Commit Graph

40545 Commits

Author SHA1 Message Date
Eric Le Bihan
7aee067092 skalibs: bump version to 2.6.4.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:29:28 +02:00
Fabrice Fontaine
a16f46148e msmtp: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:25:53 +02:00
Fabrice Fontaine
c5cce4bd00 msmtp: add optional support for libgsasl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:25:51 +02:00
Baruch Siach
ed7f7f7129 iproute2: bump to version 4.16.0
Drop uClibc-ng compatibility patch. Current uClibc-ng provides the
needed definitions.

Drop the libc-config.h musl compatibility workaround patch. iproute2
update its headers copy to current kernel version for which this
workaround is no longer needed.

Don't modify tc/Makefile to make XT_LIB_DIR get the value of
IPT_LIB_DIR. Pass the correct value directly in CFLAGS.

Add a patch removing arpd dependency on threading support.

Rename IPROUTE2_WITH_IPTABLES to IPROUTE2_DISABLE_IPTABLES which better
describes what it does.

Don't patch the configure script for the cross compiler. The CC
environment variable is enough.

Don't force the CCOPTS make variable. The CFLAGS environment variable
does the trick for target code.

Don't patch CCOPTS out of netem/Makefile. The CBUILD_CFLAGS environment
variable can pass the host CFLAGS to host code.

The ifcfg script is now POSIX shell compatible. Remove its installation
dependency on bash.

Pass installation DESTDIR in the environment. Don't force SBINDIR, DOCDIR, and
MANDIR. The default values are fine.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:25:49 +02:00
Baruch Siach
c7056a69dd bluez-alsa: needs NPTL
bluez-alsa calls pthread_setname_np() which is only provided by the NPTL
pthread implementation.

Fixes:
http://autobuild.buildroot.net/results/707/707fd46921b1cfda90e9c30be33ca918f2d0cb00/
http://autobuild.buildroot.net/results/7a6/7a632c2b6b9021aa6edcd5126400de26e2b8ca42/

Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:25:48 +02:00
Yann E. MORIN
4f54c959dc download/git: always do full-clone
We currently attempt a shallow clone, as tentative to save bandwidth and
download time.

However, now that we keep the git tree as a cache, it may happen that we
need to checkout an earlier commit, and that would not be present with a
shallow clone.

Furthermore, the shallow fetch is already really broken, and just
happens to work by chance. Consider the following actions, which are
basically what happens today:

    mkdir git
    git init git
    cd git
    git remote add origin https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
    git fetch origin --depth 1 v4.17-rc1
    if ! git fetch origin v4.17-rc1:v4.17-rc1 ; then
        echo "warning"
    fi
    git checkout v4.17-rc1

The checkout succeeds just because of the git-fetch in the if-condition,
which is initially there to fetch the special refs from github PRs, or
gerrit reviews. That fails, but we just print a warning. If we were to
ever remove support for special refs, then the checkout would fail.

The whole purpose of the git cache is to actually save bandwidth and
download time, but in the long run. For one-offs, people would
preferably use a wget download (e.g. with the github macro) instead of
a git clone.

We switch to always doing a full clone. It is more correct, and pays off
in the long run...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
80d8bc6e46 download/git: ensure we can checkout repos with submodule conversions
When a git tree has had sub-dir <-> sub-module conversions, or has had
submodules added or removed over the course of time, checking out a
changeset across those conversions/additions/removals may leave
untracked files, or may fail because of a conflict of type.

So, before we checkout the new changeset, we forcibly remove the
submodules. The new set of submodules, if any, will be restored later.

Ideally, we would use a native git command: git submodule deinit --all.
However, that was only introduced in git 1.8.3 which, while not being
recent by modern standards, is still too old for some enterprise-grade
distributions (RHEL6 only has git-1.7.1).

So, instead, we just use git submodule foreach, to rm -rf the submodules
directory.

Again, we would ideally use 'cd $toplevel && rm -rf $path', but
$toplevel was only introduced in git 1.7.2. $path has always been there.

So, instead, we just cd back one level, and remove the basename of the
directory.

Eventually, we need to get rid of now-empty and untracked directories,
that were parents of a removed submodule. For example. ./foo/bar/ was a
submodule, so ./foo/bar/ was removed, which left ./foo/ around.

Yet again, recent-ish git versions would have removed it during the
forced checkout, but old-ish versions (e.g. 1.7.1) do not remove it with
the forced checkout.

Instead we rely on the already used forced-forced clean of directories,
untracked, and ignored content, to really get rid of extra stuff we are
not interested in.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
3d2e018889 download/git: ensure we checkout to a clean state
Force the checkout to ignore and throw away any local changes. This
allows recovering from a previous partial checkout (e.g. killed by
the user, or by a CI job...)

git checkout -f has been supported since the inception of git, so we
can use it without any second thought.

Also do a forced-forced clean, to really get rid of all untracked stuff.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
b7efb43e86 download/git: try to recover from utterly-broken repositories
In some cases, the repository may be in a state we can't automatically
recover from, especially since we must still support oldish git versions
that do not provide the necessary commands or options thereof.

