Vicente Olivert Riera [Mon, 9 Jan 2017 15:22:08 +0000 (15:22 +0000)]
lttng-babeltrace: bump version to 1.5.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 9 Jan 2017 14:32:20 +0000 (11:32 -0300)]
gnutls: security bump to version 3.5.8
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.
libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).
libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.
Fixes:
GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 9 Jan 2017 14:34:40 +0000 (14:34 +0000)]
imagemagick: bump version to 7.0.4-3 (security)
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
http://git.imagemagick.org/repos/ImageMagick/commit/
fde5f55af94f189f16958535a9c22b439d71ac93
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vicente Olivert Riera [Mon, 9 Jan 2017 13:39:37 +0000 (13:39 +0000)]
cjson: bump version to v1.2.0
Also remove the patch since it's already contained in this release.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 9 Jan 2017 12:36:01 +0000 (09:36 -0300)]
sqlite: bump to version 3.16.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 27 Dec 2016 10:44:56 +0000 (11:44 +0100)]
package/libvpx: disable on blackfin
Fixes
http://autobuild.buildroot.net/results/533/
533810941afbdd71cdd3eaeeb654ec3728daade0/
Triggers toolchain issue:
/tmp/ccpKbTiO.s: Assembler messages:
/tmp/ccpKbTiO.s:3800: Error: pcrel too far BFD_RELOC_BFIN_5
[Peter: extend commit message]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 9 Jan 2017 12:46:51 +0000 (13:46 +0100)]
nmon: not available on uclibc/musl
Fixes:
http://autobuild.buildroot.net/results/70c/
70ce1aa234e321884469d04282f80750bcf9abc8/
nmon uses fstab.h which is only provided by glibc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 9 Jan 2017 10:56:54 +0000 (11:56 +0100)]
mysql: propagate common dependencies to toplevel config
Commit
3d707d2b (mysql: rename package to oracle-mysql, make a virtual
package) introduced a user selectable virtual BR2_PACKAGE_MYSQL package, but
didn't propagate the (common) dependencies of the two variants to it, so the
virtual package can now be selected even though neither of the variants are
available.
As several packages enable mysql support when BR2_PACKAGE_MYSQL is selected,
this causes a number of autobuilder issues:
http://autobuild.buildroot.net/results/7fe/
7fe0d0a3e7ed0430852dc42b718dd037557207e8/
http://autobuild.buildroot.net/results/cc4/
cc4c2d936f3e1ba6c0a9782b2218de54a4ff75d2/
Fix it by propagating the common dependencies of the two variants to the
virtual package to ensure it cannot be enabled unless at least one of them
are available.
Also move the toolchain comment outside the conditional so it is visible
when mysql isn't available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Sun, 8 Jan 2017 12:18:25 +0000 (10:18 -0200)]
gst1-plugins-bad: Add kmssink support
Add support for the KMS video sink element. From the Gstreamer 1.10
release notes:
"New element kmssink to render video using Direct Rendering Manager (DRM)
and Kernel Mode Setting (KMS) subsystems in the Linux kernel. It is oriented
to be used mostly in embedded systems."
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 9 Jan 2017 10:58:47 +0000 (07:58 -0300)]
memcached: bump to version 1.4.34
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 9 Jan 2017 10:29:10 +0000 (07:29 -0300)]
linux: bump default to version 4.9.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 9 Jan 2017 10:29:09 +0000 (07:29 -0300)]
linux-headers: bump 4.{4, 8, 9}.x series
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 8 Jan 2017 22:42:45 +0000 (23:42 +0100)]
nodejs: bump to version 6.9.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 9 Jan 2017 08:54:01 +0000 (09:54 +0100)]
qextserialport: really disable target (and not staging) install for static builds
Commit
f09b33a0a (qextserialport: fix static build) adjusted the logic for
static builds, but the change contained a typo - It disabled
_INSTALL_STAGING for static builds, not _INSTALL_TARGET.
The autobuilders didn't detect this as nothing links against qextserialport
(so the missing staging install didn't cause issues) and the target install
command was only defined for !static.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 7 Jan 2017 08:12:17 +0000 (09:12 +0100)]
pkg-perl: set PERL_USE_UNSAFE_INC
Recent perls are built with the `default_inc_excludes_dot` option.
