buildroot.git
7 years agoDEVELOPERS: add myself for modem-manager related packages
Aleksander Morgado [Thu, 7 Sep 2017 11:49:46 +0000 (13:49 +0200)]
DEVELOPERS: add myself for modem-manager related packages

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosmcroute: bump to version 2.3.1
Thomas Faivre [Thu, 7 Sep 2017 13:09:08 +0000 (15:09 +0200)]
smcroute: bump to version 2.3.1

Add optional dependency on libcap, which exists since this version
bump.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
[Thomas: add explicit --with-libcap.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosupervisor: security bump to version 3.1.4
Peter Korsgaard [Thu, 7 Sep 2017 09:44:59 +0000 (11:44 +0200)]
supervisor: security bump to version 3.1.4

Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoruby: add upstream security patches bumping rubygems to 2.6.13
Peter Korsgaard [Thu, 7 Sep 2017 09:17:55 +0000 (11:17 +0200)]
ruby: add upstream security patches bumping rubygems to 2.6.13

We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/terminology: bump to v1.1.1
Romain Naour [Thu, 7 Sep 2017 20:41:13 +0000 (22:41 +0200)]
package/terminology: bump to v1.1.1

https://sourceforge.net/p/enlightenment/mailman/message/36026490

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/efl: bump to 1.20.3
Romain Naour [Thu, 7 Sep 2017 20:41:12 +0000 (22:41 +0200)]
package/efl: bump to 1.20.3

https://www.enlightenment.org/news/efl-1.20.3

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/efl: fix build issue on big endian system
Romain Naour [Thu, 7 Sep 2017 20:41:11 +0000 (22:41 +0200)]
package/efl: fix build issue on big endian system

Fixes:
http://autobuild.buildroot.net/results/0f1/0f12919f59dc92a8d91e23d3b0c1120bc06720db
http://autobuild.buildroot.net/results/62e/62e96be61601347e92f9c115209af4962fe82492

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobind: fix compilation when lmdb.h is present on host
Robin Jarry [Fri, 8 Sep 2017 14:02:49 +0000 (16:02 +0200)]
bind: fix compilation when lmdb.h is present on host

Bind autoconf scripts look for lmdb.h in /usr/include (even when
cross-compiling). When liblmdb-dev is installed, this causes the
following error:

    ...
    checking for lmdb library... yes
    checking for library containing mdb_env_create... no
    configure: error: found lmdb include but not library.

Fix this by disabling explicitly lmdb support.

Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibcurl: bump to version 7.55.1
Baruch Siach [Sat, 9 Sep 2017 20:10:55 +0000 (23:10 +0300)]
libcurl: bump to version 7.55.1

Drop upstream patch.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x11r7/xdriver_xf86-video-ati: bump version to 7.10.0
Bernd Kuhls [Sat, 9 Sep 2017 11:45:58 +0000 (13:45 +0200)]
package/x11r7/xdriver_xf86-video-ati: bump version to 7.10.0

Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x11r7/xdriver_xf86-video-amdgpu: bump version to 1.4.0
Bernd Kuhls [Sat, 9 Sep 2017 11:45:57 +0000 (13:45 +0200)]
package/x11r7/xdriver_xf86-video-amdgpu: bump version to 1.4.0

Added sha512 hash provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostrace: update homepage link
Baruch Siach [Fri, 8 Sep 2017 09:23:49 +0000 (12:23 +0300)]
strace: update homepage link

strace moved to a new homepage as upstream commit 2bba131575878 (Update
homepage URL) indicates.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostrace: fix program_invocation_name uClibc declaration mismatch
Baruch Siach [Fri, 8 Sep 2017 09:23:48 +0000 (12:23 +0300)]
strace: fix program_invocation_name uClibc declaration mismatch

The local program_invocation_name declaration conflicts with the uClibc
one. Add a patch making this declaration depend on
!HAVE_PROGRAM_INVOCATION_NAME.

