Commit Graph

33581 Commits

Author SHA1 Message Date
Peter Korsgaard
8528edfb3b irssi: security bump to 0.8.21
Bugfixes:

- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
  found by Joseph Bisch (GL#1)

- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
  #466)

- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
  codes found by Joseph Bisch (GL#2)

- CVE-2017-5196: Correct an out of bounds read in certain incomplete
  character sequences found by Hanno Böck and independently by J.  Bisch
  (GL#3)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 17:07:11 +01:00
Gustavo Zacarias
444253ef6e linux: bump default to version 4.9.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 14:46:50 +01:00
Gustavo Zacarias
59d699c7fa linux-headers: bump 4.{4, 8, 9}.x series
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 14:46:48 +01:00
Gustavo Zacarias
ba3579a855 libnice: bump to version 0.1.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 14:44:51 +01:00
Yegor Yefremov
834a18f056 python-pudb: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 13:11:08 +01:00
Gustavo Zacarias
63d08bfd83 harfbuzz: bump to version 1.4.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 13:09:52 +01:00
Jerzy Grzegorek
0689a2f8da package/perl: change tarball compression to xz
Also update hash file.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 13:06:43 +01:00
Baruch Siach
b03ba26de3 mpd: needs toolchain with C++14 support
Fixes:
http://autobuild.buildroot.net/results/3fe/3fe440c0b9d05acb44553a8f02f688570e06bca9/
http://autobuild.buildroot.net/results/9b9/9b9659ba30afde49912276fe7f9c282953a352ab/
http://autobuild.buildroot.net/results/208/208bb987f52b8ba65e3c6fc9b6e917dbd44c0fbd/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 12:21:17 +01:00
Bernd Kuhls
a1fa333cf5 package/{mesa3d, mesa3d-headers}: bump version to 13.0.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 12:20:48 +01:00
Gustavo Zacarias
2a65f1d5f7 heimdal: bump to version 7.1.0
Drop upstream patches and related autoreconf.
Re-enable parallel builds to check against the autobuilders.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 12:19:16 +01:00
Marcus Hoffmann
fc67850dfa docs: Add bc to required tools
We check for bc under required packages.  It should be listed as such in the
docs.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-06 12:18:30 +01:00
Gustavo Zacarias
231b317dd3 libgtk3: bump to version 3.22.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-05 16:19:26 +01:00
Gustavo Zacarias
651802272a gdk-pixbuf: bump to version 2.36.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-05 16:19:20 +01:00
Gustavo Zacarias
952e8c33e4 samba4: bump to version 4.4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 22:05:43 +01:00
Gustavo Zacarias
f08eeb81d6 sqlite: bump to version 3.16.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 21:52:23 +01:00
Jörg Krause
cd8dc71925 package/mpd: bump version to 0.20
Drop patch #0002 which was already fixed upstream long time ago in
commit 276a0d9500b8efc879e4f0c23e9d0e361849e295 using a slightly
different approach.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 21:52:06 +01:00
Baruch Siach
e8872a5873 firmware-imx: remove Makefile from target
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:46:09 +01:00
Baruch Siach
a954b84b58 alsa-utils: disable manpages generation from reStructured text
The alsaucm man page rst source file is missing in the tarball. When rst2man
is detected on the host, build fails:

make[2]: *** No rule to make target 'alsaucm.1', needed by 'all-am'.  Stop.

Upstream added[1] the missing file to the tarball to fix this issue. But since
we don't need the manpage to begin with, just disable rst2man to shorten build
time by a few milliseconds.

