buildroot.git
5 years agopackage/python-wtforms: new package
Grzegorz Blach [Wed, 7 Nov 2018 15:59:53 +0000 (16:59 +0100)]
package/python-wtforms: new package

A flexible forms validation and rendering library for
Python web development.

https://wtforms.readthedocs.io/

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/sunxi-tools: support all tools
Alex Kaplan [Tue, 13 Nov 2018 07:09:58 +0000 (23:09 -0800)]
package/sunxi-tools: support all tools

This patch allows to select the installation of additional commands
which are part of the sunxi-tools. It's now possible to e.g. install
sunxi-fel on the target device. The corresponding options have been
added to Config.in and sunxi-tools.mk has been modified respectively.
The default setting is to only build sunxi-nand-part.

On the host building of the misc-tools target is added, which provides
sunxi-nand-image-builder and phoenix_info.

Signed-off-by: Alex Kaplan <kaplan2539@gmail.com>
[Thomas:
 - properly format Config.in
 - do not select BR2_PACKAGE_HOST_LIBUSB in Config.in.host, since this
   option doesn't exist
 - properly indent code in sunxi-tools.mk]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libbsd: fix display of Config.in comment
Fabrice Fontaine [Mon, 3 Dec 2018 21:03:20 +0000 (22:03 +0100)]
package/libbsd: fix display of Config.in comment

Commit e13855c48f21eaee07a81f8b02678839be274a45 wrongly added
depends on BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU
to display the comment "libbsd needs a toolchain w/ threads, wchar"
The same error has also been made for minizip.

To fix this issue, move dependency
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) under
BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoutils/genrandconfig: fix flake8 warnings
Thomas Petazzoni [Mon, 3 Dec 2018 21:25:42 +0000 (22:25 +0100)]
utils/genrandconfig: fix flake8 warnings

Fixes:

utils/genrandconfig:369:17: E231 missing whitespace after ','
utils/genrandconfig:370:1: E101 indentation contains mixed spaces and tabs
utils/genrandconfig:370:1: W191 indentation contains tabs
utils/genrandconfig:372:1: E101 indentation contains mixed spaces and tabs

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/ejabberd: add a comment for runtime dependencies
Johan Oudinet [Mon, 3 Dec 2018 15:22:39 +0000 (16:22 +0100)]
package/ejabberd: add a comment for runtime dependencies

Both p1_oauth2 and jiffy are runtime dependencies. Mark the
corresponding select in the Config.in file with a # runtime
comment.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoutils/genrandconfig: test with BR2_OPTIMIZE_2=y
Evgeniy Didin [Mon, 3 Dec 2018 17:54:30 +0000 (20:54 +0300)]
utils/genrandconfig: test with BR2_OPTIMIZE_2=y

Currently all random defconfigs which are used in autobuilder use size
optimizaion (-Os), since BR2_OPTIMIZE_S=y is the default.

Adding "-O2" optimization will give better test coverage.

In many cases software gets built with speed optimization rather than
size optimization. So let's add Level 2 optimizaion option to be
generated in random defconfigs, so we could be able to test how
packages are built with "-O2" in autobuilder.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agofs/common.mk: rename internal variable
Yann E. MORIN [Mon, 12 Nov 2018 17:33:13 +0000 (18:33 +0100)]
fs/common.mk: rename internal variable

In preparation of more renames, rename the variable that points to the
final users table.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: as suggested by Arnout, use ROOTFS_FULL_USERS_TABLE instead
of ROOTFS_FINAL_USERS_TABLE.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/{mesa3d, mesa3d-headers}: bump version to 18.2.6
Bernd Kuhls [Mon, 3 Dec 2018 18:53:52 +0000 (19:53 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 18.2.6

Added mandatory dependency to xlib_libXxf86vm
https://cgit.freedesktop.org/mesa/mesa/commit/configure.ac?h=18.2&id=f05ce9dc514427a661696bc6b908e30841b6eb9d

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libcurl: use GnuTLS's default cert path
Trent Piepho [Fri, 16 Nov 2018 20:17:39 +0000 (20:17 +0000)]
package/libcurl: use GnuTLS's default cert path

libcurl doesn't find any trust path for CA certs when it cross-compiles.
When using OpenSSL, it is explicitly configured to use the SSL cert
directory with OpenSSL style hash files in it.  But with GnuTLS, it gets
nothing.

Rather than configure libcurl to use the OpenSSL directory or a bundle
file, configure it to use the GnuTLS default.  This way the CA certs
path can be configured in one place (gnutls) and then libcurl and anyone
else who uses gnutls can default to that.

Also, when libcurl with gnutls is configured to use a directory, it ends
up loading each cert three times.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/gnutls: give library a default trust location
Trent Piepho [Fri, 16 Nov 2018 20:17:32 +0000 (20:17 +0000)]
package/gnutls: give library a default trust location

Gnutls is building with no default location to look for CA certs.  Since
there are buildroot packages to provide these, configure it to use them
by default.

Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory.  When gnutls is told
to use the directory, it loads *every* file in it.  This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.

When p11-kit is enabled, use its trust module instead of the bundle
file.  p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/docker-cli: fix comment header
Thomas Petazzoni [Mon, 3 Dec 2018 20:24:21 +0000 (21:24 +0100)]
package/docker-cli: fix comment header

Fixes the following check-package warning:

package/docker-cli/docker-cli.mk:1: should be 80 hashes (http://nightly.buildroot.org/#writing-rules-mk)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoDEVELOPERS: add entry for package/docker-cli/
Thomas Petazzoni [Mon, 3 Dec 2018 20:11:59 +0000 (21:11 +0100)]
DEVELOPERS: add entry for package/docker-cli/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/docker-engine: split docker-{cli, engine}, bump to v18.09.0
Christian Stewart [Tue, 27 Nov 2018 08:56:55 +0000 (00:56 -0800)]
package/docker-engine: split docker-{cli, engine}, bump to v18.09.0

Docker upstream has split the Docker daemon and CLI into separate
codebases:

 - github.com/docker/engine: daemon, "dockerd" binary
 - github.com/docker/cli: "docker" command line interface

This commit splits the docker-engine package into docker-engine and
docker-cli.  Conveniently, the Docker project has begun maintaining
two separate release-tagged repositories for the CLI and daemon as of
v18.06-ce-rc1. Previous versions were tagged in a common "docker-ce"
repository which makes compilation awkward for Buildroot, especially
due to some limitations in the new Go package infrastructure.

