Fabio Estevam [Thu, 2 Nov 2017 14:18:12 +0000 (12:18 -0200)]
linux-headers: bump 4.{4, 9, 13}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabio Estevam [Thu, 2 Nov 2017 14:18:11 +0000 (12:18 -0200)]
linux: bump default to version 4.13.11
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Thu, 2 Nov 2017 13:17:56 +0000 (15:17 +0200)]
azure-iot-sdk-c: use github for homepage
Many Buildroot users can not read Dutch. Although there is an English
version of this page, the github page looks more suitable as a link for
the software package itself, and the readme.md file is pretty
informative.
Cc: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 20:15:05 +0000 (21:15 +0100)]
package/network-manager: Bump to version 1.8.4
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 20:14:08 +0000 (21:14 +0100)]
package/modem-manager: Bump to version 1.6.10
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 20:12:58 +0000 (21:12 +0100)]
package/libglib2: Bump to version 2.54.2
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 20:11:55 +0000 (21:11 +0100)]
package/feh: Bump to version 2.21
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 20:06:47 +0000 (21:06 +0100)]
package/ofono: Bump to version 1.21
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 19:50:15 +0000 (20:50 +0100)]
DEVELOPERS: Add myself for various packages
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Petr Vorel [Thu, 2 Nov 2017 19:48:34 +0000 (20:48 +0100)]
gpm: fix build with glibc 2.26
Use sigemptyset() API instead of __sigemptyset(). __sigemptyset() has
been removed from glibc public API headers in upcoming (2.26) release
onwards.
Patch taken from:
https://github.com/telmich/gpm/pull/20/commits/
fdc42770596e25749f7e2ce0ea97882177397167
Fixes:
http://autobuild.buildroot.net/results/
15e24f8c6a3ad2bfd198cc4fb094aeace7d1ee6a/
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Thu, 2 Nov 2017 20:16:20 +0000 (21:16 +0100)]
libidn: fix build with gcc 7.x
Fixes:
http://autobuild.buildroot.net/results/
f7fc775584ad35349f0d66ed8632ab18f3859f9c/
Note: this problem wasn't seen until now because we were only testing
gcc 7.x/glibc, and the problematic code is not built when glibc is
used.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yegor Yefremov [Thu, 2 Nov 2017 11:05:02 +0000 (12:05 +0100)]
python-pyxb: bump version to 1.2.6
Add licence file checksum.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yegor Yefremov [Thu, 2 Nov 2017 11:05:01 +0000 (12:05 +0100)]
python-pathpy: bump version to 10.5
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yegor Yefremov [Thu, 2 Nov 2017 11:05:00 +0000 (12:05 +0100)]
python-cffi: bump version to 1.11.2
Add licence file checksum.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yegor Yefremov [Thu, 2 Nov 2017 11:04:59 +0000 (12:04 +0100)]
python-six: bump version to 1.11.0
Add licence file checksum.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Samuel Martin [Wed, 1 Nov 2017 20:11:37 +0000 (21:11 +0100)]
package/ussp-push: removed deprecated/no longer needed deps on openobex-bluez
Commit
49a9fb0f13789298e65f21405502a9106e2c7382 removed the
BR2_PACKAGE_OPENOBEX_BLUEZ option, because BlueZ support is now
unconditionally included in OpenOBEX. Therefore, selecting this legacy
option no longer makes sense, and in fact triggers the legacy handling
for no reason.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
[Thomas: tweak commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Samuel Martin [Wed, 1 Nov 2017 20:11:36 +0000 (21:11 +0100)]
package/opencv: add hash for license file
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Samuel Martin [Wed, 1 Nov 2017 20:11:35 +0000 (21:11 +0100)]
package/opencv: fix build failure
Backport fix from upstream.
Fixes:
http://autobuild.buildroot.net/results/
b27d324331f6e351e95dd4742f4d0a50af60c590
http://autobuild.buildroot.net/results/
44ed0be0bd94028b7b37e7bf21233adc1753d94b
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Jason A. Donenfeld [Wed, 1 Nov 2017 12:29:03 +0000 (13:29 +0100)]
wireguard: bump to version 0.0.
