Commit Graph

44733 Commits

Author SHA1 Message Date
Bernd Kuhls
59f9971694 package/samba4: security bump to version 4.9.5
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html

Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7d67faac5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:23:19 +01:00
Fabrice Fontaine
3d0ad9cc82 package/gerbera: fix static build with curl and libidn2
Fixes:
 - http://autobuild.buildroot.org/results/be5893b507d22a23951efeea20c18642742cef5a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7553b6ad23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:20:53 +01:00
Fabrice Fontaine
1d7ca92535 package/beecrypt: fix build without C++
Do not check for C++ compiler as C++ support has been disabled since
commit dd4d3c18d6 otherwise
build will fail on toolchains without a working C++ compiler:

checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/data/buildroot/buildroot-test/instance-1/output/build/beecrypt-4.2.1':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Fixes:
 - http://autobuild.buildroot.org/results/3c79cc68f1b088ad24daf7f9bd70718d702be577

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6255c81623)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:15:36 +01:00
Norbert Lange
5219bb25bf package/musl: remove rcrt1.o from target installation
rcrt1.o is a new startup for "static-pie" apps, and only needed for
building, should not end up in the target filesystem.

Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de5fef8c04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:13:17 +01:00
Arnout Vandecappelle (Essensium/Mind)
bc31a761c5 linux{, -headers}: support downloads of v5+
With the arrival of linux v5.0, we need yet another condition to set
_SITE correctly. Instead of continuing this madness, solve the problem
generically: use v2.6 for 2.6.*, and use the number before the first dot
in the other cases.

While we're at it, remove the comment which has been incorrect since
80d7b68167 (7 years ago).

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Adam Duskett <aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4ed7246a59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:46:10 +01:00
Arnout Vandecappelle (Essensium/Mind)
7d0322fe3c package/linux-headers: fix support for -rc kernels
-rc kernels after v3.x are no longer available in the testing
subdirectory. Instead they should be fetched from cgit.

Commit ff4cccbdcf did this for linux
itself, now we also do it for linux-headers.

When fetched from cgit, .tar.xz can't be used. Adding this to the
existing condition is not so simple, so refactor how _SOURCE is set:
simply set it explicitly in each branch of the condition. While more
verbose (it is repeated 4 times), it's easier to understand and to
maintain.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b94e8dcb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:41:26 +01:00
Baruch Siach
d902c871d4 package/libpcap: disable dbus to break circular dependency
The optional dbus dependency of libpcap creates a circular dependency
chain:

$ make libpcap-show-recursive-depends

Recursion detected for  : systemd
which is a dependency of: dbus
which is a dependency of: libpcap
which is a dependency of: iptables
which is a dependency of: systemd
make: *** [package/libpcap/libpcap.mk:55: libpcap-show-recursive-depends] Error 1

Of all these dependencies the one of libpcap on dbus seems to be less
useful. Drop it.

Fixes:
http://autobuild.buildroot.net/results/0b5d18bff816cbcee11e8645449701722d956de5/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b01d463c14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:39:23 +01:00
Bernd Kuhls
48b328c195 package/x11r7/xapp_xdm: security bump to version 1.1.12
Fixes CVE-2013-2179.

Release notes:
https://lists.x.org/archives/xorg-announce/2019-March/002959.html

Added all license hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2776484107)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:23:31 +01:00
Artem Panfilov
853cff9679 package/avahi: add upstream security fix
Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.

Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e17adf1c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:20:59 +01:00
Peter Korsgaard
5c38c2ea3d package/bash: add upstream patches up to patch level 23
We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:

j=1; for i in 19 20 21 22 23; do
    file=$(printf '%04d-patch44-0%d.patch' $j $i)
    cat > $file << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

EOF
    curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
        sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> $file

    j=$(( j + 1 ))
done

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 87a8f5f51c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:20:07 +01:00
Adrien Gallouët
14d2b53d41 package/kexec: update to 2.0.18
This release fixes the following issue with new kernels:

kexec --load bzImage --reuse-cmdline
Unhandled rela relocation: R_X86_64_PLT32

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 254384e769)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:18:06 +01:00
Artem Senichev
272a6677ff package/kexec: enable powerpc64le platforms
kexec has fully support of ppc64 platform:
https://www.kernel.org/doc/Documentation/kdump/kdump.txt

