Commit Graph

38450 Commits

Author SHA1 Message Date
Romain Naour
27936318ae package/glibc: remove mips r6 nan208 hook
This hook is not needed since glibc 2.23 [1] and can be safely removed.

[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5f2798a0ac9d5ad8ad7a506a2f840035135e2d2

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-29 15:47:31 +01:00
Bernd Kuhls
b7826807d1 package/tvheadend: transcoding depends on ffmpeg
Commit
https://git.buildroot.net/buildroot/commit/package/tvheadend?id=a9a14dc4357d32f705a52a5da73c782576ce6bc8
forgot to add the reverse dependency from ffmpeg.

Fixes
http://autobuild.buildroot.net/results/91a/91a08e63690421a0c197e987af15e91e78afb96f/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-29 15:45:40 +01:00
Adam Duskett
c78e12f5ad boost: add help messages to libraries
All of the help messages come from http://www.boost.org/doc/libs/1_65_1/

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-29 15:41:03 +01:00
Adam Duskett
a43ddc79fe boost: add option for the stacktrace library
stacktrace requires dynamic library support, which was causing the
following build errors:

http://autobuild.buildroot.net/results/692ffad93a7bd867ecc7ccbfc8c6280735d29435/
http://autobuild.buildroot.net/results/6058ece804889abaaab0a29258e1de2904162d26/
http://autobuild.buildroot.net/results/12df9b345a90a4e011b8bb4cb1d1ef1c2c7040c0/
http://autobuild.buildroot.net/results/7473c433e93b3e785e44d9868fec517437f59847/

Adding an option for it allows to have it disabled by default, and
make sure it only gets enabled when shared library support is
available.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-29 15:40:36 +01:00
Peter Korsgaard
765453a278 docs/website: update for 2017.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 21:26:15 +02:00
Peter Korsgaard
8b0dd65de8 Update for 2017.02.7
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 05a2e38af2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 21:23:15 +02:00
Jerzy Grzegorek
5868ab5f22 package/util-linux: drop _VERSION_MINOR variable
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 14:24:55 +02:00
Bernd Kuhls
8c3af6bbff package/libdrm: bump version to 2.4.85
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 14:21:29 +02:00
Bernd Kuhls
4b414ebe4e package/ffmpeg: bump version to 3.3.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 14:20:02 +02:00
Bernd Kuhls
8c4a432185 package/php: bump version to 7.1.11
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 14:19:32 +02:00
Bernd Kuhls
2be90f4a24 package/samba4: bump version to 4.6.9
Release notes: https://www.samba.org/samba/history/samba-4.6.9.html

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 14:18:53 +02:00
Martin Bark
4d257bbcdb package/tzdata: bump version to 2017c
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:12:09 +02:00
Martin Bark
ec176933c2 package/zic: bump version to 2017c
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:12:01 +02:00
Joshua Henderson
f2b022893f qt5wayland: fix config option indentation
Reorganize so the optional composer option for the qt5wayland package shows up
as an indented option.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:11:25 +02:00
Peter Korsgaard
aff7673602 wget: add optional zlib support
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:10:11 +02:00
Peter Korsgaard
86eb94636e wget: security bump to version 1.19.2
Fixes the following security issues:

CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects.  When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number.  The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read().  As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.

CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses.  When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number.  The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read().  As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument.  The
attacker can corrupt malloc metadata after the allocated buffer.

Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:10:05 +02:00
Bernd Kuhls
fdace9e53c package/tor: bump version to 0.3.1.8
Release notes:
https://blog.torproject.org/new-stable-tor-releases-0318-03012-02913-02816-02515

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:07:02 +02:00
Bernd Kuhls
6c53b9141f linux: bump default to version 4.13.10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:04:55 +02:00
Bernd Kuhls
ec2851f4b9 linux-headers: bump 4.{4, 9, 13}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:04:18 +02:00
Adrian Perez de Castro
e3459fd9c5 webkitgtk: security bump to version 2.18.2
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes; mostly for crashes and rendering issues, plus
one important fix for the layout or Arabic text.

Release notes:

    https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html

Even though an acconpanying security advisory has not been published
for this release, the release contains fixes for several crashes (one
of them for the decoder of the very common GIF image format), which
arguably can be considered potential security issues.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 20:46:58 +02:00
Peter Seiderer
8e4f5b79ab barebox: bump to version 2017.09.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 20:46:17 +02:00
Jerzy Grzegorek
b4f9a69aa3 package: fix license typos
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:51:22 +02:00
Yegor Yefremov
597fc547ce python-paho-mqtt: bump version to 1.3.1
Remove upstreamed patch and add licence checksums.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:50:34 +02:00
Yegor Yefremov
087fb9bbb1 python-zope-interface: bump version to 4.4.3
Add licence checksum.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:50:25 +02:00
Peter Korsgaard
70663a9a4f openssh: security bump to version 7.6p1
Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH
before 7.6 does not properly prevent write operations in readonly mode,
which allows attackers to create zero-length files.

For more details, see the release notes:
https://www.openssh.com/txt/release-7.6

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:49:02 +02:00
Peter Korsgaard
751cd4cfab redis: bump to version 3.2.11
3.2.11 fixes important issues. From the release notes:

================================================================================
Redis 3.2.11     Released Thu Sep 21 15:47:53 CEST 2017
================================================================================

Upgrade urgency HIGH: Potentially critical bugs fixed.

AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:48:57 +02:00
Peter Korsgaard
07a9f0200c sdl2: security bump to version 2.0.7
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5.  A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution.  An
attacker can provide a specially crafted image file to trigger this
vulnerability.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-27 13:48:45 +02:00
Peter Korsgaard
3a798acf23 sdl2: explicitly disable raspberry pi video backend
Fixes:
http://autobuild.buildroot.net/results/d59/d5992dcc9a49ee77afaebdcc9448ac1868fa7de1/
http://autobuild.buildroot.net/results/e89/e894f21ce1983ee3bd8d65a8e59e1adab9a62707/

The configure script automatically enables support for the raspberry pi
video backend if it detects the rpi-userland package.  Unfortunately it
hardcodes a number of include/linker paths unsuitable for cross compilation,
breaking the build:

    if test x$enable_video = xyes -a x$enable_video_rpi = xyes; then
..
     RPI_CFLAGS="-I/opt/vc/include -I/opt/vc/include/interface/vcos/pthreads -I/opt/vc/include/interface/vmcs_host/linux"
     RPI_LDFLAGS="-L/opt/vc/lib -lbcm_host"
    fi

So explicitly disable it until the configure script is fixed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 14:08:55 +02:00
Martin Bark
07e4910c56 package/nodejs: bump version to 8.8.1
Fixes a regression introduced in 8.8.0.
See https://nodejs.org/en/blog/release/v8.8.1/

Peter: apply on top of 8.8.0, mention that it fixes regression]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 13:22:53 +02:00
Peter Korsgaard
228f68a137 nodejs: security bump to version 8.8.0
Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with windowBits
set to 8.  On some versions this crashes Node and you cannot recover from
it, while on some versions it throws an exception.  Node.js will now
gracefully set windowBits to 9 replicating the legacy behavior to avoid a
DOS vector.

For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard &lt;<a href="mailto:peter@korsgaard.com">peter@korsgaard.com</a>&gt;<br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-26 13:19:34 +02:00
Eric Le Bihan
68cd9373f8 s6-rc: bump version to 0.3.0.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:45:49 +02:00
Eric Le Bihan
c43ed8d9d0 s6: bump version to 2.6.1.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:45:43 +02:00
Eric Le Bihan
66dba27f5d execline: bump version to 2.3.0.3
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:45:38 +02:00
Eric Le Bihan
4703e63f19 skalibs: bump version to 2.6.0.1
Bump version to 2.6.0.1 and refresh patches.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:45:34 +02:00
Adam Duskett
7632237932 janus-gateway: bump to v0.2.5
Also add hash for license file.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:45:07 +02:00
Peter Korsgaard
62d4dd2999 libcurl: security bump to version 7.56.1
Fixes CVE-2017-1000257 - IMAP FETCH response out of bounds read

https://curl.haxx.se/docs/adv_20171023.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:44:09 +02:00
Peter Korsgaard
a9a4ec0dcc irssi: security bump to version 1.0.5
Fixes the following security issues:

(a) When installing themes with unterminated colour formatting
    sequences, Irssi may access data beyond the end of the
    string. (CWE-126) Found by Hanno Böck.

    CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
    incorrectly fail to remove destroyed channels from the query list,
    resulting in use after free conditions when updating the state
    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

    CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
    pointer dereference. Found by Joseph Bisch. This is a separate,
    but similar issue to CVE-2017-9468. (CWE-690)

    CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
    while splitting the message. Found by Joseph Bisch. (CWE-690)

    CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
    is long enough, causing reads beyond the end of the string. Found
    by Joseph Bisch. (CWE-126)

    CVE-2017-15722 was assigned to this issue.

For more details, see the advisory:
https://irssi.org/security/irssi_sa_2017_10.txt

While we're at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-25 09:44:06 +02:00
Bernd Kuhls
68b9447d64 package/kodi: bump version to 17.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:01:58 +02:00
Bernd Kuhls
e4fc553080 package/libpciaccess: bump version to 0.14
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:01:10 +02:00
Bernd Kuhls
386ca343c5 package/apache: bump version to 2.4.29
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 08:00:12 +02:00
Peter Korsgaard
f82b1edd6a docs/website: update for 2017.08.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 00:13:23 +02:00
Peter Korsgaard
f2b107560c Update for 2017.08.1
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20b6624f4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-24 00:09:12 +02:00
Adam Duskett
657dbfa00a boost: add fiber module
This module requires NPTL. Without support for the module, it is built
unconditionally, which was causing the following build errors:
http://autobuild.buildroot.net/results/029/0298038fc126d15733d81c54e0bb7cb00be48b92/build-end.log
http://autobuild.buildroot.net/results/6f3/6f3a218c47204e431100799482a3ed0ec159fa15/build-end.log
http://autobuild.buildroot.net/results/63e/63e5569a90d3ace97cb6102509cbd04aeab6f5f7/build-end.log

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Arnout: add empty line in Config.in, reword commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-10-23 21:51:37 +02:00
Vicente Olivert Riera
f574a8eba6 linux-tools/perf: fix build for MIPS by using the right emulation on LD
Passing just the endianness flag to LD is not enough. We need to pass
the right emulation flag which will set everything for us, not only the
endianness.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-10-23 18:42:27 +02:00
Jörg Krause
32caa954b0 mpd: bump to version 0.20.11
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 23:49:33 +02:00
Bernd Kuhls
1ea5520f49 linux: bump default to version 4.13.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 23:47:30 +02:00
Bernd Kuhls
f7479f4c81 linux-headers: bump 4.{4, 9, 13}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 23:47:01 +02:00
Bernd Kuhls
cc61f5571c package/x264: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 17:48:22 +02:00
Jörg Krause
361d1b969e bluez5_utils: define FIRMWARE_DIR for hciattach_bcm43xx
The tool hciattach_bcm43xx defines the default firmware path in `/etc/firmware`,
but the Broadcom firmware blobs are usually stored in `/lib/firmware`.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:59:22 +02:00
Julien Floret
c2aa34d8ce CHANGES: update after netsnmp changes
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:46:33 +02:00