MPD version 0.20 is affected by GCC bug 64735 and failes to build for
some archictuctures (NIOSII, ARMv4, ARMv5 and SPARCv8) with a GCC
toolchain less then version 7.
We added a version choice between 0.19 and 0.20 in Buildroot version
2017.02 as GCC 7 was not yet available at that time. This way, mpd could
still be build for those architectures.
As GCC 7 is now available in Buildroot remove the version choice for 0.19.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch after upstream committed a different solution:
https://sourceforge.net/p/omniorb/svn/6330/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: board is from Sinovoip, not Lemaker, move board files,
Use kernel headers from kernel, explicitly use 4.13.3,
drop eth0 dhcp config, cleanup post-build args,
disable tar output format, use u-boot custom format,
add host-dosfstools/mtools for genimage, drop unused
host-uboot-tools/genext2fs]
Signed-off-by: Mike Harmony <mike.harmony@snapav.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Only a static library is built (and no _INSTALL_TARGET_CMDS are defined), so
there is no need to run the target-install step.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NS_ENABLE_SSL was renamed to MG_ENABLE_SSL in v6.0, commit e1dd3f06fe33
(Rename Mongoose constants: NS_ -> MG_, NSF_ -> MG_F_), so use the new name
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No linking is done since the package was reworked for v6.x in commit
9860746ff (mongoose: bump to version 6.1), so drop LDFLAGS and the list of
libraries to link against.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This define is not used anywhere in the mongoose sources since v6.0 (commit
8927c9d22b3f), so drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch after upstream committed a similar patch:
946596172d (diff-35a172a9ca8faa1683fc747ca94681b3)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch fixing CVE-2017-14062:
Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.
This issue also affects libidn.
Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump U-Boot to 2017.09 version and kernel to 4.13.3.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A
specially crafted jpeg file can cause a heap overflow resulting in remote
code execution. An attacker can send a file or url to trigger this
vulnerability.
CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
Clang. A specially crafted tiff file can cause a heap-overflow resulting in
remote code execution. An attacker can send a file or a URL to trigger this
vulnerability.
CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (NULL pointer
dereference and application crash) via vectors related to printing an error
message.
The host version now needs the same workaround as we do for the target to
not pull in shared-mime-info.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It seems github now sometimes provides slightly changed tarballs which
produce a different sha256 hash than before. This commit fixes the
hashes of the packages when sources.buildroot.net does not store a copy
of the tarball matching the current hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Install tools into /usr/bin, not /usr/local/bin, since /usr/local/bin
is not in PATH by deafault.
[Peter: set PREFIX to /usr to really install into /usr/bin]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Python3 version to 3.6.2.
Patches dropped:
"Support PGEN_FOR_BUILD and FREEZE_IMPORTLIB_FOR_BUILD"
Rationale: With commit 9d02f562961efd12d3c8317a10916db7f77330cc, code
generation step of building CPython now became explicit (instead of
always performed as a part of 'make' invocation) and more granular. We
no longer need to use Parser/pgen at all and tricking the build system
into using different Programs/_freeze_importlib can be done as a part
of recipe.
Additional info about the build change can be found at
https://bugs.python.org/issue23404
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It seems github now sometimes provides slightly changed tarballs which
produce a different sha256 hash than before, this is the case for
tvheadend. Instead of fixing the hash lets bump to current HEAD and
hope that the new hash will be valid for a longer period of time ;)
Fixes
http://autobuild.buildroot.net/results/59a/59ad7940dcd498cd0aaec26c8497b21e64379a6f/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a hash for the license file while we're at it.
[Peter: use tuxfamily.org URL for annoucement]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7555 - Augeas versions up to and including 1.8.0 are
vulnerable to heap-based buffer overflow due to improper handling of escaped
strings. Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a
crash or possible code execution.
[Peter: extend description]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches with renames apply properly with patch >= 2.7, but not with
older patch versions. Since "git format-patch" by default generates
patches with renames, Buildroot developers often don't realize that
their patches will not apply properly on build machines that have
patch < 2.7. In order to prevent such a situation from happening
again, this commit adds some logic in apply-patches.sh to refuse
applying patches that contain renames.
Note that just searching for '^rename' is not sufficient, since the
patch commit message may contain the words "rename from" or "rename to"
as well. Therefore, the grep expression is made as accurate as possible,
checking both.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: spaces instead of tabs (suggested by Yann);
extend commit message.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When using an external toolchain that was built with Buildroot and a
merged /usr, the dynamic linker is actually in /usr/lib.
But the check_glibc macro limits the depth it is looking for the dynamic
linker, and misses it when it is in /usr/lib because it is too deep.
We could fix that in two ways: increase the depth in which we look
for it, or follow symlinks. We choose the second solution.
Signed-off-by: Cam Hutchison <camh@xdna.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Luvi bundles several libraries previously provided by the upstream
tarball. Since the tarball is not available anymore we need to fetch
the git submodules. Unbundling is very hard, and we anyway don't have
the bundled libraries in Buildroot.
Fixes
http://autobuild.buildroot.net/results/26d/26d04350a761d362f40e7bd1ac09b639d61de91a/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: "Jörg Krause <joerg.krause@embedded.rocks>"
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>