Signed-off-by: Artem Senichev <artemsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46a4af5214)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:18:00 +01:00
Fabrice Fontaine
8c16591d89 package/libdrm: amdgpu needs MMU
amdgpu test uses fork() so disable amdgpu without MMU

Fixes:
 - http://autobuild.buildroot.org/results/8d6194982c1080e173fcef8212fb06e6dc275d58

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9972dc2e82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 20:11:02 +01:00
Christian Stewart
af99ecabd5 package/go: set GOCACHE to a host path
Set the GOCACHE environment variable properly.

It was previously unset, and defaults to $HOME/.cache/go-build.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3909423f1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 19:00:22 +01:00
Peter Korsgaard
e3404b10ba package/openjpeg: security bump to latest git version
Current git contains fixes for a number of post-2.3.0 security issues:

git shortlog --no-merges -i --grep cve --grep overflow --grep zero v2.3.0..
Even Rouault (2):
      Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions.
      color_apply_icc_profile: avoid potential heap buffer overflow

Hugo Lefeuvre (4):
      convertbmp: fix issues with zero bitmasks
      jp3d/jpwl convert: fix write stack buffer overflow
      jp2: convert: fix null pointer dereference
      convertbmp: detect invalid file dimensions early

Karol Babioch (2):
      jp3d: Replace sprintf() by snprintf() in volumetobin()
      opj_mj2_extract: Check provided output prefix for length

Stefan Weil (1):
      Fix some potential overflow issues (#1161)

Young_X (5):
      [MJ2] To avoid divisions by zero / undefined behaviour on shift
      [JPWL] fix CVE-2018-16375
      [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
      [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
      [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423

ichlubna (1):
      openjp3d: Int overflow fixed (#1159)

setharnold (1):
      fix unchecked integer multiplication overflow

Drop now upstreamed 0004-install-static-lib.patch.

Add a hash for the LICENSE file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5e8c81875)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 18:55:53 +01:00
Peter Korsgaard
a22fc3a0eb package/mosquitto: bump version to 1.5.8
Bugfix release, fixing a number of issues discovered post-1.5.7

https://mosquitto.org/blog/2019/02/version-1-5-8-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 24cc2eaa33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 18:52:25 +01:00
Peter Korsgaard
99d8c1a07c package/php: security bump to version 7.3.3
php-7.3.3 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://secure.php.net/ChangeLog-7.php#7.3.3

Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b821ae3d63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:38:51 +01:00
Baruch Siach
c19f815add ntp: security bump to version 4.2.8p13
Fixes CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet.

Drop upstream patches.

Update COPYRIGHT file hash; text formatting (line width) changes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ffdc08f04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:36:23 +01:00
Baruch Siach
85c408fcc0 package/file: security bump to version 5.36
CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has
an out-of-bounds read because memcpy is misused.

CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a
stack-based buffer over-read, related to file_printf and file_vprintf.

Update license files hashes; removal of trailing white spaces.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14d6e6df7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:34:01 +01:00
Fabrice Fontaine
5154f90009 package/wireshark: add optional spandsp dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ee772dad7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:32:32 +01:00
Romain Naour
a0134c3606 package/tpm2-abrmd: rename libsapi to libtss2-sys in the help text
libsapi was renamed to libtss2-sys in tpm2-tss library:
5f0ab55d4e

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f297cc033)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:30:35 +01:00
Romain Naour
8854e0f9b0 package/tpm2-tss: rename tpm2-tss libraries in the help text
Since tpm2-tss version 2.0.0, tpm2 libraries have been renamed.

libsapi renamed to libtss2-sys
5f0ab55d4e

libtcti-device renamed to libtss2-tcti-device
libtcti-socket renamed to libtss2-tcti-mssim
b8584accbd

