buildroot.git
6 years agopackage/asterisk: add optional dependency to speexdsp
Bernd Kuhls [Wed, 13 Jun 2018 16:28:24 +0000 (18:28 +0200)]
package/asterisk: add optional dependency to speexdsp

Fixes
http://autobuild.buildroot.net/results/9f6/9f61192382ea4b57b0f0548626968752363bb13f/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/freeswitch: needs speexdsp
Bernd Kuhls [Wed, 13 Jun 2018 16:28:23 +0000 (18:28 +0200)]
package/freeswitch: needs speexdsp

Fixes
http://autobuild.buildroot.net/results/a3f/a3f9845681025fad93a4f867bb667822e87a08ea/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/speex: add optional dependency to speexdsp
Bernd Kuhls [Wed, 13 Jun 2018 16:28:22 +0000 (18:28 +0200)]
package/speex: add optional dependency to speexdsp

Quoting speex release notes from https://www.speex.org

"Speex 1.2rc2 and SpeexDSP 1.2rc2 are out
 December 6, 2014
 This release splits the speex codec library and the speex DSP library
 into separate source trees."

After bumping speex to 1.2.0 DSP support is provided by speexdsp.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/speexdsp: new package
Bernd Kuhls [Wed, 13 Jun 2018 16:28:21 +0000 (18:28 +0200)]
package/speexdsp: new package

Quoting speex release notes from https://www.speex.org

"Speex 1.2rc2 and SpeexDSP 1.2rc2 are out
 December 6, 2014
 This release splits the speex codec library and the speex DSP library
 into separate source trees."

After bumping speex to 1.2.0 this new package is necessary to provide
speex-based DSP support for packages like Freeswitch and Asterisk.

We use current git HEAD which received 21 commits since the 1.2rc3
tarball was released in 2015, including a fix for building on arm.

We still need another patch which was not committed to git master to
fix building on aarch64.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage: add python-validators
Peter Korsgaard [Fri, 15 Jun 2018 12:54:55 +0000 (14:54 +0200)]
package: add python-validators

Simple data validation library.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/python: bump version to 2.7.15
Bernd Kuhls [Fri, 15 Jun 2018 16:31:54 +0000 (18:31 +0200)]
package/python: bump version to 2.7.15

Rebased patch 0009, removed patch 0035 after upstream commit
https://github.com/python/cpython/commit/0b91f8a668201fc58fa732b8acc496caedfdbae0

Updated license hash after 2018 bump.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoclang: bump to version 6.0.0
Joseph Kogut [Thu, 14 Jun 2018 22:48:18 +0000 (15:48 -0700)]
clang: bump to version 6.0.0

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agollvm: bump to version 6.0.0
Joseph Kogut [Thu, 14 Jun 2018 22:48:17 +0000 (15:48 -0700)]
llvm: bump to version 6.0.0

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Tested-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoatk: bump to version 2.28.1
Joseph Kogut [Thu, 14 Jun 2018 22:48:12 +0000 (15:48 -0700)]
atk: bump to version 2.28.1

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agomodem-manager: update package prompt name
Baruch Siach [Fri, 15 Jun 2018 04:02:14 +0000 (07:02 +0300)]
modem-manager: update package prompt name

Rename the prompt string for consistency with the package directory
name.

Cc: Aleksander Morgado <aleksander@aleksander.es>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Petr Vorel <petr.vorel@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agomodem-manager: fix build with musl
Baruch Siach [Fri, 15 Jun 2018 04:02:13 +0000 (07:02 +0300)]
modem-manager: fix build with musl

modem-manager version 1.8.0 introduced use of canonicalize_file_name(),
which is a GNU extension that musl does not implement. Add a patch
switching to POSIX standard realpath().

Fixes:
http://autobuild.buildroot.net/results/9f6/9f6859f1854d94d3caba7b5c24d9ca6a14622042/

Cc: Aleksander Morgado <aleksander@aleksander.es>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Petr Vorel <petr.vorel@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agolibrtlsdr: fix typo in LIBRTLSDR_CONF_OPTS variable name
Thomas Petazzoni [Fri, 15 Jun 2018 14:28:31 +0000 (16:28 +0200)]
librtlsdr: fix typo in LIBRTLSDR_CONF_OPTS variable name

Commit 9ff035839eef68eb16e90ae70c3e70dc7f57ca5e ("librtlsdr: fix
static build") introduced this obvious typo, which was spotted by
check-package:

package/librtlsdr/librtlsdr.mk:18: possible typo: LIBRTLSDRCONF_OPTS -> *LIBRTLSDR*

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoscanpypi: rework download_package error handling
Yegor Yefremov [Wed, 13 Jun 2018 07:37:10 +0000 (09:37 +0200)]
scanpypi: rework download_package error handling

Some packages don't provide source archive but only a wheel file. In
this case download variable is not defined. So define this variable at
the very beginning and check whether it is None after searching for
source archives in the metadata.

