/e7bcab2f4527b5a3d5118938076571e9e7566c2b

While the formatting has changed, the contents are the same. We take
this opportunity to add the hash of the license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: fix license file details]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-ptyprocess: bump to version 0.6.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:09 +0000 (20:28 +0300)]
package/python-ptyprocess: bump to version 0.6.0

Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-oauthlib: bump to version 3.1.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:08 +0000 (20:28 +0300)]
package/python-oauthlib: bump to version 3.1.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-jaraco-classes: bump to version 2.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:07 +0000 (20:28 +0300)]
package/python-jaraco-classes: bump to version 2.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-iptables: bump to version 0.14.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:06 +0000 (20:28 +0300)]
package/python-iptables: bump to version 0.14.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-ipaddr: bump to version 2.2.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:05 +0000 (20:28 +0300)]
package/python-ipaddr: bump to version 2.2.0

Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-futures: bump to version 3.3.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:04 +0000 (20:28 +0300)]
package/python-futures: bump to version 3.3.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-engineio: bump to version 3.9.3
Asaf Kahlon [Tue, 27 Aug 2019 17:28:03 +0000 (20:28 +0300)]
package/python-engineio: bump to version 3.9.3

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-daemonize: bump to version 2.5.0
Asaf Kahlon [Tue, 27 Aug 2019 17:28:02 +0000 (20:28 +0300)]
package/python-daemonize: bump to version 2.5.0

Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libusb: bump to 1.0.23
Zoltan Gyarmati [Thu, 29 Aug 2019 10:41:03 +0000 (12:41 +0200)]
package/libusb: bump to 1.0.23

Also remove obsolete patch and not calling autoreconf (as configure.ac
is not patched anymore)

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoconfigs/roseapplepi_defconfig: use gcc 7.x
Peter Korsgaard [Wed, 28 Aug 2019 20:46:35 +0000 (22:46 +0200)]
configs/roseapplepi_defconfig: use gcc 7.x

The old 3.10.x based vendor kernel does not build correctly with gcc 8.x.

While there is basic s500 support in the mainline kernel, there is not yet a
mmc driver so it isn't quite a replacement yet.

Stick to the vender kernel for now and revert back to gcc 7.x, hopefully
mainline support will be more complete once gcc 7.x gets dropped.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/network-manager: bump to version 1.20.0
Petr Vorel [Wed, 28 Aug 2019 16:25:04 +0000 (18:25 +0200)]
package/network-manager: bump to version 1.20.0

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/modem-manager: bump to version 1.10.4
Petr Vorel [Wed, 28 Aug 2019 16:22:38 +0000 (18:22 +0200)]
package/modem-manager: bump to version 1.10.4

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x11r7/xfont_font-util: bump version to 1.3.2
Bernd Kuhls [Wed, 28 Aug 2019 16:18:50 +0000 (18:18 +0200)]
package/x11r7/xfont_font-util: bump version to 1.3.2

Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x11r7/xdriver_xf86-video-sis: bump version to 0.11.0
Bernd Kuhls [Wed, 28 Aug 2019 16:17:58 +0000 (18:17 +0200)]
package/x11r7/xdriver_xf86-video-sis: bump version to 0.11.0

Removed all patches after they were applied upstream:
https://cgit.freedesktop.org/xorg/driver/xf86-video-sis/commit/?id=9e42918588b65860422cb296a92ecede15db7419
https://cgit.freedesktop.org/xorg/driver/xf86-video-sis/commit/?id=4b1356a2b7fd06e9a05d134caa4033681c939737

Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x11r7/xapp_xrandr: bump version to 1.5.1
Bernd Kuhls [Wed, 28 Aug 2019 16:15:29 +0000 (18:15 +0200)]
package/x11r7/xapp_xrandr: bump version to 1.5.1

Switched _SOURCE to .xz, added all hashes provided by upstream and
license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x11r7/xapp_viewres: bump version to 1.0.6
Bernd Kuhls [Wed, 28 Aug 2019 16:14:21 +0000 (18:14 +0200)]
package/x11r7/xapp_viewres: bump version to 1.0.6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/at: bump version
Giulio Benetti [Wed, 28 Aug 2019 20:17:38 +0000 (22:17 +0200)]
package/at: bump version