As many CPAN modules rely on '.' in @INC, the toolchain
must set `PERL_USE_UNSAFE_INC`.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sun, 8 Jan 2017 22:20:10 +0000 (23:20 +0100)]
DEVELOPERS: Add entry for upower
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 8 Jan 2017 22:42:44 +0000 (23:42 +0100)]
nodejs: re-add 6.x patches
Commit
3fd9c062e (nodejs: bump to version 6.9.2) bumped the 6.x version but
forgot to rename the patch directory, so the patches were no longer used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Waldemar Brodkorb [Thu, 29 Dec 2016 16:21:40 +0000 (17:21 +0100)]
uclibc: add locale/iconv related bugfixes
- do not remove iconv.h when UCLIBC_HAS_LOCALE enabled
- select UCLIBC_HAS_LIBICONV when UCLIBC_HAS_LOCALE enabled
Fixes:
http://autobuild.buildroot.net/?reason=libglib2-2.50.2&step=250
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Sverzut Barbieri [Fri, 30 Dec 2016 14:51:04 +0000 (12:51 -0200)]
efl: optional 'upower' ecore system module.
Ecore will reach 'upower' using D-Bus system bus in order to detect if
the system state changes and let applications know about the power
state such as low battery or AC power in order to optimize their power
consumption.
For host this is not needed and would not work, since output/host DBus
declares its own output/host/var/run/dbus/system_bus_socket, which has
no dbus-daemon and thus no services in it.
For target it's optional and only installed if BR2_PACKAGE_UPOWER=y,
otherwise it prints error messages about missing upower service.
Signed-off-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Thu, 29 Dec 2016 20:29:07 +0000 (21:29 +0100)]
package/upower: new package
Backport an upstream patch.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sat, 31 Dec 2016 16:30:37 +0000 (17:30 +0100)]
package/x11r7/xserver_xorg-server: AIGLX Extension removed in 1.19.0
https://cgit.freedesktop.org/xorg/xserver/commit/?id=
501d8e2beb337e072c93c9310fcd927a099b9c3b
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David Bachelart [Tue, 3 Jan 2017 08:35:28 +0000 (09:35 +0100)]
python-arrow: new package
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David Bachelart [Tue, 3 Jan 2017 08:26:46 +0000 (09:26 +0100)]
python-chardet: new package
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David Bachelart [Mon, 2 Jan 2017 15:45:26 +0000 (16:45 +0100)]
python-whoosh: new package
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David Bachelart [Mon, 2 Jan 2017 15:45:23 +0000 (16:45 +0100)]
nmon: new package
[Peter: add _LICENSE_FILES, pass TARGET_CFLAGS/LDFLAGS, indent]
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 8 Jan 2017 08:24:50 +0000 (09:24 +0100)]
bash: add upstream fixes to patch level 5
We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David Bachelart [Mon, 2 Jan 2017 15:45:22 +0000 (16:45 +0100)]
ifenslave: new package
[Peter: handle busybox applet interaction, add comment explaining no build
needed]
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 7 Jan 2017 23:11:26 +0000 (00:11 +0100)]
libmad: disable ASO support for thumb-only ARM cores
Fixes:
http://autobuild.buildroot.net/results/8d4/
8d4ea8613487297f2c33f3b9cbd8903cfb96e4c6/
The ARM specific optimizations enabled by LIBMAD_ASO needs classic ARM
instructions support, so disable for thumb-only cores.