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fb9c137660)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:30:19 +01:00
Fabrice Fontaine
b3399de9e6 package/xen: fix build with gcc 8.1
Fixes:
 - http://autobuild.buildroot.org/results/df5abe6ca8b4c8935f3d5c257aef816190771200

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b2bf1b745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:26:52 +01:00
Fabrice Fontaine
1f04edb23b package/gnuradio: add optional log4cpp dependency
Currently, logger component is enabled if log4cpp is found

Moreover, it should be noted that log4cpp is now mandatory in latest
upstream:
d242896120

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 50e1d12e07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:26:10 +01:00
Fabrice Fontaine
335165f718 package/mongodb: disable on powerpc64
As stated in SConstruct, the altivec runtime test breaks
cross-compilation: "This checks for an altivec optimization we use in
full text search. Different versions of gcc appear to put output bytes
in different parts of the output vector produced by vec_vbpermq.  This
configure check looks to see which format the compiler produces. NOTE:
This breaks cross compiles, as it relies on checking runtime
functionality for the environment we're in."

Fixes:
 - http://autobuild.buildroot.org/results/162198617979a83b66f70ed6013251942ed04d67

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f9fd193141)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:23:17 +01:00
Fabrice Fontaine
5271f2f65c package/mongodb: needs host-python2
mongodb (like gnuradio) needs host-python2 however there is no way to
enforce this so add a dependency on !BR2_PACKAGE_PYTHON3.
Indeed, if BR2_PACKAGE_PYTHON3 is selected, then buildroot will only
build and install host-python-typing for host-python3.

This issue was not raised in the previous version of mongodb as
host-scons was the only dependency however we now have
host-python-typing and host-python-pyyaml dependencies and it
does not seem right to enforce python2 on those packages

Fixes:
 - http://autobuild.buildroot.org/results/693bdba2c01a1b69f56d6ee75094a6a0fc3f40b4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: propagate dependency to Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit bf57446a0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:23:02 +01:00
Fabrice Fontaine
884e3918bf package/log4cplus: add optional qt5 dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: test BR2_PACKAGE_QT5BASE instead of BR2_PACKAGE_QT5, just for
consistency with the package we add to the DEPENDENCIES variable.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit d04b12d19e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:17:48 +01:00
Vadim Kochan
119abfcddd package/sunxi-tools: fix build meminfo with musl
musl does not provide inx/outx API for ARM arch, so use
io memory access via pointers which is actually done this
way in glibc/ulibc.

Fixes:
    http://autobuild.buildroot.net/results/bf10cbe40c0f672c34db72e4eea4c168d5932bd4/

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d12d3969d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 13:22:15 +01:00
Gaël PORTAY
ebe2c9accd qt5webkit: select leveldb package and memenv
This patch fixes the build issue reported by autobuilder [0].

        /home/naourr/work/instance-2/output/build/qt5webkit-5.9.1/Source/WebCore//.obj/platform/leveldb/LevelDBDatabase.o: In function
	`WebCore::LevelDBDatabase::openInMemory(WebCore::LevelDBComparator const*)':
	LevelDBDatabase.cpp.text._ZN7WebCore15LevelDBDatabase12openInMemoryEPKNS_17LevelDBComparatorE+0x34): undefined reference to `leveldb::NewMemEnv(leveldb::Env*)'
        collect2: error: ld returned 1 exit status
        make[3]: *** [Makefile.api:97: ../lib/libQt5WebKit.so.5.9.1]
	Error 1

The issue happens when both packages leveldb and qt5webkit are enabled.

QtWebKit builds its own copy of leveldb [1] (as a third-party) if the
system does not provided it (i.e. buildroot). It builds it differently
and this is the origin of that issue. Instead of using the Makefile
provided by leveldb [2], QtWebKit uses qmake to build that library [3].

The missing symbol issue happens because the symbol leveldb::NewMemEnv
is bundled in the static library libmemenv.a (aside libleveldb.so).
This static library consists of this single symbol which is like an
extra that is built but *NOT* shipped by default at installation in the
staging directory. Unfortunatly, that symbol is required later by
WebCore [4].