Mainly this allows to drop 3 patches because they have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoDEVELOPERS: add Giulio Benetti to at package
Giulio Benetti [Wed, 28 Aug 2019 17:19:23 +0000 (19:19 +0200)]
DEVELOPERS: add Giulio Benetti to at package

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/ofono: bump to version 1.30
Petr Vorel [Wed, 28 Aug 2019 16:54:52 +0000 (18:54 +0200)]
package/ofono: bump to version 1.30

Removed included in 1.30, refresh patch.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x11r7/libxcb: bump version to 1.13.1
Bernd Kuhls [Wed, 28 Aug 2019 16:35:26 +0000 (18:35 +0200)]
package/x11r7/libxcb: bump version to 1.13.1

Upstream does not provide a sha512 hash anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/vdr: bump version to 2.4.1
Bernd Kuhls [Wed, 28 Aug 2019 16:49:36 +0000 (18:49 +0200)]
package/vdr: bump version to 2.4.1

Release notes:
https://www.linuxtv.org/pipermail/vdr/2019-June/029497.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/pngquant: bump version to 2.12.5
Bernd Kuhls [Wed, 28 Aug 2019 16:38:09 +0000 (18:38 +0200)]
package/pngquant: bump version to 2.12.5

Upstream now provides a sha256 hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libvpx: bump version to 1.8.1
Bernd Kuhls [Wed, 28 Aug 2019 16:31:53 +0000 (18:31 +0200)]
package/libvpx: bump version to 1.8.1

Rebased patch.

Changelog: https://github.com/webmproject/libvpx/blob/master/CHANGELOG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoUpdate for 2019.08-rc3
Peter Korsgaard [Wed, 28 Aug 2019 21:02:48 +0000 (23:02 +0200)]
Update for 2019.08-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/dovecot-pigeonhole: security bump version to 0.5.7.2
Bernd Kuhls [Wed, 28 Aug 2019 14:13:15 +0000 (16:13 +0200)]
package/dovecot-pigeonhole: security bump version to 0.5.7.2

Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116876.html

Fixes
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
  NUL byte when scanning data in quoted strings, leading to out of
  bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/dovecot: security bump version to 2.3.7.2
Bernd Kuhls [Wed, 28 Aug 2019 14:13:14 +0000 (16:13 +0200)]
package/dovecot: security bump version to 2.3.7.2

Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116874.html

Fixes
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/python: add upstream security fix for CVE-2019-9740
Peter Korsgaard [Wed, 28 Aug 2019 08:49:32 +0000 (10:49 +0200)]
package/python: add upstream security fix for CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib
in Python 3.x through 3.7.3.  CRLF injection is possible if the attacker
controls a url parameter, as demonstrated by the first argument to
urllib.request.urlopen with \r\n (specifically in the query string after a ?
character) followed by an HTTP header or a Redis command.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/qemu: security bump to version 3.1.1
Peter Korsgaard [Wed, 28 Aug 2019 07:15:50 +0000 (09:15 +0200)]
package/qemu: security bump to version 3.1.1

Fixes the following security issues:

CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP).  The
code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and
directories in usb_mtp_object_readdir doesn't consider that the underlying
filesystem may have changed since the time lstat(2) was called in
usb_mtp_object_alloc, a classical TOCTTOU problem.  An attacker with write
access to the host filesystem shared with a guest can use this property to
navigate the host filesystem in the context of the QEMU process and read any
file the QEMU process has access to.  Access to the filesystem may be local
or via a network share protocol such as CIFS.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/file: bump version to 5.37
Bernd Kuhls [Sun, 25 Aug 2019 17:31:44 +0000 (19:31 +0200)]
package/file: bump version to 5.37

Changelog: https://github.com/file/file/blob/master/ChangeLog
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/boinc: bump version to 7.16.1
Bernd Kuhls [Sun, 25 Aug 2019 16:49:30 +0000 (18:49 +0200)]
package/boinc: bump version to 7.16.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/asterisk: bump version to 16.5.0
Bernd Kuhls [Sun, 25 Aug 2019 16:47:28 +0000 (18:47 +0200)]
package/asterisk: bump version to 16.5.0

Release notes:
https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current-summary.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/apr: bump version to 1.7.0
Bernd Kuhls [Sun, 25 Aug 2019 16:45:56 +0000 (18:45 +0200)]
package/apr: bump version to 1.7.0