20171101
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 1 Nov 2017 14:37:46 +0000 (15:37 +0100)]
nmap: fix libssh2 build failure
This commit adds a patch that fixes the libssh2 AC_CHECK_LIB() check,
and makes sure it is taken into account by doing an autoconf in the
package. We can't autoreconf as the package doesn't autoreconf
properly, so we do a manual autoconf.
Based on prior work from Baruch Siach and Max Filippov.
Fixes:
http://autobuild.buildroot.net/results/
9e636919c98cd31b5067c8306d0e481a672434cf
http://autobuild.buildroot.net/results/
912561f505ad10d1eaa96dbe247d5838e9968e14
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Matt Weber [Tue, 31 Oct 2017 06:18:34 +0000 (01:18 -0500)]
argp-standalone: fix build with gcc 7.x
Back in commit
a662ff7e79630ca0875dd8529fe54db27a275007
("package/argp-standalone: Fix build with c99 compilers"), we fixed
the build of argp-standalone with compilers defaulting to C99 inline
semantics, i.e starting from gcc 5.x.
This was done as part of a patch that used "inline" instead of "extern
inline". However, using "inline" once again broke the build with gcc
7.x. To fix this, revert back to using just "extern inline" (hence
removing a patch of patch 0003-fix_build_with_c99_compilers.patch) and
instead use -fgnu89-inline in the CFLAGS.
See https://gcc.gnu.org/gcc-5/porting_to.html for more details.
Fixes:
http://autobuild.buildroot.net/results/
a9cedc54829b7bd2dd7ae6ff2bd6c6db242f1c35/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: also drop the patch of
0003-fix_build_with_c99_compilers.patch that is no longer needed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Olivier Schonken [Wed, 1 Nov 2017 13:03:46 +0000 (14:03 +0100)]
DEVELOPERS: add myself for the cups package
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Olivier Schonken [Wed, 1 Nov 2017 10:24:38 +0000 (12:24 +0200)]
cups: add dependency on threads
Fixes:
http://autobuild.buildroot.net/results/
0f1cb8d72d0a78eb8b5c46548bc7c7bade93c674
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sam Voss [Tue, 31 Oct 2017 17:56:30 +0000 (12:56 -0500)]
package/libssh2: update to newest version
Update libssh2 to use the newest version from git. This caused a
transition from released version number to hash as it has not been
version rev'd in over a year (see issue
https://github.com/libssh2/libssh2/issues/220 for bump request).
This brings in changes to the autoconf to correctly pick the crypto
library.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Mon, 30 Oct 2017 21:49:46 +0000 (22:49 +0100)]
package/pure-ftpd: bump version to 1.0.47
Added license hash, switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Mon, 30 Oct 2017 21:49:21 +0000 (22:49 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 17.2.4
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Mon, 30 Oct 2017 21:53:09 +0000 (22:53 +0100)]
quagga: add upstream security fix for CVE-2017-16227
>From the advisory:
http://www.openwall.com/lists/oss-security/2017/10/30/4
It was discovered that the bgpd daemon in the Quagga routing suite does
not properly calculate the length of multi-segment AS_PATH UPDATE
messages, causing bgpd to drop a session and potentially resulting in
loss of network connectivity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Mon, 30 Oct 2017 22:45:55 +0000 (23:45 +0100)]
openssh: fix getpagesize() related static linking issue
Fixes:
http://autobuild.buildroot.net/results/8cc/
8cc30818a400c7a392a3de787cabc9cd8425495f/
The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
config.h, but bsd-getpagesize.c forgot to include includes.h (which
indirectly includes config.h) so the checks always fails, causing linker
issues when linking statically on systems with getpagesize().
Fix it by including includes.h.
