Commit Graph

42848 Commits

Author SHA1 Message Date
Romain Naour
a98f7236c4 toolchain-external: add Arm ARM toolchain 8.2-2018.08
This is the same toolchain that was previously distributed by Linaro. [1]

Switch default toolchain as this toolchain supersed the Linaro ARM toolchain.
Only x86_64 host are supported, so keep Linaro toolchain for x86 host.

Tested with qemu_arm_vexpress_defconfig.

[1] https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-20 17:02:08 +02:00
Alexey Brodkin
ef9f473752 configs/cubieboard2: Update kernel to 4.18.14 and U-Boot to 2018.09
The board is well supported in upstream projects so let's update kernel
and U-Boot to the latest and greatest versions.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 15:35:04 +02:00
Peter Korsgaard
f33f7a4f64 spice: security bump to version 0.14.1
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks.  A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.

Drop patches as they are now upstream.

Add host-pkgconf as the configure script uses pkg-config.  Drop removed
--disable-automated-tests configure flag.

Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use.  Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 15:35:04 +02:00
Peter Korsgaard
de8a4b747f spice-protocol: bump version to 0.12.14
Needed by spice 0.14.x

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 15:35:04 +02:00
Alexey Brodkin
5633ca9c5e configs/wandboard: Update kernel to 4.18.14 and U-Boot to 2018.09
The board is well supported in upstream projects so let's update kernel
and U-Boot to the latest and greatest versions.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by:  Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 15:35:04 +02:00
Matt Weber
c3edec0018 fs/common: allow custom user table to override package-defined users
Currently, when a custom user table and a package define the same user,
the settings from the package takes precedence over the ones from the
custom user table.

However, it makes sense to allow the settings from the custom user table
take precedence. For example, it would allow redirecting the user's
home directory to an alternate location (e.g. away from tmp and into a
partition that is persistent).

The support/scripts/mkusers script will only retain settings from the
latest definition it finds.

Thus, by passing the custom user table after the package defined users,
it is possible to override the package provided user definitions.

Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-10-20 14:33:24 +01:00
Baruch Siach
d6f2fb1918 psmisc: bump to version 23.2
Drop patch #1; applied upstream.

Drop patch #2; not needed since we don't autoreconf, and the issue is
fixed upstream anyway.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:46:03 +02:00
Baruch Siach
cfa3447a78 psmisc: correct license
The license heading in source files includes the "or any later"
language.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:45:54 +02:00
Asaf Kahlon
eb3c76a068 python-twisted: bummp to version 18.9.0
Remove patch since the new version supports Python 3.7
Change in LICENSE: addition of a developer to the list (hash updated).

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:43:03 +02:00
Asaf Kahlon
5e1aae8cca python-autobahn: bump to version 18.10.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:39:19 +02:00
Asaf Kahlon
42bebd1e7c python-requests: bump to version 2.20.0
LICENSE update: replaced http address with https.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:39:01 +02:00
Asaf Kahlon
0e787ded18 python-certifi: bump to version 2018.10.15
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:38:51 +02:00
Marcin Niestroj
8a10852f87 barebox: bump to version 2018.10.0
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:24:35 +02:00
Baruch Siach
5620a4ca5a mdadm: fix mdmon build without threads
Commit 45498bbc62 (mdadm: also install mdmon) enabled build of hte
mdmon utility. This utility requires USE_PTHREADS make variable
undefined to build when threads are not supported.

Fixes:
http://autobuild.buildroot.net/results/4bd/4bdd03b1d8f30ef32177727aae46d8cf54fbc35e/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:22:45 +02:00
Baruch Siach
946f136fe1 libarchive: security bump to version 3.3.3
Fixes CVE-2017-14501: An out-of-bounds read flaw exists in
parse_file_info in archive_read_support_format_iso9660.c in libarchive
3.3.2 when extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header.

Drop upstream patches.

Use upstream provided tarball hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:17:46 +02:00
Mark Corbin
be43be070f support/config-fragments: add RISC-V 64-bit to autobuild configs
Add a minimal RISC-V 64-bit autobuild configuration for the
internal toolchain with glibc.

Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:17:23 +02:00
Bernd Kuhls
8dc3d02bac package/php: bump version to 7.2.11
Changelog: http://www.php.net/ChangeLog-7.php#7.2.11

Removed patch 0007, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:17:23 +02:00
Bernd Kuhls
e0a3e71add package/{mesa3d, mesa3d-headers}: bump version to 18.2.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 14:17:23 +02:00
Lothar Felten
c7ffd8a75d package/dtc: fix include guards for older kernel/u-boot
U-Boot has a copy of dtc in-tree. However, it has a bug in its build
system which could result in both one of the in-tree dtc include files
and the same host-installed include file to be #included.