Fixes:
http://autobuild.buildroot.net/results/5f0/5f0852f3ffb46f8fb2b4c9318652c5ab3ab5e97d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: update patch status.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotcpdump: security bump to version 4.9.2
Peter Korsgaard [Fri, 8 Sep 2017 12:19:03 +0000 (14:19 +0200)]
tcpdump: security bump to version 4.9.2

Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmodbus: bump to version 3.1.4
Yegor Yefremov [Fri, 8 Sep 2017 13:23:49 +0000 (15:23 +0200)]
libmodbus: bump to version 3.1.4

Disable tests compilation and documentation generation.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs: nexbox_a95x_defconfig: bump to kernel 4.13
Peter Korsgaard [Sat, 9 Sep 2017 09:41:25 +0000 (11:41 +0200)]
configs: nexbox_a95x_defconfig: bump to kernel 4.13

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibarchive: security bump to version 3.3.2
Baruch Siach [Sat, 9 Sep 2017 20:02:53 +0000 (23:02 +0300)]
libarchive: security bump to version 3.3.2

CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-linux-init: bump version to 0.3.1.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:21 +0000 (12:34 +0200)]
s6-linux-init: bump version to 0.3.1.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-linux-utils: bump version to 2.4.0.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:20 +0000 (12:34 +0200)]
s6-linux-utils: bump version to 2.4.0.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-portable-utils: bump version to 2.2.1.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:19 +0000 (12:34 +0200)]
s6-portable-utils: bump version to 2.2.1.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-rc: bump version to 0.2.1.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:18 +0000 (12:34 +0200)]
s6-rc: bump version to 0.2.1.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-networking: bump version to 2.3.0.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:17 +0000 (12:34 +0200)]
s6-networking: bump version to 2.3.0.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-dns: bump version to 2.2.0.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:16 +0000 (12:34 +0200)]
s6-dns: bump version to 2.2.0.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6: bump version to 2.6.1.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:15 +0000 (12:34 +0200)]
s6: bump version to 2.6.1.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoexecline: bump version to 2.3.0.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:14 +0000 (12:34 +0200)]
execline: bump version to 2.3.0.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoskalibs: bump version to 2.6.0.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:13 +0000 (12:34 +0200)]
skalibs: bump version to 2.6.0.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostella: fix build without threads support
Sergio Prado [Sat, 9 Sep 2017 11:05:36 +0000 (08:05 -0300)]
stella: fix build without threads support

Fix build error when building using toolchain without threads support:

src/common/tv_filters/AtariNTSC.hxx:172:16: error: 'thread' is not a member of 'std'
     unique_ptr<std::thread[]> myThreads;
                     ^~~

Since version 5.0.2, Stella needs a toolchain with threads support.

Fixes:
http://autobuild.buildroot.net/results/bd30388ee24294158d0a373764408c8c846853d4
http://autobuild.buildroot.net/results/ad1571cecfc697650b436c147b5f3a1b4326091d
http://autobuild.buildroot.net/results/10b73362358f3af45534a0cd096672dd1460a7d0

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: add myself as a maintainer for lcdproc
Sven Haardiek [Fri, 8 Sep 2017 08:36:33 +0000 (10:36 +0200)]
DEVELOPERS: add myself as a maintainer for lcdproc

Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-paho-mqtt: bump to version 1.3.0
Yegor Yefremov [Fri, 8 Sep 2017 08:38:16 +0000 (10:38 +0200)]
python-paho-mqtt: bump to version 1.3.0

Change setup type to setuptools.

Add a patch removing the pytest-runner dependency. The patch was sent
upstream.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoqt: add patch fixing build failure on ARMv8 in 32-bit mode
Thomas Petazzoni [Fri, 8 Sep 2017 07:35:07 +0000 (09:35 +0200)]
qt: add patch fixing build failure on ARMv8 in 32-bit mode

The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibzip: security bump to version 1.3.0
Peter Korsgaard [Thu, 7 Sep 2017 21:21:33 +0000 (23:21 +0200)]
libzip: security bump to version 1.3.0

Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoshairport-sync: bump to version 3.1.1
Jörg Krause [Fri, 8 Sep 2017 07:25:20 +0000 (09:25 +0200)]
shairport-sync: bump to version 3.1.1

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/openpowerlink: bump to v2.6.1
Romain Naour [Thu, 7 Sep 2017 21:43:55 +0000 (23:43 +0200)]
package/openpowerlink: bump to v2.6.1

http://openpowerlink.sourceforge.net/web/openPOWERLINK/Download/openPOWERLINK%202.6.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agounrar: security bump to version 5.5.8
Peter Korsgaard [Thu, 7 Sep 2017 16:58:38 +0000 (18:58 +0200)]
unrar: security bump to version 5.5.8

Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agostrongswan: add upstream security patch
Peter Korsgaard [Thu, 7 Sep 2017 15:26:55 +0000 (17:26 +0200)]
strongswan: add upstream security patch

Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibsoup: security bump to version 2.56.1
Peter Korsgaard [Thu, 7 Sep 2017 15:07:54 +0000 (17:07 +0200)]
libsoup: security bump to version 2.56.1

Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agogd: security bump to version 2.2.5
Peter Korsgaard [Thu, 7 Sep 2017 14:45:51 +0000 (16:45 +0200)]
gd: security bump to version 2.2.5

Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/imx7dpico: Bump to 4.13 kernel
Fabio Estevam [Thu, 7 Sep 2017 19:16:17 +0000 (16:16 -0300)]
configs/imx7dpico: Bump to 4.13 kernel

Bump to 4.13 kernel and remove all the dts patches as they
are part of upstream now.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/php: bump version to 7.1.9
Bernd Kuhls [Sun, 3 Sep 2017 15:38:06 +0000 (17:38 +0200)]
package/php: bump version to 7.1.9

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/imx6q-sabresd: Bump kernel to 4.13
Fabio Estevam [Sun, 3 Sep 2017 22:58:34 +0000 (19:58 -0300)]
configs/imx6q-sabresd: Bump kernel to 4.13

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.13
Fabio Estevam [Sun, 3 Sep 2017 22:58:33 +0000 (19:58 -0300)]
linux: bump default to version 4.13

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump to 4.13 kernel version
Fabio Estevam [Sun, 3 Sep 2017 22:58:32 +0000 (19:58 -0300)]
linux-headers: bump to 4.13 kernel version

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agotoolchain: add 4.13.x choice for headers
Fabio Estevam [Sun, 3 Sep 2017 22:58:31 +0000 (19:58 -0300)]
toolchain: add 4.13.x choice for headers

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{4, 9, 12}.x series
Bernd Kuhls [Thu, 7 Sep 2017 18:23:49 +0000 (20:23 +0200)]
linux-headers: bump 4.{4, 9, 12}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/eudev: bump version to 3.2.4
Bernd Kuhls [Thu, 7 Sep 2017 18:22:04 +0000 (20:22 +0200)]
package/eudev: bump version to 3.2.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agostrace: bump to version 4.19
Baruch Siach [Thu, 7 Sep 2017 17:32:44 +0000 (20:32 +0300)]
strace: bump to version 4.19

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agombedtls: security bump to version 2.6.0
Baruch Siach [Tue, 5 Sep 2017 19:05:26 +0000 (22:05 +0300)]
mbedtls: security bump to version 2.6.0

Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/mesa3d-headers: bump version to 17.2.0
Bernd Kuhls [Thu, 7 Sep 2017 03:37:41 +0000 (05:37 +0200)]
package/mesa3d-headers: bump version to 17.2.0

Forgot to bump this package in
https://git.buildroot.net/buildroot/commit/package/mesa3d?id=88b5e583a3b9389159c0b008f140aaa1cf578a3c

Fixes
http://autobuild.buildroot.net/results/ef2/ef23996ba10a2143087c3ff0b7549f4acbbe6777/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: add myself as maintainer for libpng
Bernd Kuhls [Sun, 3 Sep 2017 13:08:58 +0000 (15:08 +0200)]
DEVELOPERS: add myself as maintainer for libpng

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/eudev: bump version to 3.2.3
Bernd Kuhls [Mon, 4 Sep 2017 04:36:50 +0000 (06:36 +0200)]
package/eudev: bump version to 3.2.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibqmi: add optional features
Aleksander Morgado [Wed, 6 Sep 2017 21:28:34 +0000 (23:28 +0200)]
libqmi: add optional features

The libqmi library and tools come with several optional features that
may be enabled or disabled during build.

This patch adds support to automatically enable or disable them based
on the presence of the required dependencies for each:
 * QMI-over-MBIM is enabled if libmbim is selected.
 * udev support in qmi-firmware-update is enabled if libgudev is
   selected.
 * MM runtime check in qmi-firmware-update is enabled if ModemManager
   is selected (but we don't build-depend on it, the runtime check is
   done using plain glib2 DBus operations).