The copy built by QtWebKit is an all-in-one library including both
libleveldb and libmemenv; thus QtWebKit links against libleveldb only.
Also, the linker finds the buildroot's copy first (not the third-party):
that explains why it is complaining about a missing symbol. That copy
does not have the symbol leveldb::NewMemEnv.

Fortunatly, QtWebKit provides a facility to link against the system
leveldb package. The qmake flag WEBKIT_CONFIG+=use_system_leveldb tells
Qt5WebKit to link against libleveldb *AND* libmemenv [5].

To fix that issue, this commit selects the package leveldb that now
installs the libmemenv static library and its header. It ensures that
QtWebKit has everything it needs to be built. It also sets the
appropriate qmake configure flags to tell QtWebKit to use the leveldb
copy built by buildroot instead of the bundled one.

[0]: http://autobuild.buildroot.net/results/46033e82adf592c3b92c6d50cfaf45bd58beeaa4
[1]: https://github.com/qt/qtwebkit/tree/5.9/Source/ThirdParty/leveldb
[2]: https://github.com/qt/qtwebkit/blob/5.9/Source/ThirdParty/leveldb/Makefile#L167-L169
[3]: https://github.com/qt/qtwebkit/blob/5.9/Source/ThirdParty/leveldb/Target.pri#L80
[4]: https://github.com/qt/qtwebkit/blob/5.9/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp#L185
[5]: https://github.com/qt/qtwebkit/blob/5.9/Source/WebCore/WebCore.pri#L254
[6]: 739c25100e

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2d7c746ed8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:41:10 +01:00
Gaël PORTAY
a3cf782748 leveldb: generate pic for static libraries
The project's static libraries are not compiled with the -fPIC compiler
flag. This prevents dynamic libraries to link against those libraries.

This commit adds a patch that sets the -fPIC compiler flag to the list of
CFLAGS/CXXFLAGS.

The project now generates position independant code for all of its
outputs (i.e. not limited anymore to its shared libraries).

Fixes:

	/home/gportay/src/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-amd-linux-gnu/6.2.0/../../../../x86_64-amd-linux-gnu/bin/ld: /home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a(memenv.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
	/home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a: error adding symbols: Bad value
	collect2: error: ld returned 1 exit status

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
[Arnout: renumber patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 088f261dbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:40:15 +01:00
Gaël PORTAY
2a4afa77f2 leveldb: install memenv static library and header
The project builds a tiny static library that consists of a single
symbol which creates an in-memory LevelDB database.

That library is not installed by default and may be used by other
projects.

This commit installs in the staging directory the libmemenv.a static
library and the memenv.h header file.

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 16f847340d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:40:01 +01:00
Fabrice Fontaine
5fdc928ab8 package/gst-plugins-bad: remove apexsink support
apexsink does not build with OpenSSL 1.1.x so remove this option
especially because there is no more apexsink option in gstreamer1 (since
version 1.12)

Fixes:
 - http://autobuild.buildroot.org/results/a29e8a8509190fc4b3c419dae2301cf72a601f62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c8421565b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:33:07 +01:00
Abdelmalek Benelouezzane
3b75fc839a package/vsftpd: add patch to fix hang
This fixes a hang due to SIGCHLD not being handled correctly by
vsftpd. The patch comes from fedora and didn't make its way to
upstream yet.