As a last-ditch recovery, delete the repository and recreate the cache
from scratch.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
428a0649ff download/git: quickly exit when the cset does not exist
Check that the given cset is indeed something we can checkout. If not,
then exit early.

This will be useful when a later commit will trap any failing git
command to try to recover the repository by doing a clone from scratch:
when the cset is not a commit, it does not mean the repository is broken
or what, and re-cloning from scratch would not help, so no need to trash
a good cache.

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
577315687f download/git: run all git commands in the current directory
That way, we can pushd earlier, which will help with last-ditch recovery
in a followup commit.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Yann E. MORIN
f1eb192e26 download/git: add warning not to use our git cache
We really want the user not to use our git cache manually, or their
changes (committed or not) may eventually get lost.

So, add a warning file, not unlike the one we put in the target/
directory, to warn the user not to use the git tree.

Ideally, we would have carried this file in support/misc/, but the git
backend does not have access to it: the working directory is somewhere
unknown, and TOPDIR is not exported in the environment.

So, we have to carry it in-line in the backend instead.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 21:22:28 +02:00
Baruch Siach
d3221806b9 cups: disable pam support
Make the build consistent.

Cc: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Baruch Siach &lt;<a href="mailto:baruch@tkos.co.il" target="_blank" rel="noreferrer">baruch@tkos.co.il</a>&gt;<br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 15:36:22 +02:00
John Keeping
d3dca1e993 core/pkg-generic: only save latest package list
When rebuilding a package, simply appending the package's file list to
the global list means that the package list grows for every rebuild, as
does the time taken to check for files installed by multiple packages.
Furthermore, we get false positives where a file is reported as being
installed by multiple copies of the same package.

With this approach we may end up with orphaned files in the target
filesystem if a package that has been updated and rebuilt no longer
installs the same set of files, but we know that only a clean build will
produce reliable results.  In fact it may be helpful to identify these
orphaned files as evidence that the build is not clean.

Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 15:21:56 +02:00
Fabrice Fontaine
5b5fb4427e lftp: bump to version 4.8.3
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 15:21:32 +02:00
Adam Duskett
c4b8832cfc libcurl: fix building against libressl
LibreSSL 2.7.x breaks libcurl 7.59.0 with the error:
error: static declaration of ‘OpenSSL_version_num’ follows non-static
declaration

This failure has since been fixed upstream with commit:
7c90c93c0b

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-01 15:17:39 +02:00
Fabrice Fontaine
24c1751a00 gtksourceview: bump to version 3.24.7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:50:33 +02:00
Baruch Siach
d11d46e33c cups: fix build without PAM
Add upstream patch removing MD5 code that builds when PAM is not
enabled.

Fixes:
http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/
http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/
http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/

Cc: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Baruch Siach &lt;<a href="mailto:baruch@tkos.co.il" target="_blank" rel="noreferrer">baruch@tkos.co.il</a>&gt;<br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:49:07 +02:00
Fabrice Fontaine
3cfa33d5ad libgudev: bump to version 232
Add --disable-umockdev (enabled by default)
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:48:24 +02:00
Fabrice Fontaine
a63e1019d6 libgtk3: bump to version 3.22.30
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:48:09 +02:00
Fabio Estevam
1b50392349 linux-headers: bump 4.{9, 14, 16}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:45:45 +02:00
Fabio Estevam
af17c24833 linux: bump default to version 4.16.6
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:45:31 +02:00
Fabrice Fontaine
4e42390ef1 libid3tag: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:45:13 +02:00
Fabrice Fontaine
786a3f7310 libiconv: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:44:57 +02:00
Fabrice Fontaine
9f177e3338 libical: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:44:46 +02:00
Fabrice Fontaine
ff3d6c414b libhttpparser: bump to version 1.8.1
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:44:27 +02:00
Fabrice Fontaine
51367f2bd8 libhid: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:43:57 +02:00
Fabrice Fontaine
73f6bb1eb6 libglade: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 11:43:54 +02:00
Baruch Siach
5a8f887e7a sdl2: update license file hash
Copyright year update.

Fixes:
http://autobuild.buildroot.net/results/2c8/2c865463a4b7524114518c04dce9c94252433460/

Cc: Guillaume Gardet <guillaume.gardet@oliseo.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-01 09:35:41 +02:00
Jörg Krause
bbc43196a4 imx-alsa-plugins: new package
Freescale specific alsa-lib plugins for the i.MX processor family.

For now, the only provided plugin is:
  * Rate Converter Plugin Using Freescale ASRC Resampler

The ASRC hardware resampler can be found on i.MX53 and most i.MX 6
processors.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
 - Remove the mention "This package is provided by Freescale as-is and
   doesn't have an upstream." from the Config.in help text, since
   according to Gary Bisson, there is a Git repository for such
   projects, and therefore some form of upstream.
 - Add missing entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:49:35 +02:00
Sven Haardiek
14c3fa0e97 python-influxdb: new package
InfluxDB client.

