Commit Graph

39674 Commits

Author SHA1 Message Date
Baruch Siach
3bc6d10031 flashrom: avoid download URL redirect
Use the https URL to avoid HTTP 308 redirect. Older wget releases treat
it as a hard error.

Fixes:
http://autobuild.buildroot.net/results/ee6/ee66e5ead70e73f1d2dae1c5ba31ccf054fe15a7/
http://autobuild.buildroot.net/results/fb8/fb8509bf9cf03933e45355fd9a6c3fa53d33c44f/
http://autobuild.buildroot.net/results/0e1/0e196570207e459c3440d50cecf0032eee6edfc2/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:44:33 +01:00
Marcus Folkesson
864dd4c80d libostree: bump to version 2018.3
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:44:06 +01:00
Bernd Kuhls
69a2d15d1c package/{mesa3d, mesa3d-headers}: bump version to 17.3.7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:43:54 +01:00
Bernd Kuhls
b83a4d3d69 linux-headers: bump 3.2.x and 4.{14, 15}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:43:27 +01:00
Bernd Kuhls
c2fe7b6bc8 linux: bump default to version 4.15.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:42:42 +01:00
Joel Stanley
1b383e4bf4 powerpc-utils: Update URL to new upstream
powerpc-utils changed upstream git repositories again.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:41:23 +01:00
Peter Korsgaard
80266c9505 tremor: security bump to fix CVE-2018-5146
Prevent out-of-bounds write in codebook decoding.

Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.

Upstream has migrated from subversion to git, so change to git and bump the
version to include the fix for CVE-2018-5146.

While we're at it, also add a hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-20 08:33:48 +01:00
Jörg Krause
12262ab50d mpd-mpc: pass PARALLEL_JOBS to NINJA_OPTS
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 23:23:37 +01:00
Jörg Krause
20994334a0 libmpdclient: pass PARALLEL_JOBS to NINJA_OPTS
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 23:23:06 +01:00
Jörg Krause
f7479b538a docs/manual: pass PARALLEL_JOBS to NINJA_OPTS
Ninja understands the `-j` option which defines how many jobs are
run in parallel.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 23:22:37 +01:00
Baruch Siach
c4d2c9cafb btrfs-progs: fix build with e2fsprogs 1.44.0
e2fsprogs 1.44.0 renamed a struct field name, breaking the build of code
using it. Add a patch suggested upstream to fix that.

Fixes:
http://autobuild.buildroot.net/results/d6b/d6b5fb377f44d0b6eef96c08e550ec7277a9e3cd/
http://autobuild.buildroot.net/results/651/651518f12b8a98d53cb5402445a476bd2bf32155/
http://autobuild.buildroot.net/results/3c7/3c771455cbc8460fffab6c4dd9835ee4a5776c19/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 23:21:22 +01:00
Baruch Siach
12b01c98a4 linux-firmware: add QCA6174 firmware legal notice files
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Erik Larsson <karl.erik.larsson@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 13:25:13 +01:00
Baruch Siach
3aeb295ab8 linux-firmware: add QCA6174 multi-board firmware
The board-2.bin file is a new format that support multiple board files.
This file is required for for recent QCA6174 modules.

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Erik Larsson <karl.erik.larsson@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 13:25:00 +01:00
Fabio Estevam
cd0fd09352 linux-headers: bump 3.2.x and 4.{1, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 13:23:05 +01:00
Fabio Estevam
ce2875e1cf linux: bump default to version 4.15.11
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 13:22:59 +01:00
Romain Naour
16623babdd package/htop: open files using binary mode
Imlement Arnout's suggestion [1] for MakeHeader script.

[1] http://lists.busybox.net/pipermail/buildroot/2018-February/214373.html

Fixes:
http://autobuild.buildroot.net/results/9ce/9ce2ef5ef694253b9759016c9702c5c6be7849a1

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 13:22:49 +01:00
Baruch Siach
398747f5fa glibc: install the obsolete libnsl
glibc 2.27 stopped installing libnsl by default. Restore libnsl install
to fix packages, like exim, that use that library.

