Commit Graph

39827 Commits

Author SHA1 Message Date
Thomas Petazzoni
53e1b22253 package/docker-proxy: convert to golang infrastructure
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: remove automatically added host-go dependency]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Angelo Compagnucci
2dccb4f2fe package/docker-containerd: convert to golang infrastructure
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Angelo Compagnucci
30063d57d3 package/runc: convert to golang infrastructure
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Angelo Compagnucci
96dafedce8 package/flannel: convert to golang infrastructure
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Angelo Compagnucci
12ae882bf6 docs/manual: add documentation for the golang infrastructure
This patch adds the documentation for the golang infrastructure.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Angelo Compagnucci
048b06ed3e package/pkg-golang: new package infrastructure
This patch adds a new infrastructure for golang based packages.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout:
 - Rewrap comments to 80 columns.
 - Create a global definition of GO_TARGET_ENV.
 - <PKG>_GO_ENV is appended to the default env instead of replacing it.
 - Add a note to inner-golang-package that only target is supported.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Thomas Petazzoni
e8257a8f09 docker-containerd: remove symlink to $(RUNC_SRCDIR)
The DOCKER_CONTAINERD_CONFIGURE_CMDS creates a symlink to runc's
source directory, but it does not build depend on runc, which means
that the runc package may not have been extracted/built before
docker-containerd.

Therefore, when doing a build with "make docker-containerd", this
symbolic link is broken, but it doesn't prevent docker-containerd from
building.

Therefore, this symlink is not necessary and can be dropped.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 19:57:31 +02:00
Arnout Vandecappelle (Essensium/Mind)
91b4a4525b Makefile: create symlink to non-default HOST_DIR
If BR2_HOST_DIR is not the default, it can be difficult to find the
host directory (i.e., HOST_DIR always has to be passed explicitly in
addition to the output directory). For example, the Eclipse plugin
assumes that HOST_DIR=BASE_DIR/host.

Create a symlink from $(BASE_DIR)/host to $(HOST_DIR) if it is not the
default. Also remove it in the clean target.

When BR2_HOST_DIR is the default, HOST_DIR_SYMLINK will be empty so
there will be no additional dependency to dirs and nothing to remove
in clean.

Fixes https://bugs.busybox.net/show_bug.cgi?id=10151

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 18:57:21 +02:00
Arnout Vandecappelle (Essensium/Mind)
ca9a0b2515 Makefile: move mkdir rule to after HOST_DIR is defined
HOST_DIR is defined twice: once to its default value before .config is
included, and once more to BR2_HOST_DIR after .config is included.
However, the rule that defines the mkdir for HOST_DIR comes between
these two, so it will always use the default definition. Therefore,
if a non-default BR2_HOST_DIR is used, there will be no rule to create
that directory, while the dirs target depends on it.

This happens to work at the moment, because in the dirs target,
$(STAGING_DIR) comes before $(HOST_DIR), so $(HOST_DIR) will be created
implicitly. However, this will fail in top-level parallel builds where
both will be created in parallel.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 18:57:21 +02:00
Jaap Crezee
34b62af1e0 python-libusb1: new package
License info from PyPI is wrong: it is LGPL-2.1+, not GPL-2.0. The
package includes a COPYING file with GPL-2.0, but since it is really
LGPL-2.1+ only the COPYING.LESSER file is relevant.

Signed-off-by: Jaap Crezee <jaap@jcz.nl>
[Arnout: regenerate with scanpypi, fix legal info]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 17:33:34 +02:00
Thomas Petazzoni
0866a280e4 utils/genrandconfig: use --no-check-certificate in wget by default
A number of autobuilder failures are due to the fact that autobuilder
instances use old distributions, with old SSL certificates, and
therefore wget aborts with an error "The certificate of `xyz.org' is
not trusted.".

In order to avoid such failures that are not very interesting in the
context of the autobuilders, we pass --no-check-certificate to
wget. The integrity of the downloaded files is anyway verified by the
hashes, and this is only meant to be used in the context of
testing/CI, not in production.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 17:17:51 +02:00
Peter Korsgaard
7f02604553 nodejs: security bump to version 8.11.1
Fixes the following security issues:

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
  website could use a DNS rebinding attack to trick a web browser to bypass
  same-origin-policy checks and allow HTTP connections to localhost or to
  hosts on the local network, potentially to an open inspector port as a
  debugger, therefore gaining full code execution access.  The inspector now
  only allows connections that have a browser Host value of localhost or
  localhost6.

- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths could
  be used to cause a denial of service if an attacker were able to have a
  specially crafted path string passed through one of the impacted 'path'
  module functions.

- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
  Node.js HTTP parser allowed for spaces inside Content-Length header
  values.  Such values now lead to rejected connections in the same way as
  non-numeric values.

While we are at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 17:09:42 +02:00
Romain Naour
c03d5395a1 package/zsh: remove busybox show others dependency
Back in 2013, zsh was added to Buildroot [1] with the dependency on
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS. This dependency was keept with the
refactoring [2].
But Busybox doesn't provide a zsh shell in the firt place.
This dependency can be removed.

[1] 3d19b7ef59
[2] 1dbd7b9910

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Phil Eichinger <phil.eichinger@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 17:09:31 +02:00
André Hentschel
39d5d9ad65 squid: add optional dependency on libkrb5
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 16:13:39 +02:00
André Hentschel
7ae94b51ed libkrb5: new package
Signed-off-by: André Hentschel <nerv@dawncrow.de>
[Thomas:
 - remove LIBKRB5_VERSION_MAJOR
 - minor tweaks to commit title and Config.in help text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 16:13:39 +02:00
Evgeniy Didin
7f430a4e87 board: add support for ARC HS Development Kit (HSDK)
Synopsys DesignWare HSDK (which stands for ARC HS
Development Kit) is the latest and greatest development
platform that sports quad-core ARC HS38 in real silicon.

Most noticeable features of the board are:
 * Quad-core ARC HS38 CPU running at 1GHz
 * 4Gb of DDR
 * Built-in Vivante GPU (well supported via open source
   Etnaviv drivers)
 * Built-in Wi-Fi/Bluetooth module (RedPine RS-9113)

And as usual we have:
 * [micro] SD-card slot
 * 2 USB 2.0 ports
 * 1Gbit Ethernet port
 * Built-in Digilent JTAG probe
 * Serial port accessible via micro-USB port

Writing sdcard.img on SDcard creates two partitions:
 * FAT32 with uImage and uboot.env
 * EXT4 with root filesystem

We modify kernel config because in default hsdk kernel config
CONFIG_INITRAMFS_SOURCE parameter is set and when we build
rootfs separately (BR2_TARGET_ROOTFS_INITRAMFS is not set)
error appears. Also we set up CONFIG_ARC_UBOOT_SUPPORT which
enables usage of uboot variables in the boot process.

[Peter: Fix comments and rename defconfig to snps_archs38_hsdk_defconfig,
	Add defconfig to DEVELOPERS and fixup board/synopsys entry,
	Drop postimage script, rename env file in genimage.cfg and drop size
	setting for rootfs partition,
	Add "" for CONFIG_INITRAMFS_SOURCE in linux fragment]
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: arc-buildroot@synopsys.com
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 16:04:39 +02:00
Bernd Kuhls
d83eacaaa8 package/x11r7/xserver_xorg-server: add sysv init script
We need ":0.0 vt01" to make sure Xorg finds the correct terminal.

Quoting https://www.x.org/archive/X11R6.8.0/doc/Xorg.1.html

-allowMouseOpenFail
    Allow the server to start up even if the mouse device can't be
    opened or initialised.

We need this option in case BR2_PACKAGE_XDRIVER_XF86_INPUT_MOUSE was
not enabled.

-noreset
    prevents a server reset when the last client connection is closed.

We need this option to prevent auto-close of Xorg.

Tested with a qemu image and Kodi.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Arnout: copy an abbreviate version of the explanation above to the
         script.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 15:56:31 +02:00
Yann E. MORIN
5563a1c6a4 support/check-uniq-files: support weird locales and filenames
Currently, when a filename contains characters not representable in the
user's locale, we fail hard, especially when the host python is python3.

This is because python2 and python3 handle encoding/decoding strings
differently, with python3 presumable doing the right thing, but it
breaks on some systems, while python2 presumable does the wrong thing,
but it works everywhere. (Just joking, obviously...)

Part of the issue being that the csv reader in python2 is broken with
UTF8.

