buildroot.git
7 years agoKickoff 2018.08 cycle
Peter Korsgaard [Sat, 2 Jun 2018 09:11:56 +0000 (11:11 +0200)]
Kickoff 2018.08 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agodocs/website/news.html: add 2018.05 announcement link
Peter Korsgaard [Fri, 1 Jun 2018 20:53:36 +0000 (22:53 +0200)]
docs/website/news.html: add 2018.05 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoUpdate for 2018.05
Peter Korsgaard [Fri, 1 Jun 2018 20:22:57 +0000 (22:22 +0200)]
Update for 2018.05

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: reword binutils 2.29+ comment
Peter Korsgaard [Fri, 1 Jun 2018 19:43:06 +0000 (21:43 +0200)]
linux: reword binutils 2.29+ comment

This issue only applies to kernels built with CONFIG_THUMB2=y, so reword the
comment to make that more clear.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: may fail to boot for binutils 2.29+ even without armv7m
Yann E. MORIN [Fri, 1 Jun 2018 18:01:57 +0000 (20:01 +0200)]
linux: may fail to boot for binutils 2.29+ even without armv7m

Commit f13477b (linux: config.in: add comment for Arm Cortex-M) added a
comment so that the user that the linux kernel may miscompile with
binutils 2.29+, when the target is an armv7m CPU.

However, the real trigger is a compilation in thumb2 mode, which happens
to be the only option for armv7m CPUs.

We can't know whether the kernel will be built in arm or thumb2 mode,
though, because we do not have that information: it is only available in
the Linux' .config file, which we don;t have access to at the time we
run our menuconfig.

So, relax the conditions under which the comment is made, so that it
appears as soon as binutils are >= 2.29 (i.e. not 2.28, which is the
oldest we support) for ARM CPUs.

[Peter: reword comment]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Laurent GONZALEZ <br22@gezedo.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/binutils: extend the 2.28 default to thumb mode
Yann E. MORIN [Fri, 1 Jun 2018 17:26:29 +0000 (19:26 +0200)]
package/binutils: extend the 2.28 default to thumb mode

Commit 17f352ac (package/binutils: default to 2.29 for Cortex-M targets)
made the default version 2.28 (and not 2.29!) when the target is an
arm-v7m CPU.

However, the real trigger is compilation in Thumb mode, not the fact
that the target is v7m.

The fact that it was noticed on a v7m target is because Thumb is the
only mode valid on those CPUs.

Tighten the defaults to 2.28 for Thumb and Thumb2 modes.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Laurent GONZALEZ <br22@gezedo.com>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/clang: fix host-clang binaries
Valentin Korenblit [Wed, 30 May 2018 11:46:51 +0000 (13:46 +0200)]
package/clang: fix host-clang binaries

This patch fixes the following error when trying to execute clang compiler
(host-variant):

CommandLine Error: Option 'x86-use-base-pointer' registered more than once!
LLVM ERROR: inconsistency in registered CommandLine options

The same happens for the other binaries, such as clang-format:

./clang-format
: CommandLine Error: Option 'help-list' registered more than once!
LLVM ERROR: inconsistency in registered CommandLine options

Clang binaries are tools, and given that DLLVM_LINK_LLVM_DYLIB is set,
they are linked against libLLVM.so. The problem is that binaries are
also linking against some LLVM static libraries, resulting in the error
shown above. However, it is not the same case for libclang, which is also
a tool but links only against libLLVM.so.

To fix this problem, add LLVM_DYLIB_COMPONENTS=all.

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Tested-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/socrates_cyclone5: change over to current upstream releases
Florian La Roche [Tue, 8 May 2018 20:28:47 +0000 (22:28 +0200)]
configs/socrates_cyclone5: change over to current upstream releases

Since all cyclone5 development changes are upstream, change over to an
upstream release of the Linux kernel and u-boot for buildroot.

Signed-off-by: Florian La Roche <Florian.LaRoche@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ef94c736ec460e56b82a5a45819f7adce787d488)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoRevert "configs/stm32f469: force usage of binutils 2.28.x"
Christophe PRIOUZEAU [Thu, 31 May 2018 13:21:33 +0000 (13:21 +0000)]
Revert "configs/stm32f469: force usage of binutils 2.28.x"

This reverts commit 12049cc8b8972a9d0f1e27f1382cc5752d45312f.

Now that the binutils default has been changed for ARMv7M, this is no longer
needed.

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoRevert "configs/stm32f429: force usage of binutils 2.28.x"
Christophe PRIOUZEAU [Thu, 31 May 2018 13:21:32 +0000 (13:21 +0000)]
Revert "configs/stm32f429: force usage of binutils 2.28.x"

This reverts commit cbe43fd417d77f846f1ca47cdacd51a73be1aaec.

Now that the binutils default has been changed for ARMv7M, this is no longer
needed.

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: config.in: add comment for Arm Cortex-M
Christophe PRIOUZEAU [Thu, 31 May 2018 13:21:34 +0000 (13:21 +0000)]
linux: config.in: add comment for Arm Cortex-M

When binutils > 2.28 are selected on Arm Cortex-M cpu,
linux kernel does not boot due to a new implementation
of 'adr pseudo instruction' on binutils.