Signed-off-by: Sven Haardiek <sven.haardiek@iotec-gmbh.de>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: as suggested by Yegor, add entry in the DEVELOPERS file, and
fix commit title.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:45:41 +02:00
Thomas Petazzoni
38860fb21f package/pkg-generic: add check that target variant is defined before host variant
Update the documentation accordingly.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[yann.morin.1998@free.fr: slight rephrasing in error message, update manual]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:43:49 +02:00
Thomas Petazzoni
2ae7b21e0b package/qemu: declare target variant before host variant
Our package infrastructure uses inheritance of a number of values from
the target package to the host package, which assumes the target
package is defined before the host package. In addition, future
changes are going to make this requirement even more important.

Therefore, let's fix the qemu package so that it declares its target
variant before its host variant, like all other packages in
Buildroot. We handle qemu separately from other packages, because
unlike other packages, it didn't had the "eval" for the host and
target packages at the end of the file, but rather all variables
related to the host variant first, then the call to the package
infrastructure for the host variant, then the variables related to the
target variant, and finally the call to the package infrastructure for
the target variant. We are inverting the order of those two big parts
in this commit.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:43:48 +02:00
Thomas Petazzoni
7528c47523 package: declare target variant before host variant
Our package infrastructure uses inheritance of a number of values from
the target package to the host package, which assumes the target
package is defined before the host package. In addition, future
changes are going to make this requirement even more important.

Therefore, let's fix the android-tools, gauche, lcms2,
linux-syscall-support and pngquant packages, so that they declare
their target variant before their host variant, like all other
packages in Buildroot.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:43:46 +02:00
Fabrice Fontaine
5c8906b427 libgtk2: bump to version 2.24.32
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:38 +02:00
Fabrice Fontaine
98a76fed7e libgsm: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:37 +02:00
Fabrice Fontaine
870b3cfb5a libgsasl: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:36 +02:00
Fabrice Fontaine
ce1def52a6 libgphoto2: bump to version 2.5.17
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:35 +02:00
Fabrice Fontaine
8da12d37d5 libebml: fix build on some toolchains
Replace climits include by limits (retrieve upstream patch from:
e46906b80e)

Fixes:
 - http://autobuild.buildroot.net/results/3c2402a7052acb67fc7e03ad2ff27e84534aaa36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:33 +02:00
Peter Korsgaard
5fb8fbbb3e sdl2_image: security bump to version 2.0.3
Fixes the following security issues:

CVE-2017-12122: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ILBM image can cause a heap overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14440: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ILBM image can cause a stack overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14441: An exploitable code execution vulnerability exists in the
ICO image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ICO image can cause an integer overflow, cascading to a heap overflow
resulting in code execution.  An attacker can display a specially crafted
image to trigger this vulnerability.

CVE-2017-14442: An exploitable code execution vulnerability exists in the
BMP image rendering functionality of SDL2_image-2.0.2.  A specially crafted
BMP image can cause a stack overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14448: An exploitable code execution vulnerability exists in the
XCF image rendering functionality of SDL2_image-2.0.2.  A specially crafted
XCF image can cause a heap overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14449: A double-Free vulnerability exists in the XCF image
rendering functionality of SDL2_image-2.0.2.  A specially crafted XCF image
can cause a Double-Free situation to occur.  An attacker can display a
specially crafted image to trigger this vulnerability.

CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image
parsing functionality of SDL2_image-2.0.2.  A specially crafted GIF image
can lead to a buffer overflow on a global section.  An attacker can display
an image to trigger this vulnerability.

For details, see the announcement:

https://discourse.libsdl.org/t/sdl-image-2-0-3-released/23958

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:32 +02:00
Peter Korsgaard
f26654596e sdl2: bump version to 2.0.8
Drop now upstreamed patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:31 +02:00
Fabrice Fontaine
ed3381f181 libglu: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:30 +02:00
Fabrice Fontaine
4919e8841b libglob: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:29 +02:00
Fabrice Fontaine
19a2a8ba11 libglfw: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:27 +02:00
Fabrice Fontaine
4a09b3eecf libcue: fix build without C++
By default, CMake assumes that the project is using both C and C++. By
explicitly passing 'C' as argument of the project() macro, we tell
CMake that only C is used, which prevents CMake from checking if a C++
compiler exists.
Patch sent upstream: https://github.com/lipnitsk/libcue/pull/17

Fixes:
 - http://autobuild.buildroot.net/results/a5344d18dbdc86705853fbf8a66d5304de07a9b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:26 +02:00
Fabrice Fontaine
ebea81219a pcmanfm: bump to version 1.3.0
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:25 +02:00
Fabrice Fontaine
b8d2ea2e5d menu-cache: bump to version 1.1.0
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:23 +02:00
Fabrice Fontaine
048cf5a6ba libfm-extra: bump to version 1.3.0.2
Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:22 +02:00
Fabrice Fontaine
1cf064c22e libfm: bump to version 1.3.0.2
Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-30 17:38:21 +02:00
Fabrice Fontaine
e1b96eda61 libgee: bump to version 0.20.1
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-30 09:36:42 +02:00