Commit Graph

36150 Commits

Author SHA1 Message Date
Jagan Teki
0235bc6176 board: Add support for Engicam Is.IoT MX6UL SOM
Add initial support for Engicam Is.IoT MX6UL SOM board
with below features:
- U-Boot 2017.07-rc1
- Linux 4.11.5
- Default packages from buildroot

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: add host-dosfstools/host-mtools.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:55:04 +02:00
Jagan Teki
09c0bc7a8d board: Add support for Engicam GEAM6UL SOM
Add initial support for Engicam GEAM6UL SOM board
with below features:
- U-Boot 2017.07-rc1
- Linux 4.11.5
- Default packages from buildroot

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: add host-dosfstools and host-mtools.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:50:56 +02:00
Jagan Teki
ae3d3298f3 board: engicam: Add icorem6 for i.CoreM6 support
Create board/engicam/icorem6 for i.CoreM6 supported files.
and update the readme.txt so-that it can list i.CoreM6 board
details.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:33:58 +02:00
Jagan Teki
3127e4dcd9 board: Add support for Engicam i.CoreM6 RQS SOM
Add initial support for Engicam i.CoreM6 Quad/Dual/DualLite/Solo RQS
board with below features:
- U-Boot 2017.07-rc1
- Linux 4.11.5
- Default packages from buildroot

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: add missing host-dosfstools and host-mtools.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:32:07 +02:00
Thomas Petazzoni
a608dab6c6 configs/engicam_imx6qdl_icore_defconfig: add missing tools
A VFAT filesystem is described in the genimage configuration file, so
we need host-dosfstools and host-mtools enabled in the defconfig.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:25:44 +02:00
Jagan Teki
c6473f8e8a board: Add support for Engicam i.CoreM6 DualLite/Solo boards
Add initial support for Engicam i.CoreM6 DualLite/Solo board
with below features:
- U-Boot 2017.07-rc1
- Linux 4.11.5
- Default packages from buildroot

U-Boot 2017.07-rc1 has common u-boot defconfig for All i.CoreM6
variant boards, so this patch update the same along with
buildroot defconfig that reflect the common name.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 14:13:17 +02:00
Adam Duskett
6186f01567 libglib2: bump version to 2.52.2
Patches were changed to git format, because libglib is a git project.
0003-gio-2.0.pc-include-libmount-in-Libs.private.patch was added to upstream
as of commit:
https://git.gnome.org/browse/glib/commit/?id=ecdd3c29fc4bd28f01fe53d0528bfee888c9c62c.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:11:09 +02:00
Baruch Siach
568cc42f68 psmisc: update homepage link
The gitlab repo is much more informative and updated.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:09:58 +02:00
Baruch Siach
93cb32d6d9 psmisc: bump to version 23.1
Forward port 0001-link-against-libintl.patch. Since now autoreconf works, move
the patch from Makefile.in to Makefile.am. Also, convert to git format.

Remove 0002-no-__progname.patch. Buildroot default uClibc and musl now provide
__progname.

Add a patch that adds the git-version-gen script to fix autoreconf.

Remove upstream patch.

Upstream switched to .xz tarballs.

Add upstream provided hashes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:09:54 +02:00
Bernd Kuhls
929ddf4de9 package/x264: needs host-nasm instead of host-yasm
Upstream switched to nasm >= 2.13
http://git.videolan.org/?p=x264.git;a=commitdiff;h=d2b5f4873e2147452a723b61b14f030b2ee760a5#patch2

Fixes
http://autobuild.buildroot.net/results/3f5/3f5759a1fd6aaa0394229cdfce278752d4a01ddc/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:08:07 +02:00
Bernd Kuhls
45943c849e package/nasm: bump version to 2.13.01
Needed to fix x264 build error.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:07:56 +02:00
Bartosz Golaszewski
138996c251 libgpiod: bump version to v0.3
Add host-pkgconf to dependencies as we now use PKG_CHECK_MODULES in
configure.ac.