Bugzilla thread: https://bugs.busybox.net/show_bug.cgi?id=11051

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/binutils: default to 2.29 for Cortex-M targets
Laurent GONZALEZ [Thu, 31 May 2018 13:21:33 +0000 (13:21 +0000)]
package/binutils: default to 2.29 for Cortex-M targets

binutils 2.29 changed the implementation of adr pseudo instruction
it breaks linux kernel and impacts Cortex-M targets (eg. stm32)

[Peter: simplify Config.in logic, adjust message to make it clear this is
just a default]
Signed-off-by: Laurent GONZALEZ <br22@gezedo.com>
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agojpeg-turbo: add license details
Fabrice Fontaine [Thu, 31 May 2018 17:08:19 +0000 (19:08 +0200)]
jpeg-turbo: add license details

- jpeg-turbo is covered by 3 licenses: IJG (libjpeg),
  BSD-3-Clause (TurboJPEG) and Zlib (SIMD)
- Add README.ijg
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibjpeg: use SPDX short identifier
Fabrice Fontaine [Thu, 31 May 2018 17:02:12 +0000 (19:02 +0200)]
libjpeg: use SPDX short identifier

Use IJG instead of jpeg-license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/expect: download tarball instead of cvs
Arnout Vandecappelle (Essensium/Mind) [Thu, 31 May 2018 07:05:20 +0000 (09:05 +0200)]
package/expect: download tarball instead of cvs

More than 3 years after the 5.45.3 release, a tarball for that release
was uploaded to sourceforge.net. The differences between this tarball
and the CVS checkout are minimal:

- There are no CVS directories, of course, but we don't need them.
- File timestamps are different.
- expect.tests is missing, but we don't execute tests anyway.
- configure script is different, but we AUTORECONF anyway.
- 'fixcat' script is missing, but it is not called anywhere.

Since sourceforge.net has broken CVS downloads, now is a good time to
switch away from it.

While we're at it, add a hash file including license.

Fixes:
http://autobuild.buildroot.net/results/db3/db33d4fa507fb3b4132423cd0a7e25a1fe6e4105
http://autobuild.buildroot.net/results/b6d/b6d927dcc73ac8d754422577dacefff4ff918a5c
http://autobuild.buildroot.net/results/23d/23d1034b33d0354de15de2ec4a8ccd0603e8db78
http://autobuild.buildroot.net/results/127/1272a3aa3077e434c9805ec3034f35e6fcc330d4

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agodownload/cvs: add a 10 minute timeout
Arnout Vandecappelle (Essensium/Mind) [Thu, 31 May 2018 07:05:19 +0000 (09:05 +0200)]
download/cvs: add a 10 minute timeout

Apparently, CVS servers can be deadlocked and in that case clients will
retry connecting to them indefinitely. Cfr.
http://autobuild.buildroot.net/results/23d/23d1034b33d0354de15de2ec4a8ccd0603e8db78/build-end.log
Apparently, the sf.net CVS server got in such a deadlock on 2018-05-18,
and almost 2 weeks later it is still not fixed.

Instead of just hanging, we should fall back on BR2_SECONDARY_SITE. To
achieve this, it's sufficient to add a timeout to the CVS command.

The timeout value is of course arbitrary. However, we can assume that
nobody will be putting large projects under CVS any more. So if the
download takes more than 5 minutes, it's probably broken. Let's put the
timeout at 10 minutes then.

Fixes:
http://autobuild.buildroot.net/results/db3/db33d4fa507fb3b4132423cd0a7e25a1fe6e4105
http://autobuild.buildroot.net/results/b6d/b6d927dcc73ac8d754422577dacefff4ff918a5c
http://autobuild.buildroot.net/results/23d/23d1034b33d0354de15de2ec4a8ccd0603e8db78
http://autobuild.buildroot.net/results/127/1272a3aa3077e434c9805ec3034f35e6fcc330d4

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{1, 4, 9, 14, 16}.x series
Fabio Estevam [Wed, 30 May 2018 18:31:58 +0000 (15:31 -0300)]
linux-headers: bump 4.{1, 4, 9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoxen: security bump to version 4.10.1
Peter Korsgaard [Wed, 30 May 2018 22:17:13 +0000 (00:17 +0200)]
xen: security bump to version 4.10.1

The 4.10.1 version brings a large number of fixes:

https://www.xenproject.org/downloads/xen-archives/xen-project-410-series/xen-4101.html

Including a number of security fixes:

XSA-252: DoS via non-preemptable L3/L4 pagetable freeing (CVE-2018-7540)
XSA-253: x86: memory leak with MSR emulation (CVE-2018-5244)
XSA-254: Information leak via side effects of speculative execution
 (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754)
XSA-255: grant table v2 -> v1 transition may crash Xen (CVE-2018-7541)
XSA-256: x86 PVH guest without LAPIC may DoS the host (CVE-2018-7542)
XSA-258: Information leak via crafted user-supplied CDROM (CVE-2018-10472)
XSA-259: x86: PV guest may crash Xen with XPTI (CVE-2018-10471)

Also add a hash for the license file while we are at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/openvmtools: depend on host-nfs-utils
Romain Naour [Wed, 30 May 2018 21:27:02 +0000 (23:27 +0200)]
package/openvmtools: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/e21/e219b8bacb52bb661eb6663b82f549ed941f26fe

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.16.13
Fabio Estevam [Wed, 30 May 2018 18:31:57 +0000 (15:31 -0300)]
linux: bump default to version 4.16.13

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agotoolchain: allow disabling packages affected by gcc bug 85180
Matt Weber [Mon, 28 May 2018 15:35:10 +0000 (10:35 -0500)]
toolchain: allow disabling packages affected by gcc bug 85180

Works around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180 which
is an issue where the Microblaze architecture had code that caused a
infinite recursion while optimizing in versions of GCC earlier than
8.x. More BR discussion can be found on this thread.
http://buildroot-busybox.2317881.n4.nabble.com/autobuild-buildroot-net-Build-results-for-2018-04-25-td192721.html

Resolves:
http://autobuild.buildroot.net/results/b42d68c66d8ea035845a28c5530ef0682fd95713 (boost)
http://autobuild.buildroot.net/results/af976a4805fb8b3f0c17a8e3a1f901b2255caa0b (flare-engine)
http://autobuild.buildroot.net/results/d20/d20700bd538ba1e9d45ab8a61ecbbba1a320ef38 (gst-ffmpeg)