Release notes: http://www.apache.org/dist/apr/CHANGES-APR-1.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/x265: bump version to 3.1.2
Bernd Kuhls [Sun, 25 Aug 2019 16:41:30 +0000 (18:41 +0200)]
package/x265: bump version to 3.1.2

Release notes:
https://bitbucket.org/multicoreware/x265/src/Release_3.1/doc/reST/releasenotes.rst

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/flac: bump version to 1.3.3
Bernd Kuhls [Sun, 25 Aug 2019 17:37:58 +0000 (19:37 +0200)]
package/flac: bump version to 1.3.3

Changelog: https://xiph.org/flac/changelog.html

Removed patch applied upstream, removed autoreconf:
https://git.xiph.org/?p=flac.git;a=commitdiff;h=55721556161e6ab209f940f5023bc44b4051524a

Added all hashes provided by upstream and license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/gnutls: bump version to 3.6.9
Bernd Kuhls [Sun, 25 Aug 2019 18:13:01 +0000 (20:13 +0200)]
package/gnutls: bump version to 3.6.9

Release notes:
https://lists.gnupg.org/pipermail/gnutls-help/2019-July/004556.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/hwdata: bump version to 0.326
Bernd Kuhls [Sun, 25 Aug 2019 19:31:48 +0000 (21:31 +0200)]
package/hwdata: bump version to 0.326

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/hdparm: bump version to 9.58
Bernd Kuhls [Sun, 25 Aug 2019 18:20:04 +0000 (20:20 +0200)]
package/hdparm: bump version to 9.58

Release notes:
https://sourceforge.net/p/hdparm/news/2018/10/hdparm-957-is-released/
https://sourceforge.net/p/hdparm/news/2018/10/hdparm-958-is-released/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/wpa_supplicant: security bump version to 2.9
Bernd Kuhls [Sun, 25 Aug 2019 19:28:43 +0000 (21:28 +0200)]
package/wpa_supplicant: security bump version to 2.9

Fixes https://w1.fi/security/2019-6/

Removed patch applied upstream:
http://w1.fi/cgit/hostap/commit/?id=f2973fa39d6109f0f34969e91551a98dc340d537

Removed all other upstream patches which are included in this release.

Release notes:
http://lists.infradead.org/pipermail/hostap/2019-April/039979.html
http://lists.infradead.org/pipermail/hostap/2019-August/040373.html

Support for the old dbus interface was removed upstream:
http://w1.fi/cgit/hostap/commit/?id=6a8dee76d4090287c016680c009b1334e01b5fbd

Removed Config.in option, removed _NEW from remaining dbus option,
select BR2_PACKAGE_DBUS when needed and added Config.in.legacy options.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/hostapd: security bump version to 2.9
Bernd Kuhls [Sun, 25 Aug 2019 19:28:42 +0000 (21:28 +0200)]
package/hostapd: security bump version to 2.9

Fixes https://w1.fi/security/2019-6/

Release notes:
http://lists.infradead.org/pipermail/hostap/2019-April/039979.html
http://lists.infradead.org/pipermail/hostap/2019-August/040373.html

This release includes all patches from https://w1.fi/security/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/faketime: bump to version 0.9.8
Fabrice Fontaine [Tue, 27 Aug 2019 20:54:28 +0000 (22:54 +0200)]
package/faketime: bump to version 0.9.8

- Remove first patch (already in version)
- Remove second patch (not needed since merge of
  https://github.com/wolfcw/libfaketime/pull/161)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libmbim: bump to version 1.18.2
Petr Vorel [Tue, 27 Aug 2019 18:41:45 +0000 (20:41 +0200)]
package/libmbim: bump to version 1.18.2

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/feh: bump to version 3.2.1
Petr Vorel [Tue, 27 Aug 2019 18:43:45 +0000 (20:43 +0200)]
package/feh: bump to version 3.2.1

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/links: bump to version 2.19
Petr Vorel [Tue, 27 Aug 2019 18:43:05 +0000 (20:43 +0200)]
package/links: bump to version 2.19

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libatomic_ops: bump version to 7.6.10
Bernd Kuhls [Tue, 27 Aug 2019 17:44:51 +0000 (19:44 +0200)]
package/libatomic_ops: bump version to 7.6.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/joe: bump version to 4.6
Bernd Kuhls [Tue, 27 Aug 2019 17:40:04 +0000 (19:40 +0200)]
package/joe: bump version to 4.6

Added license hash.