Changelog for v0.3:

New features:
- gpiomon can now watch multiple lines at the same time and supports custom
  output formats which can be specified using the --format argument
- testing framework can now test external programs: test cases for gpio-tools
  have been added

Improvements:
- improve error messages
- improve README examples
- configure script improvements

Bug fixes:
- use correct UAPI flags when requesting line events

Also includes bug fixes from v0.2.1:

Bug fixes:
- capitalize 'GPIO' in error messages in gpioset, gpioget & gpiomon
- tweak the error message on invalid arguments in gpiofind
- don't ignore superfluous arguments and fix the displayed name for falling
  edge events in gpiomon

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-24 12:07:32 +02:00
Marcin Niestroj
9093a64bcf package/dt-utils: new package
Add two upstreamable patches for this package to fix uClibc
and musl builds.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-23 21:14:48 +02:00
Fabio Estevam
e4768669a7 glmark2: Bump to the latest version
The two patches are no longer needed with the latest upstream version,
so bump to the latest one.

Tested on imx6.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-23 21:13:44 +02:00
Carlos Santos
74235a6854 util-linux: bump to version 2.30
- Update the "basic set" description to include fincore, which is built
  by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Add a patch to revert the assumption that ncursesw headers are under
  /usr/include/ncursesw/ only. That's necessary to have both versions
  for ABI/API compatibility but does not make sense on embedded systems.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.

The patch is a bit drastic but it solves the problem of using ncursews
while we discuss a better solution in the util-linux mailing list.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-23 21:12:42 +02:00
Waldemar Brodkorb
2b38e6dab8 uclibc: fix knock build issue
This patch sync's with GNU C library and removes __FAVOR_BSD.

Fixes:
  http://autobuild.buildroot.net/results/908/90863b5adb769a346acd3dc4bbe8d5fa497a0581/build-end.log

Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-23 21:05:27 +02:00
Baruch Siach
24f2eb1e15 openvpn: security bump to version 2.4.3
Fixes:

CVE-2017-7508 - Remotely-triggerable ASSERT() on malformed IPv6 packet

CVE-2017-7520 - Pre-authentication remote crash/information disclosure for
clients

CVE-2017-7521 - Potential double-free in --x509-alt-username

CVE-2017-7521 - Remote-triggerable memory leaks

CVE-2017-7522 - Post-authentication remote DoS when using the --x509-track
option

Details at

  https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:26:57 +02:00
Peter Korsgaard
087e70498a spice: add post-0.12.8 upstream security fixes
Fixes the following security issues:

CVE-2016-9577

    Frediano Ziglio of Red Hat discovered a buffer overflow
    vulnerability in the main_channel_alloc_msg_rcv_buf function. An
    authenticated attacker can take advantage of this flaw to cause a
    denial of service (spice server crash), or possibly, execute
    arbitrary code.

CVE-2016-9578

    Frediano Ziglio of Red Hat discovered that spice does not properly
    validate incoming messages. An attacker able to connect to the
    spice server could send crafted messages which would cause the
    process to crash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:38 +02:00
Peter Korsgaard
75057fe767 spice: security bump to version 0.12.8
Fixes the following security issues:

CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.

CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.

The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:30 +02:00
Peter Korsgaard
622ff3d6ea spice: security bump to version 0.12.6
Fixes the following security issues:

CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.

CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.

CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.

Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.

Lz4 is a new optional dependency, so handle it.

The spice protocol definition is no longer included and instead used from
spice-protocol.  The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help.  The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:24 +02:00
Peter Korsgaard
6f2c022023 spice: bump to version 0.12.5
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.

Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.

Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.

Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.

A user manual is now generated by default if asciidoc is available, so
explicitly disable that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:18 +02:00
Koen Martens
e9b4776483 package/linuxconsoletools: always select a sub-option
This patch forces BR2_PACKAGE_LINUXCONSOLETOOLS_INPUTATTACH
to be selected if none of the other sub-options are
selected. This fixes build failures when using
'make randpackageconfig', where selecting
BR2_PACKAGE_LINUXCONSOLETOOLS without selecting any sub-option
would break in the 'install to target' phase.