CC: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agodocs/website/news.html: fix s/2018.05/2018.02/ typos
Peter Korsgaard [Wed, 30 May 2018 15:55:28 +0000 (17:55 +0200)]
docs/website/news.html: fix s/2018.05/2018.02/ typos

Reported-by: Andreas Naumann <dev@andin.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agogit: security bump to version 2.16.4
Baruch Siach [Tue, 29 May 2018 17:38:39 +0000 (20:38 +0300)]
git: security bump to version 2.16.4

Forward port of security fixes from the 2.13.7 release. The 2.13.7
release notes say this:

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/dash: don't build in paralle
Yann E. MORIN [Tue, 29 May 2018 17:42:37 +0000 (19:42 +0200)]
package/dash: don't build in paralle

dash has races in its Makefile, but upstream is not too keen in fixing
those, and just suggests that dash not be built in parallel:

    https://www.mail-archive.com/dash@vger.kernel.org/msg01675.html

Fixes:
    http://autobuild.buildroot.org/results/793/7934c815a3009af688c2f1183e67dfe542c9a009/
    http://autobuild.buildroot.org/results/fc4/fc4e4ab47455ac47dd4a3a60083cec2848e74dbb/
    http://autobuild.buildroot.org/results/6bf/6bfdd44ea5d55a6ca3ef92254eab18c7c0416b7b/
    [...]

Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolog4cplus: needs gcc >= 4.8
Fabrice Fontaine [Tue, 29 May 2018 17:19:29 +0000 (19:19 +0200)]
log4cplus: needs gcc >= 4.8

log4cplus needs std::map::emplace

Fixes:
 - http://autobuild.buildroot.net/results/ef0d8d7fae835ff555202f6de320945226ec00bf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/stm32f469: force usage of binutils 2.28.x
Christophe PRIOUZEAU [Tue, 29 May 2018 12:09:27 +0000 (12:09 +0000)]
configs/stm32f469: force usage of binutils 2.28.x

Fixes #11051

Due to runtime issue with the usage of binutils 2.29.x, we need to use the
version 2.28.x

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/stm32f429: force usage of binutils 2.28.x
Christophe PRIOUZEAU [Tue, 29 May 2018 12:09:27 +0000 (12:09 +0000)]
configs/stm32f429: force usage of binutils 2.28.x

Fixes #11051

Due to runtime issue with the usage of binutils 2.29.x, we need to use the
version 2.28.x

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoglibc: security bump to latest 2.27 branch
Baruch Siach [Tue, 29 May 2018 14:37:54 +0000 (17:37 +0300)]
glibc: security bump to latest 2.27 branch

Fixed issues are listed in the 2.27 branch NEWS file:

  CVE-2017-18269: An SSE2-based memmove implementation for the i386
  architecture could corrupt memory.  Reported by Max Horn.

  CVE-2018-11236: Very long pathname arguments to realpath function could
  result in an integer overflow and buffer overflow.  Reported by Alexey
  Izbyshev.

  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
  architecture could write beyond the target buffer, resulting in a buffer
  overflow.  Reported by Andreas Schwab.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoUpdate for 2018.05-rc3
Peter Korsgaard [Mon, 28 May 2018 21:02:21 +0000 (23:02 +0200)]
Update for 2018.05-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/elf2flt: replace hard-links with copies to fix rpath
Yann E. MORIN [Mon, 28 May 2018 19:45:18 +0000 (21:45 +0200)]
package/elf2flt: replace hard-links with copies to fix rpath

Do for elf2flt what we did for binutils: replace the hardlinks (which
break rpath handling) with copies of the individaul tools.

See previous commit (package/binutils: switch from symlinks to copies
and commit f9cffb6af4 (binutils: replace hard-links with soft-links to
fix rpath) for the complete story.

Fixes: #11031.
Reported-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/binutils: switch from symlinks to copies to fix rpath
Yann E. MORIN [Mon, 28 May 2018 19:45:17 +0000 (21:45 +0200)]
package/binutils: switch from symlinks to copies to fix rpath

Commit f9cffb6af464 (binutils: replace hard-links with soft-links to fix
rpath) has a side effect that when we build for a noMMU target, elf2flt
will in turn replace some of the programs installed by binutils, with
its own wrappers.

For example, it will rename host/TUPLE/bin/ld to ld.real, and add its
own wrapper in place of the original. It does the same for
host/bin/TUPLE-ld and host/bin/TUPLE-ld.real.

However, we had already made ld a symlink to ../../bin/TUPLE-ld, so
host/TUPLE/bin/ld.real will still point to host/bin/TUPLE-ld when we
want it to point to ld.real instead...

This ultimately confuses gcc later on.

Of course, the culprit is also elf2flt, which also installs similar
hardlinks that would ultimately exhibit the same rpath issue as the
one fixed by f9cffb6af464. Note: we haven't had an issue so far with
that, because those tools installed by elf2flt only link with libz,
which is most often present on the host system. So, all seem well,
but is nonetheless broken; this will be fixed in a subsequent commit.

But back on topic. If we were to fix elf2flt with similar symlinks,
gcc still gets confused. The underlying reason for this confusion is
not entirely clear, though... It looks like something is trying to
dereference symlinks and gets confused by the result somehow...

So, in an attempt to restore some sanity in all this mess, we try to
restore the previous behaviour, we no longer use symlinks but just copy
the individual tools.

Fixes: #11031.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopoppler: link with libatomic when needed
Waldemar Brodkorb [Mon, 28 May 2018 18:19:53 +0000 (20:19 +0200)]
poppler: link with libatomic when needed

Following errors might occur on architectures required to use gcc libatomics:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often the case for sparcv8 32 bit toolchains.