[Peter: don't drop default y as pointed out by Baruch Siach]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Waldemar Brodkorb [Wed, 28 Dec 2016 17:29:01 +0000 (18:29 +0100)]
uclibc: add kernel module syscall wrappers
Revert the decision to remove the wrappers, but remove the extra
Config symbol and add it by default. Required for kmod package.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 6 Jan 2017 14:28:47 +0000 (11:28 -0300)]
libpng: bump to version 1.6.28
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 6 Jan 2017 14:28:32 +0000 (11:28 -0300)]
harfbuzz: bump to version 1.4.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 6 Jan 2017 12:52:40 +0000 (13:52 +0100)]
libvncserver: security bump to version 0.9.11
Security related fixes:
- Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9941)
- Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
before 0.9.11 (CVE-2016-9942)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 6 Jan 2017 11:10:30 +0000 (12:10 +0100)]
irssi: security bump to 0.8.21
Bugfixes:
- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
found by Joseph Bisch (GL#1)
- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
#466)
- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
codes found by Joseph Bisch (GL#2)
- CVE-2017-5196: Correct an out of bounds read in certain incomplete
character sequences found by Hanno Böck and independently by J. Bisch
(GL#3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 6 Jan 2017 12:59:02 +0000 (09:59 -0300)]
linux: bump default to version 4.9.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 6 Jan 2017 12:59:01 +0000 (09:59 -0300)]
linux-headers: bump 4.{4, 8, 9}.x series
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 6 Jan 2017 12:46:10 +0000 (09:46 -0300)]
libnice: bump to version 0.1.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yegor Yefremov [Fri, 30 Dec 2016 07:52:19 +0000 (08:52 +0100)]
python-pudb: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Thu, 5 Jan 2017 15:10:17 +0000 (12:10 -0300)]
harfbuzz: bump to version 1.4.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jerzy Grzegorek [Fri, 6 Jan 2017 10:05:23 +0000 (11:05 +0100)]
package/perl: change tarball compression to xz
Also update hash file.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 5 Jan 2017 21:09:31 +0000 (23:09 +0200)]
mpd: needs toolchain with C++14 support
Fixes:
http://autobuild.buildroot.net/results/3fe/
3fe440c0b9d05acb44553a8f02f688570e06bca9/
http://autobuild.buildroot.net/results/9b9/
9b9659ba30afde49912276fe7f9c282953a352ab/
http://autobuild.buildroot.net/results/208/
208bb987f52b8ba65e3c6fc9b6e917dbd44c0fbd/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 5 Jan 2017 19:47:46 +0000 (20:47 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 13.0.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Thu, 5 Jan 2017 18:45:05 +0000 (15:45 -0300)]
heimdal: bump to version 7.1.0
Drop upstream patches and related autoreconf.
Re-enable parallel builds to check against the autobuilders.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcus Hoffmann [Thu, 5 Jan 2017 19:27:09 +0000 (20:27 +0100)]
docs: Add bc to required tools
We check for bc under required packages. It should be listed as such in the
docs.
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Thu, 5 Jan 2017 13:33:11 +0000 (10:33 -0300)]
libgtk3: bump to version 3.22.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Thu, 5 Jan 2017 13:32:59 +0000 (10:32 -0300)]
gdk-pixbuf: bump to version 2.36.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Wed, 4 Jan 2017 20:17:24 +0000 (17:17 -0300)]
samba4: bump to version 4.4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Wed, 4 Jan 2017 17:28:48 +0000 (14:28 -0300)]
sqlite: bump to version 3.16.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Wed, 4 Jan 2017 15:47:23 +0000 (16:47 +0100)]
package/mpd: bump version to 0.20
Drop patch #0002 which was already fixed upstream long time ago in
commit
276a0d9500b8efc879e4f0c23e9d0e361849e295 using a slightly
different approach.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sun, 1 Jan 2017 12:34:08 +0000 (14:34 +0200)]
firmware-imx: remove Makefile from target
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sun, 1 Jan 2017 10:07:53 +0000 (12:07 +0200)]
alsa-utils: disable manpages generation from reStructured text
The alsaucm man page rst source file is missing in the tarball. When rst2man
is detected on the host, build fails:
make[2]: *** No rule to make target 'alsaucm.1', needed by 'all-am'. Stop.
Upstream added[1] the missing file to the tarball to fix this issue. But since
we don't need the manpage to begin with, just disable rst2man to shorten build
time by a few milliseconds.