More information about the bug can be found in:
 - https://bugzilla.redhat.com/show_bug.cgi?id=1198259

Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 498dff7ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:30:45 +01:00
Fabrice Fontaine
36d3482e18 package/wireshark: fix build with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/c41d42fe3489bc63c42e7ce7a9eccb1b4ca7b9b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e68fdaf414)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:26:14 +01:00
Fabrice Fontaine
6d7e29d490 package/wireshark: security bump to version 2.6.7
Fixes CVE-2019-9208, CVE-2019-9209 and CVE-2019-9214

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1de1fcb4d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:26:07 +01:00
Fabrice Fontaine
46c5ef2f17 package/gst-plugins-bad: allow static build of zbar plugin
zbar can be built statically since commit
fc4a6abfa6 so remove the dynamic library
dependency from BR2_PACKAGE_GST_PLUGINS_BAD_ZBAR

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ec9b3aec53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:25:43 +01:00
Jared Bents
f66f97c2bc package/busybox: udhcp CVE-2019-5747 patch
Patch to resolve CVE-2019-5747 which affects versions prior
to 1.30.0

More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2019-5747

This applies to both master and 2019.02

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a49e8f34ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:56:33 +01:00
Jared Bents
bcbe323123 package/busybox: udhcp CVE-2018-20679 patch
Patch to resolve CVE-2018-20679 which affects versions prior
to 1.30.0

More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2018-20679

This applies to both master and 2019.02

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d65d1d066b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:53:48 +01:00
Adam Duskett
a70dbdf3a9 package/mender: add missing double quote in service file
There was a missing double quotes that would prevent the service from
starting.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93321e5f16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:47:57 +01:00
Vadim Kochan
3cd71635f7 package/efl: fix build with mesa
efl does not compile with mesa without OpenGL ES because it checks for
GL_ES_VERSION_2_0 and declares own GLintptr and GLsizeiptr types if such
version is not defined, but mesa declares them too for OpenGL version
1.5, so fix it by add check also for OpenGL 1.5 where these types are
defined.

Use patch from:
	https://git.enlightenment.org/core/efl.git/commit/?id=0d2b624f1e24240a1c4e651aa1cfe9a8dd10a573

Fixes:
	http://autobuild.buildroot.net/results/62ca120f1e54e8c3ae445f98b2624b526569f007

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 579dfd9499)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:20:09 +01:00
Peter Korsgaard
920a02f23d docs/website: download.html: correct version number in title
Fixes #11716

Latest release is 2019.02.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 964d525970)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:19:01 +01:00
Fabrice Fontaine
2020d58ce3 package/flashrom: add BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS
Fixes:
 - http://autobuild.buildroot.org/results/22c72369cd5b7a8200bb03564bdc342ed026ccac
 - http://autobuild.buildroot.org/results/ef6869bc40382145fad1079b79107275c4973494
 - http://autobuild.buildroot.org/results/09d857102c469ede1db0bff8aa0dcd82a4001eaf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: change formatting of new option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 10a95d545a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:11:08 +01:00
Fabrice Fontaine
d6c8348cca package/flashrom: fix build on riscv
Fixes:
 - http://autobuild.buildroot.org/results/fb95c22cbe1d19e73f0089103ed6da2f4b3081c8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc366832f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:10:53 +01:00
Fabrice Fontaine
e99a7b8177 package/flashrom: disable on microblaze and xtensa
Fixes:
 - http://autobuild.buildroot.org/results/cdf0fb462eec143ea881d43cdd0c69c86122f66b
 - http://autobuild.buildroot.org/results/df4d9702959b610762e87cf21fac9de62365dae6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 582448032d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:10:38 +01:00
Fabrice Fontaine
746578764e package/flashrom: remove x86 dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c125d445b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:10:26 +01:00
Fabrice Fontaine
8d26ba3429 package/flashrom: libusb is optional, not mandatory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 276ddad9f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:10:13 +01:00
Fabrice Fontaine
e2fb57f537 package/flashrom: libusb-compat is optional, not mandatory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b36054fc7c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:10:05 +01:00
Fabrice Fontaine
a60ccf0f2b package/flashrom: libftdi is optional, not mandatory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13121a1daa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:09:42 +01:00
Fabrice Fontaine
b18be52d41 package/flashrom: pciutils is optional, not mandatory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f317411f33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:09:28 +01:00
Fabrice Fontaine
838e5efae2 package/flashrom: remove dmidecode dependency
flashrom uses its own internal DMI decoder since version 0.9.8 and
4c6d3a4b73

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7edb1e1c29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:09:22 +01:00