Commit Graph

46822 Commits

Author SHA1 Message Date
Fabrice Fontaine
2888bd1592 package/oprofile: bump to version 1.3.0
Remove second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:14:12 +02:00
Jörg Krause
09c9f0d22b package/speexdsp: bump to version 1.2.0
Drop patch 0001 which is included in the new release.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:11:43 +02:00
Fabrice Fontaine
a28c727bb7 package/network-manager: drop unrecognized --without-docs
--without-docs was not recognized since at least version 1.8.4, see:
http://autobuild.buildroot.org/results/e1464adf0069952ef0561a0a9b501d26bd409c4a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:10:30 +02:00
Fabrice Fontaine
dc3e4dbae4 package/network-manager: drop --disable-ifnet
ifnet has been drop since version 1.12.0 and
0474441e22

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:10:25 +02:00
Jörg Krause
3dbe3d2bf0 package/luv: bump to version 1.29.1-1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:08:57 +02:00
Jörg Krause
d2273e14fc package/libuv: bump to version 1.29.1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:08:52 +02:00
Jörg Krause
e8cb594bc8 package/alsa-lib: bump to version 1.1.9
Drop patch 0002 which is included in the new version.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 15:05:44 +02:00
Thomas Petazzoni
02a449038e package/python-matplotlib: drop redundant !PYTHON dependency
Having both:

       depends on !BR2_PACKAGE_PYTHON
       depends on BR2_PACKAGE_PYTHON3

is kind of useless, and we don't do that for any other Python package
that needs Python 3. So, this commit just drops the depends on
!BR2_PACKAGE_PYTHON.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:47:17 +02:00
Thomas Petazzoni
d6295b1ddb Config.in.legacy: fix check-package warnings
Fixes the following warnings:

Config.in.legacy:153: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Config.in.legacy:154: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Config.in.legacy:155: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Config.in.legacy:156: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

which were introduced in commit
55c6422878 ("arch/csky: remove
BR2_CSKY_DSP option")

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:47:17 +02:00
Thomas Petazzoni
2311987335 package/python-matplotlib: rewrap Config.in help text
The wrapping looked somewhat arbitrary, and not optimized to fill in
the 72 characters we allow.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:47:17 +02:00
Fabrice Fontaine
22378717cc package/python-matplotlib: depends on BR2_PACKAGE_PYTHON_NUMPY_ARCH_SUPPORTS
BR2_PACKAGE_PYTHON_MATPLOTLIB selects BR2_PACKAGE_PYTHON_NUMPY, so it
should inherit its dependencies, which includes
BR2_PACKAGE_PYTHON_NUMPY_ARCH_SUPPORTS.

Fixes:
 - http://autobuild.buildroot.org/results/038d50784ec80b35e3daff1966df07a1b52780b3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:46:44 +02:00
Romain Naour
2df8b1417b package/gcc: don't build a toolchain for powerpc with spe ABI with gcc >= 8.x
The powerpc*-*-*spe* support has been deprecated in GCC 8 [1] and has
been removed in GCC 9 [2].

While building with GCC 8, the build stop since we don't provide --enable-obsolete
option.

For now, keep powerpcspe support in Buildroot but only for older compiler
up to GCC 7.

Note: Although we can't select Glibc for powerpcspe since commit [4], this
support has been removed for the next version of Glibc (the upcoming 2.30).

[1] https://gcc.gnu.org/ml/gcc/2018-04/msg00102.html
[2] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=b31d0348ddada49453e3edaaf93a423fdc61dc79
[3] https://sourceware.org/git/?p=glibc.git;a=commit;h=a053e878494080f7070cf92890e546057236c9c9
[4] https://git.buildroot.net/buildroot/commit/?id=5777e3ffd99132a57e3d29659850eec14b1625f8

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:26:34 +02:00
Romain Naour
eda77e17c1 arch/Config.in.powerpc: remove unused gcc target abi options for powerpc
gcc target abi options for powerpc were added by [1] and renamed by [2]
to BR2_PPC_ABI_* but never used. Since always BR2_GCC_TARGET_ABI is empty
when using a powerpc toolchain.