See 55a9d6d55888b04ec6c476399e5b98a2412995f5 and 03f6e005e6a9617767b24a9026da9477848020cc.

Fixes:
  http://autobuild.buildroot.net/results/64a96663a48ab644bc03c9a3ec2d6a644119dee6
  http://autobuild.buildroot.net/results/82e85e12478fc1972b70ad728ed7c1554920c9e3

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump Linux CIP to v4.4.130-cip23
Angelo Compagnucci [Mon, 28 May 2018 15:42:06 +0000 (17:42 +0200)]
linux: bump Linux CIP to v4.4.130-cip23

This patch bump the Linux CIP kernel to version v4.4.130-cip23

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agotoolchain: Bump ARC tools to arc-2018.03-rc2
Evgeniy Didin [Fri, 25 May 2018 18:07:01 +0000 (21:07 +0300)]
toolchain: Bump ARC tools to arc-2018.03-rc2

This commit bumps ARC toolchain to arc-2018.03-rc2, which
includes significant changes since arc-2018.03-rc1.
We want to test how new toolchain-rc2 builds packages,
so we can make fixes before release of toolcain.
This makes us closer to toolchain release which will be in a few weeks.

Please note that it is a release candidate
and it might contain some breakages,
please don't use it for production builds.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7aaabe8fc04006b15bb5f9aaf08ac07603fcf7fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agofs: ensure hard links in TARGET_DIR are correctly copied for filesystem input
Peter Korsgaard [Sun, 27 May 2018 20:48:57 +0000 (22:48 +0200)]
fs: ensure hard links in TARGET_DIR are correctly copied for filesystem input

Fixes #11046

Commit bb2a57a17a7 (fs: run packages' filesystem hooks in a copy of target/)
changed the file system logic to run file system hooks from packages on a
copy of TARGET_DIR, and finally use this copy as input for the file system
generation.

This copy was done with rsync, which by default does not preserve hard
links, leading to an expansion of the file system images when hard links are
present.

Fix it by passing the -H option to rsync (preserve hard links).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibcurl: fix build with ssh2 and static mbedtls
Fabrice Fontaine [Mon, 21 May 2018 11:41:08 +0000 (13:41 +0200)]
libcurl: fix build with ssh2 and static mbedtls

The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
   Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
   Libs.private: /xxx/libmbedcrypto.a

This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to find mbedtls functions included in libssh2.

So, replace pkg-config --libs-only-l by pkg-config --libs.

Fixes:
 - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibtirpc: use rpcgen from host-nfs-utils
Baruch Siach [Wed, 23 May 2018 17:44:50 +0000 (20:44 +0300)]
libtirpc: use rpcgen from host-nfs-utils

Drop the patch adding local rpcgen. Instead use the host-nfs-utils
provided rpcgen. Update the patch "Automatically generate XDR header
files from .x sources using" to use external rpcgen.

Renumber the other patches.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoautofs: depend on host-nfs-utils
Baruch Siach [Wed, 23 May 2018 17:44:49 +0000 (20:44 +0300)]
autofs: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/383/383bc8462f32a226645c9b792b8d65a25d74529d/
http://autobuild.buildroot.net/results/0c0/0c00f72512754b721813e13f0828d3a942f7b955/
http://autobuild.buildroot.net/results/50b/50b66d2a3c8264f618d7aa813b10050ed147209f/

Cc: Jonathan Ben Avraham <yba@tkos.co.il>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agosamba4: depend on host-nfs-utils
Baruch Siach [Wed, 23 May 2018 17:44:48 +0000 (20:44 +0300)]
samba4: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/6f8/6f869b8c7c182dfe7f1a291b5952320504540ebf/
http://autobuild.buildroot.net/results/4c2/4c228dd6369e4fc11b798af6ab2abe06d7473b78/
http://autobuild.buildroot.net/results/489/489be441abd19fba2b0c39357e64a6adcf773b60/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoquota: depend on host-nfs-utils
Baruch Siach [Wed, 23 May 2018 17:44:47 +0000 (20:44 +0300)]
quota: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/730/730acb23663ebbbaba847073979654670a8bc64c/
http://autobuild.buildroot.net/results/e49/e49932e9d958203d585cdddd795df06aad6ff3a9/
http://autobuild.buildroot.net/results/1b7/1b7dccf7b9742d1b9cb57bffe55eac5cfc66b15c/

Cc: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agonfs-utils: add host package
Baruch Siach [Wed, 23 May 2018 17:44:46 +0000 (20:44 +0300)]
nfs-utils: add host package

We only need the host package for the rpcgen utility. glibc deprecated
this utility in version 2.26. Fedora has recently removed rpcgen from
its glibc package. So we need to build the rpcgen from the nfs-utils
package.

The removal of Sun RPC from glibc also removed RPC headers from glibc.
rpcgen needs two of these headers. Add host-libtirpc to provide the RPC
headers.

Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibtirpc: add host package
Baruch Siach [Wed, 23 May 2018 17:44:45 +0000 (20:44 +0300)]
libtirpc: add host package

The libtirpc host package is only for two headers that the host rpcgen
utility from the nfs-utils package needs to build. glibc used to provide
these headers. In version 2.26 glibc deprecated them with its bundled
Sun RPC. Recently Fedora stopped enabling Sun RPC in glibc. So we can no
longer rely on these headers being present on the host.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoqt-webkit-kiosk: bump to version 1.99.7-4-ga7720e5
Jérôme Oufella [Wed, 23 May 2018 13:46:08 +0000 (09:46 -0400)]
qt-webkit-kiosk: bump to version 1.99.7-4-ga7720e5

This brings localstorage support in the app, plus a fix for the build
issue logged at [1].