Docker repositories "engine" and "cli" recently started tagging
releases. Select the latest stable release, v18.09.0.

The CLI is no longer automatically included with the engine. Users
will need to select BR2_PACKAGE_DOCKER_CLI to produce a both docker
and dockerd target binaries.

Docker CLI can be statically compiled. This enables usage of the
system docker client binary to access the parent daemon API from
within containers, where shared libraries are not available.

While at it, drop the useless host-go dependency from docker-engine,
since it's already added by the golang-package infrastructure.

Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: drop the host-go dependency from both docker-cli and
docker-engine]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-xml-libxml test
Francois Perrad [Sat, 24 Nov 2018 09:07:22 +0000 (10:07 +0100)]
support/testing: add perl-xml-libxml test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872335]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-x10 test
Francois Perrad [Sat, 24 Nov 2018 09:07:21 +0000 (10:07 +0100)]
support/testing: add perl-x10 test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872334]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-mail-dkim test
Francois Perrad [Sat, 24 Nov 2018 09:07:20 +0000 (10:07 +0100)]
support/testing: add perl-mail-dkim test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872333]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-libwww-perl test
Francois Perrad [Sat, 24 Nov 2018 09:07:19 +0000 (10:07 +0100)]
support/testing: add perl-libwww-perl test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872332]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-gdgraph test
Francois Perrad [Sat, 24 Nov 2018 09:07:18 +0000 (10:07 +0100)]
support/testing: add perl-gdgraph test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872330]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl-class-load test
Francois Perrad [Sat, 24 Nov 2018 09:07:17 +0000 (10:07 +0100)]
support/testing: add perl-class-load test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[https://gitlab.com/RicardoMartincoski/buildroot/-/jobs/124872329]
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoutils/scancpan: add generation of test
Francois Perrad [Sat, 24 Nov 2018 09:07:16 +0000 (10:07 +0100)]
utils/scancpan: add generation of test

This commit extends the scancpan script to automatically generate a
test for the Perl module, either if the Perl module uses native
library, or if it has more than one dependency.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosupport/testing: add perl test
Francois Perrad [Sat, 24 Nov 2018 09:07:15 +0000 (10:07 +0100)]
support/testing: add perl test

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/dt-utils: fix build with glibc 2.28
Thomas Petazzoni [Mon, 3 Dec 2018 12:38:00 +0000 (13:38 +0100)]
package/dt-utils: fix build with glibc 2.28

This commit backports an upstream patch that fixes the build of
dt-utils with glibc 2.28+.

Fixes bug #11536.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/wine: bump to version 3.0.4
André Hentschel [Sun, 2 Dec 2018 17:32:50 +0000 (18:32 +0100)]
package/wine: bump to version 3.0.4

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/perl: bump to version 5.28.1
Francois Perrad [Sun, 2 Dec 2018 16:53:09 +0000 (17:53 +0100)]
package/perl: bump to version 5.28.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/atk: remove unrecognized configure options
Fabrice Fontaine [Mon, 3 Dec 2018 07:30:42 +0000 (08:30 +0100)]
package/atk: remove unrecognized configure options

Remove --disable-glibtest and --enable-explicit-deps, these options are
not recognized:
configure: WARNING: unrecognized options: --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-glibtest, --enable-explicit-deps

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x series
Peter Korsgaard [Sun, 2 Dec 2018 19:59:07 +0000 (20:59 +0100)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/tpm2-abrmd: fix build without stack smashing protection (SSP)
Carlos Santos [Wed, 21 Nov 2018 17:43:37 +0000 (15:43 -0200)]
package/tpm2-abrmd: fix build without stack smashing protection (SSP)

The configuration environment setup that disables SSP if the toolchain
does not support it must be updated after the bump to version 2.0.3.

Fixes:
  http://autobuild.buildroot.net/results/bd9005eeb24678aa530179a80bbc99b2176f8559
  http://autobuild.buildroot.net/results/feff61dcb481a94f5f030117830984c5e09727ea

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/uclibc: add upstream patch to fix aarch64 issues
Waldemar Brodkorb [Sun, 2 Dec 2018 09:03:27 +0000 (10:03 +0100)]
package/uclibc: add upstream patch to fix aarch64 issues

fstatfs/statfs on aarch64 seems broken, add a patch from uClibc-ng
upstream git to fix it.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/lxc: security bump to version 3.0.3
Fabrice Fontaine [Sun, 2 Dec 2018 09:08:38 +0000 (10:08 +0100)]
package/lxc: security bump to version 3.0.3

This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032

This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).

Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/fontconfig: fix static build
Fabrice Fontaine [Sun, 2 Dec 2018 13:53:10 +0000 (14:53 +0100)]
package/fontconfig: fix static build

Retrieved patch from upstream to fix static build

Fixes:
 - http://autobuild.buildroot.org/results/17e5f9ce5e7566f5a88abfd27b7db5614c1a3086

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoRevert "package/libglib2: bump to version 2.58.1"
Thomas Petazzoni [Mon, 3 Dec 2018 07:55:53 +0000 (08:55 +0100)]
Revert "package/libglib2: bump to version 2.58.1"

This reverts commit 178eb1d7ea165d87460224d297ce615bb63090f0. This
bump causes too many build failures in reverse dependencies of
libglib2, for which a proper solution needs to be found.

See also the analysis from Yann E. Morin:

  http://lists.busybox.net/pipermail/buildroot/2018-December/237663.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libglib2: bump to version 2.58.1
Fabrice Fontaine [Sun, 14 Oct 2018 07:58:52 +0000 (09:58 +0200)]
package/libglib2: bump to version 2.58.1

- Update second patch
- Remove third and fifth patches (already in version)
- Add a new patch to fix a missing header
- Add LIBGLIB2_GTK_DOC_HOOK so autoreconf do not fail on the following
  error:
  automake: error: cannot open < gtk-doc.make: No such file or directory

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/pkg-generic: use readlink instead of realpath
Yann E. MORIN [Sat, 1 Dec 2018 21:51:55 +0000 (22:51 +0100)]
package/pkg-generic: use readlink instead of realpath

realpath is missing on oldish distributions, like Debian 7, which is
still used in the wild.