Fixes (exim):
http://autobuild.buildroot.net/results/a19/a19df43be7d27cf8815e1257122d25aa8285d75b/
http://autobuild.buildroot.net/results/8ec/8ecfc42a81efec8485784f945e231eb40a087b5b/
http://autobuild.buildroot.net/results/054/054eb702a9b8c66454970333ef45a0afccb7cc80/

Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-19 09:26:58 +01:00
Peter Korsgaard
50cd46b39f linux-headers: bump 4.{4,9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:29:20 +01:00
Peter Korsgaard
181ef8a1d0 irssi: security bump to version 1.0.7
Fixes the following security issues:

Use after free when server is disconnected during netsplits.  Incomplete fix
of CVE-2017-7191.  Found by Joseph Bisch.  (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.

Use after free when SASL messages are received in unexpected order.  Found
by Joseph Bisch.  (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.

Null pointer dereference when an “empty” nick has been observed by Irssi.
Found by Joseph Bisch.  (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.

When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference.  Found by Joseph Bisch.  (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.

Certain nick names could result in out of bounds access when printing theme
strings.  Found by Oss-Fuzz.  (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:29:12 +01:00
Bernd Kuhls
d98b61c012 package/tor: bump version to 0.3.2.10
Bump to latest stable release, rebased patch 0001.

Release notes for 0.3.2.10:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

Release notes for the first stable release of the 0.3.2 series, 0.3.2.9:
https://blog.torproject.org/tor-0329-released-we-have-new-stable-series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:28:32 +01:00
Baruch Siach
5e2406a4e6 e2fsprogs: bump to version 1.44.0
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:25:37 +01:00
Bernd Kuhls
ba40447fc5 package/x11r7/xdriver_xf86-video-ati: bump version to 18.0.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:25:17 +01:00
Bernd Kuhls
28a5247aaf package/x11r7/xdriver_xf86-video-amdgpu: bump version to 18.0.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:25:11 +01:00
Carlos Santos
ad2b4255e2 DEVELOPERS: add myself for tpm2-{abrmd, tools, tss}.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:24:30 +01:00
Carlos Santos
3a10ff5127 tpm2-tools: new package
TPM (Trusted Platform Module) 2.0 CLI tools based on system API of
TPM2-TSS. These tools can be used to manage keys, perform
encryption/decryption/signing/etc crypto operations, and manage
non-volatile storage through a TPM2.0 HW implementation.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:16:58 +01:00
Carlos Santos
dab335d901 tpm2-abrmd: new package
This is a system daemon implementing the TPM2 access broker (TAB) &
Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) is
implemented using Glib and the GObject system.

Communication between the daemon and clients using the TPM is done with
a combination of DBus and Unix pipes. DBus is used for discovery,
session management and the 'cancel', 'setLocality', and 'getPollHandles'
API calls (mostly these aren't yet implemented). Pipes are used to send
and receive TPM commands and responses (respectively) between client and
server.

The daemon owns the com.intel.tss2.Tabrmd name on dbus. It can be
configured to connect to either the system or the session bus.

The package also provides a client library for interacting with the
daemon via TPM Command Transmission Interface (TCTI). It is intended for
use with the SAPI library (libsapi) like any other TCTI.

[Peter: drop add default DAEMON_ARGS to init script, drop /etc/default file,
	drop S30devtpmperms and fix permissions in S80tpm2-abrmd]
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 23:16:03 +01:00
Carlos Santos
832e83f9f4 tmp2-tss: bump to version 1.4.0
Improved compliance to the last public review spec and some bug fixes.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 22:03:18 +01:00
Carlos Santos
03a82765b1 tmp2-tss: remove architecture restriction
Followingig a suggestion from Peter Korsgaard, remove the restriction to
x86 and x86_64. It is preferable to expose the package unless there is a
build time dependency on an architecture or the package is specific to a
certain SoC or board.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 21:58:24 +01:00
Baruch Siach
157231405d make: fix build with glibc 2.27
glibc 2.27 changed _GNU_GLOB_INTERFACE_VERSION to 2. This triggers build
of the internal glob implementation in make. This internal
implementation needs the __alloca symbol that glibc does not define.

