Commit Graph

38135 Commits

Author SHA1 Message Date
Peter Korsgaard
746502418f libnss: security bump to version 3.33
Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated.  A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:58:44 +02:00
Peter Korsgaard
b136309324 libnspr: bump version to 4.17
libnss 3.33 needs libnspr >= 4.17.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:58:28 +02:00
Adam Duskett
0f6dacb37a libpjsip: bump to 2.7
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:58:02 +02:00
Bernd Kuhls
e7713abf89 package/x11r7/xserver_xorg-server: security bump version to 1.19.5
Fixes

xfixes: unvalidated lengths (CVE-2017-12183)

Xi: fix wrong extra length check in ProcXIChangeHierarchy
 (CVE-2017-12178)

dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
 (CVE-2017-12177)

Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:56:59 +02:00
Bernd Kuhls
d2569e3f6f package/libdrm: bump version to 2.4.84
Changed _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:55:18 +02:00
Bernd Kuhls
9112e584bd package/x11r7/xlib_libXres: bump version to 1.2.0
Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:55:09 +02:00
Bernd Kuhls
eb8222ab0b package/x11r7/xlib_libXfont2: bump version to 2.0.2
Removed patches applied upstream, added all upstream hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:54:44 +02:00
Fabio Estevam
7bc38e794b configs/mx6udoo: Bump kernel and U-Boot versions
Bump the kernel to version 4.13.5 and U-Boot to 2017.09.

While at it, remove the custom scripts for generating the SD card image
and use the standard scripts instead.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:54:04 +02:00
Peter Korsgaard
b5781dd96a wireguard: bump to version 0.0.20171011
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:53:34 +02:00
Bernd Kuhls
1842244c6d package/python: bump version to 2.7.14
Rebased patch 0016, changed _SITE to https.

Release notes:
https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:52:40 +02:00
Bernd Kuhls
e877fb4fe2 package/python3: bump version to 3.6.3
Changed _SITE to https.

Release notes:
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-3-final

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:52:18 +02:00
Bernd Kuhls
53d9c46515 package/zstd: bump version to 1.3.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:51:52 +02:00
Bernd Kuhls
098d5367b2 package/libhdhomerun: bump version to 20170930
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:48:30 +02:00
Cam Hutchison
0c76d89e54 docs/manual: fix BR2_EXTERNAL path typo
Signed-off-by: Cam Hutchison <camh@xdna.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:47:59 +02:00
Cam Hutchison
58b74e0dbf ifupdown-scripts: do not install .empty files
ifupdown-scripts has some .empty files to maintain empty directories
in git. Previously this package used to be part of the skeleton which
used SYSTEM_RSYNC to copy the directories to the target. When it was
split into a separate package, cp -a was used to do the copy instead,
which copies the .empty files.

Change to SYSTEM_RSYNC which excludes .empty files.

Signed-off-by: Cam Hutchison <camh@xdna.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:47:43 +02:00
Peter Korsgaard
9f3bcb4f5a luksmeta: new package
[Peter: add DEVELOPERS entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-13 07:59:31 +02:00
Dushara Jayasinghe
0584635a4e package/prosody: new package
As stated by the upstream developers, Prosody only supports
lua-5.1 or luajit (which is a lua-5.1 interpreter):

> Response from zash at zash.se:
>
>> I pegged the package to lua 5,1 based on the contents of the
>> INSTALL file. Is this a hard requirement?
>
> Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT
> implements Lua 5.1 so it works.

The license terms are not very consistent: the source files all
state to be "MIT/X11 licensed" and defer to the COPYING file for
details, but that file only has the text for the MIT license.
Thus, we believe the license to be MIT/X11, as stated in the source
files.

This installs the base system with certificates for two domains:
localhost and example.com

The default runtime configuration is tweaked during installation
to properly setup logging and pid-file directories.

Prosody doesn't like being executed as root, and thus the daemon
is executed as the user prosody. The startup script creates the
pid file write location with appropriate permissions.

Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:53:01 +02:00
bradford barr
60a7dd9f87 opencv3: enable pthreads parallel for loops
The WITH_PTHREADS_PF option was errantly categorized as a Windows only option.
WITH_PTHREADS_PF actually enables a parallelization framework that utilizes
pthreads to optimize some inner for loops of different OpenCV operations. This
optimization is available on any platform that has pthreads.