Bonus: fix PEP8 issue with wrong indentation.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoredis: security bump to version 3.2.12
Peter Korsgaard [Wed, 13 Jun 2018 20:16:43 +0000 (22:16 +0200)]
redis: security bump to version 3.2.12

>From the release notes:

================================================================================
Redis 3.2.12     Released Wed Jun 13 12:43:01 CEST 2018
================================================================================

Upgrade urgency CRITICAL:

* Multilple security issues fixed.
* Backport of an older AOF fsync=always fix. Check 4.x release notes.
* Backport of a *SCAN bug. Sometimes elements could be missing from the scan.
* Other minor things.

https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES

For more details about the lua related security issues, see the blog:

http://antirez.com/news/119

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolibressl: security bump to version 2.7.4
Baruch Siach [Fri, 15 Jun 2018 08:22:08 +0000 (11:22 +0300)]
libressl: security bump to version 2.7.4

Fixes CVE-2018-0495: ECDSA signing side-channel attack.

Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolibgcrypt: security bump to version 1.8.3
Baruch Siach [Fri, 15 Jun 2018 08:21:52 +0000 (11:21 +0300)]
libgcrypt: security bump to version 1.8.3

Fixes CVE-2018-0495: ECDSA signing side-channel attack.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoautossh: fix manual set of ssh path
Baruch Siach [Thu, 14 Jun 2018 18:38:48 +0000 (21:38 +0300)]
autossh: fix manual set of ssh path

The configure script that is bundled with autossh does not generate the
correct code for the AC_ARG_WITH() macro of --with-ssh. As a result, the
configure scripts always check the host location, and fails with ssh is
not found.

Restore the autoreconf that has been removed in the last bump to fix the
--with-ssh configure option.

Fixes:
http://autobuild.buildroot.net/results/25d/25d681f9df22c07cdf5a6b8756bfc2d5ecf36247/
http://autobuild.buildroot.net/results/f0a/f0ae62d0ed6bac011c507cfea7cd7157671baf39/
http://autobuild.buildroot.net/results/b15/b1546bb3e861c14771bdd03cda9ce2e9176a2069/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agodocs/manual: fix scancpan path
Fabrice Fontaine [Thu, 14 Jun 2018 19:18:36 +0000 (21:18 +0200)]
docs/manual: fix scancpan path

scancpan is now in utils not in supports/scripts

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/cryptodev-linux: add an hash for the license file
Antoine Tenart [Thu, 14 Jun 2018 11:44:15 +0000 (13:44 +0200)]
package/cryptodev-linux: add an hash for the license file

Add a locally computed hash for the license file to track possible
updates.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agofile: add upstream security fix
Baruch Siach [Fri, 15 Jun 2018 03:56:48 +0000 (06:56 +0300)]
file: add upstream security fix

Fixes CVE-2018-10360: The do_core_note function in readelf.c in
libmagic.a in file 5.33 allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted ELF
file.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoqt5webengine: fix BR2_TOOLCHAIN_HAS_GCC_BUG_85862 condition
David Barbion [Thu, 7 Jun 2018 13:45:28 +0000 (15:45 +0200)]
qt5webengine: fix BR2_TOOLCHAIN_HAS_GCC_BUG_85862 condition

In commit bd03966d4ebeb284ac3afb5f3b8cba13da2b9983 ("toolchain: GCC
bug 85862"), a dependency on BR2_TOOLCHAIN_HAS_GCC_BUG_85862 was added
to the qt5webengine package, but it should have been a dependency on
!BR2_TOOLCHAIN_HAS_GCC_BUG_85862. This commit fixes that.

Signed-off-by: David Barbion <david.barbion@ext.leroymerlin.fr>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agomosquitto: bump to version 1.5
Fabrice Fontaine [Tue, 12 Jun 2018 18:36:18 +0000 (20:36 +0200)]
mosquitto: bump to version 1.5

- Remove patch (already in version)
- Add patch to fix crash (retrieved from upstream)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoimx-usb-loader: enable package for 64-bit ARM platforms
Gary Bisson [Tue, 12 Jun 2018 15:06:35 +0000 (17:06 +0200)]
imx-usb-loader: enable package for 64-bit ARM platforms

Now that it works for i.MX8MQ processors (tested on Nitrogen8M).

