Commit Graph

35301 Commits

Author SHA1 Message Date
Romain Naour
2af19b0143 package/xenomai: fallback to http
The https protocol return:
"ERROR 503: Service Temporarily Unavailable"

Fixes:
http://autobuild.buildroot.net/results/120/12034603c46c8bd69590c88bbfe85261460b699c

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Peter Korsgaard
665560856e imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Peter Korsgaard
7daae8362b libcroco: bump to version 0.6.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Peter Korsgaard
52bfb4b1ce libcroco: add upstream security fixes
These have been added to upstream git after 0.6.12 was released.

CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Peter Korsgaard
a534030c6e python-web2py: security bump to version 2.14.6
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.

CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).

CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.

CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Peter Korsgaard
027a0d5b61 minicom: security bump to version 2.7.1
Fixes CVE-2017-7467 - minicom and prl-vzvncserver vt100.c escparms[] buffer
overflow.

For more details about the issue, see the nice writeup on oss-security:

http://www.openwall.com/lists/oss-security/2017/04/18/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Arnout Vandecappelle
200282e207 busybox: no need to disable clear and reset
Removing clear and reset from the busybox config when the ncurses tools
are enabled is not really needed.

Since commit 802bff9c42, the busybox install will not overwrite
existing programs. Therefore, the tools will be installed correctly
regardless of the order of the build:
- if busybox is built first, the clear and reset apps are installed,
  but they will be overwritten by ncurses;
- if ncurses is built first, it will install the clear and reset apps,
  and busybox will no longer install them.

We prefer not to modify the busybox configuration when not strictly
necessary, because it is surprising for the user that his configuration
is not applied. Clearly, it's not ideal that busybox is configured with
redundant apps, but if the user wants to shrink it, it's possible to
provide a custom config.

This partially reverts commit 33c72344a8.

Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber  <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:15 +02:00
Bernd Kuhls
cddb22ac2b package/aircrack-ng: bump version to 1.2-rc4
Removed patches applied upstream:

0001-Makefile-use-pkg-config-to-find-libpcre-it-s-more-cros.patch
http://trac.aircrack-ng.org/changeset/2445

0002-Optionally-use-LIBPCAP-for-required-libpcap-libraries.patch
http://trac.aircrack-ng.org/changeset/2446

0003-Wesside-ng-Use-termios-instead-of-sys-termios.patch
http://trac.aircrack-ng.org/changeset/2533

Added option to disable stack-protector support auto-detection in gcc.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:15 +02:00
Bernd Kuhls
d9f19462fb package/ccid: bump version to 1.4.26
Changed _SITE according to
http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20170102/000780.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:15 +02:00
Bernd Kuhls
ff75225568 package/acsccid: bump version to 1.1.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:15 +02:00
Bernd Kuhls
7fe176da86 package/acpica: bump version to 20170303
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:15 +02:00
Bernd Kuhls
0250b40b74 package/libgpgme: bump version to 1.9.0
Removed configure option --with-gpg, it was removed upstream in 2013:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=02ba35c1b6a2cbb3361b2f2ad507c53564b2be0b#patch3

[Peter: drop comment referring to --with-gpg option]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:07 +02:00
Rahul Bedarkar
29f261beef sg3_utils: improve license description
Library is licensed under BSD-3-Clause. Some programs are licensed
under GPL-2.0+ while other are BSD-3-Clause. Annotate licenses with
components and improve readability of license strings when
conditionally specifying license for programs using := instead of +=.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:01:30 +02:00
Vicente Olivert Riera
c3d4234d09 linux: bump default version to 4.10.12
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:01:01 +02:00
Vicente Olivert Riera
37159734b0 linux-headers: bump 4.{4,9,10}.x series
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:00:51 +02:00
Vicente Olivert Riera
ab0a4e9437 python-pyopenssl: bump version to 17.0.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:00:19 +02:00
Vicente Olivert Riera
27a1629e85 tcpreplay: bump version to 4.2.3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 08:59:56 +02:00
Andrey Smirnov
990bc8b2ad package/python-json-schema-validator: remove Python2 dependency
python-json-schema-validator supports Python 3, so there's no reason
to limit it to Python 2 only.

Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-25 21:50:44 +02:00
Andrey Smirnov
ce98cea8fb package/python-versiontools: remove Python2 dependency
python-versiontools supports Python 3, so there's no reason to limit
it to Python 2 only.

Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Matthew Carruth <carruthm@gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-25 21:50:03 +02:00
Zakharov Vlad
fecfb0bacb binutils: arc: fix 0301-PATCH-check-ldrunpath-length.patch after version bump
This commit fixes another brown-paper-bag issue that I've introduced by
my following patch:
toolchain: Bump ARC tools to arc-2017.03-rc1
(5f8ef7e25c)

arc-2017.03-rc1 differs a bit from 2.28. And so corresponding
of-the-tree patch should be updated appropriately.

Fixes target binutils build for arc:
http://autobuild.buildroot.net/results/f67/f67c905979870936d8050a505b61186be6dad85d//

[Peter: tweak commit message]
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:32:53 +02:00
Davide Viti
965c5ca57d mongoose: bump to version 6.7
Signed-off-by: Davide Viti <zinosat@tiscali.it>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:28:24 +02:00
Vicente Olivert Riera
c10724093a mpv: bump version to 0.25.0
Remove 0003-fix-build-with-have-gl.patch which is already included in
this release.

Remove --{enable|disable}-standard-gl configure option because it
doesn't exist.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:27:57 +02:00
Vicente Olivert Riera
bc41dbe658 poppler: bump version to 0.54.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:27:21 +02:00
Vicente Olivert Riera
b53e4f0bb8 harfbuzz: bump version to 1.4.6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:27:07 +02:00
Vicente Olivert Riera
3ac9e1e71b python-dataproperty: bump version to 0.18.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:26:47 +02:00
Vicente Olivert Riera
acaa2e6f93 x265: bump version to 2.4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:26:31 +02:00
Francois Perrad
bea0cfc596 perl-gd: bump to version 2.66
remove last patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-24 22:25:31 +02:00
Baruch Siach
4c2b11977a syslog-ng: disable mongodb
libbson is a dependency of the mongo-c-driver that syslog-ng uses. Buildroot
doesn't package mongo-c-driver so syslog-ng uses the bundled one. The bundled
mongo-c-driver in turn may optionally use a bundled libbson. When Buildroot
builds libbson mongo-c-driver detects that and does not configure its bundled
libbson. This breaks the build of the syslog-ng mongodb module because it adds
the bundled libbson to the headers search path.

Disable the mongodb module to avoid this issue.

Fixes:
http://autobuild.buildroot.net/results/843/84331e9a168d8bdf2cceca8e9e1480611c1ecaed/
http://autobuild.buildroot.net/results/b5b/b5bad64abbf5764faf2a7129a1a25ad75c34980b/
http://autobuild.buildroot.net/results/3c3/3c32f4eb7436da06f3fb59f928363959df2a5e86/

Cc: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:59:31 +02:00
Adam Duskett
e2a7822415 package makefiles: clean up backslash spacing.
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:57:23 +02:00
Adam Duskett
42ec2bd4a4 package/qt: fix header
The header was non-standard according to check-package.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:51:07 +02:00
Adam Duskett
edc2d7b0a4 package/qt5: add comment header
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:50:52 +02:00
Adam Duskett
58dd42a59a package/xenomai: properly indent XENOMAI_DEVICES variable
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:50:15 +02:00
Adam Duskett
5fabb89fe8 package/busybox: fix unexpected indent with tabs
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:49:08 +02:00
Zakharov Vlad
5f8ef7e25c toolchain: Bump ARC tools to arc-2017.03-rc1
This commit bumps ARC toolchain to arc-2017.03-rc1

Please note that it is a release candidate and it might contain some
breakages, please don't use it for production builds.

Also I have updated patches for binutils as our source files in
binutils differ comparing to 2.28.

Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:37:16 +02:00
Mario J. Rugiero
1872903d86 package{protobuf,python-protobuf}: bump to v3.2.0
Both packages are coupled, so both are bumped and build-tested.

The atomics' support patch is no longer needed, and neither is the
autoreconf option, and SPARC64 is no longer broken.