Normally, that wouldn't be a problem, because (a) the two include files
are compatible, so it doesn't matter which one you include, and (b) the
include guards are the same in both, so only one of them really does
get included. However, upstream dtc has changed the include guards,
removing the leading underscore. Therefore, now the header file does
get included twice, which leads to multiple definitions like:

/builds/buildroot.org/buildroot/output/host/include/libfdt.h:1790:19: error: redefinition of 'fdt_appendprop_cell'
 static inline int fdt_appendprop_cell(void *fdt, int nodeoffset,
                   ^~~~~~~~~~~~~~~~~~~
In file included from tools/fdt_host.h:11:0,
                 from tools/imagetool.h:24,
                 from tools/atmelimage.c:8:
tools/../include/libfdt.h:1656:19: note: previous definition of 'fdt_appendprop_cell' was here
 static inline int fdt_appendprop_cell(void *fdt, int nodeoffset,
                   ^~~~~~~~~~~~~~~~~~~

To fix this, patch (host) dtc to accept the old include guard as well,
which restores the old behaviour. This patch is probably not
upstreamable, since it's really a hack to work around an issue in
U-Boot.  Note that it has been fixed upstream, but Buildroot supports
building older versions of U-Boot as well.

Note that the problem may still occur if you have libdtc-dev installed
on the host. However, now there is a simple workaround: enable
BR2_TARGET_UBOOT_NEEDS_DTC.

Note that a similar problem also occurs with the beaglebone fork of the
kernel. It's not clear if it has been fixed there.

Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
[Arnout: rewrite commit message, rewrap patch commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-10-20 12:35:03 +01:00
Matt Weber
963f824511 support/testing/tests/core: SSP & hardening flags
Catch the commonly used options of SSP, Relro, and fortify.
Using the package targets of busybox and lighttpd.  This
can easily be expanded to a larger list.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 13:25:27 +02:00
Matt Weber
394bdd11fc BR2_FORTIFY*: toolchain wrapper limitation note
A note is added to tie off the discussion on why moving _FORTIFY_SOURCE
related flags into the toolchain wrapper doesn't currently work.

 - Currently -D_FORTIFY_SOURCE and optimizations are passed through
   CFLAGS

 - Packages like linux-tools ignore CFLAGS entirely and some
   autotools toolchain testing cases dependent on not using
   CFLAGS.

 - If FORTIFY_SOURCE is passed through the wrapper, then linux-tools
   will no longer be able to ignore it, because it's enforced at a
   lower-level and since the optimization -Os/g/1/2/3 are via CFLAGS,
   there is no optimization flag set.  Therefore linux-tools will do
   all its configuration tests with FORTIFY_SOURCE forcefully enabled
   at the wrapper level, but no optimization enabled, and consequently
   tests will fail.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 12:53:03 +02:00
Matt Weber
f10822d151 toolchain/toolchain-wrapper: add BR2_SSP_* support
Migrate the stack protection flag management into the wrapper.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 12:51:21 +02:00
Matt Weber
7484c1c3b8 toolchain/toolchain-wrapper: add BR2_RELRO_
The RELRO/PIE flags are currently passed via CFLAGS/LDFLAGS and this patch
proposes moving them to the toolchain wrapper.

 (1) The flags should _always_ be passed, without leaving the possibility
     for any package to ignore them. I.e, when BR2_RELRO_FULL=y is used
     in a build, all executables should be built PIE. Passing those
     options through the wrapper ensures they are used during the build
     of all packages.

 (2) Some options are incompatible with -fPIE. For example, when
     building object files for a shared libraries, -fPIC is used, and
     -fPIE shouldn't be used in combination with -fPIE. Similarly, -r
     or -static are directly incompatible as they are different link
     time behaviors then the intent of PIE. Passing those options
     through the wrapper allows to add some "smart" logic to only pass
     -fPIE/-pie when relevant.