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoimx-usb-loader: bump revision to e539461
Gary Bisson [Tue, 12 Jun 2018 15:06:34 +0000 (17:06 +0200)]
imx-usb-loader: bump revision to e539461

This latest revision supports starting i.MX8MQ via USB recovery mode.

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoperl: add upstream security fix for CVE-2018-12015
Peter Korsgaard [Tue, 12 Jun 2018 15:21:30 +0000 (17:21 +0200)]
perl: add upstream security fix for CVE-2018-12015

Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module
allows remote attackers to bypass a directory-traversal protection
mechanism, and overwrite arbitrary files, via an archive file containing a
symlink and a regular file with the same name.

Patch from
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
with path rewritten to match perl tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: drop Stefan Fröberg's entry
Baruch Siach [Wed, 13 Jun 2018 07:00:27 +0000 (10:00 +0300)]
DEVELOPERS: drop Stefan Fröberg's entry

Emails bounce. The domain does not resolve.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/autossh: bump version to 1.4f
Bernd Kuhls [Wed, 13 Jun 2018 16:39:06 +0000 (18:39 +0200)]
package/autossh: bump version to 1.4f

Removed patch applied upstream, added all upstream and license hashes.

Removed _AUTORECONF, configure and configure.ac in the tarball match,
also removed _INSTALL_TARGET_CMDS, the upstream install target works
just fine nowadays.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agobinutils: fix glibc building for ARC with stock binutils 2.30
Alexey Brodkin [Wed, 13 Jun 2018 16:39:56 +0000 (19:39 +0300)]
binutils: fix glibc building for ARC with stock binutils 2.30

There're known issues with building glibc for ARC with vanilla
Binutils 2.30. Adding a couple of not yet upstreamed patches that
solve it.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
[Thomas: remove numbering in patch titles, renumber patch file names.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/unrar: bump version to 5.6.4
Bernd Kuhls [Wed, 13 Jun 2018 17:19:56 +0000 (19:19 +0200)]
package/unrar: bump version to 5.6.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/file: bump version to 5.33
Bernd Kuhls [Wed, 13 Jun 2018 17:16:14 +0000 (19:16 +0200)]
package/file: bump version to 5.33

Added license hashes, added optional dependency to libseccomp provided
by upstream in this version bump.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/connman: bump version to 1.36
Bernd Kuhls [Wed, 13 Jun 2018 17:08:33 +0000 (19:08 +0200)]
package/connman: bump version to 1.36

Added licence hash, removed patch applied upstream
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=bdfb3526466f8fb8f13d9259037d8f42c782ce24

Renumbered remaining patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agolinux-headers: bump 4.{4, 9}.x series
Fabio Estevam [Wed, 13 Jun 2018 17:04:26 +0000 (14:04 -0300)]
linux-headers: bump 4.{4, 9}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agof2fs-tools: fix build for uclinux
Baruch Siach [Wed, 13 Jun 2018 18:16:53 +0000 (21:16 +0300)]
f2fs-tools: fix build for uclinux

Add a patch making uclinux also linux.

Fixes:
http://autobuild.buildroot.net/results/357/3577d413dc16bcec7a403fd8857ec5dd64470ba5/
http://autobuild.buildroot.net/results/819/819a8a528764a68c02b1b98431a1d09929c387f1/
http://autobuild.buildroot.net/results/d98/d987df1ea7f8043f05d5221342888892990e9252/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agof2fs-tools: add selinux and libblk optional dependencies
Baruch Siach [Tue, 12 Jun 2018 17:40:50 +0000 (20:40 +0300)]
f2fs-tools: add selinux and libblk optional dependencies

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agof2fs-tools: bump to version 1.10.0
Baruch Siach [Tue, 12 Jun 2018 17:40:49 +0000 (20:40 +0300)]
f2fs-tools: bump to version 1.10.0

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agof2fs-tools: update homepage link
Baruch Siach [Tue, 12 Jun 2018 17:40:48 +0000 (20:40 +0300)]
f2fs-tools: update homepage link

As noted in the sourceforge page, the project is not using sourceforge
anymore. Use the gitweb summary page instead.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolinux-headers: bump 4.{14, 16, 17}.x series
Fabio Estevam [Tue, 12 Jun 2018 18:04:54 +0000 (15:04 -0300)]
linux-headers: bump 4.{14, 16, 17}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolinux: bump default to version 4.17.1
Fabio Estevam [Tue, 12 Jun 2018 18:04:53 +0000 (15:04 -0300)]
linux: bump default to version 4.17.1

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agohiawatha: bump to version 10.8.1
Baruch Siach [Tue, 12 Jun 2018 12:28:44 +0000 (15:28 +0300)]
hiawatha: bump to version 10.8.1

Drop upstream patch.