Release notes:
https://sourceforge.net/p/joe-editor/mercurial/ci/default/tree/NEWS.md

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/openldap: security bump to version 2.4.48
Sørensen, Stefan [Tue, 27 Aug 2019 11:00:27 +0000 (11:00 +0000)]
package/openldap: security bump to version 2.4.48

Security fixes:
CVE-2019-13057: Fixed slapd to restrict rootDN proxyauthz to its own databases
CVE-2019-13565: Fixed slapd to initialize SASL SSF per connection

Full changelog:
https://www.openldap.org/lists/openldap-announce/201907/msg00001.html

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[Peter: fix sha256 hash line]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/strace: fix build with v5.2 kernel headers
Baruch Siach [Tue, 27 Aug 2019 08:47:00 +0000 (11:47 +0300)]
package/strace: fix build with v5.2 kernel headers

Add upstream patch with a workaround to incompatible change in kernel
headers.

Regenerate the v4l2_pix_fmts.h header which is pre-generated from
v4l2_pix_fmts.in in the strace tarball.

Fixes:
http://autobuild.buildroot.net/results/5494c9e21e623a9b7d87e06d86ed5e95d696c21a/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/intel-microcode: security bump version to 20190618
Bernd Kuhls [Sun, 25 Aug 2019 19:41:24 +0000 (21:41 +0200)]
package/intel-microcode: security bump version to 20190618

Release notes:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/releasenote

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/mpg123: security bump to version 1.25.12
Peter Korsgaard [Sun, 25 Aug 2019 06:47:37 +0000 (08:47 +0200)]
package/mpg123: security bump to version 1.25.12

>From the release notes:
- Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames
  (oss-fuzz-bug 15975). The earlier fix around the same location needed
  one thought more. Actually, another though was needed, oss-fuzz-bug 16009
  documents the incomplete fix.

- Fix an invalid write of one zero byte for empty ID3v2 frames that demand
  de-unsyncing (oss-fuzz-bug 16050).

- Fix dynamic build with gcc -fsanitize=address (check for all dl functions
  before deciding that separate -ldl is not needed).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agosupport/graph-size: reorder colours assigned to sizes
Yann E. MORIN [Sat, 17 Aug 2019 17:18:30 +0000 (19:18 +0200)]
support/graph-size: reorder colours assigned to sizes

Now that we can order packages from biggest to smallest, it makes sense
to assign the most aggressive colours to the biggest packages.

As such, reorder the current colours so that we have, in order:
  - red-ish
  - orange-ish
  - yellow-ish
  - purple-ish
  - eggplant-ish (is that even a colour? :-] )
  - some-indeterminate-blue-ish
  - dark-green-ish
  - light-green-ish

For the previous, smallest-first ordering, it does not matter much what
the ordering is: the actual colours are still somewhat-unpredictably
assigned to packages, depending on the cut-off limit...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: add option to sort packages in reverse size order
Yann E. MORIN [Sat, 17 Aug 2019 17:18:29 +0000 (19:18 +0200)]
support/graph-size: add option to sort packages in reverse size order

Currently, the packages are sorted smallest first, and biggest last
(with unknown and others second-to-last and last, resp.).

Add an option to invert the ordering (but keeping unknown and others at
their current positions).

This has the nice side effect that we can now control the colours
assigned to the biggest package(s), as the colours are cycled from the
first to the last. Currently, the biggest packages gets a redish colour,
which is appropriate, but the second gets a greenish one, which is not
as appropriate (but changing that can come later).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: add option to report size with IEC prefixes
Yann E. MORIN [Sat, 17 Aug 2019 17:18:28 +0000 (19:18 +0200)]
support/graph-size: add option to report size with IEC prefixes

When dealing with embedded devices, storage is more often than not some
kind of flash device, on which the memory is usually counted as powers
of 1024 instead of powers of 1000. As such, people may prefer reports
using IEC prefixes [0] instead of the SI prefixes.

Add an option to that effect.