[1] http://autobuild.buildroot.net/results/f29fa8ef055fe0d41db5944974272530d02ecd29/

Signed-off-by: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoxfsprogs: bump to 4.16.1
Matt Weber [Wed, 9 May 2018 18:41:16 +0000 (13:41 -0500)]
xfsprogs: bump to 4.16.1

Resolves build failures like:
http://autobuild.buildroot.net/results/953/95307f0f56c7ead1bd1f0ab0049aeb8b30fdc11c/

libunistring to libicu conversion required modifications to
0001-mdrestore-do-not-do-dynamic-linking-of-libtool-libra.patch and
the libicu usage doesn't require the
0005-xfs_scrub-fix-cross-compile-with-libunistring.patch patch. I
verified that the configuration time setup of the LIBICU library
works correctly and doesn't require us to remove it.

Upstream has reworked/included the following:
0003-workqueue-add-missing-pthreads-header.patch
0004-xfs_scrub-add-missing-paths-header.patch
0006-xfs_scrub-fix-build-with-older-kernel-headers.patch

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopkg-generic: error out with 'local' site method and no _SITE
Arnout Vandecappelle (Essensium/Mind) [Wed, 23 May 2018 09:01:08 +0000 (11:01 +0200)]
pkg-generic: error out with 'local' site method and no _SITE

The 'local' site method is easily confused with the 'file' site method,
making people create packages like this:

    FOO_SITE_METHOD = local
    FOO_SOURCE = foo.tar.gz

    $(eval $(generic-package))

Due to the intricacies of the generic package infra, this does not
cause an error; instead, the foo.tar.gz tarball that happens to be
present in the download directory will be used. This behaviour differs
greatly from what is specified in the manual.

Instead, error out immediately if a package specifies the 'local' site
method but does not specify a _SITE.

We check for _OVERRIDE_SRCDIR rather than checking for _SITE, just
after _OVERRIDE_SRCDIR has been set to _SITE. Indeed, a package that
sets _OVERRIDE_SRCDIR but not _SITE currently works correctly. There is
no reason to make it fail.

See also
https://stackoverflow.com/questions/50364655/including-patches-to-build-root

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.4.x series
Fabio Estevam [Sun, 27 May 2018 12:40:21 +0000 (09:40 -0300)]
linux-headers: bump 4.4.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{9, 14, 16}.x series
Fabio Estevam [Fri, 25 May 2018 18:13:57 +0000 (15:13 -0300)]
linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.16.12
Fabio Estevam [Fri, 25 May 2018 18:13:56 +0000 (15:13 -0300)]
linux: bump default to version 4.16.12

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/bash-completion: fix a parallel build issue
Romain Naour [Fri, 25 May 2018 15:58:46 +0000 (17:58 +0200)]
package/bash-completion: fix a parallel build issue

The STAGING_DIR/usr/share/bash-completion/completions directory is not
created yet.

Fixed by:
https://github.com/scop/bash-completion/commit/ee6b37ad7ff5b309cbb9b886a871252abd9398fa

Fixes:
http://autobuild.buildroot.org/results/7ee/7eea0f512695605714cf2d8c971778d4784b4c75/build-end.log

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agocjson: bump to version 1.7.7
Fabrice Fontaine [Thu, 24 May 2018 21:14:43 +0000 (23:14 +0200)]
cjson: bump to version 1.7.7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibcoap: needs host-pkgconf
Baruch Siach [Fri, 25 May 2018 04:07:26 +0000 (07:07 +0300)]
libcoap: needs host-pkgconf

The libcoap configure script uses pkg-config.

Fixes:
http://autobuild.buildroot.net/results/746/746c6dcbf3f941c7baa5b382bd264d830d839be1/
http://autobuild.buildroot.net/results/d98/d9840a22ae5eb6572b6641b93f8beadc27d2abb5/
http://autobuild.buildroot.net/results/905/905f122213ad9623ea5dd9d32c352efd151319f3/

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agobusybox: bump to version 1.28.4
Baruch Siach [Fri, 25 May 2018 03:30:43 +0000 (06:30 +0300)]
busybox: bump to version 1.28.4

Fixes to dpkg and nsenter.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoDEVELOPERS: update datacom email addresses
Carlos Santos [Wed, 23 May 2018 16:55:04 +0000 (13:55 -0300)]
DEVELOPERS: update datacom email addresses

We are moving from datacom.ind.br to datacom.com.br. The old domain will
still be valid for an undefined period (probably forever).

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{9, 14, 16}.x series
Fabio Estevam [Tue, 22 May 2018 22:46:34 +0000 (19:46 -0300)]
linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.16.11
Fabio Estevam [Tue, 22 May 2018 22:46:33 +0000 (19:46 -0300)]
linux: bump default to version 4.16.11

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolrzsz: install symlinks for XMODEM and YMODEM
Baruch Siach [Thu, 24 May 2018 17:51:18 +0000 (20:51 +0300)]
lrzsz: install symlinks for XMODEM and YMODEM

This sets the protocol choice according to the program invocation name.
That is the common lrzsz installation practice.

Cc: Matthew Starr <mstarr@hedonline.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoprocps-ng: security bump to version 3.3.15
Baruch Siach [Wed, 23 May 2018 18:19:04 +0000 (21:19 +0300)]
procps-ng: security bump to version 3.3.15

Drop upstream patch.

This release fixes the issues listed below.

