Commit Graph

38450 Commits

Author SHA1 Message Date
Baruch Siach
d3c96bd5a6 sqlite: add security patches
CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows
remote attackers to cause a denial of service (EXC_BAD_ACCESS and
application crash) via a crafted file.

CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in shell.c
because it fails to consider certain cases where
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
initialized.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:37:18 +02:00
Peter Korsgaard
df36d26d06 boost: fix build on ppc64le host
Fixes:
http://autobuild.buildroot.net/results/57d/57d9f0ea27e5c8ba73002bd1d0b33027f27a3779/
http://autobuild.buildroot.net/results/7c3/7c3133e822c997879fe00923ba0ad7903656c2e1/

bootstrap by default runs ./tools/build/src/engine/build.sh --guess-toolset
to detect what toolchain (compiler variant).  On x86 this returns gcc, but
on the ppc64le gcc112 autobuilder this returns xlcpp causing bootstrap.sh to
get confused and bail out:

./bootstrap.sh ..
Building Boost.Build engine with toolset ... tools/build/src/engine/###
\### No toolset specified. Please use --toolset option.
\###
\### Known toolsets are: acc, borland, cc, como, clang, darwin, gcc, gcc-nocygwin, intel-darwin, intel-linux, intel-win32, kcc, kylix, metrowerks, mipspro, msvc, qcc, pathscale, pgi, sun, sunpro, tru64cxx, vacpp, xlcpp, vc7, vc8, vc9, vc10, vc11, vc12, vc14, vc141, vmsdecc
\###/b2

Fix it by explicitly specifying the gcc toolset mode to bootstrap, similar
to how it was already done for the bjam invocations.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:37:12 +02:00
Erico Nunes
0823de49ce DEVELOPERS: add maintainer for pc_x86_64_* defconfigs
I've been using this packages to test changes in the grub package, so
I can maintain them.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:33:02 +02:00
Erico Nunes
dd37663161 board/pc: add documentation for testing with qemu
Add some documentation about running the pc defconfigs in qemu.
In particular, document the use of the -bios parameter to use the OVMF
firmware to test the UEFI image.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:29:07 +02:00
Erico Nunes
6fab243237 configs/pc: refactor to use genimage and grub.cfg
This simplifies the pc configs and respective post image scripts to use
the shared genimage script and separate grub config files.
Separate grub files are cleaner to maintain and easier to copy and
modify, for example to support booting the pc defconfigs in qemu.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 16:27:53 +02:00
Yann E. MORIN
6393b6904b toolchain/wrapper: fake __DATE_ and __TIME__ for older gcc
Starting with version 7, gcc automatically recognises and enforces the
environment variable SOURCE_DATE_EPOCH, and fakes __DATE__ and __TIME__
accordingly, to produce reproducible builds (at least in regards to date
and time).

However, older gcc versions do not offer this feature.

So, we use our toolchain wrapper to force-feed __DATE__ and __TIME__ as
macros, which will take precedence over those that gcc may compute
itself. We compute them according to the specs:
    https://reproducible-builds.org/specs/source-date-epoch/
    https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html

Since we define macros otherwise internal to gcc, we have to tell it not
to warn about that. The -Wno-builtin-macro-redefined flag was introduced
in gcc-4.4.0. Therefore, we make BR2_REPRODUCIBLE depend on GCC >= 4.4.

gcc-7 will ignore SOURCE_DATE_EPOCH when __DATE__ and __TIME__ are
user-defined. Anyway, this is of no consequence: whether __DATE__ and
__TIME__ or SOURCE_DATE_EPOCH takes precedence, it would yield the
exact same end result since we use the same logic to compute it. Note
that we didn't copy the code for it from gcc so using the same logic
doesn't imply that we're inheriting GPL-3.0.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Arnout: rewrite commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 16:10:37 +02:00
Mauro Condarelli
4852f05907 libffi: add patch to fix MIPS support
Building Python 3.x on MIPS with musl fails because the libffi code
uses a "#ifdef linux" test to decide if we're building on Linux or
not. When building with -std=c99, "linux" is not defined, so instead
of including <asm/sgidefs.h>, libffi's code tries to include
<sgidefs.h>, which doesn't exist on musl.