Use readlink instead; that has been available since the dawn of ages now
(well, coreutils had it in 2003).

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoMerge branch 'next'
Peter Korsgaard [Sun, 2 Dec 2018 07:15:26 +0000 (08:15 +0100)]
Merge branch 'next'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agodocs/website/news.html: add 2018.11 announcement link
Peter Korsgaard [Sun, 2 Dec 2018 07:08:17 +0000 (08:08 +0100)]
docs/website/news.html: add 2018.11 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoKickoff 2019.02 cycle
Peter Korsgaard [Sat, 1 Dec 2018 22:36:34 +0000 (23:36 +0100)]
Kickoff 2019.02 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/libtorrent-rasterbar: new package
Philipp Richter [Fri, 23 Nov 2018 18:14:25 +0000 (19:14 +0100)]
package/libtorrent-rasterbar: new package

libtorrent is a feature complete C++ bittorrent implementation
focusing on efficiency and scalability.

https://www.libtorrent.org/

Signed-off-by: Philipp Richter <richterphilipp.pops@gmail.com>
[Thomas: license is BSD-3c, not BSD-2c]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoUpdate for 2018.11
Peter Korsgaard [Sat, 1 Dec 2018 22:06:49 +0000 (23:06 +0100)]
Update for 2018.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agotoolchain/toolchain-external-codescape-img-mips: rewrap Config.in help text
Thomas Petazzoni [Sat, 1 Dec 2018 21:58:36 +0000 (22:58 +0100)]
toolchain/toolchain-external-codescape-img-mips: rewrap Config.in help text

Fixes the following check-package warnings:

toolchain/toolchain-external/toolchain-external-codescape-img-mips/Config.in:13: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
toolchain/toolchain-external/toolchain-external-codescape-img-mips/Config.in:14: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
toolchain/toolchain-external/toolchain-external-codescape-img-mips/Config.in:15: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agotoolchain/toolchain-external-codescape-mti-mips: rewrap Config.in.help text
Thomas Petazzoni [Sat, 1 Dec 2018 21:57:40 +0000 (22:57 +0100)]
toolchain/toolchain-external-codescape-mti-mips: rewrap Config.in.help text

Fix the following check-package warnings:

toolchain/toolchain-external/toolchain-external-codescape-mti-mips/Config.in:14: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
toolchain/toolchain-external/toolchain-external-codescape-mti-mips/Config.in:15: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
toolchain/toolchain-external/toolchain-external-codescape-mti-mips/Config.in:16: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/luarocks: rework configuration file for per-package directories
Thomas Petazzoni [Fri, 30 Nov 2018 10:38:29 +0000 (11:38 +0100)]
package/luarocks: rework configuration file for per-package directories

Currently, luarocks.mk generates a configuration file with hardcoded
STAGING_DIR, TARGET_DIR, TARGET_CC, LUAROCKS_CFLAGS and TARGET_LDFLAGS
values. This is not compatible with per-package directories, where the
value of STAGING_DIR, TARGET_DIR, TARGET_CC and possibly
TARGET_CFLAGS/TARGET_LDFLAGS may be different from one package to the
other.

Based on input from François Perrad, this commit:

 - Changes the Luarocks configuration file to use os_getenv() for the
   appropriate variables. Since the contents of this file is not
   fixed, it is no longer generated by luarocks.mk using a series of
   'echo' but simply concatenated with the rest of the Luarocks
   configuration file.

 - Adjusts LUAROCKS_RUNV_ENV so that the necessary environment
   variables are now passed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agofs/common: allow filesystems to set the name of their output file
Carlos Santos [Sat, 1 Dec 2018 09:14:36 +0000 (10:14 +0100)]
fs/common: allow filesystems to set the name of their output file

Some filesystems may want to tweak their output names, rather than using
the fixed "rootfs.foo" scheme. Add a ROOTFS_FOO_IMAGE_NAME variable for
this purpose.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
[yann.morin.1998@free.fr: fix the patch]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/quagga: add nhrpd option
Fabrice Fontaine [Sat, 1 Dec 2018 20:40:48 +0000 (21:40 +0100)]
package/quagga: add nhrpd option

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/quagga: bump to version 1.2.3
Fabrice Fontaine [Sat, 1 Dec 2018 20:40:47 +0000 (21:40 +0100)]
package/quagga: bump to version 1.2.3

- Remove all patches except the first one as they are already in this
  version
- Remove AUTORECONF = YES as we're not patching any *.ac files anymore
- Disable new nhrpd option
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/c-ares: bump to version 1.15.0
Fabrice Fontaine [Sat, 1 Dec 2018 20:42:46 +0000 (21:42 +0100)]
package/c-ares: bump to version 1.15.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/c-ares: use LICENSE.md
Fabrice Fontaine [Sat, 1 Dec 2018 20:42:45 +0000 (21:42 +0100)]
package/c-ares: use LICENSE.md

c-ares has a LICENSE.md file since version 1.12 and
https://github.com/c-ares/c-ares/commit/4e861351d9deaef7b78aee50ce9229325f4fc59a

So use it instead of one of the source file and add its hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/c-ares: use LICENSE.md
Fabrice Fontaine [Sat, 1 Dec 2018 20:42:45 +0000 (21:42 +0100)]
package/c-ares: use LICENSE.md

c-ares has a LICENSE.md file since version 1.12 and
https://github.com/c-ares/c-ares/commit/4e861351d9deaef7b78aee50ce9229325f4fc59a

So use it instead of one of the source file and add its hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/fontconfig: add util-linux mandatory dependency
Fabrice Fontaine [Fri, 30 Nov 2018 20:19:00 +0000 (21:19 +0100)]
package/fontconfig: add util-linux mandatory dependency

uuid from util-linux is a mandatory dependency since version 2.12.91 and
https://cgit.freedesktop.org/fontconfig/commit/configure.ac?id=7b48fd3dd406b926f0e5240b211f72197ed538a9