Fixes:
http://autobuild.buildroot.net/results/94b/94bc050f291cc42a4fdcf02157320576feb03654/
http://autobuild.buildroot.net/results/f62/f62c5e8bd63d21211eb0e658c4e84135bd59b8cb/

And many more.

[Peter: add autobuilder references and wrap Config.in line]
Signed-off-by: Koen Martens <koen.martens@transport.alstom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 22:04:57 +02:00
Thomas Petazzoni
1407c1b00c configs/cubieboard2_defconfig: use U-Boot boot script generation logic
Instead of a custom post-build script, use the boot script generation
logic of the U-Boot package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 13:06:51 +02:00
Thomas Petazzoni
c40e673c5c uboot: add support for generating U-Boot boot scripts
More and more of our defconfigs need to generate a U-Boot boot
script. It's a simple call to mkimage, but we already have 12
instances of this logic in board/, and there are patch series waiting
in patchwork adding 3 more boards that need this.

So let's add an option in the U-Boot package to generate such a boot
script image easily.

Note that we assume a single script needs to be generated, and the
output file name is boot.scr. The only platform for which it seems to
not be the case are the Boundary Devices platforms: they generate two
boot scripts, 6x_bootscript and 6x_upgrade, but they are anyway
installed inside TARGET_DIR, not BINARIES_DIR.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 13:02:47 +02:00
Jörg Krause
6309a6cc7c upmpdcli: needs gcc >= 4.9
Commit 5d043799cd changed the dependency for libupnpp on GCC to 4.9, but
did not propagate the dependency to upmpdcli.

Fixes:
http://autobuild.buildroot.net/results/df2/df23cd5e77f61caf3f30cf43c91bc161a88def3a/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 12:02:50 +02:00
Fabio Estevam
49529e61e5 package/{mesa3d, mesa3d-headers}: bump version to 17.1.3
Patch 0006 is no longer needed as the fix is already upstream.
Confirmed that the colors are displayed correctly when running the
Qt5CinematicDemo application on i.mx6.

Patch 0007 is already applied upstream.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 12:02:12 +02:00
Chakra Divi
d7bdee2d41 configs/olimex_a13_olinuxino: new defconfig
Add initial support for a13_olinuxino board
with below features
- U-Boot 2017.05
- Linux 4.11.5
- Default packages from buildroot

Signed-off-by: Chakra Divi <chakra@openedev.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
[Thomas:
 - use full name in DEVELOPERS file
 - remove parametrization of the post-build.sh script, just hardcode
   the boot.cmd file used as input
 - add missing dosfstools and mtools host packages in defconfig,
   needed because a vfat partition is defined in the genimage.cfg
   file
 - minor tweaks to readme.txt file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 23:06:11 +02:00
Adam Duskett
d56868011b apr: bump version to 1.6.2
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:58 +02:00
Adam Duskett
208255e7fe jansson: bump to version 2.10
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:57 +02:00
Adam Duskett
aad92bb177 syslog-ng: bump to version 3.10.1
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:56 +02:00
Adam Duskett
caae034738 mmc-utils: bump version to 37c86e60c0442fef570b75cd81aeb1db4d0cbafd
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:55 +02:00
Adam Duskett
c52d50336e libcurl: bump version to 7.54.1
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:54 +02:00
Adam Duskett
b0b8ee8280 sqlite: bump to version 3190300
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:52 +02:00
Adam Duskett
731b248cc8 strace: bump version to 4.17
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:42:12 +02:00
Sergey Matyukevich
0697b86091 orangepi_zero_defconfig: add xradio wireless driver
Add xradio driver to enable on-board SDIO WiFi chip XR819.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:40:31 +02:00
Sergey Matyukevich
681c1614be xr819-xradio: new package
This patch adds xradio wireless driver for SDIO WiFi chip XR819.
The out-of-tree driver is sourced from fifteenhex's work
on github https://github.com/fifteenhex/xradio

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 22:39:43 +02:00
Marcin Niestroj
a435247b01 package/lua-flu: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: "depends on" before "select" in Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:44:57 +02:00
Vicente Olivert Riera
6da3737984 openssh: fix sshd for MIPS64 n32
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.

