Commit Graph

45055 Commits

Author SHA1 Message Date
Romain Naour
dc5d95154e package/binutils: remove version 2.28
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:18:21 +01:00
Romain Naour
b11a7fbea7 package/binutils: remove special case version selection for ARM Thumb
Binutils 2.29 and 2.30 are affected by a bug in ADR and ADRL
pseudo-instruction [1] that was fixed in Binutils 2.31 [2].

  * The ADR and ADRL pseudo-instructions supported by the ARM assembler
    now only set the bottom bit of the address of thumb function symbols
    if the -mthumb-interwork command line option is active.

Due to this issue, we were default to binutils 2.28 for ARM Thumb. But
now that the issue has been fixed in binutils 2.31 and that this
version is the default, the special casing to use 2.28 is no longer
needed.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21458
[2] https://sourceware.org/ml/binutils/2018-07/msg00213.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:17:05 +01:00
Romain Naour
b4ba1be944 linux: update the comment about thumb issue with Binutils 2.29 and 2.30
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:16:41 +01:00
Romain Naour
f786c8a6ec package/binutils: switch to use 2.31.x as the default version
Now that binutils 2.32 has been released, it is time to move to
binutils 2.31.x as the default binutils version, instead of 2.29.1.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:16:27 +01:00
Yann E. MORIN
af839d25cb package/systemd: use util-linux' agetty, drop patch
We currently have a patch that replaces the use of (hard-coded) agetty
in systemd, to use just plain getty. That patch dates back to commit
f4a5eed474 (Add the systemd package), when util-linux was not a
dependency, and we relied on busybox to actually provide getty.

But nowadays, util-linux is a mandatory dependency of systemd anyway.
agetty is about 42KiB, while busybox' getty is around 5KiB (give or
take). That's an extra ~40KiB, but it has to be balanced against the
rest of the system: systemd only runs on a glibc system, needs dbus and
thus expat, and kmod, that a ~40KiB overhead is barely noticeable (a
miminal systemd setup with nothing enabled, on ARM, is already ~20MiB)

So, drop our agetty-dropping patch, and forcibly enable agetty in
util-linux.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:14:51 +01:00
Arnout Vandecappelle (Essensium/Mind)
4ed7246a59 linux{, -headers}: support downloads of v5+
With the arrival of linux v5.0, we need yet another condition to set
_SITE correctly. Instead of continuing this madness, solve the problem
generically: use v2.6 for 2.6.*, and use the number before the first dot
in the other cases.

While we're at it, remove the comment which has been incorrect since
80d7b68167 (7 years ago).

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:13:47 +01:00
Arnout Vandecappelle (Essensium/Mind)
1b94e8dcb3 package/linux-headers: fix support for -rc kernels
-rc kernels after v3.x are no longer available in the testing
subdirectory. Instead they should be fetched from cgit.

Commit ff4cccbdcf did this for linux
itself, now we also do it for linux-headers.

When fetched from cgit, .tar.xz can't be used. Adding this to the
existing condition is not so simple, so refactor how _SOURCE is set:
simply set it explicitly in each branch of the condition. While more
verbose (it is repeated 4 times), it's easier to understand and to
maintain.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:11:15 +01:00
Adam Duskett
fbe8d0b24a package/systemd: bump version to 241
In addition:
  - Remove patches that have been committed upstream.
  - Update hash for the README file. (Meson and Dbus dependency version updates)