Patch submitted upstream:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036413.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Wed, 1 Nov 2017 07:20:18 +0000 (08:20 +0100)]
package/openjpeg: fix static library install
Fixes
http://autobuild.buildroot.net/results/c35/
c35599e6bf09aebe456ea959d7c238f82090fc62/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Carlos Santos [Tue, 31 Oct 2017 10:47:51 +0000 (08:47 -0200)]
util-linux: security bump to version 2.31
Fix CVE-2016-2779: runuser in util-linux allows local users to escape to
the parent session via a crafted TIOCSTI ioctl call, which pushes
characters to the terminal's input buffer.
The new experimental "su --pty" feature has been implemented to fix this
issue. The feature is not enabled by default and the new command line
option --pty is necessary.
Add rfkill, a command for enabling and disabling wireless devices. This
implementation is based upon, and backward compatible with, the original
rfkill from Johannes Berg and Marcel Holtmann, currently provided by the
standalone "rfkill" package.
Add uuidparse, a command to analyze and print information about UUID's.
The "reset" script is not part of utill-linux anymore. Add a legacy
config telling the user to use either BusyBox or the ncurses program.
Drop the ncursesw patch, allready applied upstream. AUTORECONF is not
required anymore.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 31 Oct 2017 18:55:43 +0000 (19:55 +0100)]
package/vdr-plugin-vnsiserver: bump version to 1.5.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 31 Oct 2017 18:53:05 +0000 (19:53 +0100)]
package/w_scan: bump version to
20170107
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 31 Oct 2017 18:04:02 +0000 (19:04 +0100)]
perl-cross: bump to version 1.1.8
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 31 Oct 2017 18:00:22 +0000 (19:00 +0100)]
package/libdrm: bump version to 2.4.87
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 31 Oct 2017 13:32:17 +0000 (15:32 +0200)]
tmux: bump to version 2.6
Add license file hash.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 31 Oct 2017 13:15:08 +0000 (15:15 +0200)]
btrfs-progs: bump to version 4.13.3
Add a patch fixing build with musl.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 31 Oct 2017 12:17:52 +0000 (14:17 +0200)]
sqlite: bump to version 3.21.0
Drop upstream patches.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 31 Oct 2017 12:03:57 +0000 (14:03 +0200)]
e2fsprogs: bump to version 1.43.7
Add license files hashes.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Golaszewski [Tue, 31 Oct 2017 10:02:06 +0000 (11:02 +0100)]
libgpiod: bump version to v0.3.2
Bug fix release:
- correctly handle signal interrupts when polling in gpiod_simple_event_loop()
- fix the linking order when building with static libraries
- pass the correct consumer string to gpiod_simple_get_value_multiple() in
gpioget
- fix a line test case: don't use open-drain or open-source flags for input
mode
- fix the flags passed to ar in order to supress a build warning
- set the last error code in gpiod_chip_open_by_label() to ENOENT if a chip
can't be found
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 31 Oct 2017 09:24:53 +0000 (10:24 +0100)]
cjson: bump to version 1.6.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 31 Oct 2017 08:16:24 +0000 (09:16 +0100)]
package/git: bump version to 2.15.0
To avoid the build error
grep.c:(.text+0xa02): undefined reference to `pcre_jit_exec'
we need to add NO_LIBPCRE1_JIT=1 according to
https://www.spinics.net/lists/git/msg314515.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jerzy Grzegorek [Tue, 31 Oct 2017 08:16:12 +0000 (09:16 +0100)]
package/dash: drop the default value of the DASH_SOURCE variable
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maksim Salau [Tue, 31 Oct 2017 07:51:04 +0000 (10:51 +0300)]
swupdate: Fix SHA256 hash verification
swupdate 2017.07 has a bug which makes hash verification faulty.
The commit adds a patch to fix the issue. The fix has already been
pushed to upstream and is a copy of the commit
dba95dcd3739c604a81ffa2df2545e7a4cd430cf in the swupdate repo [1].
[1] https://github.com/sbabic/swupdate
Signed-off-by: Maksim Salau <msalau@iotecha.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Mon, 30 Oct 2017 19:11:02 +0000 (21:11 +0200)]
apr-util: security bump to version 1.6.1
Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.
Switch to bz2 compressed tarball.
Use upstream provided SHA256 hash.