Signed-off-by: bradford barr <bradford@density.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:51:24 +02:00
Peter Korsgaard
c74a484fd1 configs/qemu_aarch64_virt_defconfig: build and use ext4 rootfs
The "virt" machine supports disk emulation, so use a ext4 rootfs instead of
initramfs for consistency with the other qemu defconfigs.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:49:21 +02:00
Peter Korsgaard
8eeb0564f8 configs/qemu_aarch64_virt_defconfig: bump kernel to 4.13.6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:49:19 +02:00
Francois Perrad
a4b8299df3 lua: refactor with a common template lua.pc.in
lua.pc is generated from a common template in the build step.
install steps are restored like in BR 2017.05

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:05:04 +02:00
Peter Korsgaard
08aa81768e arm-trusted-firmware: bump to version 1.4
The license file got reformatted as reStructuredText, but the license itself
didn't change.

Drop unneeded md5sum and add license hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:03:47 +02:00
Peter Korsgaard
6d245fee1e arm-trusted-firmware: fix comment typo
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:03:28 +02:00
Thomas Petazzoni
131995ff5a flex: rework patches to avoid host/target difference
Currently, the target and host flex packages do not behave the same in
terms of patching: the target variant has a patch hook that disables
building the programs (because they are not needed, and do not build
on no-MMU platforms). However, this hook is obviously not executed for
host-flex, because we really want the host flex binary to be built.

In preparation for the introduction of out-of-tree package build, it
is important that we don't do different things in the patch hooks for
the target and host variant of a given package, because the source
tree will be shared between the target and host builds.

To solve this, we introduce a --disable-program configure option,
through a patch to the flex configure.ac and Makefile.am. This patch
makes the current 0001-flex-disable-documentation.patch no longer
needed.

Furthermore, building the documentation is a PITA: flex.1 depends on
configure.ac and a few other files generated during the build. Touching
flex.1 does not work, because automake will forcibly remove the files
when its prerequisites are too old, so pre-requisites of flex.1 will
always be more recent than flex.1. So, we add a patch that adds a
--disable-doc configure option.

Fixes:
    http://autobuild.buildroot.org/results/f70/f70b39632535bb9692d0a032166b2f4104532967/
    http://autobuild.buildroot.org/results/525/52567afdfe7992b3518de0e01227ba14aa300f21/
    [...]

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr:
  - rebase on-top of master,
  - add patch to not build the documentation, because simply touching
    flex.1 is no longer enough.
  - keep install in target/, for shared builds
]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Adrian Perez de Castro <aperez@igalia.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 23:51:47 +02:00
Francois Perrad
4db3e5e94b lua-http: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 23:49:55 +02:00
Francois Perrad
a2b7ed122a lua-lpeg-patterns: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 23:48:47 +02:00
Peter Seiderer
6fdc039a01 wiringpi: bump version to 96344ff7125182989f98d3be8d111952a8f74e15
Upstream wiringpi apparently has some issues with their release
process: their 2.42 and 2.44 tags point to the exact same commit. And
at the 2.44 tag, the VERSION file was not updated to indicate that
it's version 2.44.

A follow-up commit added support for the RPi Zero-W, and fixed the
VERSION file to contain 2.44. So let's use this follow-up commit as
the new version for wiringpi.

This will hopefully clarify things, and avoid confusion such as the
one reported in bug #10391 [1].

[1] https://bugs.busybox.net/show_bug.cgi?id=10391

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: rewrite commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 23:27:16 +02:00
Peter Seiderer
ce94b9a9c6 evemu: fix PATH_MAX related compile failure
Fixes [1] when building with musl:

  find_event_devices.c: In function 'find_event_devices':
find_event_devices.c:60:14: error: 'PATH_MAX' undeclared (first use in this function)
   char fname[PATH_MAX];
              ^~~~~~~~

[1] http://autobuild.buildroot.net/results/607/607bb29231f80a138e1b5423bc01c89e36efe78c/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 22:05:55 +02:00
Francois Perrad
123f2e6076 libtomcrypt: bump to version 1.18.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 22:01:35 +02:00
Olivier Schonken
e31b62c117 mesa3d: allow the VC4 driver to be selected on AArch64
Neon is compulsory on AArch64, and BR2_ARM_CPU_HAS_NEON is false on
AArch64. Therefore, this change is needed to enable building VC4
gallium driver for Rpi3 using AArch64.

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 21:59:02 +02:00
Olivier Schonken
95108c5895 libdrm: VC4 change dependency to arm OR aarch64
Enable selection of VC4 driver when compiling for Rpi3 using aarch64

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-11 21:58:40 +02:00
Petr Kulhavy
2f5dea383e linuxptp: bump to the latest version
Update Linuxptp to the latest version from 1. September 2017
This update brings bugfixes and minor enhancements.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 23:35:21 +02:00
Alexander Mukhin
8a2396b90a hostapd: fix upstream URL
hostapd project URL has been changed to w1.fi/hostapd.
The old domain epitest.fi has expired.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 23:34:39 +02:00
Yann E. MORIN
33f3cb8a87 support/run-tests: export download dir
Currently, the download directory, when specified with the -d option, is
only used to store the files downloaded by the testing infra, not those
downloaded by Buildroot.