[1] http://git.alsa-project.org/?p=alsa-utils.git;a=commitdiff;h=
c6bdde171e1532f7b37333a5a746b6e662f12c53
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 1 Jan 2017 09:00:56 +0000 (10:00 +0100)]
package/nut: bump version
Update our patches:
- drop patch 1, replaced by an upstream equivalent; adapt config
options and env accordingly,
- drop patch 2, applied upstream,
- rename patch 3
gdlib-config and net-snmp-config are only used when said support is
enabled (resp. CGI and SNMP), so no need to pass them unconditionally.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 3 Jan 2017 16:01:18 +0000 (17:01 +0100)]
perl-cross: bump to version 1.1.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 3 Jan 2017 16:01:17 +0000 (17:01 +0100)]
perl: bump to version 5.24.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 4 Jan 2017 15:27:34 +0000 (16:27 +0100)]
clamav: fix configure breakage after zlib 1.2.10 version bump
Fixes:
http://autobuild.buildroot.net/results/b6b/
b6ba2dfb42ee41ed0b8304aa8c78645245f3b341/
http://autobuild.buildroot.net/results/eef/
eef9a2dda2c172cd600dc74c1e5e60476d92280d/
http://autobuild.buildroot.net/results/827/
82798118795aa6334b4dd6eac06777682131da7f/
The clamav configure script by default checks for old zlib versions with
known vulnerabilities and errors out if found:
configure: error: The installed zlib version may contain a security bug.
Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this
check with --disable-zlib-vcheck but DO NOT REPORT any stability issues
then!
The check is unfortunately not very robust as it simply checks for a version
string matching '1.2.1' (which 1.2.10 does):
vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`
As a workaround, pass --disable-zlib-vcheck to skip this check.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Wed, 4 Jan 2017 14:10:01 +0000 (11:10 -0300)]
ca-certificates: bump to version
20161130
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 3 Jan 2017 14:42:52 +0000 (15:42 +0100)]
gd: security bump to version 2.2.3
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 3 Jan 2017 14:29:50 +0000 (15:29 +0100)]
libopenh264: bump to version 1.6.0
Contains a number of bugfixes, some of which may be security related:
http://www.openwall.com/lists/oss-security/2017/01/02/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Tue, 3 Jan 2017 19:52:17 +0000 (16:52 -0300)]
granite: bump to version 0.4.0.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 3 Jan 2017 17:44:45 +0000 (18:44 +0100)]
package/zlib: bump version to 1.2.10
Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Tue, 3 Jan 2017 16:39:21 +0000 (13:39 -0300)]
mpv: bump to version 0.23.0
enca and libguess options have been dropped so adjust accordingly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Tue, 3 Jan 2017 16:33:14 +0000 (13:33 -0300)]
flac: bump to version 1.3.2
And delete upstream patches.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 28 Dec 2016 22:18:06 +0000 (23:18 +0100)]
collectd: fix riemann write plugin dependencies
Fixes:
http://autobuild.buildroot.org/results/fe5/
fe5b5ed6355a794e84894c4aaf62eda6529ed184/
http://autobuild.buildroot.org/results/6c3/
6c393cffb6ad4e676e311e9fc23ddbb2bcc2cf36/
The plugin uses the riemann-c-client library since commit
d55584214206
(write_riemann: Use riemann-c-client), so adjust the dependencies to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 28 Dec 2016 22:18:05 +0000 (23:18 +0100)]
riemann-c-client: new package
Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Tue, 3 Jan 2017 12:30:16 +0000 (10:30 -0200)]
configs/mx53loco: Bump kernel and U-Boot versions
Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 16:00:51 +0000 (13:00 -0300)]
m4: bump to version 1.4.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 16:07:09 +0000 (13:07 -0300)]
musl: security bump to version 1.1.16
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.
Drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 16:02:26 +0000 (13:02 -0300)]
xz: bump to version 5.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 19:20:16 +0000 (16:20 -0300)]
freetype: bump to version 2.7.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 20:31:57 +0000 (17:31 -0300)]
sqlite: bump to version 3.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 14:42:58 +0000 (11:42 -0300)]
weston: fix DEPENDENCIES typo
Fixes a build failure with the PPS patchset since libva isn't populated.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Mon, 2 Jan 2017 16:11:01 +0000 (13:11 -0300)]
mpv: fix DEPENDENCIES typo
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eric Le Bihan [Fri, 30 Dec 2016 21:55:10 +0000 (22:55 +0100)]
skalibs: make ld use dummy file when configuring
For some architectures, like Xtensa or HPPA, ld from binutils requires
the output file to be a regular file, as mentioned in a bug report on
the mailing list [1].
