Commit Graph

33983 Commits

Author SHA1 Message Date
Martin Kepplinger
211d8a9dce tslib: bump to 1.5
Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 15:01:40 +01:00
Baruch Siach
42eabd7551 ed: security bump to version 1.14.1
Fixes CVE-2017-5357: crash with some malformed commands.

Upstream now provides .tar.lz archive. Add the necessary extract command.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 14:52:24 +01:00
Baruch Siach
ae73226476 quagga: security bump to version 1.1.1
Fixes CVE-2017-5495: Telnet interface input buffer allocates unbounded amounts
of memory, leading to DoS.

Add optional dependency on protobuf-c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 14:51:09 +01:00
Fabio Estevam
010629702a linux-headers: bump 4.{4, 9}.x and 3.18 series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 12:04:05 +01:00
Fabio Estevam
cf2cd2048d linux: bump default to version 4.9.9
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 12:03:58 +01:00
Martin Kepplinger
7794d5f949 Revert "tslib: needs kernel headers 3.12"
This reverts commit 7c60211ce3.

tslib-1.4 removes this dependency.

Add upstream patch that fixes input macros declaration for older kernels.

The ts_uinput tool requires 3.6 headers; disable for older kernels.

Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
[baruch: add tslib patch; disable ts_uinput]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 09:32:09 +01:00
Baruch Siach
bfd317e571 lm-sensors: download from debian snapshot archive
ftp.netroedge.com is (also) down. Download the package from the Debian
snapshot archive.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-09 09:31:25 +01:00
Rahul Bedarkar
5d065ef1da wget: add upstream patch to fix build failure
Fixes:
  http://autobuild.buildroot.net/results/fed/fed53124d43c37629295ddc4cdc371f4dc862860

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-08 15:41:53 +01:00
Peter Korsgaard
54a9495123 bash: add upstream security fixes to patch level 12
Fixes CVE-2017-5932 - Shell code execution on tab completion of specially
crafted files. For details, see the report:

https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf

We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:

for i in 06 07 08 09 10 11 12; do
	cat > bash44-0$i.patch << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

EOF
	curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
		sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch
done

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-08 09:46:13 +01:00
Baruch Siach
a1071d7169 lm-sensors: update homepage link
The lm-sensors.org website is down, and won't be coming back anytime soon. Use
the suggested[1], far from adequate, alternative.

[1] https://github.com/groeck/lm-sensors/issues/3

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-08 09:16:39 +01:00
Jérôme Pouiller
9eba09a48e reproducible: enable fakedate
Enable fakedate for whole build process.

This work was sponsored by `BA Robotic Systems'.

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 23:01:11 +01:00
Jérôme Pouiller
a268768c71 fakedate: new package
`date' is widely used by packages to include build information in their
binaries. Unfortunately, this is incompatible with BR2_REPRODUCIBLE.

Instead of having to identify all `date' invocations in the different
packages, this commit adds a small tool that allows to always return
the same date.

This work was sponsored by `BA Robotic Systems'.

[Peter: drop debugging print]
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 22:29:59 +01:00
Jérôme Pouiller
76838f6341 reproducible: fix DATE/TIME macros in toolchain-wrapper
The use of the __DATE__ and __TIME__ macros are one of the most common
sources of non-reproducible binaries. In order to fix that, gcc 7 supports
the SOURCE_DATE_EPOCH variable:

https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934

This patch take advantage of toolchain-wrapper to provide support of
SOURCE_DATE_EPOCH to older gcc versions.

Function get_source_date_epoch() come directly from gcc git.

This work was sponsored by `BA Robotic Systems'.

[Peter: use sizeof for character array sizes, make function static,
	extend commit message, add upstream gcc commit]
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 21:45:01 +01:00
Yegor Yefremov
d3760efa7b python-pyyaml: bump to version 3.12
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 20:39:18 +01:00
Naumann Andreas
ac73162553 python-pyqt: use 'depends on' rather than 'select' for Qt
When pyqt is used it's obvious that qt needs to be selected and
configured by the user, hence we enforce it by making pyqt depending on
qt, rather than selecting it and depending only on the qt requirements.