CVE-2018-1122: Local privilege escalation in top

CVE-2018-1123: Denial of service in ps

CVE-2018-1124: Local privilege escalation in libprocps

CVE-2018-1125: Stack buffer overflow in pgrep

CVE-2018-1126: Integer overflow in proc/alloc

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoUpdate for 2018.05-rc2
Peter Korsgaard [Tue, 22 May 2018 21:26:26 +0000 (23:26 +0200)]
Update for 2018.05-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoDEVELOPERS: add myself to modem-manager
Carlos Santos [Tue, 22 May 2018 11:22:13 +0000 (08:22 -0300)]
DEVELOPERS: add myself to modem-manager

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agomodem-manager: disable -Werror
Peter Korsgaard [Mon, 21 May 2018 20:39:23 +0000 (22:39 +0200)]
modem-manager: disable -Werror

Fixes:
http://autobuild.buildroot.net/results/5d9/5d9e299ff12726d07e8a584a213c1d2a2e419594/

The modem-manager build generates a number of build warnings like:

mm-base-manager.c: In function 'handle_set_logging':
mm-base-manager.c:680:15: error: assignment from incompatible pointer type [-Werror]
     ctx->self = g_object_ref (manager);

Which cause a build failure because of -Werror.  Pass
--disable-more-warnings to disable -Werror.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agotoolchain: GCC bug 85862
Matt Weber [Mon, 21 May 2018 20:29:42 +0000 (15:29 -0500)]
toolchain: GCC bug 85862

GCC < 7.x hangs while building libnss for the Microblaze Arch.

Discovered by
http://autobuild.buildroot.net/results/158e8ebb39713e1b436a5cc1a1916f46c30694df

Reported:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85862

Simlar to:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49218

[Peter: tweak ecryptfs comment, add comment/dependencies for qt5webengine]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibmediaart: rename options to have proper prefix
Petr Vorel [Sun, 13 May 2018 19:07:36 +0000 (21:07 +0200)]
libmediaart: rename options to have proper prefix

Options should be prefixed by BR2_PACKAGE_LIBMEDIAART and not
BR2_PACKAGE_MEDIAART, but package was using both prefixes.

This was found as default symbol was defined as
BR2_PACKAGE_LIBMEDIAART_BACKEND_NONE (correct prefix), but symbol
was actually BR2_PACKAGE_MEDIAART_BACKEND_NONE).

This commit therefore renames the incorrectly named options, and adds
Config.in.legacy handling. Since the options are part of a choice, the
legacy handling cannot select the new options, and is only here to
inform the user.

Fixes: c443830a57 libmediaart: new package
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Thomas: improve commit log, add Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoti-sgx-km: rename options to have proper prefix
Thomas Petazzoni [Sun, 13 May 2018 19:07:35 +0000 (21:07 +0200)]
ti-sgx-km: rename options to have proper prefix

The sub-options of the ti-sgx-km package had their name option
prefixed by BR2_PACKAGE_TI_SGX, while the prefix should be
BR2_PACKAGE_TI_SGX_KM. This commit fixes that, and adds the necessary
Config.in.legacy handling.

Since those options are part of a choice, the legacy handling cannot
select the new name of the options, so the legacy handling only
informs the user of the rename.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agojanus-gateway: rename options to have proper prefix
Thomas Petazzoni [Sun, 13 May 2018 19:07:34 +0000 (21:07 +0200)]
janus-gateway: rename options to have proper prefix

The sub-options of the janus-gateway package had their name option
prefixed by BR2_PACKAGE_JANUS, while the prefix should be
BR2_PACKAGE_JANUS_GATEWAY. This commit fixes that, and adds the
necessary Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoipsec-tools: rename options to have proper prefix
Thomas Petazzoni [Sun, 13 May 2018 19:07:33 +0000 (21:07 +0200)]
ipsec-tools: rename options to have proper prefix

A number of options in the ipsec-tools package had their Config.in
option prefixed by BR2_PACKAGE_IPSEC, while the prefix should be
BR2_PACKAGE_IPSEC_TOOLS. This commit fixes that, and adds the
necessary Config.in.legacy handling.

Since those options are part of a choice, the legacy handling cannot
select the new name of the options, so the legacy handling only
informs the user of the rename.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibftdi: rename option to have proper prefix
Thomas Petazzoni [Sun, 13 May 2018 19:07:32 +0000 (21:07 +0200)]
libftdi: rename option to have proper prefix

The option name BR2_PACKAGE_LIBTFDI_CPP obviously had a typo: it
should have been named BR2_PACKAGE_LIBFTDI_CPP, and add the necessary
Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agojquery-ui-themes: rename options to have proper prefix
Thomas Petazzoni [Sun, 13 May 2018 19:07:31 +0000 (21:07 +0200)]
jquery-ui-themes: rename options to have proper prefix

The choice options to select the specific jquery-ui theme to install
had a prefix of BR2_PACKAGE_JQUERY_UI_THEME_ instead of
BR2_PACKAGE_JQUERY_UI_THEMES_. This commit fixes that, and adds
Config.in.legacy handling. It's worth mentioning that since those
options are part of a choice, the legacy handling cannot select the
new name of the option: we can simply inform the user about the
renaming.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agobluez5_utils: rename options to have the proper suffix
Thomas Petazzoni [Sun, 13 May 2018 19:07:30 +0000 (21:07 +0200)]
bluez5_utils: rename options to have the proper suffix

The bluez5_utils Config.in options had a bogus prefix:
BR2_PACKAGE_BLUEZ5 instead of the expected
BR2_PACKAGE_BLUEZ5_UTILS. This commit fixes that, and adds the
appropriate Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agowavpack: add upstream security fixes
Peter Korsgaard [Mon, 21 May 2018 13:27:20 +0000 (15:27 +0200)]
wavpack: add upstream security fixes

Fixes the following security issues:

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier.  The
WAV parser component contains a vulnerability that allows writing to memory
because ParseRiffHeaderConfig in riff.c does not reject multiple format
chunks.