Add license hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Mon, 30 Oct 2017 19:11:01 +0000 (21:11 +0200)]
apr: security bump to version 1.6.3
Fixes CVE-2017-12613: Out-of-bounds array deref in apr_time_exp*()
functions.
Use upstream provided SHA256 hash.
Add license has.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabrice Fontaine [Mon, 30 Oct 2017 17:02:43 +0000 (18:02 +0100)]
libmediaart: bump to version 1.9.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Antoine Tenart [Mon, 30 Oct 2017 14:44:30 +0000 (15:44 +0100)]
package/cryptodev-linux: bump to the latest version (
0a54e38)
The build of the cryptodev-linux version used in Buildroot is currently
broken for kernels >= 4.13. A fix was pushed upstream:
https://github.com/cryptodev-linux/cryptodev-linux/commit/
f0d69774afb27ffc62bf353465fba145e70cb85a
This patch bumps the cryptodev-linux package version to use the latest
available one, which includes the commit fixing the build for recent
kernels.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabrice Fontaine [Mon, 30 Oct 2017 10:37:26 +0000 (11:37 +0100)]
domoticz: bump to version 3.8153
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Jerzy Grzegorek [Mon, 30 Oct 2017 07:26:40 +0000 (08:26 +0100)]
package/Config.in: fix alphabetical order
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Mon, 30 Oct 2017 05:08:55 +0000 (07:08 +0200)]
DEVELOPERS: add myself as interested in socat
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 27 Oct 2017 11:47:16 +0000 (13:47 +0200)]
lvm2: make basic package available under musl
The basic lvm2 package (libdevmapper / dmsetup) does build under musl, only the
standard (full) installation doesn't.
Many setups only need the basic package, so move the !musl dependencies down
to the sub options and adjust the reverse dependencies (cryptsetup/dmraid)
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: adjust Config.in comments and dependencies.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Scott Ellis [Sun, 29 Oct 2017 08:15:49 +0000 (04:15 -0400)]
package/python-pyqt5: fix build with Qt 5.6.3
This commit adds 5_6_3 to the Timeline patch that fixed the build with
Qt 5.6.2.
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
[Thomas: adjust patch existing patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Jerzy Grzegorek [Fri, 27 Oct 2017 19:22:05 +0000 (21:22 +0200)]
package/restorecond: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sun, 29 Oct 2017 15:04:20 +0000 (16:04 +0100)]
package/libnfs: allow parallel build
Tested with BR2_JLEVEL=100.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sun, 29 Oct 2017 15:04:19 +0000 (16:04 +0100)]
package/libnfs: bump version to 2.0.0
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sun, 29 Oct 2017 16:12:56 +0000 (17:12 +0100)]
package/boinc: add optional dependency to freetype
No configure option present:
https://github.com/BOINC/boinc/blob/client_release/7.8/7.8.3/configure.ac#L497
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabrice Fontaine [Sun, 29 Oct 2017 16:12:55 +0000 (17:12 +0100)]
boinc: new package
Open-source software for volunteer computing and grid computing.
Use the idle time on your computer to cure diseases, study global
warming, discover pulsars, and do many other types of scientific
research.
https://boinc.berkeley.edu
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Bernd:
- bumped to version 7.8.3
- removed patches which where applied upstream
- added myself to DEVELOPERS as well]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 29 Oct 2017 17:00:41 +0000 (18:00 +0100)]
package/libbsd: not available for ARC
libbsd has explicit, hard-coded checks about the architectures it can
work on, and ARC is not one of those.
We did not notice so far, because we only recently added support for
glibc on ARC (and only for a single variant) in
0633eb58a291 (toolchain:
add glibc support for ARCv2).
Add an explicit exclusion on arc.
Fixes:
http://autobuild.buildroot.org/results/
603baa77e95620ad1416e0d1dc4202c334801efc
http://autobuild.buildroot.org/results/
8a2ee5431501615cb150233e6d7bc9e7c3c5c1eb
http://autobuild.buildroot.org/results/
ea52364f536485ff4e43e3bc37f2175eb6178c5a
http://autobuild.buildroot.org/results/
32581f7a79372b525e4ad21e029ff0ede743ba94
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Sun, 29 Oct 2017 14:33:49 +0000 (16:33 +0200)]
socat: bump down to version 1.7.3.2
Upstream socat2 branch seems to be dead. Last commit is from January
2016 . Over the last few years socat2 received only fixes cherry picked
from the master 1.x branch. Most major general purpose distros only
package socat 1.x.