The right fix is to use __linux__, which is POSIX compliant, and
therefore defined even when -std=c99 is used.

Note that glibc and uClibc were not affected because they do provide a
<sgidefs.h> header in addition to the <asm/sgidefs.h> one.

Signed-off-by: Mauro Condarelli <mc5686@mclink.it>
[Thomas: reformat patch with Git, add a better commit log and description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 15:56:20 +02:00
Alfredo Alvarez Fernandez
862b76cfef Add DEPENDENCIES_HOST_PREREQ to the list of packages
That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-10-22 15:42:26 +02:00
Alfredo Alvarez Fernandez
36d398ac30 dependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ
Currently, HOSTCC and HOSTCXX are set to their _NOCACHE variants in the
'dependencies' target. This is needed because at that time, ccache is
not built yet - host-ccache is one of the dependencies. However, because
this override is only specified for the 'dependencies' target (and
thereby gets inherited by its dependencies), the override is only
applied when the package is reached through the 'dependencies' target.
This is not the case when one of DEPENDENCIES_HOST_PREREQ is built
directly from the command line, e.g. when doing 'make host-ccache'. So
in that case, ccache will be built with ccache... which fails of
course.

To fix this, directly apply the override to the DEPENCIES_HOST_PREREQ
targets.

Note that this only fixes the issue for 'make host-ccache', NOT for
e.g. 'make host-ccache-configure'.

Signed-off-by: Alfredo Alvarez Fernandez <alfredo.alvarez_fernandez@nokia.com>
[Arnout: improve commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-10-22 15:42:26 +02:00
Peter Korsgaard
90b9b457ec xen: add upstream post-4.9.0 security fix for XSA-245
Fixes XA-245: ARM: Some memory not scrubbed at boot

https://xenbits.xenproject.org/xsa/advisory-245.html

Notice: Not applying XSA-237..244 as they are x86 only and have patch file
name conflicts between 2017.02.x and master.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 15:09:12 +02:00
Baruch Siach
2f25654504 libtomcrypt: fix build without wchar
GCC defines wchar_t even when wchar support is disabled in uClibc. The
LTC_NO_WCHAR macro triggers a local definition of wchar_t that conflicts
with the GCC defined one. Remove LTC_NO_WCHAR to avoid that.

See also https://github.com/libtom/libtomcrypt/issues/313 for more
discussion about this.

Fixes:
http://autobuild.buildroot.net/results/4ff/4ffb593185f7520d2d9a9cc988aa9c510f253930/

Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 14:36:20 +02:00
Peter Korsgaard
915a627fce openssl: unconditionally define BR2_PACKAGE_PROVIDES_HOST_OPENSSL
Fixes:
http://autobuild.buildroot.net/results/207/207d0ca1fe5328e675246c851fcb0d5685f8c0bd/
http://autobuild.buildroot.net/results/546/546a56d6dd39e5e9ecfe25fd36a00510e6c0c45b/

host-openssl may be used without openssl being enabled for the target, so
move BR2_PACKAGE_PROVIDES_HOST_OPENSSL outside the BR2_PACKAGE_OPENSSL
conditional.

While we're at it, add a comment explaining what this magic config symbol does.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 14:04:48 +02:00
Peter Korsgaard
7e3583dd55 lame: security bump to version 3.100
Fixes the following security issues:

CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap

CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash

CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash

Drop patches now upstream or no longer needed:

0001-configure.patch: Upstream as mentioned in patch description

0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:

Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.