Add upstream patch that adds support for _GNU_GLOB_INTERFACE_VERSION 2.

Add host-pkgconf dependency for the PKG_CHECK_MODULES macro. This macro
is only used for guile, which we currently disable unconditionally. So
host-pkgconf is only needed now so that autoreconf generates a valid
configure script.

Fixes:
http://autobuild.buildroot.net/results/8ff/8ff06ad8438cfcac85577b24675dd1d66f7d3d03/
http://autobuild.buildroot.net/results/5cc/5ccee6bb332e800e81052a3094746edde83403b1/
http://autobuild.buildroot.net/results/841/8418f5ed56dacd6900946e7d56ad36ad03c7bf7e/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 15:16:46 +01:00
Yann E. MORIN
7fb6e78254 core/instrumentation: shave minutes off the build time
As part of the build, we run some instrumentation hooks to gather
statistics about the usage of the target/, staging/ and host/
directories, so that we can generate reports for the user, that
shows:
  - for each file, what package installed it,
  - for each package,the size that it installed.

In so doing, we run a double md5 pass on all files of the affected
directories (before/after installation).  These passes were mostly invisible
when we were only scanning target/, but has greatly increased in time now
that we also scan staging/ and host/ (but only in the corresponding _CMDS,
of course).

This md5 was mostly aimed at catching packages that would "cheat" with
mtime/atime/ctime somehow. They can't really cheat on md5, though [0].

Timings however speak for themselves, with this defconfig (slightly
biggish-but-still-manageable build) [1].

host/      20965 files    1.2GiB
staging/    4715 files    333MiB
target/     1801 files     44MiB

All instrumentation steps, using md5:    19min 27s
All instrumentation steps, using mtime:  14min 45s
No instrumentation step at all:          14min 31s

So, using mtime is an almost-5min improvement, i.e. about 25% faster,
while removing all instrumentation steps does not gain that much more...

So, we switch to using mtime, because in the end that's still good-enough
for our use-case: generating some graphs.  It is not mission-critical, and
if a graph is slightly off, that's not a biggy.  It can anyway be attributed
to a broken package's buildsystem, which should get fixed.

However, we lose the ability to track directories. Non-empty directories
can be tracked back by a bit of scripting, but empty directories are
simply not caught. If we were to also look for directories using mtime,
we would catch parents of installed files:

  - /foo/bar/ exists
  - a package installs /foo/bar/buz
  - mtime of /foo/bar/ is changed to account for the new file in it.

So we do not track directories at all, and we lose empty directories.
The existing tracking was mostly happenstance, with the original
submission and comments not really accounting for a real use-case.

Now, we also change the way we handle symlinks. Previously, we would
hash the file pointed to by the symlink. Now, we only look at the mtime
of the symlink itself, which still detects modifications.

Eventually, this also means that we now no longer need to establish a
list before the install step; we can now simply run after the install
step, finding any files newer than the build stamp.

[0] Yeah, md5 is very weak, but we're not guarding against malicious
attacks, just about careless modifications.