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Naumann Andreas
e68fdc2054 python-pyqt5: use 'depends on' rather than 'select' for Qt5
When pyqt5 is used it's obvious that qt5 needs to be selected and
configured by the user, hence we enforce it by making pyqt5 depending on
qt5, rather than selecting it and depending only on the qt5
requirements.

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Naumann Andreas
b80efa327a qt5quickcontrols: More deterministic target install
Restrict target install to quickcontrols(1) qmls only.

Installing everything under qml/QtQuick includes e.g. quickcontrols2 if
existent in staging (but not selected). Another issue may arise e.g. for a
external package that creates more files than it installs itself under
qml/QtQuick. In that case, it would depend on the order of the packages how
much gets installed into target.

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Julien Corjon
080434f10e qt5base: conditionally install bundled fonts to target
qtbase carries nor more fonts since c5ceabb9a1caf6b9b7615a28c3097f221772f645

So for Qt Version 5.8.0 this reverts commit
cdfa21b060 and part of
186ef9f6f4.

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
[Thomas: adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Julien Corjon
17fdd42c1a qt53d/qt5quickcontrols2/qt5serialbus: move out of tech preview
See http://blog.qt.io/blog/2016/06/16/qt-5-7-released/

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Julien Corjon
7adfb5bafc qt5enginio: move into legacy compatibility
See https://wiki.qt.io/New_Features_in_Qt_5.7

Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Naumann Andreas
aa1c40ba37 qt5: add choice between version 5.6.2 and 5.8.0
For 5.8.0
- add hashes
- qt5 need C++11 compliant compiler since 5.7 ([1])
- use different licenses: since version 5.7 Qt removed the LGPL v2.1 option in favor
  of v3 with a different exception
- qt5base: renamed library to EglFSDeviceIntegration ([2])
- qt5base: remove ras-pi patch, commit c0cc5052097c723d0331a7619d686af9eb93d33c fix it ([3])
- qt5base: remove 0007-eglfs-fix-eglfs_mali-compile-for-odroid-mali.patch (upstream committed [3b])
- qt5base: remove obsolete config-option -large ([4])
- qt5base: gstreamer support fully moved to qt5multimedia, so gstreamer
  related options are no longer passed ([5])
- add patch for python-pyqt5 to fix the build with Qt 5.8
- add tweak in libv4l to fix the build with Qt 5.8, originally provided
  by Peter Seiderer
- add patch from Peter Seiderer fixing a build issue with freetype

For 5.6.2
- moved patches to subdir, and renumber patches

[1]  http://blog.qt.io/blog/2016/06/16/qt-5-7-released/
[2]  https://code.qt.io/cgit/qt/qtbase.git/commit/?id=ec4eb4db61094179bc6a9ec26ec68fb710177053
[3]  https://codereview.qt-project.org/#/c/167172/
[3b] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f1b4bd4790860e1ff5afcec111a359bc3a91cfda
[4]  https://code.qt.io/cgit/qt/qtbase.git/commit/?id=84d3a21c9efe7efb2cce6d3bd14af1f9580b1108
[5]  https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7d4da559afb62a779b3d90a65fb679cb5433f203

Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
[Thomas:
 - tweak commit log about GStreamer related changes, suggested by Arnout
 - move the gcc 4.8 dependency from the main qt5 option to just the
   qt5.8 selection, so that qt5.6 can still be built if gcc < 4.8 is
   used. Noticed by Arnout.
 - rename the options of the version selection to not include the
   version number itself so that we don't have to keep legacy
   symbols. Noticed by Arnout.
 - introduce changes to qt5quickcontrols2.mk needed to handle qt5.6
   vs. qt5.8, borrowed from a later patch in the series.
 - add patch for python-pyqt5 to fix the build with Qt 5.8.
 - add fix to libv4l.mk from Peter Seiderer to fix the build with Qt
   5.8.
 - renumber patches for 5.6.2, suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:46:48 +01:00
Adam Duskett
61c8273e23 logrotate: enable selinux support
Selinux is currently disabled staticly in logrotate. This patch fixes
this by checking for libselinux and adding it as a dependecy if it has
been selected.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:40:15 +01:00
Adam Duskett
10366edf00 logrotate: bump to version 3.11.0
Also removed both patches as they have been added to this release.
Aslo removed reference to github patch in makefile as it has been
added to this release as well.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-07 17:30:25 +01:00
Adam Duskett
ebf6f64b76 ntp: security bump to verserion 4.2.8p9
This version of ntp fixes several vulnerabilities.