Fixes:
 - http://autobuild.buildroot.org/results/49fa1d2da97be979cbc2cb4f83b40f5c2ad8c764

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-msgpack: bump to version 0.6.0
Asaf Kahlon [Fri, 30 Nov 2018 14:22:34 +0000 (16:22 +0200)]
package/python-msgpack: bump to version 0.6.0

Archive file name changed from msgpack-python to msgpack

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agosquid: fix static build with libxml2
Fabrice Fontaine [Sat, 1 Dec 2018 18:28:45 +0000 (19:28 +0100)]
squid: fix static build with libxml2

Use pkg-config to find libxml2 to fix static build of squid
Add SQUID_AUTORECONF = YES and remove ac_cv_libxml2_include (not needed
anymore)

Fixes:
 - http://autobuild.buildroot.org/results/7f23eb98c311b294c7f0e165279fa26909a5ff93

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoquagga: fix BR2_PACKAGE_QUAGGA_TCP_ZEBRA
Fabrice Fontaine [Sat, 1 Dec 2018 18:31:50 +0000 (19:31 +0100)]
quagga: fix BR2_PACKAGE_QUAGGA_TCP_ZEBRA

Since bump to version 0.99.21 and commit
b20c77321fa87f880ead2f27ecf19fd7c4f436da, BR2_PACKAGE_QUAGGA_TCP_ZEBRA
has been wrongly rename into BR2_PACKAGE_QUAGGA_TCP_ZERBRA

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-jsonmodels: bump to version 2.4
Asaf Kahlon [Sat, 1 Dec 2018 15:47:59 +0000 (17:47 +0200)]
package/python-jsonmodels: bump to version 2.4

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agotoolchain/toolchain-external-codescape-mti-mips: bump to 2018.09-02
Paul Burton [Fri, 30 Nov 2018 16:55:22 +0000 (16:55 +0000)]
toolchain/toolchain-external-codescape-mti-mips: bump to 2018.09-02

The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.

Of note besides the typical component version bumps:

 - The toolchains are now provided by MIPS Tech LLC after its departure
   from Imagination Technologies.

 - The download site changed as a result of that.

 - The toolchains are now built targeting CentOS 6 rather than CentOS 5.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agotoolchain/toolchain-external-codescape-img-mips: bump to 2018.09-02
Paul Burton [Fri, 30 Nov 2018 16:55:21 +0000 (16:55 +0000)]
toolchain/toolchain-external-codescape-img-mips: bump to 2018.09-02

The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.

Of note besides the typical component version bumps:

 - The toolchains are now provided by MIPS Tech LLC after its departure
   from Imagination Technologies.

 - The download site changed as a result of that.

 - The toolchains are now built targeting CentOS 6 rather than CentOS 5.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/shadowsocks-libev: bump to version 3.2.3
DUPONCHEEL Sébastien [Fri, 30 Nov 2018 16:39:43 +0000 (17:39 +0100)]
package/shadowsocks-libev: bump to version 3.2.3

Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoUpdate for 2018.11-rc3
Peter Korsgaard [Fri, 30 Nov 2018 12:27:09 +0000 (13:27 +0100)]
Update for 2018.11-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoglibc: bump version for post-2.28 security fixes
Peter Korsgaard [Fri, 30 Nov 2018 09:05:57 +0000 (10:05 +0100)]
glibc: bump version for post-2.28 security fixes

Fixes the following security vulnerability:

  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
  denial of service due to resource exhaustion when processing getaddrinfo
  calls with crafted host names.  Reported by Guido Vranken.

Adhemerval Zanella (2):
      Fix misreported errno on preadv2/pwritev2 (BZ#23579)
      x86: Fix Haswell CPU string flags (BZ#23709)

Alexandra Hájková (1):
      Add an additional test to resolv/tst-resolv-network.c

Andreas Schwab (2):
      Fix stack overflow in tst-setcontext9 (bug 23717)
      libanl: properly cleanup if first helper thread creation failed (bug 22927)

DJ Delorie (2):
      malloc: tcache double free check
      malloc: tcache double free check

Florian Weimer (9):
      conform: XFAIL siginfo_t si_band test on sparc64
      stdlib/test-bz22786: Avoid spurious test failures using alias mappings
      stdlib/test-bz22786: Avoid memory leaks in the test itself
      support_blob_repeat: Call mkstemp directory for the backing file
      stdlib/tst-strtod-overflow: Switch to support_blob_repeat
      nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
      support: Print timestamps in timeout handler
      Revert "malloc: tcache double free check" [BZ #23907]
      CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

H.J. Lu (2):
      i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716]
      Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509]

Ilya Yu. Malakhov (1):
      signal: Use correct type for si_band in siginfo_t [BZ #23562]

Istvan Kurucsai (1):
      malloc: Additional checks for unsorted bin integrity I.

Joseph Myers (2):
      Update syscall-names.list for Linux 4.18.
      Update kernel version in syscall-names.list to 4.19.

Moritz Eckert (1):
      malloc: Mitigate null-byte overflow attacks

Paul Eggert (1):
      Fix tzfile low-memory assertion failure

Paul Pluzhnikov (2):
      Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test.
      [BZ #20271] Add newlines in __libc_fatal calls.

Pochang Chen (1):
      malloc: Verify size of top chunk.

Rafal Luzynski (1):
      kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209).

Stefan Liebler (2):
      Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]
      Test stdlib/test-bz22786 exits now with unsupported if malloc fails.

Szabolcs Nagy (2):
      i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]
      Increase timeout of libio/tst-readline

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/qt5/qt5base: use ccache for building host code
Thomas Petazzoni [Sat, 20 Oct 2018 13:25:35 +0000 (15:25 +0200)]
package/qt5/qt5base: use ccache for building host code

qt5 currently doesn't use HOSTCC/HOSTCXX, so it doesn't use ccache
when building all its host code (especially qmake). This means that
even with ccache enabled and a hot cache, it still takes a long time
to build qt5base.

Before this patch, building qt5base takes:

 - 446 seconds with a cold ccache
 - 185 seconds with a hot ccache

This is because the ccache is not used for host code.