./support/testing/run-tests -d dl -o output -k tests.init.test_systemd
14:18:20 TestInitSystemSystemdRwNetworkd          Starting
14:18:21 TestInitSystemSystemdRwNetworkd          Building
14:26:20 TestInitSystemSystemdRwNetworkd          Building done
14:27:01 TestInitSystemSystemdRwNetworkd          Cleaning up
.14:27:01 TestInitSystemSystemdRwIfupdown         Starting
14:27:01 TestInitSystemSystemdRwIfupdown          Building
14:28:35 TestInitSystemSystemdRwIfupdown          Building done
14:29:03 TestInitSystemSystemdRwIfupdown          Cleaning up
.14:29:03 TestInitSystemSystemdRwFull             Starting
14:29:04 TestInitSystemSystemdRwFull              Building
14:44:35 TestInitSystemSystemdRwFull              Building done
14:45:18 TestInitSystemSystemdRwFull              Cleaning up
.14:45:18 TestInitSystemSystemdRoNetworkd         Starting
14:45:19 TestInitSystemSystemdRoNetworkd          Building
14:55:59 TestInitSystemSystemdRoNetworkd          Building done
14:56:23 TestInitSystemSystemdRoNetworkd          Cleaning up
.14:56:23 TestInitSystemSystemdRoIfupdown         Starting
14:56:24 TestInitSystemSystemdRoIfupdown          Building
15:06:42 TestInitSystemSystemdRoIfupdown          Building done
15:07:09 TestInitSystemSystemdRoIfupdown          Cleaning up
.15:07:09 TestInitSystemSystemdRoFull             Starting
15:07:10 TestInitSystemSystemdRoFull              Building
15:21:17 TestInitSystemSystemdRoFull              Building done
15:21:46 TestInitSystemSystemdRoFull              Cleaning up
.
----------------------------------------------------------------------
Ran 6 tests in 3806.472s

OK

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:04:42 +01:00
Baruch Siach
b01d463c14 package/libpcap: disable dbus to break circular dependency
The optional dbus dependency of libpcap creates a circular dependency
chain:

$ make libpcap-show-recursive-depends

Recursion detected for  : systemd
which is a dependency of: dbus
which is a dependency of: libpcap
which is a dependency of: iptables
which is a dependency of: systemd
make: *** [package/libpcap/libpcap.mk:55: libpcap-show-recursive-depends] Error 1

Of all these dependencies the one of libpcap on dbus seems to be less
useful. Drop it.

Fixes:
http://autobuild.buildroot.net/results/0b5d18bff816cbcee11e8645449701722d956de5/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:03:47 +01:00
Bernd Kuhls
2776484107 package/x11r7/xapp_xdm: security bump to version 1.1.12
Fixes CVE-2013-2179.

Release notes:
https://lists.x.org/archives/xorg-announce/2019-March/002959.html

Added all license hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 22:00:43 +01:00
Artem Panfilov
1e17adf1c5 package/avahi: add upstream security fix
Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.

Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:58:19 +01:00
Grzegorz Blach
74a43e2517 package/python-aioblescan: new package
Python library to scan and decode advertised BLE info.
Uses asyncio.

https://github.com/frawau/aioblescan

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:55:47 +01:00
Fabrice Fontaine
1e61048ee1 package/liblo: bump to version 0.30
- Remove both patches (already in version)
- Add sha256 hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:53:44 +01:00
Fabrice Fontaine
d649ede5dd package/ngircd: bump to version 25
- Remove patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:33:21 +01:00
Peter Korsgaard
87a8f5f51c package/bash: add upstream patches up to patch level 23
We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:

j=1; for i in 19 20 21 22 23; do
    file=$(printf '%04d-patch44-0%d.patch' $j $i)
    cat > $file << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

EOF
    curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
        sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> $file

    j=$(( j + 1 ))
done

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:31:02 +01:00
Adrien Gallouët
254384e769 package/kexec: update to 2.0.18
This release fixes the following issue with new kernels:

kexec --load bzImage --reuse-cmdline
Unhandled rela relocation: R_X86_64_PLT32

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:30:09 +01:00
Alexandru Ardelean
8478bd526f package/libiio: bump to version 0.15
This change bumps libiio, to version 0.15.
This version is currently the most stable version in the series. It
contains several fixes over 0.14.

0.16 & 0.17 have been released but they have some issues with backwards
compatibility, so they are not yet recommended.