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmbim: add udev as optional feature
Aleksander Morgado [Wed, 6 Sep 2017 21:28:09 +0000 (23:28 +0200)]
libmbim: add udev as optional feature

udev support will be enabled in the build if libgudev is selected.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/python-web2py: bump to version R-2.15.4
Angelo Compagnucci [Mon, 4 Sep 2017 07:03:08 +0000 (09:03 +0200)]
package/python-web2py: bump to version R-2.15.4

This patch bumps web2py to the latest version R-2.15.4 and bumps
also the python-pydal dependency to the required latest version 17.8.
Starting with version R-2.15.x web2py supports also python 3, so
updating the package to support both versions.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agommc-utils: use upstream provided install target
Baruch Siach [Mon, 4 Sep 2017 07:40:40 +0000 (10:40 +0300)]
mmc-utils: use upstream provided install target

Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-pytablewriter: bump to 0.24.0
Yegor Yefremov [Mon, 4 Sep 2017 06:21:26 +0000 (08:21 +0200)]
python-pytablewriter: bump to 0.24.0

Reorder and fix dependencies.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-dataproperty: bump to version 0.25.6
Yegor Yefremov [Mon, 4 Sep 2017 06:21:25 +0000 (08:21 +0200)]
python-dataproperty: bump to version 0.25.6

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-typepy: bump to version 0.0.20
Yegor Yefremov [Mon, 4 Sep 2017 06:21:24 +0000 (08:21 +0200)]
python-typepy: bump to version 0.0.20

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-pytablereader: bump to version 0.13.3
Yegor Yefremov [Mon, 4 Sep 2017 06:21:23 +0000 (08:21 +0200)]
python-pytablereader: bump to version 0.13.3

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-simplesqlite: new package
Yegor Yefremov [Mon, 4 Sep 2017 06:21:22 +0000 (08:21 +0200)]
python-simplesqlite: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: add upstream URL in Config.in.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolcdproc: bump to version 0.5.9
Sven Haardiek [Wed, 6 Sep 2017 14:48:55 +0000 (16:48 +0200)]
lcdproc: bump to version 0.5.9

This commit bumps lcdproc to version 0.5.9, and switches to the new
upstream on github.

The new version also compiles with musl without any patches.

Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoexpat: bump to version 2.2.4
Baruch Siach [Mon, 4 Sep 2017 16:51:07 +0000 (19:51 +0300)]
expat: bump to version 2.2.4

Upstream migrated to automake for autotools: the "installlib" target
no longer exist, and we can use the standard "install" target, and
therefore drop the special INSTALL_STAGING_OPTS and
INSTALL_TARGET_OPTS variables.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmbim: bump to version 1.14.2
Aleksander Morgado [Mon, 4 Sep 2017 15:54:06 +0000 (17:54 +0200)]
libmbim: bump to version 1.14.2

New stable update in the 1.14.x series:
https://lists.freedesktop.org/archives/libmbim-devel/2017-August/000917.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoxavante: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:46 +0000 (19:50 +0200)]
xavante: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agowsapi-xavante: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:45 +0000 (19:50 +0200)]
wsapi-xavante: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agowsapi-fcgi: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:44 +0000 (19:50 +0200)]
wsapi-fcgi: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agowsapi: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:43 +0000 (19:50 +0200)]
wsapi: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agorings: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:42 +0000 (19:50 +0200)]
rings: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoluasql-sqlite3: fix LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:41 +0000 (19:50 +0200)]
luasql-sqlite3: fix LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoluaexpat: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:39 +0000 (19:50 +0200)]
luaexpat: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodado: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:38 +0000 (19:50 +0200)]
dado: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agocoxpcall: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:37 +0000 (19:50 +0200)]
coxpcall: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agocopas: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:36 +0000 (19:50 +0200)]
copas: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agocgilua: add LICENSE_FILES
Francois Perrad [Mon, 4 Sep 2017 17:50:35 +0000 (19:50 +0200)]
cgilua: add LICENSE_FILES

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibcoap: bump to version 4.1.2
Yegor Yefremov [Mon, 4 Sep 2017 05:35:15 +0000 (07:35 +0200)]
libcoap: bump to version 4.1.2