Add license file hash.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolighttpd: bump to version 1.4.49
Baruch Siach [Tue, 12 Jun 2018 12:11:51 +0000 (15:11 +0300)]
lighttpd: bump to version 1.4.49

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoboard/synopsys: synchronize custom inittab with BusyBox' one
Carlos Santos [Mon, 11 Jun 2018 06:00:16 +0000 (03:00 -0300)]
board/synopsys: synchronize custom inittab with BusyBox' one

Apply modifications made in recent commits:

456ea9871e busybox: add /dev/std{in, out, err} symlinks to inittab
13dbe73782 busybox: reduce number of mkdir calls in inittab
8a89d290d4 busybox: add an inittab entry to activate swap

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agobusybox: add an inittab entry to activate swap
Carlos Santos [Mon, 11 Jun 2018 06:00:15 +0000 (03:00 -0300)]
busybox: add an inittab entry to activate swap

There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agosysvinit: add an inittab entry to activate swap
Carlos Santos [Mon, 11 Jun 2018 06:00:14 +0000 (03:00 -0300)]
sysvinit: add an inittab entry to activate swap

There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agosysvinit: reduce number of mkdir calls in inittab
Carlos Santos [Mon, 11 Jun 2018 06:00:13 +0000 (03:00 -0300)]
sysvinit: reduce number of mkdir calls in inittab

The default sysvinit inittab does two separate mkdir calls to create
/dev/pts and /dev/shm. Reduce this to call mkdir only once for both
directories.

This removes id "si3" but keeps ids "si4".."si9" intact rather than
renumbering them. This would just increase the turmoil without any
practical effect.

Based on commit e9db8122fb, by Florian La Roche <F.LaRoche@pilz.de>.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolibnss: bump to version 3.37.3
Joseph Kogut [Mon, 11 Jun 2018 23:36:18 +0000 (16:36 -0700)]
libnss: bump to version 3.37.3

Fixes:
http://autobuild.buildroot.net/results/fd64ee3486f9045dfbd83908b8f06ef62c0d9781/
http://autobuild.buildroot.net/results/698500a92688c50e9cc71cf82c0848cb4adb81ad/
http://autobuild.buildroot.net/results/adaa2f79b202cb01ae57fa0cdb0eac9c07b22ea2/
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoflatcc: fix build with gcc 8
Baruch Siach [Sun, 10 Jun 2018 18:28:18 +0000 (21:28 +0300)]
flatcc: fix build with gcc 8

gcc 8 enables a strncpy() warning. This breaks the build of flatcc that
enables -Werror. Add upstream patch fixing the issue.

Fixes:
http://autobuild.buildroot.net/results/0e3/0e3a959855fad5899db184f7d2c960c89df03672/
http://autobuild.buildroot.net/results/d2c/d2c03bc253bdf135b0f31f3d1e6fd33f7d37d64b/
http://autobuild.buildroot.net/results/163/1636ec6ddad92add95f42451d941156451c6d936/

Cc: Joel Carlson <JoelsonCarl@gmail.com>
Cc: Mikkel Fahnøe Jørgensen <mikkel@dvide.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agotriggerhappy: add optional dependency on systemd
Baruch Siach [Mon, 11 Jun 2018 18:24:48 +0000 (21:24 +0300)]
triggerhappy: add optional dependency on systemd

triggerhappy can use systemd for socket activation.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoznc: fix build without openssl
Baruch Siach [Sun, 10 Jun 2018 19:09:22 +0000 (22:09 +0300)]
znc: fix build without openssl

Add a patch to include <memory> unconditionally.

Fixes:
http://autobuild.buildroot.net/results/4c3/4c3d9f6f5214052b7eda4c7bbfabe5b463080b12/
http://autobuild.buildroot.net/results/d06/d06176f00109ad0707032b0d76fe94f1d414106c/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agox265: fix build
Baruch Siach [Sun, 10 Jun 2018 18:44:48 +0000 (21:44 +0300)]
x265: fix build

Add upstream patch fixing missing function argument issue.