After this patch, building qt5base takes:

 - 450 seconds with a cold ccache
 - 15 seconds with a hot ccache

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/mini-snmpd: new package
Alexander Sverdlin [Thu, 22 Nov 2018 18:36:09 +0000 (19:36 +0100)]
package/mini-snmpd: new package

Mini SNMPd is a minimal implementation targeted at small or embedded
UNIX systems with limited resources.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
[Thomas: add hash file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libtool: reduce target package to libltdl only
Alexander Sverdlin [Mon, 26 Nov 2018 19:37:46 +0000 (20:37 +0100)]
package/libtool: reduce target package to libltdl only

This will save 1700K on target filesystem (as tested on ARM, i686).

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/fontconfig: bump version to 2.13.1
Peter Seiderer [Wed, 28 Nov 2018 19:11:26 +0000 (20:11 +0100)]
package/fontconfig: bump version to 2.13.1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/civetweb: fix lua build
Fabrice Fontaine [Thu, 29 Nov 2018 20:52:13 +0000 (21:52 +0100)]
package/civetweb: fix lua build

dlfcn.h must be included in modlua.ini to be able to use dlopen
otherwise build will fail on:
src/mod_lua.inl:2845:41: error: 'RTLD_LAZY' undeclared (first use in this function)
  lib_handle_uuid = dlopen("libuuid.so", RTLD_LAZY);

Fixes:
 - http://autobuild.buildroot.org/results/7a189f49c5a8b6f7b3d4c57cda5982adc65dbc19

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-pathlib2: bump to version 2.3.3
Asaf Kahlon [Fri, 30 Nov 2018 06:51:55 +0000 (08:51 +0200)]
package/python-pathlib2: bump to version 2.3.3

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-certifi: bump to version 2018.11.29
Asaf Kahlon [Fri, 30 Nov 2018 06:51:54 +0000 (08:51 +0200)]
package/python-certifi: bump to version 2018.11.29

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agovalgrind: disable for mips32r6/mips32elr6
Peter Seiderer [Thu, 29 Nov 2018 22:37:32 +0000 (23:37 +0100)]
valgrind: disable for mips32r6/mips32elr6

Fixes [1]:

  /tmp/ccD2Tule.s: Assembler messages:
  /tmp/ccD2Tule.s:682: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'
  /tmp/ccD2Tule.s:2767: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'

[1] http://autobuild.buildroot.net/results/f0253d1ed11021d3e5914a5161360de3ef3d1641

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agoqt5declarative: fix debug build with uclibc
Fabrice Fontaine [Fri, 30 Nov 2018 00:20:16 +0000 (01:20 +0100)]
qt5declarative: fix debug build with uclibc

Debug build of qsgtexture fails on uclibc since version 5.11 and
https://github.com/qt/qtdeclarative/commit/7c507eaac3f848f92f2ebdafe8ded4a064d68351:

scenegraph/util/qsgtexture.cpp:69:22: fatal error: execinfo.h: No such file or directory
 #include <execinfo.h>

Indeed, !defined(__UCLIBC__) has been replaced by defined(__GBLIBC__) to
fix build on musl but as a result, build fails on uclibc because uclibc
also defines __GLIBC__ (and it does not have execinfo like musl)

This error is raised only when building in debug mode because
CAN_BACKTRACE_EXECINFO is undefined if QT_NO_DEBUG is set

So keep defined(__GLIBC__), but put back !defined(__UCLIBC__)

Fixes:
 - http://autobuild.buildroot.org/results/6fce0ce5aea943e097532efbbc8d1e28f41e5866

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-pydal: bump to version v18.09
Angelo Compagnucci [Sun, 25 Nov 2018 15:32:31 +0000 (16:32 +0100)]
package/python-pydal: bump to version v18.09

This patch bumps pydal to version v18.09 and moves its download location
to github cause the version on pypi is not updated anymore.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/python-web2py: bump to version R-2.17.2
Angelo Compagnucci [Sun, 25 Nov 2018 14:53:28 +0000 (15:53 +0100)]
package/python-web2py: bump to version R-2.17.2

This patch bumps web2py to version R-2.17.2

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/pkg-generic: ensure absolute paths in config-script fixups
Yann E. MORIN [Wed, 28 Nov 2018 20:44:04 +0000 (21:44 +0100)]
package/pkg-generic: ensure absolute paths in config-script fixups

In case a config script is called from a relative path, the $(dirname
$0) would return a relative path too.

Those paths are usually parts of includes or libraries search
directories, and the packagfes buildsystems may chdir() anywhere, and
thus the relative path will no longer be valid. For example:

  $ ./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/net-snmp-config --cflags
  [...] -I./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/../../.././bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/include/libnl3 [...]

Canonicalise the path to be sure we use absolute paths.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/setools: drop path prefix from man install
Matt Weber [Thu, 29 Nov 2018 03:11:58 +0000 (21:11 -0600)]
package/setools: drop path prefix from man install

For this man file install scenario, joining the sys.prefix makes the
path absolute (this was previously working by accident).  It was
found when e94280e5a537b "package/pkg-python: use proper --prefix
and --root values" was merged.

Fixes:
http://autobuild.buildroot.net/results/e214e1a539cdac07028fb58c3822f89886d86f1f

Upstream:
https://github.com/SELinuxProject/setools/pull/13/commits/bc36cba1393120e65bfe4d0f642fd8d38010c0f7

Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/squid: needs atomic
Fabrice Fontaine [Sat, 24 Nov 2018 14:54:50 +0000 (15:54 +0100)]
package/squid: needs atomic

Since https://github.com/squid-cache/squid/commit/4b0f89121135aae68fbaf2aa33b5fb2e0da66d3e
squid tries to find if latomic is needed through:
AC_SEARCH_LIBS([__atomic_load_8],[atomic],[ATOMICLIB="-latomic"],[])