Drop the threads dependency; not needed for 1.x.
Mention the OpenSSL exception in the license. Add hashes for license
files.
Correct the autoconf comment. The tarball configure script is recent
enough. But since we patch configure.in and Makefile.in we still need to
autoconf.
All patches we carry for socat2 are also needed for socat 1.x.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sun, 29 Oct 2017 09:52:48 +0000 (10:52 +0100)]
package/glibc: switch to using the maintenance branch
glibc upstream has ruled against doing regular point-releases, but they
do have a lot of interesting and important fixes for regressions and
security.
Backporting each patch, or cherry-picking individual patches is off
limits for us, so we just switch to using the currently-latest HEAD of
the maintenance branch instead.
The version number is obtained with:
$ git describe --match 'glibc-*' --abbrev=40 origin/release/2.26/master
The alternative options were:
- download the tarball from the git tree
--> does not work; not an option
- download the 2.26 tarball, and bundle the individual patches in
Buildroot
--> maintenance of patches is a burden; not an option
- download the 2.26 tarball, maintain the list of patches to download from
the git tree
--> not an option for the same reason
So we end up just doing a git clone. The git tree is today about ten
times the size of the tarball, so a rough estimate makes it at about ten
times the download time.
Also upstream doesn't officially provide an https download location [1].
There is one but it's not reliable, sometimes the connection time out and
end-up with a corrupted git repo:
fatal: unable to access 'https://sourceware.org/git/glibc.git/': Failed to connect to sourceware.org port 443: Connection timed out
So switch to using a git mirror from github which is updated once a day [2].
This allow at the same time to clone the git repository faster.
Note: The glibc 2.26 patches are not kept for the arc toolchain since they
are fixing an issue with the new float128 support introduced in x86, x86_64
and powerpc64le.
[1] https://sourceware.org/git/?p=glibc.git;a=summary
[2] https://github.com/bminor/glibc.git
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Evgeniy Didin <didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
[Romain: bump
4b692dffb95ac4812b161eb6a16113d7e824982e]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr: update comment to never decide on the mirror]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Romain Naour [Sun, 29 Oct 2017 11:49:42 +0000 (12:49 +0100)]
package/glibc: remove mips r6 nan208 hook
This hook is not needed since glibc 2.23 [1] and can be safely removed.
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=
d5f2798a0ac9d5ad8ad7a506a2f840035135e2d2
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sun, 29 Oct 2017 13:08:38 +0000 (14:08 +0100)]
package/tvheadend: transcoding depends on ffmpeg
Commit
https://git.buildroot.net/buildroot/commit/package/tvheadend?id=
a9a14dc4357d32f705a52a5da73c782576ce6bc8
forgot to add the reverse dependency from ffmpeg.