Changelog for version 0.15 (over 0.14).
Link:
  https://github.com/analogdevicesinc/libiio/releases/tag/v0.15

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:26:47 +01:00
Fabrice Fontaine
f9932f90e7 package/ulogd: bump to version 2.0.7
- Remove three patches (already in version)
 - Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:16:38 +01:00
Fabrice Fontaine
167e5cdce2 package/ulogd: add postgresql optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:14:32 +01:00
Thomas Petazzoni
7a25c9ef4b Revert "package/qt5/qt5webengine: fix comment on GL dependencies"
This reverts commit 6fb4c14ecb. Indeed,
as Peter Seiderer pointed out, the comment is in fact partially
correct: with Qt 5.6, QT5DECLARATIVE_QUICK does require OpenGL
support.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-14 21:13:11 +01:00
Martin Kepplinger
6fb4c14ecb package/qt5/qt5webengine: fix comment on GL dependencies
qt5declarative can be built/used without opengl support so fix the
dependency comment in qt5webengine.

Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-13 17:50:39 +01:00
Yann E. MORIN
b8ec113eb1 toolchain: set the ssp gcc option in kconfig
Currently, we repeat all the SSP level selection deep down to the
toolchain wrapper itself, where we eventually translate it to the
actual SSP option to use. This is a bit redundant.

Additionally, we will want to check that the toolchain actually
supports that option (for those toolchain where it was backported).

So, move the translation into kconfig, and add the qstrip'ed value
to the additional flags passed to the wrapper. Add it before
user-supplied opitons, to keep the previous behaviour (and allow
anyone crazy-enough to override it with BR2_TARGET_OPTIMIZATION).

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-03-13 00:01:55 +01:00
Yann E. MORIN
15892d5656 toolchain: prepare to pass more additional CFLAGS via the wrapper
Currently, we pass the user-supplied so-called target optimisation flags
to the wrapper.

We're going to have additional such CFLAGS to pass, so push-back the
formatting loop to quote the options at the last moment.

Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-03-13 00:00:59 +01:00
Peter Seiderer
031a033eb2 package/gst1-plugins-bad: add zbar plugin option
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 23:11:53 +01:00
Peter Seiderer
8729c4ef88 package/zbar: bump version to 0.22
- change from git download to official release and
  download site (drop need for autoreconf)

- drop dependency on kernel headers >= 3.17 (should be fixed with
  commit 'v4l2: make ZBar build and run on Kernels < 3.16' (see [1]),
  fall back to original kernel headers >= 3.0 dependency propagated
  from libv4l

[1] https://git.linuxtv.org/zbar.git/commit/?id=fa5c48127ec1e3670e28540c2e6a03431ebac5b8

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 23:09:32 +01:00
Fabrice Fontaine
9524384192 package/stress-ng: bump to version 0.09.55
Drop three patches (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 23:04:10 +01:00
Romain Naour
a4837f29a2 package/binutils: add support for binutils 2.32
Remove upstream ARC and Xtensa patches.
Keep all other patches from binutils 2.31.1.

See the release note:
https://sourceware.org/ml/binutils/2019-02/msg00010.html

While testing the Binutils 2.32 version bump, the Qemu xtensa
defconfig (that was using a kernel 4.16) needed to be updated with a
patch [1] from kernel 4.19 otherwise the kernel doesn't boot with
binutils 2.32 [2].

Since then, all Qemu defconfig has been updated by commit [3] to use a
4.19 kernel, so the issue no longer exists.

All other architectures has been tested using toolchain-builder [4].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4119ba211bc4f1bf638f41e50b7a0f329f58aa16
[2] https://www.sourceware.org/ml/binutils/2019-02/msg00015.html
[3] fd8a02fd75
[4] https://gitlab.com/kubu93/toolchains-builder/pipelines/45896638

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:47:42 +01:00
Romain Naour
c29385a813 package/elf2flt: bump version to fix build with binutils >= 2.32
Binutils added bfd_stdint.h to bfd.h [1], so elf2flt must create a
symlink for this header. This issue has been fixed upstream in commit
[2].