However, this can fails on:
configure:21147: /home/fabrice/buildroot/output/host/bin/arc-buildroot-linux-gnu-g++ -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -matomic -Os   -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -g conftest.cpp -latomic   >&5
conftest.cpp:55:6: error: new declaration 'char __atomic_load_8()' ambiguates built-in declaration 'long long unsigned int __atomic_load_8(const volatile void*, int)' [-fpermissive]
 char __atomic_load_8 ();
      ^~~~~~~~~~~~~~~
conftest.cpp: In function 'int main()':
conftest.cpp:59:25: error: too few arguments to function 'long long unsigned int __atomic_load_8(const volatile void*, int)'
 return __atomic_load_8 ();

So add -latomic to LIBS if BR2_TOOLCHAIN_HAS_LIBATOMIC is set

Fixes:
 - http://autobuild.buildroot.org/results/13082cea836a12ac8bf85cbdb53a56a5d30c70b1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/squid: remove gnu atomics handling
Fabrice Fontaine [Sat, 24 Nov 2018 14:54:49 +0000 (15:54 +0100)]
package/squid: remove gnu atomics handling

gnu atomics has been removed since version 3.5.27:
https://github.com/squid-cache/squid/commit/ddd4edb743d82be97fc651d529e04bf55329a50d
So remove squid_cv_gnu_atomics handling

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/dbus-python: bump to version 1.2.8
Joseph Kogut [Wed, 28 Nov 2018 18:17:47 +0000 (10:17 -0800)]
package/dbus-python: bump to version 1.2.8

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libdrm: add optional cunit dependency
Matt Weber [Thu, 1 Nov 2018 18:58:16 +0000 (13:58 -0500)]
package/libdrm: add optional cunit dependency

Previously the option to install tests would result in the test cases
that don't have a cunit dependency, to build and be installed.

This patch adds an optional dependency on cunit so that all test cases
can be built and installed to target.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: keep as an optional dependency, as cunit is only useful for
additional tests specific to the amdgpu backend]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/cunit: new package
Matt Weber [Thu, 1 Nov 2018 18:58:15 +0000 (13:58 -0500)]
package/cunit: new package

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: fix license, it's LGPL-2.0+.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/libnfs: bump to version 3.0.0
Jörg Krause [Mon, 5 Nov 2018 17:11:41 +0000 (18:11 +0100)]
package/libnfs: bump to version 3.0.0

Also add an patch from upstream to fix building libnfs with the musl C
library. This issue was introduced upstream between version 2.0.0 and
version 3.0.0.

Note, that upstreams commit message says it fixes a warning. However, as
musl is more strictly regarding missing headers it actually fixes the
build with musl.

Furthermore, the COPYING license file was changed in the way that it now
includes a clarification about the .x files being distributed under the
simplified BSD license. We already note in LIBNFS_LICENSE that the .x
files are BSD-2-Clause. So, updating the hash for this license file is
enough.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/wolfssl: enable ARMv8 hardware acceleration
Sergio Prado [Sun, 25 Nov 2018 09:20:27 +0000 (07:20 -0200)]
package/wolfssl: enable ARMv8 hardware acceleration

Enable hardware acceleration for ARMv8 targets.

When ARMv8 hardware acceleration is enabled on AArch64 without any
additional flags, the build fails with the following messages:

/tmp/cciv7Oei.s: Assembler messages:
/tmp/cciv7Oei.s:580: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:616: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:629: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:669: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:1211: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1368: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1554: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1719: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1870: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:2043: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
make[3]: *** [Makefile:3801: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-aes.lo] Error 1

This is because of some inline assembly in parts of the AES structure
using the "m" constraint.

So lets use the flag -mstrict-align to prevent this error.

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
[Thomas: restrict the -mstrict-align workaround to AArch64, as ARMv8-A
can also be used in an AArch32 build, and in this case, gcc doesn't
support the -mstrict-align flag]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agophp: intl support needs dynamic library
Fabrice Fontaine [Sat, 10 Nov 2018 21:59:30 +0000 (22:59 +0100)]
php: intl support needs dynamic library

getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp
and icu library so add a !BR2_STATIC_LIBS dependency to
BR2_PACKAGE_PHP_EXT_INTL

Fixes:
 - http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/wolfssl: bump to version 3.15.5
Sergio Prado [Sun, 25 Nov 2018 08:36:19 +0000 (06:36 -0200)]
package/wolfssl: bump to version 3.15.5

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/perl-time-hires: remove package
Francois Perrad [Thu, 22 Nov 2018 18:22:15 +0000 (19:22 +0100)]
package/perl-time-hires: remove package

This is a core Perl module (ie. included in the Perl distribution), so
there is no point in having a separate package for it.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/gcc: enable __cxa_atexit
Alexey Brodkin [Fri, 16 Nov 2018 11:26:18 +0000 (14:26 +0300)]
package/gcc: enable __cxa_atexit

This is what GCC manual says [1]:
-------------------------->8----------------------
--enable-__cxa_atexit

    Define if you want to use __cxa_atexit, rather than atexit,
    to register C++ destructors for local statics and global objects.

    This is essential for fully standards-compliant handling of destructors,
    but requires __cxa_atexit in libc.

    This option is currently only available on systems with GNU libc
    ...
-------------------------->8----------------------

Important disadvantages of a simple atexit() are that [2]:
-------------------------->8----------------------
1999 C Standard only requires that the implementation support 32
registered functions, although most implementations support many more.

More important it does not deal at all with the ability in most implementations
to remove DSOs from a running program image by calling dlclose
prior to program termination.
-------------------------->8----------------------

Also it seems like all libc's we support in Buildroot (Glibc, uClibc and musl)
support __cxa_at_exit() so enable it unconditionally.

FWIW if we look around we'll see:
 1. In OpenEmbedded it is enabled for everything except gcc-cross-initial: [3], [4]
 2. In Crosstool-NG it is enabled by default: [5]
 3. In OpenWrt it is disabled only for uClibc, otherwise enabled: [6]

So I think we should be good with it as well.

[1] https://gcc.gnu.org/install/configure.html
[2] https://itanium-cxx-abi.github.io/cxx-abi/abi.html#dso-dtor-motivation
[3] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-configure-common.inc#L59
[4] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-cross-initial.inc#L23
[5] https://github.com/crosstool-ng/crosstool-ng/blob/master/config/cc/gcc.in#L270
[6] https://github.com/openwrt/openwrt/blob/master/toolchain/gcc/common.mk#L170

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Claudiu Zissulescu <claziss@synopsys.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/gdb: prevent gdbserver being selected for RISC-V builds
Mark Corbin [Mon, 26 Nov 2018 14:24:38 +0000 (14:24 +0000)]
package/gdb: prevent gdbserver being selected for RISC-V builds

There is currently no version of gdbserver for RISC-V. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for RISC-V builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.