We use argparse's ability to use custom actions [1] [2], to provide a
set of options that act on a boolean, but has a single help entry and
internally ensures consistency of the settings. We could have been using
the more conventional store_true/store_false actions instead, but that
would have meant either two help entries, one for each set of options,
and/or some logic after parse_args() to check the validity of the
settings.

[0] https://en.wikipedia.org/wiki/Binary_prefix
[1] https://docs.python.org/2/library/argparse.html#action
[2] https://docs.python.org/2/library/argparse.html#argparse.Action

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: add option to change percentage to group in Others
Yann E. MORIN [Sat, 17 Aug 2019 17:18:27 +0000 (19:18 +0200)]
support/graph-size: add option to change percentage to group in Others

Currently, we group packages that contribute less then 1%, into the
"Other" category.

However, in some cases, there can be a lot of very comparatively small
packages, and they may not exceed this limit, and so only the "Others"
category would be displayed, which is not nice.

Conversely, if there are a lot of packages, most of which only so
slightly exceeding this limit, then we get all of them in the graph,
which is not nice either.

Add a way for the developers to pass a different cut-off limit. As for
the dependency graph which has BR2_GRAPH_DEPS_OPTS, add the environment
variable BR2_GRAPH_SIZE_OPTS to carry those extra option (in preparation
for more to come, later).

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Arnout:
 - remove empty base class definition from Config;
 - use parser.error instead of ValueError for invalid argument.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: display human-readable size
Yann E. MORIN [Sat, 17 Aug 2019 17:18:26 +0000 (19:18 +0200)]
support/graph-size: display human-readable size

Currently, we forcibly report sizes in multiple of Kilobytes. In some
big configurations, the sizes of the system as a whole, as well as that
of individual packages, may exceed megabytes, and when some artistic
assets get used, even the gigabyte may get exceed.

These big sizes are not easy to read when expressed in kilobytes.

Additionally, some very small packages might have sizes below the
kilobyte (and when we can specify the cut-off grouping size, they may
get reported), and thus the size displayed for those would be 0 kB.

Add a helper function that can format a floating-point size into a
string with all the appropriate formatting:

  - there are at least 3 meaningfull digits visible, i.e. we display
    "3.14" or "10.4" instead of just "3" or "10", but for big number we
    don't care about too many precision either, so we report "100" or
    "1000", not "100.42" or "1000.27";

  - the proper SI prefix is appended, if needed.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: report 'Unknown" after all packages, but before "Others"
Yann E. MORIN [Sat, 17 Aug 2019 17:18:25 +0000 (19:18 +0200)]
support/graph-size: report 'Unknown" after all packages, but before "Others"

Currently, the "unknown" category may be reported anywhere, so it does
not really stand out when there are a lot of packages in the graph.

Move it towards the end, but right before the "other" category, so that
it is a bit more visible. Like for Others, don't report it if its size
is zero.

Also, make it title case (i.e. "Unknown" instead of "unknown").

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: don't report "Others" if size is zero
Yann E. MORIN [Sat, 17 Aug 2019 17:18:24 +0000 (19:18 +0200)]
support/graph-size: don't report "Others" if size is zero

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: introduce main()
Yann E. MORIN [Sat, 17 Aug 2019 17:18:23 +0000 (19:18 +0200)]
support/graph-size: introduce main()

It is nicer overall to have a main() function, like all our other
scripts tend to have too.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agosupport/graph-size: fix flake8 warnings
Yann E. MORIN [Sat, 17 Aug 2019 17:18:22 +0000 (19:18 +0200)]
support/graph-size: fix flake8 warnings

There are three E501 warnings returned by flake8, when run locally,
because we enforce a local 80-char limit, but that are not reported by
the gitlab-ci jobs because only a 132-char limit is required there.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years agopackage/vlc: security bump version to 3.0.8
Bernd Kuhls [Wed, 21 Aug 2019 18:07:01 +0000 (20:07 +0200)]
package/vlc: security bump version to 3.0.8

Release notes: https://www.videolan.org/developers/vlc-branch/NEWS

Fixes the following security bugs:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libmodplug: bump version to 0.8.9
Bernd Kuhls [Wed, 21 Aug 2019 18:07:00 +0000 (20:07 +0200)]
package/libmodplug: bump version to 0.8.9

Needed for security bump of vlc to 3.0.8:
http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commitdiff;h=48f014768dc22ecad23d0e9f53c38805a3aff832

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>