We fix the issue by ditching the csv reader, and simply read the file in
binary mode, manually partitioning the lines on the first comma.

Then, we use the binary-encoded (really, un-encoded) package names and
filenames as values and keys, respectively.

Finally, for each filename or package we need to print, we try to decode
them with the defaults for the user settings, but catch any decoding
exception and fall back to dumping the raw, binary values. Which codec
is used by default differs between Python version, but in all cases
something sane is printed at least.

Thanks a lot to Arnout for the live help doing this patch. :-)

Reported-by: Jaap Crezee <jaap@jcz.nl>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jaap Crezee <jaap@jcz.nl>
[Arnout: commit log improvement]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 15:32:00 +02:00
Yves Deweerdt
650818fb3a configs/raspberrypi0w_defconfig: new defconfig for Raspberry Pi Zero W
Up to now, Raspberry Pi Zero W (rpi0w) could be built with the normal
raspberrypi0_defconfig. However, then you don't have support for the
Bluetooth out-of-the-box, which makes using a W a bit pointless.

Therefore, create a separate defconfig for the W. It is a copy of
raspberrypi0_defconfig with the following changes:
 - Add DT overlays (from rpi-firmware) to support Bluetooth.
 - Pass --add-pi3-miniuart-bt-overlay to post-image.sh.

Since there is now a separate raspberrypi0w_defconfig, the W support
can be removed from raspberrypi0_defconfig.

Signed-off-by: Yves Deweerdt <yves.deweerdt.linux@gmail.com>
[Arnout:
 - Bump to same kernel version as raspberrypi0.
 - Remove redundant comment.
 - Remove redundant default BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS=y.
 - Improve commit log.
 - Refresh .gitlab-ci.yml.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-03-31 12:31:32 +02:00
Yann E. MORIN
5966e2dc54 package/openocd: fix fallout after no-C++ fixups
Commit 4cd1ab158 (core: alternate solution to disable C++) made use of a
non-existent 'no' binary when C++ is not available in the toolchain.

However, some packages, like jimtcl as bundled in opeocd, really want to
find the binary that $CXX contains.

Revert openocd to use 'false' instead of 'no'.

Fixes:
    http://autobuild.buildroot.org/results/cbd/cbd5ab97fb0659968ff628461130627cf1745955/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 09:26:19 +02:00
Yann E. MORIN
9feb6d982d package/jimtcl: fix fallout after no-C++ fixups
Commit 4cd1ab158 (core: alternate solution to disable C++) made use of a
non-existent 'no' binary when C++ is not available in the toolchain.

However, some packages, like jimtcl, really want to find the binary that
$CXX contains.

Revert jimtcl to use 'false' instead of 'no'.

Fixes:
    http://autobuild.buildroot.org/results/54f/54f3df03551fbdf293d33dc1e3f08005faa15321/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 09:25:51 +02:00
Baruch Siach
badff5f483 picocom: bump to version 3.1
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 09:24:39 +02:00
Adrian Perez de Castro
0ceb847af5 woff2: fix static builds
Include a patch to make CMake correctly find the Brotli libraries when
they have been built as static libraries.

Fixes:
- http://autobuild.buildroot.net/results/f1c4b5aeb12af7b7a3e8ae01c219004ecd9befd6/
- http://autobuild.buildroot.net/results/74d20ff38766466623cc4a9eb18afcda831bc20b/

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 09:05:24 +02:00
Adrian Perez de Castro
557cd845b2 brotli: fix building of static libraries
Include a patch to make CMake honor the BUILD_SHARED_LIBS which
Buildroot sets to choose the kind of libraries to build.

Fixes:
- http://autobuild.buildroot.net/results/f1c4b5aeb12af7b7a3e8ae01c219004ecd9befd6/
- http://autobuild.buildroot.net/results/74d20ff38766466623cc4a9eb18afcda831bc20b/

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 08:58:26 +02:00
Thomas Petazzoni
0e4de0f2db support/config-fragments/autobuild: fix SSP in br-nios2-glibc
Commit c868095681 ("toolchain: fix
detection of SSP support") fixed the SSP check so that it does the
correct thing for nios2 toolchains. While this commit fixed the
description of the Sourcery NIOSII toolchain, it didn't fix the
description for the autobuilders of the br-nios2-glibc toolchain,
causing some build failures. This commit adjusts br-nios2-glibc.config
to indicate that the toolchain doesn't have SSP support.