[1] defconfig used for tests:
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_SYSTEMD=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_ETNAVIV=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VC4=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_VIRGL=y
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OSMESA=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_SYSTEMD_JOURNAL_GATEWAY=y
BR2_PACKAGE_SYSTEMD_BACKLIGHT=y
BR2_PACKAGE_SYSTEMD_BINFMT=y
BR2_PACKAGE_SYSTEMD_COREDUMP=y
BR2_PACKAGE_SYSTEMD_FIRSTBOOT=y
BR2_PACKAGE_SYSTEMD_HIBERNATE=y
BR2_PACKAGE_SYSTEMD_IMPORTD=y
BR2_PACKAGE_SYSTEMD_LOCALED=y
BR2_PACKAGE_SYSTEMD_LOGIND=y
BR2_PACKAGE_SYSTEMD_MACHINED=y
BR2_PACKAGE_SYSTEMD_POLKIT=y
BR2_PACKAGE_SYSTEMD_QUOTACHECK=y
BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
BR2_PACKAGE_SYSTEMD_RFKILL=y
BR2_PACKAGE_SYSTEMD_SMACK_SUPPORT=y
BR2_PACKAGE_SYSTEMD_SYSUSERS=y
BR2_PACKAGE_SYSTEMD_VCONSOLE=y

[Peter: tweak commit message, use find -type l]
Reported-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 16:46:43 +01:00
Peter Korsgaard
eca03d6774 libvorbis: security bump to version 1.3.6
Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 11:43:01 +01:00
Romain Naour
b71a4e2067 package/enlightenment: install to staging
enlightenment provide enlightenment.pc and some shared libraries.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:56:01 +01:00
Romain Naour
47c7a8c2b3 package/enlightenment: add xkeyboard-config optional dependency
The meson build systemd is checking for xkeyboard-config optional
dependency but there is no option to handle it.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:55:17 +01:00
Romain Naour
438041c365 package/x11r7/xkeyboard-config: install to staging
enlightenment doesn't detect xkeyboard-config since it's missing
from staging.

Fixes:
Dependency xkeyboard-config found: NO

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:54:44 +01:00
Romain Naour
13796a1c0a package/enlightenment: bump to 0.22.2
See https://www.enlightenment.org/news/e0.22.2_release

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:39:34 +01:00
Romain Naour
b582d137a1 package/enlightenment: fix meson warning
--disable-rpath was added by m4/lib-link.m4 with autotools based
buildsystem. Now we use meson, we don't have such option anymore.

The autotools eet-eet and eldbus_codegen options are named respectively
eet and eldbus-codegen with meson.

Fixes:
WARNING: Unknown command line options: "eet-eet, eldbus_codegen, rpath"

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:38:57 +01:00
Romain Naour
e5607fc4dd package/efl: bump to 1.20.7
See https://www.enlightenment.org/news/efl-1.20.7

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:36:47 +01:00
Francois Perrad
66a978d15e configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-17 09:35:28 +01:00
Baruch Siach
4d3448b099 xfsprogs: fix build with musl
Add two patches to fix missing header files that trigger build failure
with musl libc.

Fixes:
http://autobuild.buildroot.net/results/a39/a3989394aba0bd3a52146e2a5e6b87b586efb6c6/
http://autobuild.buildroot.net/results/b3b/b3b3c06ea565125bf9f9ad2ebc16bb21f6c7228f/
http://autobuild.buildroot.net/results/223/2238475d2c21c65960a56f86a08fe35d1021080f/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 22:02:12 +01:00
Fabio Estevam
81c28e83ce linux-headers: bump 4.{14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 22:00:50 +01:00
Fabio Estevam
2f55ca3a95 linux: bump default to version 4.15.10
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 22:00:32 +01:00
Adam Duskett
710976e748 libwebsockets: bump to v2.4.2
Also add hash for license.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 10:35:36 +01:00
Jörg Krause
faf31a87f4 bluez5_utils: bump to version 5.49
Drop musl patch, which is not necessary anymore as netinet vs linux
header clash is fixed.