So, use a dummy file as output file for ld, instead of /dev/null, when
trying to detect some libraries at configuration time.
Fixes http://autobuild.buildroot.net/results/288/
288fc31cd10ffe3cd93371c7be37d79452a91768/
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19526
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabio Estevam [Sat, 31 Dec 2016 19:00:39 +0000 (17:00 -0200)]
udoo: mx6qdl: Use the preferred form for disabling a symbol
Even though 'CONFIG_USB=n' does the job, let's switch to the more
standard way for disabling a Kconfig symbol.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Romain Naour [Sat, 31 Dec 2016 15:33:28 +0000 (16:33 +0100)]
package/intltool: remove target variant
The target variant depends on BR2_HOST_ONLY which is just like BROKEN
(i.e not defined anywere). BR2_HOST_ONLY was introduced by [1] back in
2010 and nobody seems to need it. So remove intltool for the target.
[1]
0b876d39776fdec69762b988216e5ed64dbe6ba8
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sat, 31 Dec 2016 16:54:39 +0000 (17:54 +0100)]
package/systemd-bootchart: bump version
Get rid of our patch, applied upstream. Which means we no longer need to
run intltoolize. So drop the dependency on host-intltool
Fixes:
http://autobuild.buildroot.net/results/696/
696254009f830134ef9398369ca2cbb257b33f52/
http://autobuild.buildroot.org/results/aca/
aca210de7d3f2eda54e5630206e9ff80d72d85c5/
http://autobuild.buildroot.org/results/e5d/
e5df8d11bfce4ba7a4c5c760b4784c31c506d8d4/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fabio Estevam [Fri, 30 Dec 2016 22:17:16 +0000 (20:17 -0200)]
configs/warpboard: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Fri, 30 Dec 2016 22:17:15 +0000 (20:17 -0200)]
configs/warpboard: Bump kernel and U-Boot versions
Bump kernel to version 4.9 and U-Boot to 2016.11.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Thu, 29 Dec 2016 20:23:40 +0000 (21:23 +0100)]
package/busybox: add patch to fix dependency for IFUPDOWN_UDHCPC_CMD_OPTIONS
Upstream commit
a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and
ifdown individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.
Add a patch which fixes the dependency by checking for IFUP or IFDOWN,
instead of the obsolete IFUPDOWN.
Upstream status: Pending
http://lists.busybox.net/pipermail/busybox/2016-December/085034.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Thu, 29 Dec 2016 20:23:39 +0000 (21:23 +0100)]
package/busybox: update minimal configuration file
Commit
44a563dbc04ec8e51c5262201cd1745617055b78 bumps busybox to version
1.26.0, but does not update the minimal configuration file. There is at
least one issue using the old configuration with the newer busybox:
* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0
Update the minimal configuration file by loading the busybox.config file
and saving it back.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Thu, 29 Dec 2016 20:23:38 +0000 (21:23 +0100)]
package/busybox: update configuration file
Commit
44a563dbc04ec8e51c5262201cd1745617055b78 bumps busybox to version
1.26.0, but does not update the configuration file. There is at least
one issue using the old configuration with the newer busybox:
* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0
Update the configuration file by loading the busybox.config file and
saving it back.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 29 Dec 2016 19:16:56 +0000 (21:16 +0200)]
wireshark: fix build with musl
Add a patch adding missing sys/time.h header.