We keep our local patch
0001-ld-elf2flt-behave-properly-when-called-with-a-name-d.patch as it
still hasn't been merged upstream [3].

Fixes (with binutils 2.23):

  [armv7m-uclibc]        https://gitlab.com/kubu93/toolchains-builder/-/jobs/148356410
  [m68k-coldfire-uclibc] https://gitlab.com/kubu93/toolchains-builder/-/jobs/148356412

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=2d5d5a8f0a8b5a03454bf168b7fa7024bb1ebbd8
[2] 429521f695
[3] https://github.com/uclinux-dev/elf2flt/pull/8

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:40:34 +01:00
Fabrice Fontaine
7939c4d39b package/jpeg-turbo: bump to version 2.0.2
- Remove two patches (already in version)
- Update hash of LICENSE.md, clarifications on BSD and zlib were added:
  90e2d7f3fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:37:34 +01:00
Fabrice Fontaine
7ced8fdd2d package/libcdio-paranoia: bump to version 10.2+2.0.0
Add LIBCDIO_PARANOIA_SOURCE to download a tar.bz2 (tar.gz is not
available for this version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:36:47 +01:00
James Hilliard
f7aafaadc4 package/wpewebkit: fix host gcc >= 4.8 check
We need host gcc >= 4.8 not host gcc < 4.8.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: James Hilliard &lt;<a href="mailto:james.hilliard1@gmail.com" target="_blank">james.hilliard1@gmail.com</a>&gt;<br></blockquote><div><br></div><div><span class="gmail-m_4107183884095209747gmail-il"><span class="gmail-il">Acked</span></span>-by: Francois Perrad &lt;<a href="mailto:francois.perrad@gadz.org" target="_blank">francois.perrad@gadz.org</a>&gt;</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:28:29 +01:00
Fabrice Fontaine
9972dc2e82 package/libdrm: amdgpu needs MMU
amdgpu test uses fork() so disable amdgpu without MMU

Fixes:
 - http://autobuild.buildroot.org/results/8d6194982c1080e173fcef8212fb06e6dc275d58

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:20:05 +01:00
Adrien Gallouët
d0cfe6c8d0 package/bird: bump to version 2.0.4
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:06:54 +01:00
Christian Stewart
3909423f1c package/go: set GOCACHE to a host path
Set the GOCACHE environment variable properly.

It was previously unset, and defaults to $HOME/.cache/go-build.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 22:05:57 +01:00
Arnout Vandecappelle (Essensium/Mind)
71d0cddeac docs/manual: document new behaviour of 'make printvars'
Add a 'VARS=...' setting to the example. To make it clear that several
variables can be specified, use two variables in the first example.
Only 2 variables are printed, so the ... is removed.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:59:00 +01:00
Arnout Vandecappelle (Essensium/Mind)
fd5bd12379 Makefile: printvars: don't print anything when VARS is not set
Using 'make printvars' for printing all variables is not very useful.
E.g. all macros will output some bogus value. In addition, the same can
be achieved with 'make -p'.

We can simply remove the condition on $(VARS). If VARS is not set, the
filter expression will be empty which matches nothing, so nothing is
printed.