Fixes:

  http://autobuild.buildroot.net/results/6c44e328b7bffd8474d29d5bdf1ea109ec15f4ad/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 08:49:14 +02:00
Fabrice Fontaine
9b224e6c20 ncmpc: bump to version 0.29
Since version 0.28 ncmpc only supports the meson build.
Therefore, adapt to package infrastructure according to the user manual.

Add a hash for the license file.

Add a nmpc entry for myself in DEVELOPERS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-31 08:49:14 +02:00
Peter Korsgaard
205b786376 docker-compose: bump version to 1.20.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 08:13:03 +02:00
Peter Korsgaard
d8151145f2 python-docker: bump version to 3.1.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 08:12:57 +02:00
Rahul Bedarkar
9b2f6548f8 zstd: fix legal info
zstd is dual licensed under BSD-3-Clause or GPL-2.0 as per README.md
and source files license header.

Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 22:02:03 +02:00
Thomas Petazzoni
a86b2523a0 utils/genrandconfig: adjust to core-dependencies removal
In commit ea9669fffa ("core: kill
DEPENDENCIES_HOST_PREREQ"), the core-dependencies make target was
removed, and is now named just "dependencies".

This broke the utils/genrandconfig script, and this commit intends to
fix that.

Since this script is part of the Buildroot tree, it is provided
together with Buildroot, so we don't need to support the legacy
core-dependencies target. Someone checking out an older Buildroot will
have a working setup, with support/dependencies exposing
core-dependencies and utils/genrandconfig using core-dependencies. The
only broken situation will be between
ea9669fffa and this commit, but that's
not a sufficient reason to add some backward compatibility code.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-30 22:00:08 +02:00
Rahul Bedarkar
543261cd53 opus-tools: update license
As per COPYING file, opusinfo is licensed under GPL version 2.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:48:18 +02:00
Rahul Bedarkar
5ccd6958d5 opus-tools: add hash for license file
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:47:38 +02:00
Rahul Bedarkar
4308f0c850 opusfile: add hash for license file
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:45:50 +02:00
Rahul Bedarkar
6911750391 opus: add hash for license file
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:43:31 +02:00
Peter Korsgaard
0ccab9b0ed libnss: bump version to 3.35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:43:22 +02:00
Peter Korsgaard
fb521b5d45 libnspr: bump version to 4.19
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:43:20 +02:00
Yann E. MORIN
4cd1ab1588 core: alternate solution to disable C++
Some packages that use libtool really need some love to be able to
disable C++ support.

This is because libtool will want to call AC_PROG_CXXCPP as soon as CXX
is set non-empty to something different from 'no'. Then, AC_PROG_CXXCPP
will want a C++ preprocessor that works on valid input *and* fail on
invalid input.

So, providing 'false' as the C++ compiler will then require that we do
have a working C++ preprocessor. Which is totally counter-productive
since we do not have a C++ compiler to start with...

bd39d11d2e (core/infra: fix build on toolchain without C++) was a
previous attempt at fixing this, by using the host's C++ preprocessor.

However, that is very incorrect (that's my code, I can say so!) because
the set of defines will most probably be different for the host and the
target, thus causing all sorts of trouble. For example, on ARM we'd have
to include different headers for soft-float vs hard-float, which is
decided based on a macro, which is not defined for x86, and thus may
redirect to the wrong (and missing) header.

Instead, we notice that libtool uses the magic value 'no' to decide that
a C++ compiler is not available, in which case it skips the call to
AC_PROG_CXXCPP.

Given that 'no' is not provided by any package in Debian and
derivatives, as well as in Fedora, we can assume that no system will
have an executable called 'no'. Hence, we use that as a magic value to
disable C++ detection altogether.

Fixes: #10846 (again)

Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Damien Riegel <damien.riegel@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 14:22:49 +02:00
Bernd Kuhls
599e839925 package/dovecot-pigeonhole: bump version to 0.5.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 13:12:42 +02:00
Bernd Kuhls
0a4d16698d package/dovecot: bump version to 2.3.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 13:12:32 +02:00
Baruch Siach
5af41088a4 libunistring: bump to version 0.9.9
Drop --{enable,disable}-threads; threading support is detected
automatically.