CVE-2016-9311
CVE-2016-9310
CVE-2016-7427
CVE-2016-7428
CVE-2016-9312
CVE-2016-7431
CVE-2016-7434
CVE-2016-7429
CVE-2016-7426
CVE-2016-7433

http://www.kb.cert.org/vuls/id/633847

In addition, libssl_compat.h is now included in many files, which
references openssl/evp.h, openssl/dsa.h, and openssl/rsa.h.
Even if a you pass --disable-ssl as a configuration option, these
files are now required.

As such, I have also added openssl as a dependency, and it is now
automatically selected when you select ntp.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 15:26:22 +01:00
Luca Ceresoli
60a94a39d9 docs/manual: centralize recommendations about BR2_DL_DIR
We currently have two places where we recommend where BR2_DL_DIR
should be set: "Environment variables" and "Location of downloaded
packages". The former recommends setting BR2_DL_DIR in the .config,
the latter kind of endorses using ~/.bashrc.

We prefer suggesting the ~/.bashrc way since it avoids downloading the
same file multiple times, and anyway it's wise to have all the details
in a unique place. So remove the .config suggestion from "Environment
variables" and let it just point to "Location of downloaded packages".

Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:55:02 +01:00
Luca Ceresoli
428145838b docs/manual: suggest 'YES' as the value for LIBFOO_GIT_SUBMODULES
The manual mentions LIBFOO_GIT_SUBMODULES but does not tell what value
it should have. The implementation only checks whether the variable is
non-empty, but we should suggest a specific value to avoid people
wondering what they have to set, and to try setting weird values.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Ricardo Herrero <ricardo.herrero@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:47:04 +01:00
Martin Kepplinger
06216078f6 tslib: bump to 1.4
additionally, this:

 * removes the patch adding missing headers (fixed upstream)
 * slightly changes the package description

Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:43:18 +01:00
Yegor Yefremov
c03f112b63 python-service-identity: bump version to 16.0.0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:25:23 +01:00
Yegor Yefremov
34cb8724ef python-ubjson: bump to version 0.8.5
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:25:17 +01:00
Yegor Yefremov
3d8209f0eb python-pyopenssl: bump to version 16.2.0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:25:14 +01:00
Yegor Yefremov
ffe671c8f7 python-cbor: bump to version 1.0.0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 14:24:34 +01:00
Romain Naour
81555a4984 configs/qemu_nios2: add custom kernel headers version
When this qemu nios2 defconfig has been added, the insternal toolchain
used for testing was build with Linux kernel headers 4.9, so
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9 was missing in the defconfig.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 12:32:03 +01:00
Vicente Olivert Riera
99e01a35f9 ruby: assume we always have finite, isinf and isnan for uClibc
On uClibc, finite, isinf and isnan are not directly implemented as
functions.  Instead math.h #define's these to __finite, __isinf and __isnan,
which are real functions.

This confuses the Ruby configure script which use AC_REPLACE_FUNCS to
detect these, as it really checks for a function without including math.h.

Because of the naming difference the checks fail, therefore the symbols
HAVE_FINITE, HAVE_ISINF and HAVE_ISNAN are not defined.
Ruby code relies on those symbols in order to define its own version of
the finite, isinf and isnan functions. Since the symbols haven't been
defined, those definitions cause conflicts with the already-existing
functions.