So, we end up with this situation:

    BR2_DL_DIR  | -d DIR   | test downloads   | BR downloads
    ------------+----------+------------------+--------------
    unset       | unset    | [error]          | [error]
    unset       | set      | in $(DIR)        | in $(TOP_DIR)/dl
    set         | unset    | in $(BR2_DL_DIR) | in $(BR2_DL_DIR)
    set         | set      | in $(DIR)        | in $(BR2_DL_DIR)

This is not very consistent.

We change the behaviour so that the value of -d always takes precedence,
and is used by Buildroot as well, giving this new behaviour:

    BR2_DL_DIR  | -d DIR   | test downloads   | BR downloads
    ------------+----------+------------------+--------------
    unset       | unset    | [error]          | [error]
    unset       | set      | in $(DIR)        | in $(DIR)
    set         | unset    | in $(BR2_DL_DIR) | in $(BR2_DL_DIR)
    set         | set      | in $(DIR)        | in $(DIR)

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 23:33:07 +02:00
Evgeniy Didin
0633eb58a2 toolchain: add glibc support for ARCv2
Finally there's working ARC port of glibc thanks to Vineet and Cuper!
This port is based on pretty recent glibc's master branch and ARC
changes are being reviewed now in glibc's mailing list.

Thus we again have to use sources from our GitHub but as soon as there's
a glibc release with our patches applied we'll switch to upstream releases
and will drop our glibc GitHub repo alltogether.

Note now we cut tags in glibc repo simultaneously with tags
in Binutils and GCC repos and so to make sure everything works in the best
way we plan to update glibc tag together with Binutils and GCC.

Also note as of today ARCompact (AKA ARCv1 ISA) is not supported in glibc
but we plan to fix it soonish so for now we make glibc intentionally
dependent on archs38.

Also note we are not creating directory "2.26" because all patches for glibc
ver 2.26 applies to arc glibc port.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CC: Waldemar Brodkorb <wbx@openadk.org>
CC: Romain Naour <romain.naour@gmail.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Anton Kolesov <akolesov@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 23:13:34 +02:00
Fabio Estevam
444afad615 configs/imx6-sabresd: Add VPU decoding support
Mainline kernel is able to decode video via the coda driver.

Add support for it and also add some explanation on how VPU decoding
can be tested with Gstreamer.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:43:04 +02:00
Thomas De Schampheleire
787f4fee71 support/kconfig: fix usage typo and align verb tenses
Fix typo 'selectes' -> 'selects'.
Additionally, change 'will exclude' to 'excludes' to align with 'selects'.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:37:11 +02:00
Adam Duskett
471b1409d7 gst-omx: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:23 +02:00
Adam Duskett
a1e25939ae gst1-vaapi: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:23 +02:00
Adam Duskett
ef3212bf04 gst1-libav: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:23 +02:00
Adam Duskett
9670402b7c gst1-validate: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:23 +02:00
Adam Duskett
80bb007aab gst1-rtsp-server: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:23 +02:00
Adam Duskett
69d3839746 gst1-plugins-ugly: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:32:22 +02:00
Adam Duskett
517f250333 gst1-plugins-bad: bump to 1.12.3
Also remove openjpeg-Fix-build-against-openjpeg-2.2.patch, merged
upstreamm as commit
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/patch/?id=15f24fef53a955c7c76fc966302cb0453732e657.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: fix upstream commit reference, as noted by Peter Seiderer.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:31:50 +02:00
Adam Duskett
b3b08f2c81 gst1-plugins-good: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:28:59 +02:00
Adam Duskett
003bcd4c61 gst1-plugins-base: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:28:58 +02:00
Adam Duskett
accbadd59f gstreamer1: bump to 1.12.3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:28:57 +02:00
Peter Korsgaard
46a54b6464 xlib_libXfont{, 2}: add upstream security fixes
Fixes the following security issues:

CVE-2017-13720 - Check for end of string in PatternMatch

CVE-2017-13722 - pcfGetProperties: Check string boundaries

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 22:23:26 +02:00
Baruch Siach
11683002c6 lvm2: optionally depend on libselinux
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-10 22:04:22 +02:00
Baruch Siach
549908bf5f lvm2: disable selinux for host
There is no need for selinux support in the host lvm2 package.

Should fix:
http://autobuild.buildroot.net/results/6cd/6cde658da1fa815c157acf36b39c10a8d885e9a9/
http://autobuild.buildroot.net/results/430/43071433814a3176256687720c1d665f41748484/
http://autobuild.buildroot.net/results/ced/cedd7ff4b287d7b71612134444964dc847cc6062/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-10 22:03:50 +02:00