[1] http://git.alsa-project.org/?p=alsa-utils.git;a=commitdiff;h=c6bdde171e1532f7b37333a5a746b6e662f12c53

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:11:23 +01:00
Yann E. MORIN
5993f7acd1 package/nut: bump version
Update our patches:
  - drop patch 1, replaced by an upstream equivalent; adapt config
    options and env accordingly,
  - drop patch 2, applied upstream,
  - rename patch 3

gdlib-config and net-snmp-config are only used when said support is
enabled (resp. CGI and SNMP), so no need to pass them unconditionally.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:10:15 +01:00
Francois Perrad
ce12407148 perl-cross: bump to version 1.1.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:07:46 +01:00
Francois Perrad
ec45554cfd perl: bump to version 5.24.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:06:27 +01:00
Peter Korsgaard
4970a780b7 clamav: fix configure breakage after zlib 1.2.10 version bump
Fixes:
http://autobuild.buildroot.net/results/b6b/b6ba2dfb42ee41ed0b8304aa8c78645245f3b341/
http://autobuild.buildroot.net/results/eef/eef9a2dda2c172cd600dc74c1e5e60476d92280d/
http://autobuild.buildroot.net/results/827/82798118795aa6334b4dd6eac06777682131da7f/

The clamav configure script by default checks for old zlib versions with
known vulnerabilities and errors out if found:

configure: error: The installed zlib version may contain a security bug.
Please upgrade to 1.2.2 or later: http://www.zlib.net.  You can omit this
check with --disable-zlib-vcheck but DO NOT REPORT any stability issues
then!

The check is unfortunately not very robust as it simply checks for a version
string matching '1.2.1' (which 1.2.10 does):

vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`

As a workaround, pass --disable-zlib-vcheck to skip this check.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:04:18 +01:00
Gustavo Zacarias
9138a57357 ca-certificates: bump to version 20161130
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:02:12 +01:00
Peter Korsgaard
81dc283a00 gd: security bump to version 2.2.3
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:

- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)

Using application provided parameters, in these cases invalid data causes
the issues:

 - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
 - fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
 - improve color check for CropThreshold

The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that.  Notice that this issue has been fixed
upstream post-2.2.3:

https://github.com/libgd/libgd/issues/339

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:01:42 +01:00
Peter Korsgaard
4153e9f25a libopenh264: bump to version 1.6.0
Contains a number of bugfixes, some of which may be security related:

http://www.openwall.com/lists/oss-security/2017/01/02/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:01:35 +01:00
Gustavo Zacarias
4df8b4d8cd granite: bump to version 0.4.0.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:53:42 +01:00
Bernd Kuhls
268e5b82a6 package/zlib: bump version to 1.2.10
Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:51:26 +01:00
Gustavo Zacarias
e143b0c73e mpv: bump to version 0.23.0
enca and libguess options have been dropped so adjust accordingly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:51:11 +01:00
Gustavo Zacarias
5807b9ce35 flac: bump to version 1.3.2
And delete upstream patches.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:50:26 +01:00
Peter Korsgaard
103fd78bf7 collectd: fix riemann write plugin dependencies
Fixes:
http://autobuild.buildroot.org/results/fe5/fe5b5ed6355a794e84894c4aaf62eda6529ed184/
http://autobuild.buildroot.org/results/6c3/6c393cffb6ad4e676e311e9fc23ddbb2bcc2cf36/

The plugin uses the riemann-c-client library since commit d55584214206
(write_riemann: Use riemann-c-client), so adjust the dependencies to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:48:59 +01:00
Peter Korsgaard
8d68b3b957 riemann-c-client: new package
Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:48:56 +01:00
Fabio Estevam
c929c53f92 configs/mx53loco: Bump kernel and U-Boot versions
Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:28:15 +01:00
Gustavo Zacarias
2895cf7640 m4: bump to version 1.4.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:25:22 +01:00
Gustavo Zacarias
63a7277107 musl: security bump to version 1.1.16
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.

Drop upstream patch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:51 +01:00
Gustavo Zacarias
190ba02f38 xz: bump to version 5.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:18 +01:00
Gustavo Zacarias
e759f8dcb8 freetype: bump to version 2.7.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:02 +01:00
Gustavo Zacarias
ec1d29c889 sqlite: bump to version 3.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:23:45 +01:00
Gustavo Zacarias
8718bb82cb weston: fix DEPENDENCIES typo
Fixes a build failure with the PPS patchset since libva isn't populated.

