Commit Graph

30413 Commits

Author SHA1 Message Date
Romain Naour
f5abda5080 package/elementary: bump to 1.17.1
There is no elementary 1.17.2 release since there was no patch to
backport from upstream.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 21:31:07 +02:00
Romain Naour
f23479f4cb package/efl: bump to 1.17.2
Update the untested configuration warning option.

Disable efl build for host/target gcc older than 4.7 (oldest tested version).
http://lists.busybox.net/pipermail/buildroot/2016-June/163606.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 21:30:40 +02:00
Romain Naour
92f7591eca package/efl: switch to luajit support
In efl 1.15.x, Lua "old" support is broken with Lua 5.2+ [1].

With the patch added in efl 1.16 to fixes this issue, libevas fail to link with
the following error:

CCLD bin/ecore_evas/ecore_evas_convert
host-efl-1.16.1/src/lib/evas/.libs/libevas.so: undefined reference to `luaL_openlib'
collect2: error: ld returned 1 exit status
Makefile:19021: recipe for target 'bin/ecore_evas/ecore_evas_convert' failed

Since 9ba8d1cce4, the luajit support can be
enabled in efl package.
In order to update the efl stack to 1.17, switch to luajit support and remove
Lua "old" support since it's not fixed upstream yet. But the drawback is the
efl stack depends implicitely on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS.

[1] https://phab.enlightenment.org/T2728

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 21:27:37 +02:00
Akihiko Odaki
07006d4408 python-sip: bump to version 4.18
Signed-off-by: Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 14:58:58 +02:00
Bernd Kuhls
a342452641 package/php: security bump version to 7.0.8
Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8

Fixes CVE-2015-8874 http://bugs.php.net/66387
Fixes CVE-2016-5766 http://bugs.php.net/72339
Fixes CVE-2016-5767 http://bugs.php.net/72446
Fixes CVE-2016-5768 http://bugs.php.net/72402
Fixes CVE-2016-5769 http://bugs.php.net/72455
Fixes CVE-2016-5772 http://bugs.php.net/72340
Fixes CVE-2016-5773 http://bugs.php.net/72434

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 14:58:07 +02:00
Bernd Kuhls
dcfbff46ab package/x11r7/libxcb: force the use of python2
libxcb in its current state is not python3-compatible:
https://bugs.freedesktop.org/show_bug.cgi?id=96395

Fixes
http://autobuild.buildroot.net/results/c74/c74fa243bf319472dca66982323df6c2a983642b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 14:57:48 +02:00
Waldemar Brodkorb
ffa4078699 bluez_utils: disable PIE for m68k
PIE for m68k seems broken even for non-static case.
Fixes following kind of autobuild failures:
http://autobuild.buildroot.net/results/5bb524a58575d57de1006ffa70be17ca713e7730/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:46:02 +02:00
Frank Hunleth
6ae48ae3af fs/tar: support passing long options to tar
Move TAR_OPTS so that long options (or any option with an initial '-')
may be passed to tar. Since TAR_OPTS is at the front of the list, single
letter options still work.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:42:44 +02:00
Peter Seiderer
9a55b99665 qt5: bump version to 5.6.1-1
Removed obsolete patches:

  - qt5base/0001-Disable-c-standard-compiler-flags-for-the-host-build.patch (upstream committed [1])
  - qt5/qt5base/0007-build-with-explicitlib-after-all.patch (upstream committed [2])
  - qt5tools/0001-Disable-qdoc-needs-qtdeclarative.patch (fixed upstream by [3])
  - qt5webkit/0004-Fix-linking-with-libpthread.patch (upstream committed [4])

[1] http://code.qt.io/cgit/qt/qtbase.git/commit/?id=e69e69519661954716d59bfa5bbd0626515cfda9
[2] http://code.qt.io/cgit/qt/qtbase.git/commit/?id=523c7e3fd55c853dd424d57f28e225d57439cf89
[3] http://code.qt.io/cgit/qt/qttools.git/commit/?id=2b262fad86ef38a5fa692b4c73e6ec26a5d45a5f
[4] http://code.qt.io/cgit/qt/qtwebkit.git/commit/?id=5f359baacdf92fabcece83f0a2b30f74c7c02a3c

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:37:33 +02:00
Yegor Yefremov
c6ba80ccae libsoc: add Python bindings support
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: add --disable-python, use 'else ifeq'.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:35:44 +02:00
Thomas Petazzoni
1edf9fc194 efivar: fix build with old gcc versions
The efivar build process starts by building one tool for the host,
which is needed for the rest of the build. This tool currently fails
to build with old gcc versions because the gcc.specs used by efivar
specifies -std=gnu11. To address this, this patch:

 - passes 'gcc_flags=' to the host build, so that the custom gcc specs
   are not passed. They are in practice not needed for the build of
   the simple makeguids host utility.