Add GPLv3 license file.

Add license files hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 10:55:09 +02:00
Peter Korsgaard
94e906cece busybox: bump version to 1.28.2
Drop 0003-tar-unzip-postpone-creation-of-symlinks-with-suspici.patch now upstream.

>From the release notes:

Bug fix release.  1.28.2 has fixes for tcpsvd (fixed fallout from
opt_complementary removal), udhcpd (do not ignore SIGTERM), tar and unzip
(reverted to previous, more permissive symlink handling), ssl_client (fixed
option parsing).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 10:53:28 +02:00
Baruch Siach
be824409c4 libsigsegv: bump to version 2.12
Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 08:32:28 +02:00
Jörg Krause
6aa2bfd87f bash: bump to version 4.4.18
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 08:30:51 +02:00
Joshua Henderson
9427b63e10 configs/atmel: bump to linux4sam_5.8
Bump at91sam9x5ek, atmel_sama5d27_som1_ek, atmel_sama5d2_xplained,
atmel_sama5d3_xplained, and atmel_sama5d4_xplained all variants to
linux4sam_5.8. The 3 foundation components have their tags changed
(AT91Bootstrap, U-Boot, Linux kernel).

at91bootstrap 3.8.10 is required to support gcc7.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 08:28:07 +02:00
Peter Korsgaard
6938c219d8 libopenssl: security bump to version 1.0.2o
Fixes the following security issues:

Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739)

Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion.  This could result in a Denial Of Service attack.
There are no such structures used within SSL/TLS that come from untrusted
sources so this is considered safe.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte.  This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme.  The module can only be compiled by the HP-UX
assembler, so that only HP-UX PA-RISC targets are affected.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

This issue has been reported in a previous OpenSSL security advisory and a
fix was provided for OpenSSL 1.0.2.  Due to the low severity no fix was
released at that time for OpenSSL 1.1.0.  The fix is now available in
OpenSSL 1.1.0h.

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli.  No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline.  The amount of resources required for such an attack would be
significant.  However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

For more details, see https://www.openssl.org/news/secadv/20180327.txt

The copyright year changed in LICENSE, so adjust the hash to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 08:27:00 +02:00
Peter Korsgaard
28dd2f2896 e2fsprogs: bump to version 1.44.1
From the release notes (https://lwn.net/Articles/750103/):

E2fsprogs 1.44.0 introduced a regression introduced which caused e2fsck
to fail to support HTree directories on big-endian systems.  Fix how we
read block numbers for internal htree nodes.

Removed a potential memory leak from fsck.

E2image now correctly creates e2image files for bigalloc file systems.

Dumpe2fs and debugfs now correctly support e2image files for file
systems that have the meta_bg option enabled.

E2fsck and debugfs now correctly handle delete inodes (including
processing the orphaned inode list in the case of e2fsck) for bigalloc
file systems.  (Addresses Google Bug: #73795618)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-29 21:20:55 +02:00
Peter Korsgaard
ae7d59eaae sngrep: fix libgcrypt handling
Fixes:
http://autobuild.buildroot.net/results/f1c6494133806b9fc26ae3ce9e9c6a22fa2eda6f/

Commit 6205b75873 (sngrep: gnutls support also needs libgcrypt) ensured
that --with-gnutls is only used when both gnutls and libgcrypt are enabled,
but it didn't ensure libgcrypt gets built before sngrep or told the
configure script where to find libgcrypt-config, breaking the build.

Fix both issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-29 21:19:54 +02:00
Baruch Siach
22e27da265 gawk: bump to version 4.2.1
Enable static build. gawk builds statically just fine. The shared
library check has been removed in 4.1.1.

Remove the symlink force hunk from the no-versioned patch. The only user
of LN is in the part that this patch disables.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-29 18:11:07 +02:00
Bernd Kuhls
19e983a954 package/php: security bump to version 7.2.4
Fixes https://bugs.php.net/bug.php?id=75605, no CVE-ID yet.

Removed patch 0008, applied upstream. Re-numbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-29 18:09:48 +02:00
Baruch Siach
ec848f899d time: bump to version 1.9
Fix seed variable name for the wait3 system call AC_TRY_RUN test.

Remove manual installation; not needed anymore.

Cc: Will Newton <will.newton@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-29 16:06:14 +02:00