 (3) Some toolchain, kernel and bootloader packages may want to
     explicitly disable PIE in a build where the rest of the userspace
     has intentionally enabled it. The wrapper provides an option
     to key on the -fno-pie/-no-pie and bypass the appending of RELRO
     flags.
     The current Kernel and U-boot source trees include this option.
     8438ee76b0
     6ace36e19a
     If using PIE with a older Kernel and/or U-boot version, a backport of these
     changes  might be required. However this patchset also uses the
     __KERNEL__ and __UBOOT__ defines as a way to disable PIE.

NOTE: The current implementation via CFLAGS/LDFLAGS has caused some
build time failures as the conditional logic doesn't yet exist in
Buildroot:

https://bugs.busybox.net/show_bug.cgi?id=11206
https://bugs.busybox.net/show_bug.cgi?id=11321

Good summary of the most common build failures related to
enabling pie: https://wiki.ubuntu.com/SecurityTeam/PIE

[Peter: minor cleanups]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 12:50:29 +02:00
Giulio Benetti
c5a7c287de netsnmp: improve linking avoiding useless -lz listing in shared build
In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.

So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.

Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="$LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="-lssl $LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.

This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 00:11:53 +02:00
Bernd Kuhls
f117f07729 package/x11r7/xdriver_xf86-input-libinput: bump version to 0.28.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:51:25 +02:00
Bernd Kuhls
b248f730f3 package/x11r7/xlib_libSM: bump version to 1.2.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:51:20 +02:00
Bernd Kuhls
97a4e9efdc package/x11r7/xlib_libX11: bump version to 1.6.7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:51:15 +02:00
Bernd Kuhls
3036341596 package/x11r7/xserver_xorg-server: bump version to 1.20.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:51:10 +02:00
Fabrice Fontaine
d440df6e0d vlc: fix build with libvorbis and tremor
Commit 550c42509c "package/vlc: fix
linking with tremor" fixed build with BR2_PACKAGE_TREMOR and without
BR2_PACKAGE_LIBVORBIS. However, it breaks build if BR2_PACKAGE_TREMOR
and BR2_PACKAGE_LIBVORBIS are both enabled.
Indeed, by overiding VORBIS_LIBS by -lvorbisidec, link of
codec/.libs/libvorbis_plugin_la-vorbis.o with -lvorbis
failed because VORBIS_LIBS is normally used to save "-logg
-lvorbis -lvorbisenc":
PKG_ENABLE_MODULES_VLC([VORBIS], [], [ogg vorbis >= 1.1 vorbisenc >= 1.1], [Vorbis decoder and encoder], [auto])

So replace fourth patch by an upstreamable patch which uses pkg-config
to set TREMOR_LIBS if tremor is found instead of "hacking" VORBIS_LIBS

Fixes:
 - http://autobuild.buildroot.org/results/85a7bb1996b78dee037d5900b124cbdf5b66a6ac

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:49:48 +02:00
Asaf Kahlon
22a6d1551a python-urllib3: bump to version 1.24
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:48:34 +02:00
Asaf Kahlon
a1eaa3c52c python-markdown2: bump to version 2.3.6
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:48:30 +02:00
Ricardo Martincoski
1eb32c2d08 python-crossbar: drop Python 2 support
Upstream is now Python 3 only.

Quoting the maintainer [1]: "the last version of crossbar with python 2
support: pip install crossbar==18.4.1".

[1] https://github.com/crossbario/crossbar/issues/1332

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Mauro Condarelli <mc5686@mclink.it>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:48:08 +02:00
Alexander 'z33ky' Hirsch
300af90d3f qt5location: copy PositioningQuick.so* for QtQuick
The Location module for QtQuick depends on this library, which was not
being copied in the build rule.

Signed-off-by: Alexander 'z33ky' Hirsch <1zeeky@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:47:01 +02:00
Bernd Kuhls
53671131ab package/libdrm: bump version to 2.4.96
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:45:57 +02:00
Asaf Kahlon
db88829774 python-py: add dependency on host-python-setuptools-scm
Fixes:
http://autobuild.buildroot.net/results/cde7ea2fc256ff9f1f6b8d887b26543b998d7186

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:45:53 +02:00
Antoine Tenart
6693b5f3da {linux, linux-headers}: fix linux-4.9.133.tar.xz checksum
The Linux tarball checksum was recently updated, including the one for
version 4.9.133. The checksum for this particular version of Linux
misses one character which lead to a build issue as the checksum does
not match:

ERROR: linux-4.9.133.tar.xz has wrong sha256 hash:
ERROR: expected: 3730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: got     : 53730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

This patch fixes it.