Also add hash for the license files.

musl build successfully tested with:
 * armv7-eabihf--musl--stable-2017.05-toolchains-1-1
   (GCC 5.4.0, Linux headers 3.10.105, musl 1.1.16)
 * armv7-eabihf--musl--bleeding-edge-2018.02-1
   (GCC 7.3.0, Linux headers 4.9.80, musl 1.1.18)

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 10:35:16 +01:00
Peter Korsgaard
b67b65b3ba intel-microcode: bump to version 20180312
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 10:34:42 +01:00
Baruch Siach
bf3476e5b1 libcurl: security bump to version 7.59.0
CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.

https://curl.haxx.se/docs/adv_2018-9cd6.html

CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.

https://curl.haxx.se/docs/adv_2018-97a2.html

CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.

https://curl.haxx.se/docs/adv_2018-b047.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-16 10:34:28 +01:00
Jan Kundrát
dbeb43e976 package/busybox: Unbreak the tar implementation
The `tar` implementation in Busybox 1.28.0 and 1.28.1 won't extract a
rootfs with some symlinks that appear to look "dangerous". This
completely (and silently!) breaks on-target updates via RAUC for me, for
example.

In the meanwhile, upstream already reverted the commit in question
(in their commit a84db18fc71d09e801df0ebca048d82e90b32c6a), so this
patch simply applies that revert in Buildroot. The fix has not made it
to a release, yet.

Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Bug: https://bugs.busybox.net/show_bug.cgi?id=8411
Bug: https://github.com/rauc/rauc/issues/249
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-14 20:15:22 +01:00
Peter Korsgaard
32d2de2a6f pkg-virtual.mk: explicitly set <pkg>_VERSION / _SOURCE for robustness
Recently a build failure was reported which was traced back to to the fact
that the user had a TOOLCHAIN_VERSION environment variable set which leads
to a strange looking error message:

toolchain/toolchain/toolchain.mk:40: *** TOOLCHAIN_SITE cannot be empty when
TOOLCHAIN_SOURCE is not.  Stop.

Environment variables automatically gets converted to make variables by GNU
make - E.G. from the manual
(https://www.gnu.org/software/make/manual/html_node/Environment.html):

Variables in make can come from the environment in which make is run.  Every
environment variable that make sees when it starts up is transformed into a
make variable with the same name and value

So we end up in make with TOOLCHAIN_VERSION set to the value of the
environment variable.  As virtual packages do not have a version, there is
no explicit TOOLCHAIN_VERSION = ..  line in toolchain.mk overriding this
value, and the logic in package/pkg-generic.mk sets a default value for
TOOLCHAIN_SOURCE when TOOLCHAIN_VERSION is set, and finally errors out as
TOOLCHAIN_SITE isn't set.

As a workaround, explicitly set <pkg>_VERSION and <pkg>_SOURCE to the empty
string in the virtual package infrastructure.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-14 08:39:12 +01:00
Adam Duskett
ed0d9d6f36 libpjsip: security bump to 2.7.2
Fixes the following vulnerabilities:

- CVE-2018-1000098: Crash when parsing SDP with an invalid media format
  description

- CVE-2018-1000099: Crash when receiving SDP with invalid fmtp attribute

[Peter: add CVE info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-13 23:27:14 +01:00
Ricardo Martincoski
9324167b80 .flake8: ignore utils/diffconfig
This script comes from the kernel source, so ignore any code style
warnings for it in order to keep it as close as possible to the original
one, making synchronization between repos easier.

The option --exclude for flake8/pycodestyle is an absolute list and has
a default, so ideally the default values should be added too.
But the use cases for flake8 in the tree are:
 - when developing a new script or changing an existing one, the
   developer calls flake8 only on that script;
 - in the GitLab job, a list of all Python files to be tested is created
   and then passed to flake8.
None of these involve calling 'flake8' without parameters, so don't care
about adding the default value.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-13 22:37:54 +01:00
Ricardo Martincoski
14aa15a5a5 support/dockerfile: install flake8
Use the latest version of the tool because it is actively maintained.
But use a fixed version of the tool and its dependencies to get stable
results. It can be manually bumped from time to time.

Before installing any Python packages, ensure pip, setuptools, and wheel
are up to date as recommended in the docs [1].

[1] https://packaging.python.org/tutorials/installing-packages/

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-13 22:32:36 +01:00