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier.  The
W64 parser component contains a vulnerability that allows writing to memory
because ParseWave64HeaderConfig in wave64.c does not reject multiple format
chunks.

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV
input.  Out-of-bounds writes can occur because ParseRiffHeaderConfig in
riff.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for
DSDiff input.  Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown
chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and
subsequent malloc call, leading to insufficient memory allocation.

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64
input.  Out-of-bounds writes can occur because ParseWave64HeaderConfig in
wave64.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{9, 14, 16}.x series
Fabio Estevam [Sun, 20 May 2018 22:16:24 +0000 (19:16 -0300)]
linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.16.10
Fabio Estevam [Sun, 20 May 2018 22:16:23 +0000 (19:16 -0300)]
linux: bump default to version 4.16.10

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/imx-mkimage: update hash
Erik Larsson [Mon, 21 May 2018 06:46:47 +0000 (08:46 +0200)]
package/imx-mkimage: update hash

Due to an update in the tar logic, see commit 6e2f5d0254 (download/git: fix
transform regexp for older tar versions ) - This hash needs to be updated.

Fixes:

  http://autobuild.buildroot.net/results/7c63ab1188a45d4684e159456f561a4e7c39e612/

Signed-off-by: Erik Larsson <karl.erik.larsson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoltrace: fix visibility of Config.in comment
Thomas Petazzoni [Sat, 19 May 2018 20:55:02 +0000 (22:55 +0200)]
ltrace: fix visibility of Config.in comment

The BR2_PACKAGE_LTRACE option has some architecture dependencies, but
those architecture dependencies are not taken into account for the
Config.in comment.

To fix this, this commit introduces a BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
hidden boolean that gets used by both the BR2_PACKAGE_LTRACE option
and the Config.in comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoltrace: remove bogus comment in Config.in file
Thomas Petazzoni [Sat, 19 May 2018 20:55:01 +0000 (22:55 +0200)]
ltrace: remove bogus comment in Config.in file

In commit dfaa18af00dfcff71a0159adaafb0880e58fa6a1 ("ltrace: disable
on mips/mipsel"), ltrace was disabled on mips/mipsel due to build
issues, and a comment was added in the Config.in file to explain that
even though ltrace has mips/mipsel support, it isn't enabled because
it doesn't build.

Then, in commit d23cce19c299e3010ba2dca84ab4ad35eff3cdbb ("ltrace:
enable for mips/mipsel"), the build of ltrace on mips/mipsel was
re-enabled, because it has been fixed upstream.

However, the comment in the Config.in comment was not removed in this
commit. Due to this, we have a comment that says "we don't allow
enabling ltrace on mips/mipsel" and the line right below precisely
allows to enable ltrace on mips/mipsel.

Fix this inconsistency by removing the no longer valid comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agogst1-plugins-bad: fix typo preventing use of the netsim plugin
Danomi Manchego [Sun, 20 May 2018 17:11:14 +0000 (13:11 -0400)]
gst1-plugins-bad: fix typo preventing use of the netsim plugin

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoRevert "arch/arm: add cortex-m7 core"
Thomas Petazzoni [Sun, 20 May 2018 17:13:29 +0000 (19:13 +0200)]
Revert "arch/arm: add cortex-m7 core"

This reverts commit 43884e7f5011cbd70a9a17bfd87041953cfa74ee, which
was intended for the next branch, not master.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoarch/arm: add cortex-m7 core
Yann E. MORIN [Sun, 25 Feb 2018 20:18:13 +0000 (21:18 +0100)]
arch/arm: add cortex-m7 core

Nothing fancy, just a plain Cortex-M, armv7-M core...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibpam-radius-auth: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 14:30:21 +0000 (16:30 +0200)]
libpam-radius-auth: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoznc: add mandatory dependency on threads
Fabrice Fontaine [Sun, 20 May 2018 16:16:56 +0000 (18:16 +0200)]
znc: add mandatory dependency on threads

Threads support is mandatory since version 1.7.0:
https://github.com/znc/znc/commit/582cd635f5a047761b1052a40088ab86e62fffc1

Fixes:
 - http://autobuild.buildroot.net/results/cc56c7dbee594056288296398772ef9e22846299

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibpciaccess: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 14:37:59 +0000 (16:37 +0200)]
libpciaccess: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibpcap: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 14:31:12 +0000 (16:31 +0200)]
libpcap: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibosip2: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 11:46:41 +0000 (13:46 +0200)]
libosip2: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agopackage/transmission: remove BR2_PACKAGE_TRANSMISSION_REMOTE
Bernd Kuhls [Wed, 2 May 2018 06:05:40 +0000 (08:05 +0200)]
package/transmission: remove BR2_PACKAGE_TRANSMISSION_REMOTE

Commit 6e223241e1bb58a27eb890291f9f5c1fcc6a0818 ("Add Transmission
package"), which added the transmission package, introduced a
BR2_PACKAGE_TRANSMISSION_REMOTE Config.in option, supposedly matching
the --enable-remote/--disable-remote transmission option.

However, transmission as of version 2.33 packaged by this initial
commit, did not have a --enable-remote/--disable-remote option, and it
was apparently never part of transmission.