 - passes -std=gnu99 instead of -std=c99 in the build of host
   makeguids, because the source code uses anonymous structs and
   unions, which requires std=gnu99 and not just std=c99

In addition, the build by default assumes that the target toolchain is
LTO capable, and that therefore you can call gcc-ar, gcc-nm and
gcc-ranlib. This fails short when the target toolchain is for example
gcc 4.7. To address this, we explicitly specify AR, NM and RANLIB to
be used, but pass them as make options instead of in the environment,
in order to override the values specified in the package Makefile.

Fixes:

   http://autobuild.buildroot.net/results/fe40c1d139ba8ddeef3dafd5c1818a946f014d7c/

Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:29:49 +02:00
Bernd Kuhls
3af337aea7 package/libva-intel-driver: bump version to 1.7.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:29:27 +02:00
Bernd Kuhls
c7f8161a35 package/libva: bump version to 1.7.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:29:19 +02:00
Bernd Kuhls
a6e1c90ef4 package/linux-headers: bump 3.{18, 14}.x and 4.{1, 4, 6}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:28:05 +02:00
Marcin Nowakowski
5baa92b092 gst1-plugins-bad: cleanup of build options
Remove non-existing options:
 * --disable-wsap
 * --disable-direct3d
 * --disable-gsettings

Remove options that are already handled later in the .mk file, using
optional dependencies:
 * --disable-rtmp
 * --disable-hls
 * --disable-dash

Rename disable->strp to disable-srtp, which essentially fixes a typo.

Remove liveadder plugin - no longer a separate built option, it's been
merged into audiomixer. Config.in.legacy handling is added for the
removed option.

Signed-off-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
[Thomas: add Config.in.legacy handling for the liveaddr plugin option,
tweaks to the commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-25 15:26:07 +02:00
Thomas Petazzoni
db35305a99 gtest: fix typo in .pc file installation
Fixes:

  http://autobuild.buildroot.net/results/08e/08e1eb10f63f07378237ba72953d7201ea0786ab/build-end.log

Reported-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 22:56:19 +02:00
Yann E. MORIN
bf7b73ac46 package/qt5base: add optional dependency on udev
Qt5 can optionally enable udev support, especially to enumerate input
devices dynamically. Without udev, devices are not properly enumerated,
and any device that is not present at launch time is never seen (there
is no support for hotplug, that is).

Currently, Qt5base has no explicit dependency on udev, so it will all
depend on the build order. Sometimes, a package that requires udev will
be built before qt5base and Qt5 will have support for udev, sometime no
such package is built before qt5base and Qt5 will not have support for
udev.

Add an explicit dependency on udev, but only if it is enabled.

Note: this only really requires libudev, but we do not yet have a
separate libudev; we still only have a udev provider (be it eudev or
systemd).

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Cedric Chedaleux <cedric.chedaleux@orange.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: drop comment, as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 18:02:01 +02:00
Yann E. MORIN
e9c4497c92 package/gtest: add and install a .pc file
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Cedric Chedaleux <cedric.chedaleux@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 18:00:01 +02:00
Yann E. MORIN
4dd576b563 package/gmock: install .pc file
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Cedric Chedaleux <cedric.chedaleux@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:58:46 +02:00
Vicente Olivert Riera
bac3f17470 nano: bump version to 2.6.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:12:56 +02:00
Vicente Olivert Riera
1d397b4245 nano: switch to official site
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:12:50 +02:00
Vicente Olivert Riera
cf5e7bc63b imagemagick: bump version to 7.0.2-1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:12:25 +02:00
Yann E. MORIN
eace9d6133 core/legal-info: ensure legal-info works in off-line mode
Almost all packages which are saved for legal-info have their source
archives downloaded as part of 'make source', which makes an off-line
build completely possible [0].

However, for the pre-configured external toolchains, the source tarball
is different, as the main tarball is a binary package. And that source
tarball is only downloaded during the legal-info phase, which makes it
inconvenient for full off-line builds.

We fix that by adding a new rule, $(1)-legal-source which only
$(1)-all-source depends on, so that we only download it for a top-level
'make source', not as part of the standard download mechanism (i.e. only
what is really needed to build).

This new rule depends, like the normal download mechanism, on a stamp
file, so that we do not emit a spurious hash-check message on successive
runs of 'make source'.

This way, we can do a complete [0] off-line build and are still able to
generate legal-info, while at the same time we do not incur any download
overhead during a simple build.