With these removed, autoreconf is no longer needed.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 14:04:44 +02:00
Francois Perrad
1dd543b4ae lua-sdl2: refactor with cmake
that allows optional dependencies

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas:
 - use "luainterpreter" instead of "lua" in the dependencies
 - replace with a Git formatted patch that doesn't comment code but
   removes it.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 14:01:07 +02:00
Erico Nunes
158a0c4ca0 configs/pc: bump kernel version
Bump the kernel version to 4.13.8.
Tested with qemu 2.9.1 on bios and UEFI virtual machines.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 12:25:16 +02:00
Romain Naour
013b1faa1e package/efl: bump to 1.20.5
https://www.enlightenment.org/news/efl-1.20.5

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 12:18:41 +02:00
Christian Stewart
3861ce09d0 runc: bump to v1.0.0-rc4
This is a dependency of docker-engine v2017.07.0-ce.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 12:18:05 +02:00
Christian Stewart
b3c2acba9b go: bump version to 1.9
Go 1.9 is required for docker-engine and other Go packages in Buildroot.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-22 09:10:32 +02:00
Peter Korsgaard
aa3ddf7f10 openldap: correct openssl handling
Fixes:
http://autobuild.buildroot.net/results/ffc/ffc9c10c55c2838ab7002c5ec35244e9bfe46189/

Commit dfa1817d31 (openldap: supports only the real OpenSSL, not LibreSSL)
tried to ensure openldap would only use openssl, but changed the wrong
variable. OPENLDAP_TLS is passed to configure, so it shouldn't be changed:

./configure --target=aarch64-buildroot-linux-gnu .. --with-tls=libopenssl ..
Configuring OpenLDAP 2.4.45-Release ...
checking build system type... x86_64-pc-linux-gnu
checking host system type... aarch64-buildroot-linux-gnu
checking target system type... aarch64-buildroot-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for aarch64-buildroot-linux-gnu-strip... /usr/lfs/v0/rc-buildroot-test/scripts/instance-0/output/host/bin/aarch64-linux-gnu-strip
checking configure arguments... configure: error: bad value libopenssl for --with-tls

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 00:08:55 +02:00
Peter Korsgaard
ec58149009 busybox: add upstream post-1.27.2 httpd fix
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 23:13:21 +02:00
Alexey Brodkin
23baa1c1cf libdrm: make Etnaviv arch-independent
Vivante GPU could be a part of SoC along with any CPU architecture
thus get rid of nonsense dependency.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 23:09:13 +02:00
Alexey Brodkin
d4e234e2d3 mesa3d: make Etnaviv arch-independent
Vivante GPU could be a part of SoC along with any CPU architecture
thus get rid of nonsense dependency.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 23:09:05 +02:00
Peter Korsgaard
209f42fd3a musl: add upstream security fix for CVE-2017-15650
>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5

Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 23:00:45 +02:00
Jagan Teki
5f50fb8d1d board: Add Bananapi M1 support
Add initial support for bananapi M1 board with below features:
- U-Boot 2017.09
- Linux 4.13.7
- Default packages from buildroot

Cc: Jason <manager@sinovoip.com.cn>
Cc: hailymei@banana-pi.com <hailymei@banana-pi.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 22:37:28 +02:00
Peter Seiderer
bf533178e9 gst1-plugins-bad: fix patch 0001-openjpeg-Support-building-with-openjpeg-2.3-simpler.patch
The previous version was by mistake mixed up with the patch 'gst-plugins-bad:
openjpeg: Remove compatibility with openjpeg 2.0'

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 22:20:08 +02:00
Alexey Brodkin
bdc7567bbd support/config-fragments/autobuild: add ARC glibc fragment
glibc is now supported for ARC so let's kick-start autobuilders
with glibc toolchain for ARC HS.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 22:04:28 +02:00
Angelo Compagnucci
80ea21bc3c package/go: fix cross-compilation settings
This patch fixes a bug with the BR2_TOOLCHAIN_HAS_THREADS variable
handling which causes CGO_ENABLED to be always 0.