Fixes
http://autobuild.buildroot.net/results/91a/
91a08e63690421a0c197e987af15e91e78afb96f/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Tue, 24 Oct 2017 15:15:06 +0000 (11:15 -0400)]
boost: add help messages to libraries
All of the help messages come from http://www.boost.org/doc/libs/1_65_1/
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Tue, 24 Oct 2017 15:15:05 +0000 (11:15 -0400)]
boost: add option for the stacktrace library
stacktrace requires dynamic library support, which was causing the
following build errors:
http://autobuild.buildroot.net/results/
692ffad93a7bd867ecc7ccbfc8c6280735d29435/
http://autobuild.buildroot.net/results/
6058ece804889abaaab0a29258e1de2904162d26/
http://autobuild.buildroot.net/results/
12df9b345a90a4e011b8bb4cb1d1ef1c2c7040c0/
http://autobuild.buildroot.net/results/
7473c433e93b3e785e44d9868fec517437f59847/
Adding an option for it allows to have it disabled by default, and
make sure it only gets enabled when shared library support is
available.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Sat, 28 Oct 2017 19:26:15 +0000 (21:26 +0200)]
docs/website: update for 2017.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 28 Oct 2017 18:55:26 +0000 (20:55 +0200)]
Update for 2017.02.7
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
05a2e38af23ecdb04f54da97f5ce2b1f7f41b842)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jerzy Grzegorek [Sat, 28 Oct 2017 08:28:20 +0000 (10:28 +0200)]
package/util-linux: drop _VERSION_MINOR variable
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 07:53:35 +0000 (09:53 +0200)]
package/libdrm: bump version to 2.4.85
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 07:52:22 +0000 (09:52 +0200)]
package/ffmpeg: bump version to 3.3.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 07:40:01 +0000 (09:40 +0200)]
package/php: bump version to 7.1.11
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 07:36:07 +0000 (09:36 +0200)]
package/samba4: bump version to 4.6.9
Release notes: https://www.samba.org/samba/history/samba-4.6.9.html
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 26 Oct 2017 10:18:48 +0000 (11:18 +0100)]
package/tzdata: bump version to 2017c
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 26 Oct 2017 10:18:47 +0000 (11:18 +0100)]
package/zic: bump version to 2017c
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joshua Henderson [Wed, 25 Oct 2017 15:50:57 +0000 (08:50 -0700)]
qt5wayland: fix config option indentation
Reorganize so the optional composer option for the qt5wayland package shows up
as an indented option.
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 27 Oct 2017 12:18:58 +0000 (14:18 +0200)]
wget: add optional zlib support
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 27 Oct 2017 12:02:08 +0000 (14:02 +0200)]
wget: security bump to version 1.19.2
Fixes the following security issues:
CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects. When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number. The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read(). As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.
CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses. When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number. The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read(). As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument. The
attacker can corrupt malloc metadata after the allocated buffer.
Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 06:57:29 +0000 (08:57 +0200)]
package/tor: bump version to 0.3.1.8
Release notes:
https://blog.torproject.org/new-stable-tor-releases-0318-03012-02913-02816-02515
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 06:52:49 +0000 (08:52 +0200)]
linux: bump default to version 4.13.10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Oct 2017 06:52:48 +0000 (08:52 +0200)]
linux-headers: bump 4.{4, 9, 13}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adrian Perez de Castro [Fri, 27 Oct 2017 16:10:33 +0000 (19:10 +0300)]
webkitgtk: security bump to version 2.18.2
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.
Release notes:
https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html
Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Fri, 27 Oct 2017 15:57:34 +0000 (17:57 +0200)]
barebox: bump to version 2017.09.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jerzy Grzegorek [Fri, 27 Oct 2017 11:16:55 +0000 (13:16 +0200)]
package: fix license typos
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yegor Yefremov [Fri, 27 Oct 2017 07:07:29 +0000 (09:07 +0200)]
python-paho-mqtt: bump version to 1.3.1
Remove upstreamed patch and add licence checksums.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yegor Yefremov [Fri, 27 Oct 2017 07:07:28 +0000 (09:07 +0200)]
python-zope-interface: bump version to 4.4.3
Add licence checksum.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 26 Oct 2017 12:52:47 +0000 (14:52 +0200)]
openssh: security bump to version 7.6p1
Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH
before 7.6 does not properly prevent write operations in readonly mode,
which allows attackers to create zero-length files.
For more details, see the release notes:
https://www.openssh.com/txt/release-7.6
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 26 Oct 2017 12:44:15 +0000 (14:44 +0200)]
redis: bump to version 3.2.11
3.2.11 fixes important issues. From the release notes:
================================================================================
Redis 3.2.11 Released Thu Sep 21 15:47:53 CEST 2017
================================================================================
Upgrade urgency HIGH: Potentially critical bugs fixed.
AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 26 Oct 2017 12:18:43 +0000 (14:18 +0200)]
sdl2: security bump to version 2.0.7
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution. An
attacker can provide a specially crafted image file to trigger this
vulnerability.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 25 Oct 2017 16:03:26 +0000 (18:03 +0200)]
sdl2: explicitly disable raspberry pi video backend
Fixes:
http://autobuild.buildroot.net/results/d59/
d5992dcc9a49ee77afaebdcc9448ac1868fa7de1/
http://autobuild.buildroot.net/results/e89/
e894f21ce1983ee3bd8d65a8e59e1adab9a62707/
The configure script automatically enables support for the raspberry pi
video backend if it detects the rpi-userland package. Unfortunately it
hardcodes a number of include/linker paths unsuitable for cross compilation,
breaking the build:
if test x$enable_video = xyes -a x$enable_video_rpi = xyes; then
..
RPI_CFLAGS="-I/opt/vc/include -I/opt/vc/include/interface/vcos/pthreads -I/opt/vc/include/interface/vmcs_host/linux"
RPI_LDFLAGS="-L/opt/vc/lib -lbcm_host"
fi
So explicitly disable it until the configure script is fixed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Bark [Thu, 26 Oct 2017 10:07:31 +0000 (11:07 +0100)]
package/nodejs: bump version to 8.8.1
Fixes a regression introduced in 8.8.0.
See https://nodejs.org/en/blog/release/v8.8.1/
Peter: apply on top of 8.8.0, mention that it fixes regression]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 26 Oct 2017 06:59:33 +0000 (08:59 +0200)]
nodejs: security bump to version 8.8.0
Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8. On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception. Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.
For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <<a href="mailto:peter@korsgaard.com">peter@korsgaard.com</a>><br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Mon, 23 Oct 2017 19:52:03 +0000 (21:52 +0200)]
s6-rc: bump version to 0.3.0.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Mon, 23 Oct 2017 19:52:02 +0000 (21:52 +0200)]
s6: bump version to 2.6.1.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Mon, 23 Oct 2017 19:52:01 +0000 (21:52 +0200)]
execline: bump version to 2.3.0.3
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Mon, 23 Oct 2017 19:52:00 +0000 (21:52 +0200)]
skalibs: bump version to 2.6.0.1
Bump version to 2.6.0.1 and refresh patches.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Tue, 24 Oct 2017 16:51:58 +0000 (12:51 -0400)]
janus-gateway: bump to v0.2.5
Also add hash for license file.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 23 Oct 2017 23:13:17 +0000 (01:13 +0200)]
libcurl: security bump to version 7.56.1
Fixes CVE-2017-
1000257 - IMAP FETCH response out of bounds read
https://curl.haxx.se/docs/adv_20171023.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 23 Oct 2017 23:08:36 +0000 (01:08 +0200)]
irssi: security bump to version 1.0.5
Fixes the following security issues:
(a) When installing themes with unterminated colour formatting
sequences, Irssi may access data beyond the end of the
string. (CWE-126) Found by Hanno Böck.
CVE-2017-15228 was assigned to this issue.
(b) While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state
later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)
CVE-2017-15227 was assigned to this issue.
(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
pointer dereference. Found by Joseph Bisch. This is a separate,
but similar issue to CVE-2017-9468. (CWE-690)
CVE-2017-15721 was assigned to this issue.
(d) Overlong nicks or targets may result in a NULL pointer dereference
while splitting the message. Found by Joseph Bisch. (CWE-690)
CVE-2017-15723 was assigned to this issue.
(e) In certain cases Irssi may fail to verify that a Safe channel ID
is long enough, causing reads beyond the end of the string. Found
by Joseph Bisch. (CWE-126)
CVE-2017-15722 was assigned to this issue.
For more details, see the advisory:
https://irssi.org/security/irssi_sa_2017_10.txt
While we're at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 23 Oct 2017 19:07:57 +0000 (21:07 +0200)]
package/kodi: bump version to 17.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 23 Oct 2017 19:09:25 +0000 (21:09 +0200)]
package/libpciaccess: bump version to 0.14
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 23 Oct 2017 19:14:36 +0000 (21:14 +0200)]
package/apache: bump version to 2.4.29
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>