Also, we previously downloaded the _ACTUAL_SOURCE_TARBALL when it was
not empty. However, since _ACTUAL_SOURCE_TARBALL defaults to the value
of _SOURCE, it can not be empty when _SOURCE is not. Thus, we'd get a
spurious report of a missing hash for the tarball, since it was not in
a standard package rule (configure, build, install..) and thus would
miss the PKG and PKGDIR variables to find the .hash file.

We fix that in this commit as well, by:

  - setting PKG and PKGDIR just for the -legal-source rule;

  - only downloading _ACTUAL_SOURCE_TARBALL if it is not empty *and* not
    the same as _SOURCE (to avoid a second report about the hash).

[0] Save for nodejs which invarriably wants to download stuff at build
time. Sigh... :-( Fixing that is work for another time...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:09:38 +02:00
Yann E. MORIN
2474868057 core/pkg-generic: reorder variables definitions for legal-info
Move the declarations of _ACTUAL_SOURCE and _ACTUAL_SITE earlier, so
that they are close to where _SOURCE and _SITE are handled.

This looks so far like a purely cosmetic change, but makes more sense
with the follow-up patch, where we'll need them earlier in the file.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 17:09:32 +02:00
Yann E. MORIN
7bfce06a4c core/legal-info: generate a hash of all saved files
Having a hash of the saved files can be interesting for the recipient to
verify the integrity of the files.

We remove the warning file earlier, to exclude it from the hash
list.

We generate the hash list in a temporary file that will not be matched
by the "find" expression, and once the file is generated, we remain it
to its final name.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: adjust indentation, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 16:56:50 +02:00
Luca Ceresoli
d271f89b08 legal-info: explicitly state how patches are licensed
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr: slightly tweak after Arnout's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 16:23:14 +02:00
Yann E. MORIN
1686c58e63 core/legal-info: also save extra downloads
Some packages, like perl, download extra files that end up as part of
the source that Buildroot builds. Up until now, those files were not
saved in the legal-info output.

Add those files to the legal-info output.

The unfortunate side-effect is that we will also save the secondary
archive for the external blackfin toolchains; however, we already do
save the binary release of some external toolchains when they do not
provide actual source archives.

This is inherently bad, as those are not source archives, but solving
this is a bigger concern, for another series...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 16:22:36 +02:00
Yann E. MORIN
1273636fc6 core/legal-info: also save patches
Currently, the legal-info infra only saves the source archive of a
package. However, that's not enough as we may apply some patches on
packages sources.

We do suggest users to also redistribute the Buildroot sources as part
of their compliance distribution, so the patches bundled in Buildroot
would indeed be included in the compliance distribution.

However, that's still not enough, since we may download some patches, or
the user may use a global patch directory. Patches in there might not
end up in the compliance distribution, and there are risks of
non-conformity.

So, always include patches alongside the source archive.

To ensure reproducibility, we also generate a series file, so patches
can be re-applied in the correct order.

We get the list of patches to include from the list of patches that were
applied by the package infrastructure (via the apply-patches support
script). So, we need to get packages properly extracted and patched
before we can save their legal-info, not just in the case they define
_LICENSE_FILES.

Update the legal-info header accordingly.

Note: this means that, when a package is not patched and defines no
LICENSE_FILES, we will extract and patch it for nothing. There is no
easy way to know whether we have to patch a package or not. We can only
either duplicate the logic to detect patches (bad) or rely on the infra
actually patching the package. Also, a vast majority of packages are
either patched, or define _LICENSE_FILES, so it is best and easiest to
always extract and patch them prior to legal-info.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 16:18:16 +02:00
Yann E. MORIN
1924159814 support/apply-patches: bail-out on duplicate patch basenames
Patches we save can come from various locations:
  - bundled with Buildroot
  - downloaded
  - from one or more global-patch-dir

It is possible that two patches lying into different locations have the
same basename, like so (first is bundled, second is from an hypothetical
global-patch-dir):
    package/foo/0001-fix-Makefile.patch
    /path/to/my/patches/foo/0001-fix-Makefile.patch

In that case, when running legal-info, we'd save only the second patch,
overwriting the first. That would be problematic, because:

  - either the second patch depends on the first, and thus would no longer
    apply (this is easy to detect, though),

  - or the second patch does not depend on the first, and the compliance
    delivery will not be complete (this is much harder to detect).

We fix that by checking that no two patches have the same same basename.
If we find that the basename of the patch to be applied collides with
that of a previously applied patch, we error out and report the duplicate.

The unfortunate side-effect is that existing setups will now break in
that situation, but that's a minor, corner-case issue that is easily
fixed.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: adjust coding style, fix minor typos in the commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 16:04:24 +02:00
Yann E. MORIN
a3165461bb core/apply-patches: store full path of applied patches
Currently, we only store the filename of the applied patches.