Fixes:
http://autobuild.buildroot.net/results/caa/caaaa5dc428c12ce7137194589153313911b000f/
http://autobuild.buildroot.net/results/741/741d8bacbe12e2f40047e30f7765039a88d1ce8f/
http://autobuild.buildroot.net/results/2c3/2c3f5b18efe5f42e1ab5269e106b9200690330af/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agomodem-manager: update to version 1.8.0
Jared Bents [Mon, 11 Jun 2018 14:51:53 +0000 (09:51 -0500)]
modem-manager: update to version 1.8.0

Update to modem manager 1.8.0 which does not require udev.
Added option to build without udev but if udev exists in
the build, it build with libgudev.

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/orangepi_lite: Enable HDMI and analog audio in Linux config
Jan Kraval [Mon, 11 Jun 2018 17:01:13 +0000 (19:01 +0200)]
configs/orangepi_lite: Enable HDMI and analog audio in Linux config

Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/orangepi_lite: Bump kernel and U-Boot versions
Jan Kraval [Mon, 11 Jun 2018 17:01:12 +0000 (19:01 +0200)]
configs/orangepi_lite: Bump kernel and U-Boot versions

Bump kernel to version 4.17 and U-Boot to 2018.05.

Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoorangepi_pc_defconfig: bump linux to 4.17, u-boot to 2018.05
Peter Korsgaard [Sat, 9 Jun 2018 14:31:32 +0000 (16:31 +0200)]
orangepi_pc_defconfig: bump linux to 4.17, u-boot to 2018.05

4.17 brings support for HDMI out, but sunxi_defconfig hasn't been updated to
enable the drivers - So add a kernel fragment to enable them.

Likewise, analog audio has been supported since 4.10, but the driver isn't
enabled in sunxi_defconfig, so enable it in the fragment.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agotriggerhappy: use target pkg-config
Baruch Siach [Mon, 11 Jun 2018 18:24:47 +0000 (21:24 +0300)]
triggerhappy: use target pkg-config

triggerhappy uses pkg-config to detect the systemd library. Make sure it
uses the target pkg-config, not the host one.

Fixes build failure when the host has systemd pkg-config files:

.../host/bin/arm-linux-gcc -static  th-cmd.o cmdsocket.o  -lsystemd -o th-cmd
.../host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/6.4.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: cannot find -lsystemd

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agognupg: security bump to version 1.4.23
Baruch Siach [Mon, 11 Jun 2018 16:08:43 +0000 (19:08 +0300)]
gnupg: security bump to version 1.4.23

Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agognupg2: security bump to version 2.2.8
Baruch Siach [Mon, 11 Jun 2018 15:53:12 +0000 (18:53 +0300)]
gnupg2: security bump to version 2.2.8

Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoyaml-cpp: disable tests
Fabrice Fontaine [Mon, 11 Jun 2018 04:51:44 +0000 (06:51 +0200)]
yaml-cpp: disable tests

fork is used in tests so build fails without MMU

Fixes:
- http://autobuild.buildroot.net/results/3cb7c4d93e466c6eef69aacd0e561a9fb569e69b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agomender: fix check-package warnings
Thomas Petazzoni [Sun, 10 Jun 2018 14:43:53 +0000 (16:43 +0200)]
mender: fix check-package warnings

Fixes:

package/mender/Config.in:7: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/mender/Config.in:8: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/mender/mender.mk:8: remove default value of _SOURCE variable (http://nightly.buildroot.org/#generic-package-reference)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agodocs/manual: always point to the correct license file
Yann E. MORIN [Sat, 2 Jun 2018 08:01:01 +0000 (10:01 +0200)]
docs/manual: always point to the correct license file

The manual is GPL-2, and points to the COPYING file in the repository.
When we do a rendering of the manual for a specific version, that URL
is currently always poitning to the latest version of the COPYING file.

If we ever have to change the content of that file (e.g. to add a new
exception, more clarifications, a license change, or whatever), then
an old manual would point to that newer version, which would then be
incorrect.