Remove upstreamed patch.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoscons: bump to version 2.5.1
Yegor Yefremov [Mon, 4 Sep 2017 05:35:47 +0000 (07:35 +0200)]
scons: bump to version 2.5.1

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodocs/manual: add appendix about $(HOST_DIR)/usr
Yann E. MORIN [Tue, 5 Sep 2017 20:34:53 +0000 (22:34 +0200)]
docs/manual: add appendix about $(HOST_DIR)/usr

Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agodocs/manual: add appendix about migration from older versions
Yann E. MORIN [Tue, 5 Sep 2017 20:34:52 +0000 (22:34 +0200)]
docs/manual: add appendix about migration from older versions

... and move the br2-external migration to it.

Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/nodejs: bump version to 8.4.0
Martin Bark [Tue, 5 Sep 2017 20:09:23 +0000 (21:09 +0100)]
package/nodejs: bump version to 8.4.0

See https://nodejs.org/en/blog/release/v8.4.0/

An update to v8 6.0.286 has removed the need for mkpeephole and
0002-add-missing-stdarg-includes.patch

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libuv: bump version to 1.14.0
Martin Bark [Tue, 5 Sep 2017 20:09:22 +0000 (21:09 +0100)]
package/libuv: bump version to 1.14.0

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmbim: inherit BR2_USE_MMU dependency from libglib2
Aleksander Morgado [Wed, 6 Sep 2017 08:43:27 +0000 (10:43 +0200)]
libmbim: inherit BR2_USE_MMU dependency from libglib2

The USE_MMU dependency was missing from the chain of dependencies.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agox11r7/xdriver_xf86-input-tslib: update to 1.1.0
Martin Kepplinger [Wed, 6 Sep 2017 14:15:28 +0000 (16:15 +0200)]
x11r7/xdriver_xf86-input-tslib: update to 1.1.0

https://github.com/merge/xf86-input-tslib/releases has the summary of changes.

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopango: bump to version 1.40.12
Adam Duskett [Wed, 6 Sep 2017 12:13:41 +0000 (08:13 -0400)]
pango: bump to version 1.40.12

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agofile: security bump to version 5.32
Peter Korsgaard [Wed, 6 Sep 2017 14:00:37 +0000 (16:00 +0200)]
file: security bump to version 5.32

Fixes CVE-2017-1000249 - Stack buffer overflow with a specially crafted
.notes section in an ELF binary file.

For more details, see: http://www.openwall.com/lists/oss-security/2017/09/05/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosubversion: security bump to version 1.9.7
Peter Korsgaard [Wed, 6 Sep 2017 15:40:39 +0000 (17:40 +0200)]
subversion: security bump to version 1.9.7

Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pngquant: fix target build
Bernd Kuhls [Wed, 6 Sep 2017 16:39:04 +0000 (18:39 +0200)]
package/pngquant: fix target build

Pngquant 2.10 introduced a bundled library libimagequant, Makefile
passes $LIQCONFIGUREFLAGS to the configure script of libimagequant
before building this library:
https://github.com/pornel/pngquant/blob/master/Makefile#L27

This variable is filled by configure with the content of $LIQCONFIGURE
https://github.com/pornel/pngquant/blob/master/configure#L553

We need to pass CC/CFLAGS/LDFLAGS as parameter to configure to fill
$LIQCONFIGURE with correct values in order to use the target toolchain
for building libimagequant:
https://github.com/pornel/pngquant/blob/master/configure#L56

Fixes
http://autobuild.buildroot.net/results/ab1/ab1193db9d76adc02be44d6f273e0986952df3e2/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pngquant: bump version to 2.10.1
Bernd Kuhls [Mon, 4 Sep 2017 18:03:18 +0000 (20:03 +0200)]
package/pngquant: bump version to 2.10.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/mesa3d: bump version to 17.2.0
Bernd Kuhls [Mon, 4 Sep 2017 17:56:14 +0000 (19:56 +0200)]
package/mesa3d: bump version to 17.2.0

Added dependency to wayland-protocols needed by upstream:
https://cgit.freedesktop.org/mesa/mesa/commit/configure.ac?h=17.2&id=02cc359372773800de817950aebdf9be2c7973d1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoethtool: bump to version 4.11
Baruch Siach [Mon, 4 Sep 2017 19:21:00 +0000 (22:21 +0300)]
ethtool: bump to version 4.11