However, we are soon to want to install those patches in the legal-info
directory, so we'll have to know where those patches come from.

Instead of duplicating the logic to find the patches (bundled,
downloaded, from a global patch dir...), just store the full path to
each of those patches so we can retrieve them more easily later on.

Also always create the list-file, even if empty, so that we need not
test for its existence before reading it.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
[Tested only with patches in the Buildroot sources]
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: used $PWD instead of $(pwd), as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 15:58:38 +02:00
Yann E. MORIN
4ebd6ffbd6 core/legal-info: add package version to license directory
Now that we save the source archives in a directory named after the
package and its version, do the same for the license files, for
consistency.

It has a not-so-bad side-effect of also saving the version string in
the all-licenses list.

The only (small) side-effect, is that the warnings about undefined
_LICENSE_FILES now contains the version string, too. That's unavoidable,
since that's what is stored in the legal report.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-24 15:49:38 +02:00
Vicente Olivert Riera
9d5087b0d7 pulseaudio: fix udev configure option
enable-libudev doesn't exist as a configure option. The right one is
enable-udev.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-24 13:41:20 +02:00
Peter Korsgaard
27797d9d27 webrtc-audio-processing: bump to version 0.3
Needed by the recent pulseaudio version bump:

https://lwn.net/Articles/692424/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-24 13:11:21 +02:00
Yegor Yefremov
5c285a79e0 libsoc: bump to version 0.8.2
License file changed from COPYING to LICENCE.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:13:40 +02:00
Gustavo Zacarias
25d5aebead libarchive: security bump to version 3.2.1
Fixes:
CVE-2016-4302 - Libarchive Rar RestartModel Code Execution Vulnerability
CVE-2016-4300 - Libarchive 7zip read_SubStreamsInfo Code Execution
Vulnerability
CVE-2016-4809 - Memory allocate error in corrupted cpio archives

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:13:15 +02:00
Gustavo Zacarias
c27ecf4930 expat: security bump to version 2.2.0
Fixes:

CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 - Use more entropy for hash initialization than the
original fix to CVE-2012-0876

CVE-2012-6702 - Resolve troublesome internal call to srand that was
introduced with Expat 2.1.0 when addressing CVE-2012-0876

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:11:14 +02:00
Gustavo Zacarias
cb91add36b lft: bump to version 3.76
Drop upstream patches, and disable strip via the STRIP make environment
variable.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:10:07 +02:00
Gustavo Zacarias
d472a622be busybox: disable nsenter/unshare in default config
These require newer toolchain components. Since they didn't exist in
previous versions no functionality is lost. Fixes:
http://autobuild.buildroot.net/results/b63/b6312626b3938555c4e5a68ad42f6951b02d7760/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:09:23 +02:00
Gustavo Zacarias
d87897cf73 sshfs: bump to version 2.8
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:08:46 +02:00
Vicente Olivert Riera
b14e657206 pulseaudio: bump version to 9.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:07:49 +02:00
Fabio Porcedda
f732e3362e barebox: bump to version 2016.06.0
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:07:17 +02:00
Baruch Siach
aed1ac36ec strace: fix build with kernel headers before v3.11
Add upstream patch with fixes for missing btrfs ioctl macros.

Fixes:
http://autobuild.buildroot.net/results/fd6/fd6e8b6386c3d3170168608c49a0efde7b7fa269/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 17:01:07 +02:00
Gustavo Zacarias
cc89c4c5b0 openssl: disable assembly for ARMv7M
It requires interwork and v7M is thumb-only. Fixes:
http://autobuild.buildroot.net/results/55d/55dc9d6826defd2c9048c2991019d4d573d34af4/

[Peter: use R2_ARM_CPU_HAS_ARM for logic]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 16:59:23 +02:00
Baruch Siach
cc48d7b80e strace: bump to version 4.12
Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:35:52 +02:00
Francois Perrad
23a9a94f1e lua: add upstream patch to fix 5.3.3 loop parser
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:34:56 +02:00
Jerzy Grzegorek
841cbf6320 package/Config.in: fix alphabetical order
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:33:39 +02:00
Gustavo Zacarias
81cbdbaee8 busybox: bump to version 1.25.0
Also drop upstream patches.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:32:53 +02:00
Gustavo Zacarias
cc2c74d636 gmp: bump to version 6.1.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:32:28 +02:00
Gustavo Zacarias
a3f84c7e2a linux-headers: bump 3.12.x series
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:32:22 +02:00
Gustavo Zacarias
88841c5633 libfuse: bump to version 2.9.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-22 10:31:35 +02:00