Commit Graph

38544 Commits

Author SHA1 Message Date
Bernd Kuhls
09a756a5a7 package/libopenssl: security bump to version 1.0.2n
Fixes CVE-2017-3737 & CVE-2017-3738:
https://www.openssl.org/news/secadv/20171207.txt

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-10 20:56:15 +01:00
Jan Kundrát
28ffb6f6f8 package/weston: Remove redundant dependency
It's already there, unconditionally, in the list of main dependencies.

Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-10 20:54:31 +01:00
Peter Korsgaard
d2bc1e2bbb wireshark: security bump to version 2.2.11
Fixes the following security issues:

wnpa-sec-2017-47: The IWARP_MPA dissector could crash. (Bug 14236)

https://www.wireshark.org/security/wnpa-sec-2017-47.html

wnpa-sec-2017-48: The NetBIOS dissector could crash. (Bug 14249)

https://www.wireshark.org/security/wnpa-sec-2017-48.html

wnpa-sec-2017-49: The CIP Safety dissector could crash. (Bug 14250)

https://www.wireshark.org/security/wnpa-sec-2017-49.html

For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-10 20:54:26 +01:00
Jerzy Grzegorek
7c42b5f381 package/exim: change tarball compression to xz
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 23:49:18 +01:00
Jan Kraval
0201bd7af6 configs/orangepi-lite: bump Linux to 4.14.4
[Peter: add explicit kernel headers selection]
Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 23:47:14 +01:00
Jan Kraval
266c420e1a configs/orangepi_lite: bump u-boot to 2017.11
Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 19:05:16 +01:00
Jan Kraval
7918f1b042 rtl8189fs: bump to newer revision supporting Linux 4.14
Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 19:04:59 +01:00
Thomas Petazzoni
8cf3ce04e9 support/testing: add tests for ATF
These new tests only do build tests, but allow to quickly verify that
the ATF/U-Boot combinations for vexpress, Allwinner and Marvell
platforms all continue to build properly.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 19:00:59 +01:00
Sergey Matyukevich
7212316926 atf: add support for Marvell Armada SoCs
Add Marvell Armada 7k/8k SoCs support to arm-trusted-firmware package.
Marvell ATF needs two additional dependencies:
DDR training code and SCP_BL2 image.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: adjust to previous ATF changes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 19:00:53 +01:00
Thomas Petazzoni
a82882ae10 binaries-marvell: bump version, add license file and hash
Following our feedback, Marvell has added a README.md file into the
branch that contains the firmware. Thereore, this commit bumps the
version to the commit that includes the README.md file (it's the only
change, the firmware files are unmodified), updates
<pkg>_LICENSE_FILES to point to README.md, and adds the hash for this
license files.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 18:58:49 +01:00
Adrien Gallouët
d3f11ec764 glorytun: new package
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
[Thomas: add entry to DEVELOPERS file, add missing dependency on
host-pkgconf.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-08 17:54:51 +01:00
Marcus Folkesson
86e46797ca libostree: bump to version 2017.14
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-08 17:49:29 +01:00
Matt Weber
f20615b53e kvmtool: bump to f77d646ba0
Upstream Commit:
2017-11-03 16:19:58 +0000
irq.h: fix compilation error due to missing bool type

The following patches were updated/removed.

- 0001-avoid-redefining-PAGE_SIZE.patch is removed, as
  it has been merged upstream as of commit 4095fac8

- 0002-x86-kvm-cpu.c-don-t-include-asm-msr-index.h.patch is
  removed, as it has been merged upstream as of commit
  1cc05b24

- 0003-use-poll.h-instead-of-sys-poll.h.patch is removed,
  as it has been merged upstream as of commit 52c22e6e

- 0004-check-for-and-use-C-library-provided-strlcpy-and-str.patch
  is removed, as it has been merged upstream as of commit
  8f22adc4

- 0005-Fix-call-to-connect.patch is removed, as it has been
  merged upstream as of commit d77bd4f4

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-08 17:48:13 +01:00
Baruch Siach
e0b9052cf0 fastd: fix build with newer libsodium
Add upstream patch removing aes128-ctr support that libsodium no longer
provides.

Fixes:
http://autobuild.buildroot.net/results/90c/90c526491a9eb6b5ceb38a0218fd480c03208217/
http://autobuild.buildroot.net/results/f81/f815dbfee7099f3b8fea7036e1fd10385f8c6a80/
http://autobuild.buildroot.net/results/329/3299d413ee98963e62c0df4087604c9872fcad68/

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: fix patch numbering, as noticed by Alexander Dahl.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-08 17:44:21 +01:00
Yegor Yefremov
87daef6fdd python-pyftpdlib: bump to version 1.5.3
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:40:59 +01:00
Yegor Yefremov
e87454d72e python-ws4py: bump to version 0.4.2
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:39:18 +01:00
Yegor Yefremov
864e8b2060 circus: bump to version 0.14.0
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:38:01 +01:00
Yegor Yefremov
3c53142da9 python-iowait: add licence checksum
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:34:04 +01:00
Baruch Siach
971ed9653e glibc: security bump to the latest 2.26 branch
List of fixes from the 2.26 branch NEWS files:

  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
  suffered from a one-byte overflow during ~ operator processing (either
  on the stack or the heap, depending on the length of the user name).
  Reported by Tim Rühsen.