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:21:18 +01:00
Gustavo Zacarias
8425ec6fa7 mpv: fix DEPENDENCIES typo
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:20:30 +01:00
Eric Le Bihan
32fe6a540b skalibs: make ld use dummy file when configuring
For some architectures, like Xtensa or HPPA, ld from binutils requires
the output file to be a regular file, as mentioned in a bug report on
the mailing list [1].

So, use a dummy file as output file for ld, instead of /dev/null, when
trying to detect some libraries at configuration time.

Fixes http://autobuild.buildroot.net/results/288/288fc31cd10ffe3cd93371c7be37d79452a91768/

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19526

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:34:59 +01:00
Fabio Estevam
027d8141c5 udoo: mx6qdl: Use the preferred form for disabling a symbol
Even though 'CONFIG_USB=n' does the job, let's switch to the more
standard way for disabling a Kconfig symbol.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:23:57 +01:00
Romain Naour
9cb4058e60 package/intltool: remove target variant
The target variant depends on BR2_HOST_ONLY which is just like BROKEN
(i.e not defined anywere). BR2_HOST_ONLY was introduced by [1] back in
2010 and nobody seems to need it. So remove intltool for the target.

[1] 0b876d3977

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:17:38 +01:00
Yann E. MORIN
0d7b6a470f package/systemd-bootchart: bump version
Get rid of our patch, applied upstream. Which means we no longer need to
run intltoolize. So drop the dependency on host-intltool

Fixes:
    http://autobuild.buildroot.net/results/696/696254009f830134ef9398369ca2cbb257b33f52/
    http://autobuild.buildroot.org/results/aca/aca210de7d3f2eda54e5630206e9ff80d72d85c5/
    http://autobuild.buildroot.org/results/e5d/e5df8d11bfce4ba7a4c5c760b4784c31c506d8d4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:02:59 +01:00
Fabio Estevam
9baa390f83 configs/warpboard: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-31 09:18:25 +01:00
Fabio Estevam
b18ecaf849 configs/warpboard: Bump kernel and U-Boot versions
Bump kernel to version 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-31 09:17:49 +01:00
Jörg Krause
8d9937b61b package/busybox: add patch to fix dependency for IFUPDOWN_UDHCPC_CMD_OPTIONS
Upstream commit a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and
ifdown individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.

Add a patch which fixes the dependency by checking for IFUP or IFDOWN,
instead of the obsolete IFUPDOWN.

Upstream status: Pending
http://lists.busybox.net/pipermail/busybox/2016-December/085034.html

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:29 +01:00
Jörg Krause
8f55961eed package/busybox: update minimal configuration file
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the minimal configuration file. There is at
least one issue using the old configuration with the newer busybox:

* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0

Update the minimal configuration file by loading the busybox.config file
and saving it back.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:25 +01:00
Jörg Krause
0de6137d6f package/busybox: update configuration file
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the configuration file. There is at least
one issue using the old configuration with the newer busybox:

* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0

Update the configuration file by loading the busybox.config file and
saving it back.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:22 +01:00
Baruch Siach
e58b15b1bf wireshark: fix build with musl
Add a patch adding missing sys/time.h header.

Fixes:
http://autobuild.buildroot.net/results/cd8/cd883b40503a6f4d3035e09a383db2d5a21162ad/
http://autobuild.buildroot.net/results/1ae/1ae34debe7e95eab33a895ecdf04c0ddf96cf4ab/
http://autobuild.buildroot.net/results/4af/4afe968e698f62c6bdbec35e53d35c361c5e852b/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:17:45 +01:00
Fabio Estevam
8f817c3039 configs/warp7: Add floating point support
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:17:23 +01:00