[Peter: simplify logic, add comment]
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/grpc: new package
Robert Rose [Thu, 29 Nov 2018 06:21:40 +0000 (22:21 -0800)]
package/grpc: new package

Signed-off-by: Robert Rose <robertroyrose@gmail.com>
[Thomas:
 - add missing Config.in dependencies inherited from
   BR2_PACKAGE_PROTOBUF, as well as the corresponding Config.in
   comment
 - replace spaces by tabs in grpc.mk indentation
 - remove superfluous GRPC_SOURCE variable
 - improved patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopackage/c-ares: support host build
Robert Rose [Thu, 29 Nov 2018 06:21:39 +0000 (22:21 -0800)]
package/c-ares: support host build

A host version of this package will be useful as a dependency of the
host-grpc package.

Signed-off-by: Robert Rose <robertroyrose@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agotoolchain: bump ARC prebuild toolchain to arc-2018.09
Evgeniy Didin [Tue, 27 Nov 2018 12:55:29 +0000 (15:55 +0300)]
toolchain: bump ARC prebuild toolchain to arc-2018.09

Lets update prebuilt ARC toolchain to the most recent arc-2018.09.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agolibbsd: needs __register_atfork
Fabrice Fontaine [Wed, 28 Nov 2018 17:05:10 +0000 (18:05 +0100)]
libbsd: needs __register_atfork

The following error is raised by minizip:

[100%] Linking C executable minizip
/home/peko/autobuild/instance-0/output/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libbsd.a(arc4random.o):
In function `_rs_init.part.1':
arc4random.c:(.text+0xaa): undefined reference to `__register_atfork'
collect2: error: ld returned 1 exit status

As specified in openssl/Config.in, uClibc on noMMU doesn't provide
__register_atfork() so add a dependency on
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) on libbsd and minizip

Don't add this dependency to netcat-opensd as it already depends on
glibc
Don't add this dependency to BR2_PACKAGE_BLUEZ_ALSA_HCITOP because
bluez-alsa already depends on BR2_USE_MMU
Concerning fwts, just update comment on BR2_USE_MMU

Fixes:
 - http://autobuild.buildroot.org/results/df2dcbdceaa01a2ae37bf09140e4dbef0a5b9489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agotoolchain: bumb ARC tools to arc-2018.09 release
Evgeniy Didin [Tue, 27 Nov 2018 11:04:11 +0000 (14:04 +0300)]
toolchain: bumb ARC tools to arc-2018.09 release

This commit finally bumps ARC tools to the most recent arc-2018.09 release version.

ARC GNU tools of version arc-2018.09 bring some quite significant changes like:
 * Binutils v2.31.1 with additional ARC patches
 * GCC 8.2.1 with additional ARC patches
 * glibc 2.28 with additional ARC patches

More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2018.09-release

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 years agopython-numpy: fix build with lapack
Fabrice Fontaine [Wed, 28 Nov 2018 16:51:02 +0000 (17:51 +0100)]
python-numpy: fix build with lapack

If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of
python-numpy will fail if lapack is built before python-numpy because
lapack does not provide blas library

So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if
BR2_PACKAGE_CLAPACK is not set

Fixes:
 - http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage: hide golang packages for toolchains with binutils bug 20006
Yann E. MORIN [Sun, 25 Nov 2018 09:19:50 +0000 (10:19 +0100)]
package: hide golang packages for toolchains with binutils bug 20006

Fixes:
    http://autobuild.buildroot.org/results/020/02039969b16534d4020ecd4574bae71b91c1e6b8/ (flannel)
    http://autobuild.buildroot.org/results/e95/e9528b06b350ef84c1e2cb59fba87b4db77b4660/ (docker-engine)
    [...]

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agotoolchain: CodeSourcery AMD64 affected by PR20006
Yann E. MORIN [Sun, 25 Nov 2018 09:19:49 +0000 (10:19 +0100)]
toolchain: CodeSourcery AMD64 affected by PR20006

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoinfra/pkg-golang: enforce number of parallel jobs
Yann E. MORIN [Sun, 25 Nov 2018 09:19:48 +0000 (10:19 +0100)]
infra/pkg-golang: enforce number of parallel jobs

By default, the go compiler will spawn as many jobs as there are CPUs
available, thus possibily over-shooting the limits set by the user.

Make it abide by the user's wish, and specify the number of jobs allowed
to run.

We can do so without fear of a package failing to build in parallel,
because they were already all building in parallel, as that is the
default for the go compiler.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agosystemd: fix build with gcc <= 4.7
Fabrice Fontaine [Thu, 29 Nov 2018 18:06:47 +0000 (19:06 +0100)]
systemd: fix build with gcc <= 4.7

Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test
will always succeed, causing -Werror=shadow to be passed, even on older gcc versions.

GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about
local variable declariations shadowing functions, which systemd has.  From
the changelog:

  The option -Wshadow no longer warns if a declaration shadows a function
  declaration, unless the former declares a function or pointer to function,
  because this is a common and valid case in real-world code.

https://www.gnu.org/software/gcc/gcc-4.8/changes.html

Fixes:
 - http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2

[Peter: extend commit message, add gcc 4.8 link]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoghostscript: security bump to version 9.26
Peter Korsgaard [Thu, 29 Nov 2018 15:50:49 +0000 (16:50 +0100)]
ghostscript: security bump to version 9.26

Fixes the following security vulnerabilities:

 - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
   bypass a sandbox protection mechanism via vectors involving errorhandler
   setup.  NOTE: this issue exists because of an incomplete fix for
   CVE-2018-17183.

- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
  bypass a sandbox protection mechanism via vectors involving the 1Policy
  operator.

- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
  9.26.  LockSafetyParams is not checked correctly if another device is
  used.

- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because available
  stack space is not checked when the device remains the same.

- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  setcolorspace type confusion.

- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  JBIG2Decode type confusion.

For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoperl-net-ssleay: fix dependency
Francois Perrad [Tue, 27 Nov 2018 22:54:25 +0000 (23:54 +0100)]
perl-net-ssleay: fix dependency

this dependency was accidentally removed
by https://git.busybox.net/buildroot/commit/package/perl-net-ssleay?id=da9e06cabc578bf9138e100d1492a2d5f2038415

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agopackage/netsnmp: drop our custom config script fixups
Yann E. MORIN [Wed, 28 Nov 2018 20:44:23 +0000 (21:44 +0100)]
package/netsnmp: drop our custom config script fixups

Those custom fixups were added in 2011 with commit d1b42b24b88
(net-snmp: fixup paths in net-snmp-config) before we add generic config
scripts fixups in 2013 with commit 834f9311aac (pkg-infra: add
<pkg>_CONFIG_FIXUP to fix *-config files)

These custom fixups enclose the includes and libraries paths in single
quotes (presumably to protect them from further expnasion by the shell,
in case there are spaces for example).

It turns out that this breaks now that we replace the staging dir with
$(dirname $0), as it is between single quotes.

It looks like these fixups are really no longer needed anymore, since
the generic fixups do the job just fine (and better).

Fixes:
    http://autobuild.buildroot.org/results/2c5/2c5e379a06825bf8588bf070d733d2e1f98dab66/
    http://autobuild.buildroot.org/results/eea/eea704463c3f14dbb9bd7f8aa23d4b61c25987f4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agofreetype: bump version to 2.9.1
Peter Seiderer [Wed, 28 Nov 2018 19:15:17 +0000 (20:15 +0100)]
freetype: bump version to 2.9.1

According to [1]:

- fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION()
  function within ttinterp.c could lead to DoS via a crafted font file

- needs '--enable-freetype-config' for freetype-config installation

[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902

[Peter: also pass --enable-freetype-config for host variant]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agodomoticz: fix build with python and cmake <= 3.7
Fabrice Fontaine [Wed, 28 Nov 2018 23:56:33 +0000 (00:56 +0100)]
domoticz: fix build with python and cmake <= 3.7

domoticz will fail to build with python and older cmake
Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until
cmake 3.7 and the following commit:
https://github.com/Kitware/CMake/commit/c31573b9641e0f1bc7a34149506db51f3494323b

To fix this, add a call to find_package(PythonInterp). Indeed, if
FindPythonInterp has already found the major and minor version, that
version will be inserted between the user supplied versions and the
stock version list since cmake in version 3.1 and
https://github.com/Kitware/CMake/commit/3816cd2dc7a7cc220e4f1b1e87fee986545b9cb3

Fixes:
 - http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agolibopenssl: security bump to version 1.0.2q
Peter Korsgaard [Thu, 29 Nov 2018 14:47:40 +0000 (15:47 +0100)]
libopenssl: security bump to version 1.0.2q

Fixes the following security vulnerabilities:

  *) Microarchitecture timing vulnerability in ECC scalar multiplication

     OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
     shown to be vulnerable to a microarchitecture timing side channel attack.
     An attacker with sufficient access to mount local timing attacks during
     ECDSA signature generation could recover the private key.

     This issue was reported to OpenSSL on 26th October 2018 by Alejandro
     Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
     Nicola Tuveri.
     (CVE-2018-5407)
     [Billy Brumley]

  *) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

For more information, see the changelog:
https://www.openssl.org/news/cl102.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agoxfsprogs: Define PLATFORM to linux
Florian Fainelli [Thu, 29 Nov 2018 05:05:40 +0000 (21:05 -0800)]
xfsprogs: Define PLATFORM to linux

PLATFORM is an environment variable used by xfsprogs' configure script
to determine the platform for which the applications are being built. If
we set some incorrect/unsupported value through e.g: export, this will
be picked up by xfsprogs' configure script and used as-is and assigned
to PKG_PLATFORM, which will lead to build failures.

If PLATFORM was empty/unset, then uname on the host building xfsprogs
gets used to determine the build platform, which again could be
incorrect if we e.g: built xfsprogs on a Darwin system.

Since we are obviously building for Linux, let's just make sure we
define it that way which solves both issues.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 years agosamba4: security bump to version 4.9.3
Peter Korsgaard [Thu, 29 Nov 2018 09:21:45 +0000 (10:21 +0100)]
samba4: security bump to version 4.9.3

Fixes the following security vulnerabilities:

 - CVE-2018-14629:
   All versions of Samba from 4.0.0 onwards are vulnerable to infinite
   query recursion caused by CNAME loops. Any dns record can be added via
   ldap by an unprivileged user using the ldbadd tool, so this is a
   security issue.

 - CVE-2018-16841:
   When configured to accept smart-card authentication, Samba's KDC will call
   talloc_free() twice on the same memory if the principal in a validly signed
   certificate does not match the principal in the AS-REQ.

   This is only possible after authentication with a trusted certificate.

   talloc is robust against further corruption from a double-free with
   talloc_free() and directly calls abort(), terminating the KDC process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16851:
   During the processing of an LDAP search before Samba's AD DC returns
   the LDAP entries to the client, the entries are cached in a single
   memory object with a maximum size of 256MB.  When this size is
   reached, the Samba process providing the LDAP service will follow the
   NULL pointer, terminating the process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16852:
   During the processing of an DNS zone in the DNS management DCE/RPC server,
   the internal DNS server or the Samba DLZ plugin for BIND9, if the
   DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
   property is set, the server will follow a NULL pointer and terminate.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

 - CVE-2018-16853:
   A user in a Samba AD domain can crash the KDC when Samba is built in the
   non-default MIT Kerberos configuration.

   With this advisory we clarify that the MIT Kerberos build of the Samba
   AD DC is considered experimental.  Therefore the Samba Team will not
   issue security patches for this configuration.

 - CVE-2018-16857:
   AD DC Configurations watching for bad passwords (to restrict brute forcing
   of passwords) in a window of more than 3 minutes may not watch for bad
   passwords at all.

For more details, see the release notes:

https://www.samba.org/samba/history/samba-4.9.3.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>