Buildroot currently support SPE and Classic target ABI, nothing seems
to require a specific gcc target abi option.

This patch is a cleanup like commit [3].

[1] 7d8a59b40e
[2] 98175bd43d
[3] fd08153b9d

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Cyril Bur <cyrilbur@gmail.com>
Cc: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:26:29 +02:00
Peter Korsgaard
b24f274abe {linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.{0, 1}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:23:03 +02:00
James Hilliard
7a8460d45b package/v4l2loopback: bump to version 0.12.2 to fix Linux 5.1 compat
This fixes a kernel 5.1.x compatibility issue. The only changes
between 0.12.1 and 0.12.2 are:

d3b198ef6f57ca512fb25147c9d85b922fd4651a Released v0.12.2
376c2c28bd7d4470cd92ff646d6087ca70cd9d2e fixed typo
6edc4b164b1f05bee74cb507a4f50776a65ceb73 mentioned support for 5.0.0
0b8feb80fdef9a415d8250bca1790b3ff23e8391 Replace v4l2_get_timestamp with ktime_get_ts(64)
541e3bc7aaf46dc9a21f92c7f527397fce03dfd8 Update README.md

So the only functional change is the actual ktime_get_ts() fix, which
is needed for Linux 5.1 compatibility. Therefore, bumping is pretty
much the same as backporting just this commit.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas: extend the commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:18:54 +02:00
Bernd Kuhls
26d5558b5d package/lapack: bump version to 3.8.0
Release notes: http://www.netlib.org/lapack/lapack-3.8.0.html

Added license hash, adjusted source tarball URL.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:11:27 +02:00
Raul Hidalgo Caballero
069e6de63f package/mender-artifact: bump version to 3.0.0
Two license files are changed, with just a copyright year update.

A new license file is added, as it is listed in
LIC_FILES_CHKSUM.sha256.

Signed-off-by: Raul Hidalgo Caballero <deinok@deinok.com>
[Thomas: fix license file hashes, add a missing license file]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 14:07:20 +02:00
Fabrice Fontaine
4e9fba9741 package/wpewebkit: fix build with musl
Fixes:
 - http://autobuild.buildroot.org/results/c703d45ab691641beabc3440f081a8bc195b4a23

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 12:37:08 +02:00
Alexandru Ardelean
26708469ad package/dropbear: add option to provide file with localoptions.h
As discussed in https://patchwork.ozlabs.org/patch/1104071/, this
commit adds a new option that allows the user to provide a file that
contains custom definitions to tweak the Dropbear configuration. It
will be appended to Dropbear's localoptions.h file before the build.

The patch was tested successfully with the DO_MOTD option.

Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
[Thomas: tweak commit log, rename config option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 11:44:49 +02:00
Peter Korsgaard
18855d79e2 package/netsurf: disallow on archs requiring ABI specific CFLAGS
Fixes:
http://autobuild.buildroot.net/results/67ef520d82ea529a9fe593d83a3aeae5f8b0ee5d/
http://autobuild.buildroot.net/results/eafc3e4be571d5ecee549a11530ac4e508f31782/
http://autobuild.buildroot.net/results/ba7f30833fef54162a82f4b336a72d6599594526/

The netsurf build system mixes up host and target CFLAGS, so it isn't
compatible with architectures where we pass ABI specific compiler flags (in
TARGET_ABI).

Add a _ARCH_SUPPORTS kconfig variable matching the TARGET_ABI logic we have
in package/Makefile.in, and use it to disallow netsurf for those
architectures.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-01 10:16:25 +02:00
Romain Naour
ad8ed6bc4b package/swig: enable PCRE regex matching in host-swig
The upcoming ogre package needs a host swig binary with PCRE
regex support.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 09:23:52 +02:00
Romain Naour
7bd759514d package/zziplib: new package
Force the build system to use python2 interpreter.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Thomas: add docs/COPYING.MPL docs/copying.htm to the license files.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-01 09:20:19 +02:00
Fabrice Fontaine
21ca2f7243 package/wireshark: security bump to version 3.0.2
The following vulnerabilities have been fixed:
 - wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.