Furthermore, it fixes the cross compilation options for the go
compiler: setting CGO_ENABLED should be done only for the target
compiler not the host one.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Christian Stewart <christian@paral.in>
2017-10-21 21:58:12 +02:00
Peter Seiderer
e7e71c0124 qt5base: make harfbuzz support selectable
If selected use:

 - system/buildroot harfbuzz in case __sync for 4 bytes is supported
 - qt harfbuzz otherwise (using QAtomic instead)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-10-21 21:37:28 +02:00
Gaël PORTAY
d0b055239e raspberrypi: post-image.sh fix gpu_mem option
The gpu_mem option is not using the proper option argument which causes sed to
fail.

	+ case "${arg}" in
	+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
	+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
	sed: -e expression #1, char 8: extra characters after command
	+ case "${arg}" in
	+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
	+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
	sed: -e expression #1, char 8: extra characters after command

The issue comes from the use of $1 instead of $arg to extract the gpu_mem
value. $1 is the $(BINARIES_DIR) which leads to a sed expression error.

Also, it adds the error flag to the shell script to prevent from such situation
and terminate the build in error.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:37:10 +02:00
André Hentschel
0629eb8449 wine: Bump to version 2.0.3
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:35:52 +02:00
Alexey Brodkin
19bf0087ec python-numpy: Add support of ARC architecture
This enables support for ARC cores in numpy.
Cherry-picked from
8edd610ffa

Hopefully becomes a part of the next major release (like 1.14).

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:35:13 +02:00
Alexey Brodkin
acc3a2c725 python-numpy: Bump version to 1.13.3
This is just a bug-fix release.

Removing 0003-BUG-Ensure-_npy_scaled_cexp-f-l-is-defined-when-need.patch
as it is a part of the release.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:34:51 +02:00
Adam Duskett
791ceb583b openssl: add libressl as a provider
At this point, libressl can be added to the openssl virtual package.

- Remove the entry package/libressl/Config.in from package/Config.in
- Remove the file: package/libressl/Config.in
- Add libressl entry to package/openssl/Config.in

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
346483306d wpa_supplicant: supports only the real OpenSSL, not LibreSSL
wpa_supplicant will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
1eefb3d9b8 libevent: supports only the real OpenSSL, not LibreSSL
libevent will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
dfa1817d31 openldap: supports only the real OpenSSL, not LibreSSL
openldap will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
dbc97c0e46 opusfile: supports only the real OpenSSL, not LibreSSL
opusfile will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
5b92c4de94 mosquitto: supports only the real OpenSSL, not LibreSSL
mosquitto will not build with LibreSSL without patches, so let's
support only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
803c49891f ffmpeg: supports only the real OpenSSL, not LibreSSL
ffmpeg will not build with LibreSSL without patches, so let's support
only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
42b5fb0571 hostapd: supports only the real OpenSSL, not LibreSSL
hostapd will not build with LibreSSL without patches, so let's support
only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Adam Duskett
ae1cf0f3b8 softether: require libopenssl
softether tries to use SSLv3 functionality as a fallback. LibreSSL
doesn't support SSLv3 anymore. Two main issues prevent a patch:

- Trying to wrap the sslv3 functionality from the source with a guard
  clause results in linking errors after compiling is done.
- There are multiple security vulnerabilities with using sslv3.
- There are multiple security issues in github pertaining to using
  sslv3.
- This project seems to not be updated very often, and the security
  issues are being ignored it seems.