Include the sha1 of the commit in the URL, so that the manual always
point to the tree at the time the manual was rendered, not the time
it is consulted. Contrary to the informative text above, use the full
sha1, not the shortened one.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agolibrsvg: bump to version 2.42.5
Fabrice Fontaine [Sun, 10 Jun 2018 13:38:57 +0000 (15:38 +0200)]
librsvg: bump to version 2.42.5

- Add a dependency to host-cargo
- Add a patch to set RUST_TARGET
- Add a dependency to BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS
- Forward this dependency to efl svg, enlightment, gst-plugins-bad and
  gst1-plugins-bad
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: propagate the new dependency to the gst-plugins-bad and
gst1-plugins-bad Config.in comments.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agorustc: drop BR2_PACKAGE_HAS_HOST_RUSTC
Thomas Petazzoni [Sun, 10 Jun 2018 13:58:29 +0000 (15:58 +0200)]
rustc: drop BR2_PACKAGE_HAS_HOST_RUSTC

This commit drops the option BR2_PACKAGE_HAS_HOST_RUSTC, which is no
longer used following commit bd425f716f0a92ef627f7287869d88ca408fe55e
("host-cargo: select host-rustc").

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agohost-cargo: select host-rustc
Fabrice Fontaine [Sun, 10 Jun 2018 13:38:56 +0000 (15:38 +0200)]
host-cargo: select host-rustc

Buildroot documentation specifies that cargo-based package should only
depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS and selects
BR2_PACKAGE_HOST_CARGO but this fails with the following error:

warning: (BR2_PACKAGE_LIBRSVG) selects BR2_PACKAGE_HOST_CARGO which has
unmet direct dependencies (BR2_PACKAGE_HAS_HOST_RUSTC)

Indeed, host-cargo depends on
BR2_PACKAGE_HAS_HOST_RUSTC which is selected only when host-rustc is
selected.

So instead of having to select both cargo and rustc in each cargo-based
package, replace BR2_PACKAGE_HAS_HOST_RUSTC dependency by
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS and select
BR2_PACKAGE_HOST_RUSTC

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agosupport/testing: fix python syntax
Yann E. MORIN [Sun, 3 Jun 2018 09:08:21 +0000 (11:08 +0200)]
support/testing: fix python syntax

Fix three issues with code style in our test infra:
  - 'print' is now a function,
  - exceptions need to be caught-assigned with the 'as' keyword,
  - old-style "%s"%() formatting is deprecated.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Thomas: drop indices in format strings.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agonumactl: change source code provider to GitHub
Mikhail Karpenko [Thu, 7 Jun 2018 19:51:32 +0000 (22:51 +0300)]
numactl: change source code provider to GitHub

The original ftp with source code is not reachable any more and this
commit changes the location of the package to corresponding GitHub
project.

Signed-off-by: Mikhail Karpenko <karpenko@fastmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agolibtirpc: bump to version 1.0.3
Fabrice Fontaine [Sat, 9 Jun 2018 19:55:22 +0000 (21:55 +0200)]
libtirpc: bump to version 1.0.3

- Remove 0006-include-stdint.h-for-uintptr_t.patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agolibvncserver: add upstream security fix for CVE-2018-7225
Peter Korsgaard [Sat, 9 Jun 2018 16:02:29 +0000 (18:02 +0200)]
libvncserver: add upstream security fix for CVE-2018-7225

Fixes CVE-2018-7225 - An issue was discovered in LibVNCServer through
0.9.11.  rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially sensitive
data or possibly unspecified other impact (e.g., an integer overflow) via
specially crafted VNC packets.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoyaml-cpp: bump to version 0.6.2
Fabrice Fontaine [Sat, 9 Jun 2018 10:46:37 +0000 (12:46 +0200)]
yaml-cpp: bump to version 0.6.2

- Remove boost dependency (not needed since 0.6)
- Add C++11 dependency (needed since 0.6)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/mpg123: security bump to version 1.25.10
Bernd Kuhls [Sun, 10 Jun 2018 12:09:10 +0000 (14:09 +0200)]
package/mpg123: security bump to version 1.25.10

Version 1.25.4 fixes CVE-2017-9545, for details see release notes:
http://www.mpg123.org/cgi-bin/news.cgi

Added upstream hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/fdk-aac: bump version to 0.1.6
Bernd Kuhls [Sun, 10 Jun 2018 10:11:23 +0000 (12:11 +0200)]
package/fdk-aac: bump version to 0.1.6

Added upstream and license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/nvidia-driver: bump version to 390.67
Bernd Kuhls [Sun, 10 Jun 2018 10:29:46 +0000 (12:29 +0200)]
package/nvidia-driver: bump version to 390.67

Added license hash, adjusted upstream library names.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/x265: bump version to 2.8
Bernd Kuhls [Sun, 10 Jun 2018 10:28:14 +0000 (12:28 +0200)]
package/x265: bump version to 2.8

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/imagemagick: security bump to version 7.0.7-38
Bernd Kuhls [Sun, 10 Jun 2018 10:21:56 +0000 (12:21 +0200)]
package/imagemagick: security bump to version 7.0.7-38

Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/dtv-scan-tables: bump version
Bernd Kuhls [Sun, 10 Jun 2018 10:14:15 +0000 (12:14 +0200)]
package/dtv-scan-tables: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/speex: bump version to 1.2.0
Bernd Kuhls [Sun, 10 Jun 2018 10:10:24 +0000 (12:10 +0200)]
package/speex: bump version to 1.2.0

Added upstream md5 & locally computed license hashes, rebased patch,
updated SPEEX_SITE.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/speex: use pkgconf to detect libogg
Bernd Kuhls [Sun, 10 Jun 2018 10:10:23 +0000 (12:10 +0200)]
package/speex: use pkgconf to detect libogg

Upstream removed with-ogg-* configure options and switched to pkgconf
to detect libogg back in 2014:
https://git.xiph.org/?p=speex.git;a=commitdiff;h=e1b1eeabce815283c5bbc42016a9d6a11eda2866

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/wireless-regdb: bump version to 2018.05.31
Bernd Kuhls [Sun, 10 Jun 2018 09:30:48 +0000 (11:30 +0200)]
package/wireless-regdb: bump version to 2018.05.31

Added license hash, updated project URL, old site is dead.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/pngquant: bump version to 2.12.0
Bernd Kuhls [Sun, 10 Jun 2018 09:16:56 +0000 (11:16 +0200)]
package/pngquant: bump version to 2.12.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: add myself for sqlite
Bernd Kuhls [Sun, 10 Jun 2018 09:04:42 +0000 (11:04 +0200)]
DEVELOPERS: add myself for sqlite

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/sqlite: bump version to 3.24.0
Bernd Kuhls [Sun, 10 Jun 2018 09:04:41 +0000 (11:04 +0200)]
package/sqlite: bump version to 3.24.0

Release notes:
https://www.sqlite.org/releaselog/3_24_0.html
https://www.sqlite.org/releaselog/3_23_1.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agomeson: bump version to 0.46.1
Eric Le Bihan [Sat, 9 Jun 2018 10:05:35 +0000 (12:05 +0200)]
meson: bump version to 0.46.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agomariadb: security bump version to 10.1.33
Peter Korsgaard [Fri, 8 Jun 2018 16:44:34 +0000 (18:44 +0200)]
mariadb: security bump version to 10.1.33

Release notes: https://mariadb.com/kb/en/mariadb-10133-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10133-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2782 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2784 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2787 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2766 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2755 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication).  Supported versions that are affected
are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks require human interaction from a person other than the
attacker and while the vulnerability is in MySQL Server, attacks may
significantly impact additional products.  Successful attacks of this
vulnerability can result in takeover of MySQL Server.

CVE-2018-2819 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.5.59 and
prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2817 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2761 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2781 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2771 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Locking).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2813 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized read access to a subset of MySQL
Server accessible data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoaubio: bump to version 0.4.6
Fabrice Fontaine [Fri, 8 Jun 2018 21:35:40 +0000 (23:35 +0200)]
aubio: bump to version 0.4.6

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agojansson: bump to version 2.11
Fabrice Fontaine [Fri, 8 Jun 2018 21:57:44 +0000 (23:57 +0200)]
jansson: bump to version 2.11

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoDEVELOPERS: update email for flatcc
Joel Carlson [Fri, 8 Jun 2018 19:27:39 +0000 (13:27 -0600)]
DEVELOPERS: update email for flatcc

Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopugixml: bump to version 1.9
Fabrice Fontaine [Sat, 9 Jun 2018 10:13:17 +0000 (12:13 +0200)]
pugixml: bump to version 1.9

- Remove patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agojson-glib: bump to version 1.4.2
Fabrice Fontaine [Sat, 9 Jun 2018 09:59:28 +0000 (11:59 +0200)]
json-glib: bump to version 1.4.2

- Switch to meson-package
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agojson-c: bump to version 0.13.1
Fabrice Fontaine [Sat, 9 Jun 2018 08:41:39 +0000 (10:41 +0200)]
json-c: bump to version 0.13.1

Drop patch, issue has been properly fixed by:
https://github.com/json-c/json-c/commit/0f814e52dd22ee959a29ffcce36923aff62147b3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libvorbis: add upstream security patch to fix CVE-2017-14160
Bernd Kuhls [Sat, 9 Jun 2018 08:43:37 +0000 (10:43 +0200)]
package/libvorbis: add upstream security patch to fix CVE-2017-14160