Update patches to use the ones merged upstream

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-01 00:27:04 +02:00
Fabrice Fontaine
8c2c959b02 package/libopenssl: fix static build
no-dso option has been removed with
31b6ed76df

To fix this error, use "gcc" target in static builds. This target is
very minimalistic, we need to manually pass -lpthread and
-DOPENSSL_THREADS however we can also remove libdl workarounds

Fixes:
 - http://autobuild.buildroot.org/results/96d6b89d20980e8f7fa450b832474a81d492b315

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-01 00:12:21 +02:00
Guo Ren
6fe2fabdb8 arch/csky: enable internal toolchain support
Now that we have support for C-SKY in gcc, binutils and glibc, we can
use Buildroot to build a C-SKY toolchain.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 23:00:42 +02:00
Thomas Petazzoni
ac652bef62 package/linux-headers: restrict versions available on C-SKY
The C-SKY architecture was merged in the upstream Linux kernel
4.20. Therefore, kernel headers from a Linux version earlier than that
cannot be used to build a C-SKY toolchain.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 23:00:42 +02:00
Guo Ren
634255f84c package/glibc: add C-SKY specific version
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 23:00:42 +02:00
Guo Ren
540354532c package/gdb: add C-SKY specific version
Add gdb build for C-SKY Architecture:

 - Support host-gdb
 - Support gdbserver for target

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 23:00:26 +02:00
Guo Ren
7873a5bd5e package/gcc: add C-SKY specific gcc version
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
b80ddf406c package/binutils: add C-SKY specific version
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
9f0e3ff8a0 package/Makefile: add C-SKY ABI variable value
In preparation for adding support for the C-SKY architecture in the
internal toolchain backend, we need to make sure that GNU_TARGET_NAME
will contain the appropriate ABI, i.e abiv1 or abiv2 depending on the
selected C-SKY core.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
20d6e092d8 arch/csky: add support for the ck860 core
ck860 is newest CPU core of C-SKY with high performance & SMP
supported.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
a9b722732d arch/csky: specify BR2_GCC_TARGET_FLOAT_ABI
The C-SKY architecture uses two different ABIs, depending on the core
being used:

 - "abiv1" is a mcore based ISA with ELF_NUM:39 and does not support
   FPU & VDSP. It is used only for the ck610 core.

 - "abiv2" is C-SKY's own ISA with ELF_NUM:252 and supports FPU &
   VDSP. It is used for the ck807, ck810, ck860 cores.

Since "abiv1" does not support FPU, BR2_GCC_TARGET_FLOAT_ABI will
always have the value "soft" for the ck610 core.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
d2658caea0 arch/csky: add support for VDSP extensions
VDSP is C-SKY enhanced extension instruction set for SIMD, AI and DSP
operation. It is supported by abiv2, used by the ck807, ck810, ck860
cores.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: update help text in Config.in.legacy about the BR2_CSKY_DSP
option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
55c6422878 arch/csky: remove BR2_CSKY_DSP option
The DSP extention is in fact no longer used for C-SKY, nor supported
by C-SKY gcc, so we remove it.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: split from the VDSP patch, add Config.in.legacy]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Guo Ren
d26bd58502 arch/csky: move GCC_TARGET_CPU calculation to arch.mk.csky
Calculating GCC_TARGET_CPU requires combining multiple flags, which
isn't very nicely expressed in Config.in, so let's move this into
arch.mk.csky, similarly to what is done in arch.mk.riscv.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:57 +02:00
Thomas Petazzoni
ff9f778c66 support/gnuconfig: update to 2019-05-28
This update includes support for the C-SKY architecture.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-05-31 22:59:52 +02:00
Guo Ren
2213636675 support/gnuconfig/config.sub: add C-SKY support
Modify config.sub so that it knows about the C-SKY
architecture. Without this, all autotools projects fail to build on
C-SKY.