Fixes: 0064c7b251 ("{linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:45:41 +02:00
Thomas Petazzoni
6c1d0f6dbb docs/website: add TkOS to the sponsors
Tk Open Systems has sponsored the Buildroot Association to organize
the Buildroot Developers Meeting.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-17 21:27:14 +02:00
Baruch Siach
13dcc69a39 ntp: fix build without libcap and no threads
When threads support is missing the ntp build system builds the
work_fork code. This code added call to set_user_group_ids() that is
under HAVE_DROPROOT, which is disabled when libcap is not built.

Add a patch fixing that.

Fixes:
http://autobuild.buildroot.net/results/ab9/ab9ceff1151b8b5e6b9fa77d39c0f9b0cac1a080/

Cc: Artyom Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:48:27 +02:00
Asaf Kahlon
f099ef6816 python-posix-ipc: bump to version 1.0.4
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:47:36 +02:00
Asaf Kahlon
35cab7793f python-markdown: bump to version 3.0.1
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:47:21 +02:00
Asaf Kahlon
c52c71d51b python-babel: bump to version 2.6.0
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:47:11 +02:00
Bernd Kuhls
0064c7b251 {linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:46:32 +02:00
Baruch Siach
7b30cfc8ee squid: requires C++11 toolchain
The squid changelog for version 4.0.1 mentions that "C++11 compiler
support is now mandatory". The code uses the std::map::emplace method
that gcc before 4.8 does not support.

Also fixes:
http://autobuild.buildroot.net/results/370/37093f8d3395850b2db5ed645f60d1c2df92768d/
http://autobuild.buildroot.net/results/921/92117726e7b4ede08dcc0e4fd1a85171fd17aeb8/
http://autobuild.buildroot.net/results/e67/e679ef90219c5e8f9c94ddcd7d3f9582f79ef751/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:45:37 +02:00
Baruch Siach
de24e47d90 libssh: security bump to version 0.8.4
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

  https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-16 14:45:15 +02:00
Matt Weber
ea5525e116 package/glibc: provide an upstream site link
The Config.in for glibc is a blind option and not part of the menu for
a user to select (the pkg is used for the Buildroot toolchain build),
however this patch adds the link for completeness of the pkg-stats
report and for future scripting which will generate xml updates of the
package's Common Product Enumeration (used for vunerability checking).

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-15 21:21:22 +02:00
Asaf Kahlon
0769f7fc4b python-py: new package
library with cross-python path, ini-parsing, io, code, log
facilities.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-15 14:36:45 +02:00
Yann E. MORIN
4a16182d5f package/nodejs: use per-build cache directories
When two Buildroot builds run in parallel, and they both happen to call
npm at roughly the same time, the two npm instances may conflict when
accessing the npm cache, which is by default ~/.npm

Although npm is supposed to lock access to the cache, it seems it does
sometimes fail to do so properly, bailling out in error, when it would
never ever crash at all when not running in parallel. We suspect that
the sequence leading to such failures are something like:

    npm-1                           npm-2
      lock(retry=few, sleep=short)    .
      does-stuff()                    .
      .                               lock(retry=few, sleep=short)
      .                               # can't lock local cache
      .                               download-module()
      .                                 # can't download
      .                                 exit(1)
      unlock()

As per the docs [0], few = 10, short = 10. So if the first npm (npm-1)
takes more than 100s (which can happen behind slow links and/or big
modules that contain native code that is compiled), then the second npm
(npm-2) will bail out (the download would fail if there is no network
access, for example, and only local modules are used).

Point npm to use a per-build cache directory, so they no longer compete
across builds.

That would still need some care when we do top-level parallel builds,
though.

Note also that the conflicts are not totally eliminated: two or more npm
instances may still compete for some other resource that has not yet
been identified.

But, at least, the conflict window has been drastically shortened now,
to the point where it now seldom occurs.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-15 13:21:34 +02:00
Peter Seiderer
5ba4a7e264 rpi-wifi-firmware: bump version to 8c1e2bff1d
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-15 13:16:53 +02:00
Peter Seiderer
72097dc59b rpi-bt-firmware: bump version to 8c1e2bff1d
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-15 13:16:33 +02:00
Peter Seiderer
3b284c0a00 rpi-userland: bump version to 8f0abfb07b
- rebased 0003-Disable-Werror-everywhere.patch

- deleted 0006-host-apps-dtoverlay-don-t-install-script-in-random-l.patch
  (upstream applied [1])

[1] 2fe51001db

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-15 13:16:00 +02:00