  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
  would sometimes fail to free memory allocated during ~ operator
  processing, leading to a memory leak and, potentially, to a denial
  of service.

  CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
  without GLOB_NOESCAPE, could write past the end of a buffer while
  unescaping user names.  Reported by Tim Rühsen.

  CVE-2017-17426: The malloc function, when called with an object size near
  the value SIZE_MAX, would return a pointer to a buffer which is too small,
  instead of NULL.  This was a regression introduced with the new malloc
  thread cache in glibc 2.26.  Reported by Iain Buclaw.

Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:33:12 +01:00
Jerzy Grzegorek
2c58adaa5b package/Config.in: fix alphabetical order
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:32:53 +01:00
Yegor Yefremov
fc144ee4eb boot: uboot: fix typo
Replace "depend" with "depends".

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 14:32:02 +01:00
Sergey Matyukevich
241789d65d binaries-marvell: new package
Some systems, including Marvell Armada 7k/8k SoCs, have a separate
System Control Processor (SCP) for power management, clocks, reset
and system control. ATF Boot Loader stage 2 (BL2) loads optional
SCP_BL2 image into a platform-specific region of secure memory.

This package adds SCP_BL2 firmware for Marvell Armada 7040 and 8040 SoCs.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas:
 - Use "binaries-marvell" in the Config.in prompt and in the .mk file
   header.
 - Change the license information.
 - Adjust license information: it is GPL-2.0 with the FreeRTOS
   exception, and therefore can be redistributed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 13:42:37 +01:00
Sergey Matyukevich
4c18b7cbe0 mv-ddr-marvell: new package
This package adds Marvell Armada SoC DDR training algorithms.
This code is not built separately, it is needed as dependency
to build ATF firmware for Marvell Armada SoCs.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas:
 - Remove MV_DDR_MARVELL_SRC_SYMLINK, ATF will directly pick up the
   mv-ddr-marvell code from where it is.
 - Use "mv-ddr-marvell" as the Config.in prompt, and in the comment
   header of the .mk file.
 - Add upstream URL in Config.in help text
 - Adjust license information.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 13:42:27 +01:00
Jagan Teki
2c4809e608 uboot: add support for bundling ATF BL31 into U-Boot
Some ARM64 platforms (such as Allwinner A64/H5) have a boot process
where U-Boot encapsulates the BL31 part of the ARM trusted
firmware. For such platforms, we need to build ATF before U-Boot, and
pass a BL31 variable pointing to ATF bl31.bin to the U-Boot build
process.

This commit introduces a BR2_TARGET_UBOOT_NEEDS_ATF_BL31 variable to
achieve this.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas:
 - Rename option to BR2_TARGET_UBOOT_NEEDS_ATF_BL31
 - Drop changes to arm-trusted-firmware.mk, they are taken care of by
   previous commits.
 - Improve Config.in help text
 - Add missing dependency on arm-trusted-firmware when
   BR2_TARGET_UBOOT_NEEDS_ATF_BL31 is enabled.
 - Use bl31.bin from $(BINARIES_DIR) instead of taking it from ATF's
   build dir.]
[Peter: depend on toplevel atf option and select bl31 option.  Ensure it
	cannot be enabled together with ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
	as that would cause circular dependencies]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 13:37:49 +01:00
Thomas Petazzoni
9684459113 arm-trusted-firmware: allow to generate the BL31 image
Some platforms (e.g Allwinner ARM64) don't build a FIP image out of
ATF, but only a BL31 image, which is then encapsulated in U-Boot. This
commit adds an ATF option to build such an image.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:27:36 +01:00
Thomas Petazzoni
3f64b08ff0 arm-trusted-firmware: add BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
ATF can be used in different ways:

 - ATF encapsulates U-Boot as the BL33, which is what is done on ARM
   Juno (currently supported in Buildroot) and Marvell platforms (soon
   to be supported)

 - U-Boot encapsulates ATF's BL31, which is what is done on Allwinner
   ARM64 platforms.

Until now we were assumming the former was always the case, but
obviously it isn't. Therefore, this patch adds an option that allows
to explicitly tell ATF that it encapsulates U-Boot as its BL33.

We adapt the only defconfig that uses ATF so that it enables this
option as appropriate.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:15:00 +01:00
Thomas Petazzoni
543dbf2d01 arm-trusted-firmware: add option to enable/disable building FIP image
Currently, our arm-trusted-firmware unconditionally builds a FIP
(Firmware Image Package). While this is often needed on platforms
where ATF encapsulates U-Boot, it is not the case on some other
platforms where it's U-Boot that encapsulates parts of ATF.