Signed-off-by: Guo Ren <ren_guo@c-sky.com>
[Thomas: improved commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:59:52 +02:00
Adam Duskett
b24895e5a4 package/mender: bump to version 2.0.0
In addition:
  - Update hashes for license files due to copyright year change.
  - Add hash for vendor/golang.org/x/text/LICENSE
  - Add hash for vendor/github.com/mendersoftware/go-liblzma/LICENSE
  - Add new dependency xz, as mender now depends on LZMA.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:56:25 +02:00
Giulio Benetti
86752a6211 package/openmpi: fix build failure due to Gcc Bug 68485
Package openmpi manifests Microblaze Gcc Bug 68485 resulting in a build
failure due to an Internal Compiler Error.

As done for other packages in Buildroot work around this Gcc Bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_68485=y.

Fixes:
http://autobuild.buildroot.net/results/8f3/8f334427e7475154d69469f8ee4efab6df80e403/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:52:57 +02:00
Adam Duskett
e49d5e946d package/gstreamer1/gst1-plugins-bad: require dynamic library for decklink plugin
The decklink plugin uses <dlfcn.h> functions: dlopen(), dlsym(), etc.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:49:48 +02:00
Fabrice Fontaine
dc21a64386 package/opencv3: bump to version 3.4.6
- Remove patch (already in version)
- Update hash of license file (update in year:
  14d943f588)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:26:22 +02:00
Fabrice Fontaine
87040137a3 package/opencv3: fix build due to gcc bug 68485
With Microblaze Gcc version <= 9.x the build fails due to gcc bug 68485:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485. The bug show up when
building opencv3 with optimization but not when building with -O0. To
work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_68458=y, we force using
-O0.

Fixes:
 - http://autobuild.buildroot.org/results/c78eac84d1c5a6702e7759cd5364da1c3e399b4b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:21:37 +02:00
Markus Mayer
4cc31dfa3d package/dosfstools: introduce custom install routine
We can't use dosfstools' install target, because it'll install *all*
binaries, even the disabled ones. Also, we can't just delete dosfstools
binaries from the target directory after installing them, because other
packages (specifically Busybox) may provide tools of the same name, and
we may end up deleting those instead.

To avoid any issues, we create our own install routines, which only
copy the enabled binaries into the target location.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[Thomas: use full destination path for INSTALL commands.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 22:00:49 +02:00
Mirza Krak
e00e1a8ba7 DEVELOPERS: add Mirza Krak to mender-artifact package
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 16:25:00 +02:00
Mirza Krak
a10d911788 package/mender: update readme.txt
Provide additional details on how Mender works within Buildroot.

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
[Thomas: remove duplicate "Default configuration files" title, rewrap
text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-05-31 16:24:40 +02:00
Fabrice Fontaine
1bb7f78bfc package/ell: fix build with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/444c9deb728fb041e560d940145f96cc4f455080

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 10:27:59 +02:00
Peter Korsgaard
8c0bff1b4f package/libnss: security bump to version 3.42.1
Fixes the following security issues:

(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack

(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash.  Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 10:00:52 +02:00
Peter Korsgaard
cfedfdee95 package/libopenssl: security bump to version 1.1.1c
Fixes the following security issues:

Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation.  RFC 7539 specifies that the nonce value (IV)
should be 96 bits (12 bytes).  OpenSSL allows a variable nonce length and
front pads the nonce with 0 bytes if it is less than 12 bytes.  However it
also incorrectly allows a nonce to be set of up to 16 bytes.  In this case
only the last 12 bytes are significant and any additional leading bytes are
ignored.

It is a requirement of using this cipher that nonce values are unique.
Messages encrypted using a reused nonce value are susceptible to serious
confidentiality and integrity attacks.  If an application changes the
default nonce length to be longer than 12 bytes and then makes a change to
the leading bytes of the nonce expecting the new value to be a new unique
nonce then such an application could inadvertently encrypt messages with a
reused nonce.

Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher.  Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected.  Any OpenSSL internal use of this cipher, including in SSL/TLS, is
safe because no such use sets such a long nonce value.  However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 09:58:59 +02:00
Bernd Kuhls
4554610bde package/{mesa3d, mesa3d-headers}: bump version to 19.0.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 00:43:11 +02:00