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/tor: bump version to 0.3.3.6
Bernd Kuhls [Sat, 9 Jun 2018 08:13:04 +0000 (10:13 +0200)]
package/tor: bump version to 0.3.3.6

Release notes:
https://blog.torproject.org/tor-0336-released-new-stable-series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/samba4: bump version to 4.8.2
Bernd Kuhls [Sat, 9 Jun 2018 08:10:25 +0000 (10:10 +0200)]
package/samba4: bump version to 4.8.2

Release notes: https://www.samba.org/samba/history/samba-4.8.2.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/imx7dpico: Bump kernel and U-Boot
Fabio Estevam [Fri, 8 Jun 2018 17:26:24 +0000 (14:26 -0300)]
configs/imx7dpico: Bump kernel and U-Boot

Bump kernel to version 4.17 and U-Boot to 2018.05.

As the dtb file has been renamed in mainline, make the necessary
adjustments in U-Boot environment and also in
BR2_LINUX_KERNEL_INTREE_DTS_NAME.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoconfigs/imx6ulpico: Bump kernel and U-Boot
Fabio Estevam [Fri, 8 Jun 2018 17:26:23 +0000 (14:26 -0300)]
configs/imx6ulpico: Bump kernel and U-Boot

Bump kernel to version 4.17 and U-Boot to 2018.05.

As the imx_v6_v7_defconfig in 4.17 already selects the
CONFIG_CFG80211_WEXT option, the linux.fragment can
be simply removed.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agotinymembench: bump to version 0.4
Fabrice Fontaine [Fri, 8 Jun 2018 17:16:23 +0000 (19:16 +0200)]
tinymembench: bump to version 0.4

- Use LICENSE instead of main.c in TINYMEMBENCH_LICENSE_FILES
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agotinyxml2: bump to version 6.2.0
Fabrice Fontaine [Fri, 8 Jun 2018 17:05:55 +0000 (19:05 +0200)]
tinyxml2: bump to version 6.2.0

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolinux-headers: bump 4.{4, 9}.x series
Fabio Estevam [Fri, 8 Jun 2018 17:25:29 +0000 (14:25 -0300)]
linux-headers: bump 4.{4, 9}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/cryptodev-linux: bump to the latest version (f60aa0)
Antoine Tenart [Fri, 8 Jun 2018 10:23:07 +0000 (12:23 +0200)]
package/cryptodev-linux: bump to the latest version (f60aa0)

Bumps the cryptodev-linux package to the latest version available, which
contains some fixes and allows to use cryptodev-linux with a recent
kernel (v4.17).

The patch bumps the version and update the locally calculated hash.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolibedit: bump to version 20180525-3.1
Baruch Siach [Fri, 8 Jun 2018 09:42:21 +0000 (12:42 +0300)]
libedit: bump to version 20180525-3.1

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agoelfutils: bump to version 0.171
Baruch Siach [Fri, 8 Jun 2018 06:21:57 +0000 (09:21 +0300)]
elfutils: bump to version 0.171

Drop the po/ disable patch; not needed anymore.

Drop the __mempcpy compatibility patch; __mempcpy is not used anymore.

Refresh the -Werror removal patch; still needed, unfortunately.

Renumber the remaining patches.

Add GPLv3 license file.

Add license files hash.

[Peter: drop security reference, was added post-release]
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agolibxslt: security bump to version 1.3.2
Fabrice Fontaine [Thu, 7 Jun 2018 18:07:04 +0000 (20:07 +0200)]
libxslt: security bump to version 1.3.2

- Fix CVE-2017-5029
- Remove first patch (already in version)
- Add a dependency to host-pkgconf and remove libxml2 options: see
  https://github.com/GNOME/libxslt/commit/abf537ebb2296cd3ae89989a17b0e1b5c79db107
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agotrinity: fix build with kernel headers v4.17+
Baruch Siach [Fri, 8 Jun 2018 03:16:22 +0000 (06:16 +0300)]
trinity: fix build with kernel headers v4.17+

Kernel v4.17 removed the linux/irda.h header. Add a patch to skip the
irda test when the header is missing.

Fixes:
http://autobuild.buildroot.net/results/39d/39d131048d6eb3cd4d802dae462116f7728c41fd/
http://autobuild.buildroot.net/results/af2/af2288711d1a0939a06ea51e65ed32d39e395e2b/
http://autobuild.buildroot.net/results/41f/41fead6d53dba2539ba246f682973e0b5967f3d0/

Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>