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoe2fsprogs: bump to version 1.43.6
Baruch Siach [Mon, 4 Sep 2017 19:11:21 +0000 (22:11 +0300)]
e2fsprogs: bump to version 1.43.6

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/minnowboard_max-graphical: wchar/grub2 fix
Nicholas Sielicki [Tue, 5 Sep 2017 00:08:06 +0000 (19:08 -0500)]
configs/minnowboard_max-graphical: wchar/grub2 fix

minnowboard_max-graphical_defconfig has the line "BR_TARGET_GRUB2=y",
but this currently has no effect because BR_TARGET_GRUB2 cannot be
selected without BR2_TOOLCHAIN_BUILDROOT_WCHAR=y, which is not set by
default.

The minnowboard max defconfig was updated to fix this problem, but the
graphical variant was not updated alongside it.

Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/galileo: grub2 needs wchar toolchain
Nicholas Sielicki [Tue, 5 Sep 2017 00:08:05 +0000 (19:08 -0500)]
configs/galileo: grub2 needs wchar toolchain

The galileo_defconfig has the line "BR_TARGET_GRUB2=y", but this
currently has no effect because BR_TARGET_GRUB2 cannot be selected
without BR2_TOOLCHAIN_BUILDROOT_WCHAR=y, which is not set by default.

Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs/galileo: update kernel version to fix build with gcc 6.x
Nicholas Sielicki [Mon, 4 Sep 2017 22:48:39 +0000 (17:48 -0500)]
configs/galileo: update kernel version to fix build with gcc 6.x

The kernel used so far for the galileo boards would not successfully
build with GCC versions greater than 5.

See: https://github.com/mdr78/Linux-x1000/pull/2

Signed-off-by: Nicholas Sielicki <sielicki@yandex.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoe2fsprogs: remove unneeded patch
Baruch Siach [Tue, 5 Sep 2017 10:27:41 +0000 (13:27 +0300)]
e2fsprogs: remove unneeded patch

Commit 44b5637ab2 (e2fsprogs: add a patch to link against SEM_INIT libs)
introduced a patch that effectively adds -lpthread to the link command
with libcom_err. Today the only libc with separate libpthread is glibc
that does not support static build. The generated libcom_err.so.2.1
library links with libpthread with or without this patch. Drop this
patch.

Cc: Daniel Mack <daniel@zonque.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/netplug: init script create needed lock directory
Julien Corjon [Tue, 5 Sep 2017 09:54:56 +0000 (11:54 +0200)]
package/netplug: init script create needed lock directory

Init script use /var/lock/subsys/netplugd but directory
/var/lock/subsys can be missing.

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopostgresql: bump to version 9.6.5
Adam Duskett [Tue, 5 Sep 2017 12:20:10 +0000 (08:20 -0400)]
postgresql: bump to version 9.6.5

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibxml2: security bump to version 2.9.5
Adam Duskett [Tue, 5 Sep 2017 12:20:08 +0000 (08:20 -0400)]
libxml2: security bump to version 2.9.5

Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoharfbuzz: bump to 1.5.0
Adam Duskett [Tue, 5 Sep 2017 12:20:07 +0000 (08:20 -0400)]
harfbuzz: bump to 1.5.0

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agocairo: bump to 1.14.10
Adam Duskett [Tue, 5 Sep 2017 12:20:06 +0000 (08:20 -0400)]
cairo: bump to 1.14.10

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobusybox: bump to version 1.27.2
Adam Duskett [Tue, 5 Sep 2017 12:20:05 +0000 (08:20 -0400)]
busybox: bump to version 1.27.2

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibtommath: set PREFIX when installing
Francois Perrad [Tue, 5 Sep 2017 18:52:19 +0000 (20:52 +0200)]
libtommath: set PREFIX when installing

The default value is /usr/local and causes breakage in libtomcrypt & moarvm

Fixes:

  http://autobuild.buildroot.net/results/a760063f05ae23f79920bc89ffc37e7dcf77aeab/
  http://autobuild.buildroot.net/results/78c9bc9a21cfce48615b70d80b25dd4847bd803b/

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>