Note that the old behaviour can still be achieved with:
make printvars VARS=%

Update the 'make help' text to match the new behaviour.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:58:32 +01:00
Peter Korsgaard
a5e8c81875 package/openjpeg: security bump to latest git version
Current git contains fixes for a number of post-2.3.0 security issues:

git shortlog --no-merges -i --grep cve --grep overflow --grep zero v2.3.0..
Even Rouault (2):
      Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions.
      color_apply_icc_profile: avoid potential heap buffer overflow

Hugo Lefeuvre (4):
      convertbmp: fix issues with zero bitmasks
      jp3d/jpwl convert: fix write stack buffer overflow
      jp2: convert: fix null pointer dereference
      convertbmp: detect invalid file dimensions early

Karol Babioch (2):
      jp3d: Replace sprintf() by snprintf() in volumetobin()
      opj_mj2_extract: Check provided output prefix for length

Stefan Weil (1):
      Fix some potential overflow issues (#1161)

Young_X (5):
      [MJ2] To avoid divisions by zero / undefined behaviour on shift
      [JPWL] fix CVE-2018-16375
      [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
      [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
      [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423

ichlubna (1):
      openjp3d: Int overflow fixed (#1159)

setharnold (1):
      fix unchecked integer multiplication overflow

Drop now upstreamed 0004-install-static-lib.patch.

Add a hash for the LICENSE file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:57:12 +01:00
Baruch Siach
514de70539 package/btrfs-progs: bump to version 4.20.2
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:54:51 +01:00
Romain Naour
70fb634c8d package/minetest: bump to version 5.0.0
"5.0.0 is a breaking release and not compatible to the 0.4 series", so
update minetest-game package in the same commit.

Update GCC dependency to 4.9+.

Use LICENSE.txt as license file instead of the README.md.

Update license files hash for minetest-game after checking what's changed.
Add new license files for minetest-game.

https://forum.minetest.net/viewtopic.php?t=22278

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:53:49 +01:00
Baruch Siach
32ef40a9d9 package/gnupg2: bump to version 2.2.13
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:51:53 +01:00
Baruch Siach
55c388d9d4 package/libgpg-error: bump to version 1.35
Release 1.34 added riscv32 support.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:51:46 +01:00
Peter Korsgaard
24cc2eaa33 package/mosquitto: bump version to 1.5.8
Bugfix release, fixing a number of issues discovered post-1.5.7

https://mosquitto.org/blog/2019/02/version-1-5-8-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:38:16 +01:00
Francois Perrad
800df729a4 package/lpeg: bump to version 1.0.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:36:11 +01:00
Baruch Siach
7aa057f2f1 package/iproute2: bump to version 4.20.0
Drop upstream patch. Renumber the remaining patch.

Add upstream patch fixing build with musl libc.

Cc: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:35:58 +01:00
Peter Korsgaard
b821ae3d63 package/php: security bump to version 7.3.3
php-7.3.3 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://secure.php.net/ChangeLog-7.php#7.3.3

Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-12 21:33:18 +01:00
Baruch Siach
7ffdc08f04 ntp: security bump to version 4.2.8p13
Fixes CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet.

Drop upstream patches.

Update COPYRIGHT file hash; text formatting (line width) changes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-12 16:20:51 +01:00
Baruch Siach
14d6e6df7b package/file: security bump to version 5.36
CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has
an out-of-bounds read because memcpy is misused.

CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a
stack-based buffer over-read, related to file_printf and file_vprintf.

Update license files hashes; removal of trailing white spaces.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-12 16:16:34 +01:00
Fabrice Fontaine
f9fd193141 package/mongodb: disable on powerpc64
As stated in SConstruct, the altivec runtime test breaks
cross-compilation: "This checks for an altivec optimization we use in
full text search. Different versions of gcc appear to put output bytes
in different parts of the output vector produced by vec_vbpermq.  This
configure check looks to see which format the compiler produces. NOTE:
This breaks cross compiles, as it relies on checking runtime
functionality for the environment we're in."

Fixes:
 - http://autobuild.buildroot.org/results/162198617979a83b66f70ed6013251942ed04d67

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-11 22:58:43 +01:00
Fabrice Fontaine
ee772dad7b package/wireshark: add optional spandsp dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-11 22:22:17 +01:00
Fabrice Fontaine
428a5029c7 package/cracklib: bump to version 2.9.7
- Remove first two patches (already in version)
 - Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-11 22:20:10 +01:00