In order to prepare the support for the later platforms, we make
building the FIP image optional, and update the only defconfig we have
that uses ARM Trusted Firmware.

Note: we considered adding a "default y" here to preserve backward
compatibility, but there really isn't any default that is sane:
whether a FIP image needs to be built or not is purely platform
specific.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:14:42 +01:00
Thomas Petazzoni
ae2a68936f .gitlab-ci.yml: refresh following the addition of orangepi_lite_defconfig
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/43702501

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-08 10:39:20 +01:00
Yegor Yefremov
7c0ab68b13 python-pytablewriter: bump to version 0.27.1
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 08:53:45 +01:00
Bernd Kuhls
a7dd886d56 package/libbluray: bump version to 1.0.2
Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 08:40:38 +01:00
Marcus Folkesson
2995abf4e4 libostree: change license to LGPL-2.0+
The license is actually GNU LIBRARY GENERAL PUBLIC LICENSE

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 08:39:26 +01:00
Yann E. MORIN
ae2ec0ed74 arch/arm: default to Cortex-A53 for AArch64
Since we re-organised the list of cores (in 52d500aa35) and introduced
some new cores (in e9960da6ec, d632d9e5a9, 6317a199ec), the default for
AArch64 was accidently changed from A53 to A35.

So, restore the default to A53 for AArch64.

Reported-by: daggs <daggs@gmx.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: daggs <daggs@gmx.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:39:44 +01:00
Petr Vorel
9e46f59482 package/ltp-testsuite: Add upstream patch to fix build on uClibc-ng
Fixes:
http://autobuild.buildroot.net/results/6c0506423c76b61018da26c2549570e3d9eb5763/

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:35:51 +01:00
Matt Weber
6ea65bdfcf DEVELOPERS: Add Matt Weber to Xen
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:34:42 +01:00
Yegor Yefremov
2947f8f920 python-pytablereader: bump to version 0.15.0
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:34:12 +01:00
Yegor Yefremov
7ac8ffead4 python-tabledata: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:33:32 +01:00
Yegor Yefremov
2b17849195 python-dataproperty: bump to version 0.29.1
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:33:09 +01:00
Yegor Yefremov
a855461cd8 python-pytz: bump to version 2017.3
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:32:52 +01:00
Marcus Folkesson
10ddb4b1dd libostree: install to staging
Install the libraries to staging to be usable by other packages.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:32:30 +01:00
Baruch Siach
7e0a002df7 rsync: add security fix patches
Fixes CVE-2017-17433 and CVE-2017-17434: remote bypass of security
restrictions.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:23:45 +01:00
Baruch Siach
5c8432384a msmtp: bump to version 1.6.6
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:23:35 +01:00
Bernd Kuhls
ddfd343828 linux-headers: bump 4.1.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:23:04 +01:00
Jan Kraval
7cfafb2a6b board/orangepi: add support for orangepi-lite board
This board is quite similar to orangepi-one board. Instead of ethernet, it
has RTL8189FTV SDIO WiFi chip.

Board support package includes the following components:
 - mainline u-boot 2017.09
 - mainline kernel 4.13.11

Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:21:08 +01:00
Fabrice Fontaine
c75439d10c libmaxminddb: bump to version 1.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:16:40 +01:00
Chris Brandt
5384bd0a76 axfsutils: bump version
The patches are no longer needed because they have been pushed back into
the upstream axfs repository.

Signed-off-by: Chris Brandt <chris.brandt@renesas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:16:03 +01:00
Baruch Siach
682f0673df stunnel: bump to version 5.44
Add license files hashes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:14:44 +01:00
Baruch Siach
89b30618a5 screen: bump to version 4.6.2
Refresh patch #6.

Drop patch #9, parallel build fixed in upstream commit 7dad1f268f12.
Renumber the next patch.

Add reference to upstream signature, and license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-07 22:14:17 +01:00
Johan Oudinet
f6ee339e92 flann: Disable find package for HDF5
The HDF5 package is used by flann for testing purpose only and is
not part of buildroot packages. However, if present in the host, it will
be used and trigger the unsafe header/library path used in
cross-compilation error.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-06 23:46:44 +01:00
Johan Oudinet
572c3f59a9 erlang: Add a patch for hosts without libz
Since commit 640c988fd4, erts/configure adds -lz to LIBS but
this variable is also used in some Dynamic Erlang drivers. Fix
Makefiles in such drivers to use the LDLIBS variable instead.

This patch has been reported upstream (see
https://bugs.erlang.org/browse/ERL-529) and should fix:

  http://autobuild.buildroot.net/results/3a3b9a4568c706bd6caad3c63d356680c8405ac5/

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-06 23:39:24 +01:00
Mario Lang
398859e815 package/tor: Install default config and systemd .service file
Signed-off-by: Mario Lang <mlang@blind.guru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-06 23:05:18 +01:00