Therefore, this commit removes this useless option. Since the
transmission-remote tool is automatically built when the daemon is
enabled, the Config.in.legacy handling selects
BR2_PACKAGE_TRANSMISSION_DAEMON.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agopackage/transmission: fix inotify configure option
Bernd Kuhls [Wed, 2 May 2018 06:05:39 +0000 (08:05 +0200)]
package/transmission: fix inotify configure option

The configure option is really called --with-inotify:
https://github.com/transmission/transmission/blob/2.9x/configure.ac#L211

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agopackage/transmission: fix systemd support
Bernd Kuhls [Wed, 2 May 2018 06:05:38 +0000 (08:05 +0200)]
package/transmission: fix systemd support

Patch 0006-libsystemd.patch backports an upstream commit which renames
the systemd configure option.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agozmqpp: fix build with or1k and gcc < 6
Fabrice Fontaine [Sat, 5 May 2018 09:43:04 +0000 (11:43 +0200)]
zmqpp: fix build with or1k and gcc < 6

Use CONFIG variable to disable optimizations when or1k and gcc < 6 are
detected otherwise set CONFIG to release or debug depending on
BR2_ENABLE_DEBUG

Fixes:
 - http://autobuild.buildroot.net/results/523e58eefba7ef23a09ef53160da22190ccbb098

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibogg: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 10:21:11 +0000 (12:21 +0200)]
libogg: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoliboauth: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:57:29 +0000 (10:57 +0200)]
liboauth: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibnfnetlink: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:49:46 +0000 (10:49 +0200)]
libnfnetlink: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibnfc: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:44:52 +0000 (10:44 +0200)]
libnfc: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibnetfilter_log: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:41:35 +0000 (10:41 +0200)]
libnetfilter_log: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibnetfilter_cttimeout: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:40:46 +0000 (10:40 +0200)]
libnetfilter_cttimeout: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibnetfilter_cthelper: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:39:16 +0000 (10:39 +0200)]
libnetfilter_cthelper: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibmpd: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:37:35 +0000 (10:37 +0200)]
libmpd: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibmodplug: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:37:22 +0000 (10:37 +0200)]
libmodplug: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agolibmodbus: add hash for license file
Fabrice Fontaine [Sun, 20 May 2018 08:34:15 +0000 (10:34 +0200)]
libmodbus: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agombedtls: security bump to version 2.7.3
Fabrice Fontaine [Sun, 20 May 2018 08:11:01 +0000 (10:11 +0200)]
mbedtls: security bump to version 2.7.3

Extract from release announcement:

- (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
to a buffer overread during certificate validation. Additionally, the
issue could also lead to unnecessary callback checks being made or to
some validation checks to be omitted. The overread could be triggered
remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with
a non DER-compliant certificate. Found by luocm. Fixes #825.

- (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
ssl_parse_certificate_request() function which could lead to an
arbitrary overread of the message buffer. The overreads could be caused
by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug
data.

- (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
server's ciphersuite choice which could potentially lead to the client
accepting a ciphersuite it didn't offer or a ciphersuite that could not
be used with the TLS or DTLS version chosen by the server. This could
lead to corruption of internal data structures for some configurations.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agogst1-plugins-bad: update plugin licenses
Danomi Manchego [Mon, 14 May 2018 02:12:08 +0000 (22:12 -0400)]
gst1-plugins-bad: update plugin licenses

Update several of the licenses annotated in the gst1-plugins-bad.mk file.

1. Specify GPL-2.0 in license info.
* All of the *.[ch] that specify GPL also specify version 2 or later.

2. Remove GPL from audiovisualizers.
* Changlog notes move from GPL to LGPL. (2015-04-25)
* docs/plugins/inspect/plugin-audiovisualizers.xml claims "LGPL".
* All *.[ch] files under ./gst/audiovisualizers say "GNU Library General Public License".

3. Add GPL to yadif.
* Changelog notes that yadif is "GPL". (2013-02-07)
* docs/plugins/inspect/plugin-yadif.xml claims "GPL".
* All *.[ch] files under ./gst/yadif say "GNU General Public License" except for one "GNU Library General Public License".

4. Remove UNKNOWN from fdk_aac.
* docs/plugins/inspect/plugin-fdkaac.xml claims "LGPL".
* All *.[ch] files under ./ext/fdkaac say "GNU Lesser" or "GNU Library General Public License".

5. Add BSD-2c to dtls.
* docs/plugins/inspect/plugin-dtls.xml claims "BSD".
* All *.[ch] files under ./gst/dtls have BSD-2c text.

6. Add BSD-2c to openh264.
* Changelog notes that openh264 is "BSD-2". (2014-10-03)
* docs/plugins/inspect/plugin-openh264.xml claims "BSD".
* All *.[ch] files under ./ext/openh264 have BSD-2c text.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoDEVELOPERS: add myself for libnss
Joseph Kogut [Mon, 14 May 2018 23:52:56 +0000 (16:52 -0700)]
DEVELOPERS: add myself for libnss

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 years agoqt5wayland: fix hardwareintegration/client/xcomposite-egl compile
Peter Seiderer [Sat, 19 May 2018 05:39:12 +0000 (07:39 +0200)]
qt5wayland: fix hardwareintegration/client/xcomposite-egl compile

Add upstream patch, fixes [1]:

  ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp: In member function 'void QtWaylandClient::QWaylandXCompositeEGLWindow::createEglSurface()':
  ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:124:82: error: invalid conversion from 'Window {aka long unsigned int}' to 'EGLNativeWindowType {aka void*}' [-fpermissive]
       m_surface = eglCreateWindowSurface(m_glxIntegration->eglDisplay(), m_config, m_xWindow,0);
                                                                                    ^~~~~~~~~
  In file included from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglclientbufferintegration.h:57:0,
                   from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.h:46,
                   from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:40:
  .../host/arm-buildroot-linux-musleabihf/sysroot/usr/include/EGL/egl.h:265:31: note:   initializing argument 3 of 'void* eglCreateWindowSurface(EGLDisplay, EGLConfig, EGLNativeWindowType, const EGLint*)'
 EGLAPI EGLSurface EGLAPIENTRY eglCreateWindowSurface(EGLDisplay dpy, EGLConfig config,

[1] http://autobuild.buildroot.net/results/9bcc76ed9e23c0d525f20b4da7f3bb5efe3083d4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>