The first patch adds support for detecting the MIPS ABI during the
configure phase.

The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.

Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.

Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:

[pid   194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid   194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid   193] <... poll resumed> )        = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid   194] +++ killed by SIGSYS +++

Pull request: https://github.com/openssh/openssh-portable/pull/71

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:41:06 +02:00
Marcin Niestroj
9c61322c46 barebox: support multiple image files
Add support for specifying multiple image files in
BR2_TARGET_BAREBOX_IMAGE_FILE config option.

This is useful for boards with several RAM size variants.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: rename internal variable from $(1)_IMAGE_FILE to
$(1)_IMAGE_FILES.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:40:33 +02:00
Ludovic Desroches
0f7b5d4a9f configs/atmel: bump to linux4sam_5.6
Bump at91sam9x5ek, atmel_sama5d2_xplained, atmel_sama5d3_xplained and
atmel_sama5d4_xplained to linux4sam_5.6.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:24:05 +02:00
Ludovic Desroches
8c28677ea1 board/atmel: provide u-boot env for at91sam9x5ek_mmc
Default bootargs have changed in U-Boot for this board. Build U-Boot
environment and add it to the SD card image to update bootargs.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:23:55 +02:00
Ludovic Desroches
7bd24df2e9 board/atmel: at91sam9x5ek_mmc: add 1M offset for FAT partition
at91sam9x5ek_mmc board was missing in the previous patch adding 1M
offset for FAT partition to solve some boot issues with the ROM code.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 21:23:48 +02:00
Venkateswara Rao Mandela
7fd18fa026 kmsxx: update version
Updating version to latest as on 26 June 2017 to include kmstest utility

Signed-off-by: Venkateswara Rao Mandela <venkat.mandela@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 18:42:51 +02:00
Alexander Dahl
62cf881a76 iperf: fix tarball hashes changed upstream
Upstream uploaded a new tarball with the same version number 2016-09-08,
some time after the update to v2.0.9 in buildroot. Someone noticed, but
upstream set the ticket to wontfix, and promised to do better in the
future: https://sourceforge.net/p/iperf2/tickets/20/

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 07:43:39 +02:00
Peter Korsgaard
d1481fe474 c-ares: security bump to version 1.13.0
Fixes the following security issues:

CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.

https://c-ares.haxx.se/adv_20170620.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-21 07:43:35 +02:00
Koen Martens
438b2d1369 package/input-tools: remove package
remove input-tools, it has been obsoleted by linuxconsoletools

linuxconsoletools uses the same name as upstream and carries
the latest version of the tools installed by input-tools.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-21 00:17:53 +02:00
Peter Korsgaard
e8a15fd693 apache: security bump to version 2.4.26
Fixes the following security issues:

CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.

CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.

CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string.  By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.

CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.

While we're at it, use the upstream sha256 checksum instead of sha1.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 23:24:33 +02:00
Peter Korsgaard
e14d89d5e0 bind: security bump to version 9.11-P1
Fixes the following security issues:

CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.

https://kb.isc.org/article/AA-01495/74/CVE-2017-3140

CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1.  The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.

https://kb.isc.org/article/AA-01496/74/CVE-2017-3141

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 23:14:16 +02:00
Alexandre Esse
79c7873b64 package/kvazaar: needs threads
Fixes:

  http://autobuild.buildroot.net/results/6e1eabd691b8674f61898bc0fe734208d226f965/

Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 23:13:25 +02:00
Adam Duskett
814346f7d2 DEVELOPERS: Add janus-gateway to Adam Duskett
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 23:10:30 +02:00