For people who still want to use softether, they will have to use
libopenssl.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Adam Duskett
9f145e4957 heirloom-mailx: add libressl support patch
heirloom-mailx has two small issues when compiling against LibreSSL:
  - RAND_egd is used (LibreSSL does not support RAND_egd)
    Solution: "Guard" the code calling RAND_egd

  - SSLv3_client_method function is used (LibreSSL does not support SSLv3)
    Solution: "Guard" the code with #ifndef OPENSSL_NO_SSL3

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Thomas Petazzoni
123e0c9fef openssl: introduce BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
Some packages that use openssl are not compatible with libressl, only
with the real openssl (known as libopenssl in Buildroot). So before we
add libressl as a provider for the openssl virtual package, we
introduce a BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL hidden option that
packages incompatible with LibreSSL will be able to select.

This will allow packages that need OpenSSL to continue using "select",
without having to change to using "depends on" dependencies.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Adam Duskett
f974a493f0 openssl: new virtual package
To ease the transition to having both OpenSSL and LibreSSL, there has to be
a new virtual package introduced to handle both.

Instead of making a libssl, and adding OpenSSL and libressl to that package,
it will be far easier to move openssl to libopenssl and to make OpenSSL
a virtual package.  This offers a few advantages:

- BR2_PACKAGE_OPENSSL is still a visible symbol with no dependencies.
- It does not require a huge patch to convert every instance of
  OpenSSL -> libssl)
- Users will be able to update without ever having to select anything new.
- LibreSSL can be added at a later date to the virtual package.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: define BR2_PACKAGE_PROVIDES_HOST_OPENSSL to the value
"host-libopenssl" as we always want to use the original OpenSSL for
the host variant.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Peter Seiderer
3fcaa12800 gst1-plugins-bad: fix openjpeg-2.3 compile failure
Add upstream patch [1], fixes [2]:

  In file included from gstopenjpegdec.h:29:0,
                   from gstopenjpegdec.c:27:
  gstopenjpeg.h:42:37: fatal error: openjpeg-2.2/openjpeg.h: No such file or directory
  #  include <openjpeg-2.2/openjpeg.h>

[1] https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bff2d834a4a38f64e555cee3d0144fde6c515acd
[2] http://autobuild.buildroot.net/results/884/884956af56f63b2634a1984f5ea416075ed87bc8

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:22:26 +02:00
Bernd Kuhls
42505e7a1d package/tvheadend: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:20:39 +02:00
Bernd Kuhls
80dc50e716 package/x11r7/xlib_libXfont: bump version to 1.5.3
Added all hashes provided by upstream.

Removed patches applied upstream:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=a2a5fa591762b430037e33f1df55b460550ab406
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=3b08934dca75e4c559db7d83797bc3d365c2a50a

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:16:39 +02:00
Thomas Petazzoni
eb5b132376 support/testing: update ISO9660 test case Linux kernel
The Linux 4.0 kernel doesn't build with gcc 6.x, which is used since
the toolchain update in commit
193dfffa83 ("support/testing: use more
recent toolchains"). So let's update to Linux 4.11 instead (like the
existing Qemu x86 defconfig does), and update the kernel configuration
file accordingly.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:16:25 +02:00
Cam Hutchison
712f81fb3c linux: Deselect all unconfigured compression options
The LINUX_KCONFIG_FIXUP_CMDS are meant to deselect any compression
option that are not selected in the buildroot configuration. But it only
deselects the last one in the list instead of all of them because it
overwrites the LINUX_COMPRESSION_OPT_ variable instead of appending to
it. Only the last option set to that variable gets deselected.

This produces the warning:

.config:2216:warning: override: KERNEL_GZIP changes choice state

is emitted when buildroot runs olddefconfig when buildroot configures a
kernel with a custom config that has a different kernel compression
option set to what is configured in buildroot.

Accumulate all the deselected compression options instead of overwriting
them to ensure all non-selected options get deselected..

Signed-off-by: Cam Hutchison <camh@xdna.net>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 20:20:45 +02:00
Thomas Petazzoni
193dfffa83 support/testing: use more recent toolchains
With the hard disk crash of autobuild.b.o, we lost old toolchains, so
use the latest toolchains, which have been restored.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 19:48:30 +02:00