Fixes:
  http://autobuild.buildroot.net/results/f34/f34dc20749c6f6d12c51eddf3ee6c2ef41d7c13d/

[Peter: extend description, add comment in .mk]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 11:46:52 +01:00
Peter Korsgaard
4654d0e995 ipsec-tools: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 10:02:14 +01:00
Peter Korsgaard
9d8cf78f72 libftdi: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:55:27 +01:00
Peter Korsgaard
c10d6b7112 on2-8170-libs: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:51:23 +01:00
Peter Korsgaard
040f58ae30 gst1-plugins-ugly: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:49:58 +01:00
Peter Korsgaard
0e71b23814 avrdude: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:48:30 +01:00
Peter Korsgaard
7fc343059a drbd-utils: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:45:04 +01:00
Peter Korsgaard
b2cf7ca0e2 babeld: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Fixing that also shows that the license file was misspelled, so fix that as
well (LICENSE/LICENCE).

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:43:41 +01:00
Peter Korsgaard
94a39b0178 poppler: fix typo in variable name
As pointed out during the check-package discussion, there is a typo in a
variable name:

http://lists.busybox.net/pipermail/buildroot/2016-December/180765.html

Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 09:43:35 +01:00
Rahul Bedarkar
087f628981 libcec: remove LIBCEC_AUTORECONF variable
libcec is a cmake based package. LIBCEC_AUTORECONF is meaningless in
this context.

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-07 07:40:46 +01:00
Max Filippov
76e1594f00 binutils: backport fix for xg_reverse_shift_count
binutils-2.27 gas has bug that results in the following kind of build
error when assembling bb[cs]i.l on big-endian xtensa targets:

  ieee754-sf.S:237: Error: invalid symbolic operand

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-06 22:56:53 +01:00
Maxime Hadjinlian
9b76356bd2 python-gunicorn: fix build issue with python2
Fix:
    http://autobuild.buildroot.org/results/b2d/b2d43dd3c52cc9f586009a10a40f97b07548322d/build-end.log

The issue arise from the fact that we compile all *.py files, but the
_gaiohttp.py file is using Python3 ("yield from") syntax which causes an
error.

So if we are using Python2, delete this file as it won't ever be imported
anyway as it is checked by gunicorn in the __init__.py file of the worker
module.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-06 22:49:44 +01:00
Jörg Krause
896ae3f961 package/mbedtls: make compression support a config option
Enabling TLS compression may make mbedTLS vulnerable to the
CRIME attack [1]. It should not be enabled unless is is sure CRIME and
similar attacks are not applicable to the particulare situation.

As zlib is probably enabled in most systems, the user might end up with
a vulnerable system without knowing. So, instead of enabling compression
support if the zlib package is available, we make the compression support
a config option. This way, the user has to explicitly enable compression
support and is warned by the help text about the risk.

[1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-06 22:20:32 +01:00
Bernd Kuhls
3baf8217ed package/ffmpeg: bump version to 3.2.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-06 22:16:29 +01:00
Thomas Petazzoni
6c49d3acdf systemd: add missing dhcp.network file
This file was missing from commit
84d997d689 ("system(d): allow auto net
configuration with networkd")

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 20:00:23 +01:00
Paul Cercueil
123ee2e5a4 libiio: Bump to version 0.9
This new version introduces a lot of bug fixes and some new API
functions.

Additionally, the IIO Daemon is now able to share the local IIO devices
through USB (using FunctionFS).

[Peter: usbd option needs 3.18+ headers, reorder options for menuconfig]
Signed-off-by: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-06 19:51:01 +01:00
Chris Frederick
480bba2771 sudo: Add ldap support for sudoers rules
Automatically build sudo with ldap support when openldap is enabled.

When sudo is built with ldap, /etc/sudoers is only read in for defaults,
all rules need to be provided via ldap which is configured by the user
in /etc/ldap.conf.

Signed-off-by: Chris Frederick <cdf123@cdf123.net>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 19:40:40 +01:00
Frank Hunleth
2ec0a7d11c size-stats: don't count hard links
This change adds inode tracking to the size-stats script so that hard
links don't cause files to be double counted. This has a significant
effect on the size computation for some packages. For example, git has
around a dozen hard links to a large file. Before this change, git would
weigh in at about 170 MB with the total filesystem size reported as
175 MB. The actual rootfs.ext2 size was around 16 MB. With the change,
the git package registers at 10.5 MB with a total filesystem size of
15.8 MB.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Acked-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 19:38:53 +01:00