To make sure of this, one config of each of the following archs was
tested (base defconfig in parens):

 - PowerPC (qemu_ppc_g3beige_defconfig)
 - SPARC (qemu_sparc_ss10_defconfig)
 - SPARC64 (qemu_sparc64_sun4u_defconfig)

Signed-off-by: Mario J. Rugiero <mrugiero@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:23:45 +02:00
Francois Perrad
d9c7723da4 perl-gd: bump to version 2.59
remove patches merged upstream

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: renumber patches.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:06:56 +02:00
Christian Stewart
b7f095920a uboot: fix target uboot defconfig warning
The warning currently reads:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_DEFCONFIG setting.

It should read:

  No board defconfig name specified, check your
  BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:05:50 +02:00
Carlos Santos
aab5db994c e2fsprogs: use libblkid and libuuid from util-linux for host
We have a host-util-linux, so we can use it to provide libblkid and
libuuid. This makes it consistent with the target package.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 14:30:30 +02:00
Carlos Santos
a48d94b7fc e2fsprogs: remove uuidgen support
In fact, uuidgen was never built because we pass --disable-libuuid. So
the option was a NOP.

Remove the license info for libuuid.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout:
 - do not remove --disable-uuidd - even though that is implied by
   --disable-libuuid, it's better to be explicit about it;
 - remove license info of libuuid]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 14:29:00 +02:00
Carlos Santos
a1849efd1a e2fsprogs: change into menuconfig
We decided some time ago that config entries with 5 or more suboptions
should be turned into a menuconfig. e2fsprogs has many more than that.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 14:28:39 +02:00
Carlos Santos
e6d7be83be e2fsprogs: add missing arch depends to comment
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 14:26:54 +02:00
Carlos Santos
3ca015a1ad e2fsprogs: change upstream URL sf.net -> sourceforge.net
sf.net redirects to sourceforge.net, so directly use that as upstream
URL. Config.in.host already uses that URL.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
[Arnout: remove trailing /]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 14:24:22 +02:00
Alistair Francis
3530e531e8 package/xen: Use POSIX complaint header includes
To fix build issues when using the musl library use POSIX compatible
library inclues.

This fixes this autobuilder issue:
http://autobuild.buildroot.net/results/1aa/1aa1303f60372f51aa5a7eb18caac4a5b5c1d9d4/build-end.log

These two patches have been by accepted upstream Xen and will be in 4.9:
http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=b4cd5173183fbc118e2dc2a0d2e0d5038daf4fb5
http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=4703a9ba9bb0c9c2804813ffe0943177d5f96039

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-21 21:25:44 +02:00
Martin Kepplinger
a171f4699e tslib: update to 1.9
The curious ones will find the release notes here:

    https://github.com/kergoth/tslib/releases

Signed-off-by: Martin Kepplinger <martin.kepplinger@ginzinger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-21 10:01:49 +02:00
Baruch Siach
f9e224a970 netsniff-ng: bump to version 0.6.3
Drop upstream patch.

Add two more patches to deal with musl build issues.

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:30:09 +02:00
Baruch Siach
a72cdcb591 netsniff-ng: fix static build with netfilter_conntrack
Use pkg-config to determine link flags.

Fixes:
http://autobuild.buildroot.net/results/0ef/0efb90d69fdffafe0630e6507d40198bfb1c5818/
http://autobuild.buildroot.net/results/0ea/0eaf15dd387961641b42d977c49804fe8872074b/
http://autobuild.buildroot.net/results/43d/43d3f2d54deb9d095a4f8cbf70a7b933c09ed618/

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:29:50 +02:00
Baruch Siach
418545457e netsniff-ng: use upstream provided tarball
Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:29:40 +02:00
Vicente Olivert Riera
034e95e51e libcurl: bump version to 7.54.0 (security)
Security fixes:
 - CVE-2017-7468: switch off SSL session id when client cert is used

Full changelog: https://curl.haxx.se/changes.html

Removing 0001-CVE-2017-7407.patch. It's included in this release:
  1890d59905

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:13:07 +02:00
Vicente Olivert Riera
da0cc47c6f cjson: bump version to v1.4.7
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:12:56 +02:00
Thomas De Schampheleire
e9470687c0 xenomai: add string option for additional configure options
Xenomai has many configure options that users may or may not want to set.
Providing individual Buildroot config options for every single one of them
is not maintainable.

Therefore, add a string option to allow the needed flexibility.
Important options, or those that have 'select/depends on' impact, can still
be turned into real Buildroot config options.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: rewrap Config.in help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 23:07:03 +02:00