Fixes:
http://autobuild.buildroot.net/results/cd8/
cd883b40503a6f4d3035e09a383db2d5a21162ad/
http://autobuild.buildroot.net/results/1ae/
1ae34debe7e95eab33a895ecdf04c0ddf96cf4ab/
http://autobuild.buildroot.net/results/4af/
4afe968e698f62c6bdbec35e53d35c361c5e852b/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 29 Dec 2016 00:57:19 +0000 (22:57 -0200)]
configs/warp7: Add floating point support
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 29 Dec 2016 12:43:35 +0000 (10:43 -0200)]
configs/imx6ulpico: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 29 Dec 2016 12:43:34 +0000 (10:43 -0200)]
configs/imx6ulpico: Select floating point
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Thu, 29 Dec 2016 12:43:33 +0000 (10:43 -0200)]
configs/imx6ulpico: Bump to U-Boot 2016.11
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Sverzut Barbieri [Fri, 30 Dec 2016 15:32:38 +0000 (13:32 -0200)]
eudev: fix build with <2.6.34 kernels
Add missing defines so eudev builds for older kernels, not having
BTN_TRIGGER_HAPPY (2.6.34) or INPUT_PROP_MAX (2.6.38).
Patch submitted upstream: https://github.com/gentoo/eudev/pull/139
[Peter: clarify versions]
Signed-off-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 30 Dec 2016 13:28:43 +0000 (10:28 -0300)]
libpng: security bump to version 1.6.27
Fixes a NULL pointer dereference bug in png_set_text_2()
CVE not assigned yet.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 30 Dec 2016 13:28:20 +0000 (10:28 -0300)]
libgcrypt: bump to version 1.7.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gustavo Zacarias [Fri, 30 Dec 2016 13:27:24 +0000 (10:27 -0300)]
whois: bump to version 5.2.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 29 Dec 2016 21:24:06 +0000 (22:24 +0100)]
Update for 2016.11.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 29 Dec 2016 20:41:23 +0000 (21:41 +0100)]
CHANGES: update for 2016.11.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
bf8fdcc2fa06c18cf4c4381a1d80f4b89699ec82)
Peter Korsgaard [Wed, 28 Dec 2016 23:01:54 +0000 (00:01 +0100)]
cryptopp: fixup DOS newlines in CVE-2016-9939 patch
The patch did contain the correct newlines, but they got stripped by
patchwork so now the patch no longer applies.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Danomi Manchego [Sat, 24 Dec 2016 01:50:55 +0000 (20:50 -0500)]
luarocks: fix target-finalize hook processing
The LUAROCKS_TARGET_FINALIZE_HOOKS is not running, so detritus is being left
in /usr/lib/luarocks. This is because host-luarocks is built by being a
dependency in the luarocks package infrastructure, not by being selected by
kconfig symbol. This means that the $(PKG)_KCONFIG_VAR in pkg-generic.mk is
not met, and (HOST_)LUAROCKS_TARGET_FINALIZE_HOOKS is not added to the
global TARGET_FINALIZE_HOOKS.
This mod fixes this issue by adding the host-luarocks hook directly
to TARGET_FINALIZE_HOOKS when either lua or luajit is enabled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Danomi Manchego [Sat, 24 Dec 2016 01:35:16 +0000 (20:35 -0500)]
luafilesystem: add license file
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Wed, 28 Dec 2016 20:32:14 +0000 (18:32 -0200)]
configs/warp7: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Wed, 28 Dec 2016 19:48:06 +0000 (17:48 -0200)]
configs/warp7: Bump to mainline kernel 4.9
Use mainline 4.9 instead of a custom kernel based on NXP 4.1.
As mx7 boots in non-secure mode in mainline kernel, change the
U-Boot target to "warp7".
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Wed, 28 Dec 2016 17:42:29 +0000 (15:42 -0200)]
DEVELOPERS: Add entry for udoo_neo and wandboard
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Dec 2016 22:28:18 +0000 (23:28 +0100)]
libsigrokdecode: bump to version 0.4.1
For details, see:
https://www.sigrok.org/blog/libsigrokdecode-041-released
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 27 Dec 2016 22:07:21 +0000 (23:07 +0100)]
cryptopp: add upstream security fix for CVE-2016-9939
Fixes security issue (DoS) in Crypto++ ASN1 decoder:
https://github.com/weidai11/cryptopp/issues/346
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 27 Dec 2016 17:42:03 +0000 (19:42 +0200)]
fs/tar: make --no-recursion effective
The tar --no-recursion option is position sensitive. It only affects following
file listing options. Move --no-recursion before the -T option to make it
effective. This fixes duplication of entries in the generated rootfs.tar
archive.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>