Commit Graph

36814 Commits

Author SHA1 Message Date
Samuel Martin
2b2d53c334 package/nginx: fix build
Add a patch to nginx configuration system fixing misdetected unneeded PCRE
dependency.

This patch has been submitted upstream [1].

Fixes:
  http://autobuild.buildroot.net/results/bc7/bc7458b97a88785653845afd30fe9d5f3a69905b/build-end.log

[1] http://mailman.nginx.org/pipermail/nginx-devel/2017-July/010308.html

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-14 15:04:52 +02:00
Martin Bark
476ccdb3e4 package/nodejs: security bump to version 8.1.4
Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way.  This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.

See https://nodejs.org/en/blog/release/v8.1.4/

[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-13 22:54:53 +02:00
Bernd Kuhls
f97510659f package/samba4: security bump to version 4.5.12
Fixes CVE-2017-11103:

All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.

Samba binaries built against MIT Kerberos are not vulnerable.

https://www.samba.org/samba/history/samba-4.5.12.html

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-13 22:52:53 +02:00
Bernd Kuhls
bc6a84bb3d package/pcre: security bump to version 8.41
Removed patches 0003 & 0004, applied upstream.

Fixes the following security issues:

CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.

CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.

CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-13 22:13:56 +02:00
Bernd Kuhls
29f956d99c package/freeswitch: bump version to 1.6.19
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-13 22:00:01 +02:00
Thomas Petazzoni
38aef10ee7 python-twisted: add missing dependency on host-python-incremental
The recent change on PYTHONPATH for Python 2.x has revealed a missing
dependency in the python-twisted package. The incremental Python
module is listed in both setup_requires and install_requires, so we
must depend on both its target *and* host variants.

Fixes:

  http://autobuild.buildroot.net/results/386bf87abba550b5477d5e15e57981b8c3cef8d6/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 19:27:27 +02:00
Baruch Siach
58e07385cf DEVELOPERS: remove Sagaert Johan
The email address of Sagaert Johan is bouncing. Remove his DEVELOPERS entry.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:39 +02:00
Thomas Petazzoni
350941e31d python: remove target Python packages from PYTHONPATH
We currently have
$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/
inside the PYTHON_PATH variable, which gets used to define PYTHONPATH,
passed to the host Python interpreter when building/installing target
packages.

However, this is terribly wrong, as it causes the host interpreter to
potentially import target Python packages. This is wrong for several
reasons:

 - Some Python packages might need some Python modules to be installed
   on the host (described in setup_requires in setup.py), but their
   installation currently works because by luck the corresponding
   Python module is installed for the target. Some of those cases were
   happening for real, and fixed by previous patches.

 - Some Python packages include some native code, therefore built for
   a specific CPU architecture. When you point the host Python
   interpreter to native libraries built for the target, you get nice
   build failures, such as the one affecting the python-cffi related
   packages.

Making this change allows to fix the python-cffi related build
failures:

  http://autobuild.buildroot.net/results/a9af84f2d845ee25e2b7d8b92aef485112b46060/
  (python-cryptography)

  http://autobuild.buildroot.net/results/b017c4f6b4d45c0afbf06a80dbd3f2ebe5d49d20/
  (python-pynacl)

  http://autobuild.buildroot.net/results/25144ea191ad46d851b31d3a2f0ef939f215494b/
  (python-smbus-cffi)

This change has been verified with the following defconfig that
enables a lot of Python packages:

BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2017.05-834-gb595627.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_4_9=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_10=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_PYTHON=y
BR2_PACKAGE_PYTHON_ALSAAUDIO=y
BR2_PACKAGE_PYTHON_ARROW=y
BR2_PACKAGE_PYTHON_ATTRS=y
BR2_PACKAGE_PYTHON_AUTOBAHN=y
BR2_PACKAGE_PYTHON_BITSTRING=y
BR2_PACKAGE_PYTHON_BOTTLE=y
BR2_PACKAGE_PYTHON_CAN=y
BR2_PACKAGE_PYTHON_CBOR=y
BR2_PACKAGE_PYTHON_CHARDET=y
BR2_PACKAGE_PYTHON_CHEETAH=y
BR2_PACKAGE_PYTHON_CHERRYPY=y
BR2_PACKAGE_PYTHON_CONFIGOBJ=y
BR2_PACKAGE_PYTHON_CONFIGSHELL_FB=y
BR2_PACKAGE_PYTHON_CRC16=y
BR2_PACKAGE_PYTHON_CRCMOD=y
BR2_PACKAGE_PYTHON_CSSSELECT=y
BR2_PACKAGE_PYTHON_CSSUTILS=y
BR2_PACKAGE_PYTHON_DAEMON=y
BR2_PACKAGE_PYTHON_DIALOG=y
BR2_PACKAGE_PYTHON_DICTTOXML=y
BR2_PACKAGE_PYTHON_DJANGO=y
BR2_PACKAGE_PYTHON_DOCOPT=y
BR2_PACKAGE_PYTHON_DPKT=y
BR2_PACKAGE_PYTHON_ECDSA=y
BR2_PACKAGE_PYTHON_ENUM=y
BR2_PACKAGE_PYTHON_FLASK_BABEL=y
BR2_PACKAGE_PYTHON_FLASK_JSONRPC=y
BR2_PACKAGE_PYTHON_FLASK_LOGIN=y
BR2_PACKAGE_PYTHON_FLUP=y
BR2_PACKAGE_PYTHON_GOBJECT=y
BR2_PACKAGE_PYTHON_GUNICORN=y
BR2_PACKAGE_PYTHON_HTML5LIB=y
BR2_PACKAGE_PYTHON_HTTPLIB2=y
BR2_PACKAGE_PYTHON_HUMANIZE=y
BR2_PACKAGE_PYTHON_ID3=y
BR2_PACKAGE_PYTHON_INIPARSE=y
BR2_PACKAGE_PYTHON_IOWAIT=y
BR2_PACKAGE_PYTHON_IPADDR=y
BR2_PACKAGE_PYTHON_IPY=y
BR2_PACKAGE_PYTHON_IPYTHON=y
BR2_PACKAGE_PYTHON_JSON_SCHEMA_VALIDATOR=y
BR2_PACKAGE_PYTHON_KEYRING=y
BR2_PACKAGE_PYTHON_LIBCONFIG=y
BR2_PACKAGE_PYTHON_LMDB=y
BR2_PACKAGE_PYTHON_LXML=y
BR2_PACKAGE_PYTHON_MAD=y
BR2_PACKAGE_PYTHON_MARKDOWN=y
BR2_PACKAGE_PYTHON_MELD3=y
BR2_PACKAGE_PYTHON_MISTUNE=y
BR2_PACKAGE_PYTHON_MSGPACK=y
BR2_PACKAGE_PYTHON_MUTAGEN=y
BR2_PACKAGE_PYTHON_MWSCRAPE=y
BR2_PACKAGE_PYTHON_NETADDR=y
BR2_PACKAGE_PYTHON_NETIFACES=y
BR2_PACKAGE_PYTHON_NFC=y
BR2_PACKAGE_PYTHON_NUMPY=y
BR2_PACKAGE_PYTHON_PAHO_MQTT=y
BR2_PACKAGE_PYTHON_PAM=y
BR2_PACKAGE_PYTHON_PARAMIKO=y
BR2_PACKAGE_PYTHON_PILLOW=y
BR2_PACKAGE_PYTHON_POSIX_IPC=y
BR2_PACKAGE_PYTHON_PSUTIL=y
BR2_PACKAGE_PYTHON_PUDB=y
BR2_PACKAGE_PYTHON_PYCLI=y
BR2_PACKAGE_PYTHON_PYCPARSER=y
BR2_PACKAGE_PYTHON_PYELFTOOLS=y
BR2_PACKAGE_PYTHON_PYFTPDLIB=y
BR2_PACKAGE_PYTHON_PYGAME=y
BR2_PACKAGE_PYTHON_PYGAME_IMAGE=y
BR2_PACKAGE_PYTHON_PYGAME_EXAMPLES=y
BR2_PACKAGE_PYTHON_PYGAME_FONT=y
BR2_PACKAGE_PYTHON_PYGAME_MIXER=y
BR2_PACKAGE_PYTHON_PYINOTIFY=y
BR2_PACKAGE_PYTHON_PYLIBFTDI=y
BR2_PACKAGE_PYTHON_PYMYSQL=y
BR2_PACKAGE_PYTHON_PYPARTED=y
BR2_PACKAGE_PYTHON_PYPCAP=y
BR2_PACKAGE_PYTHON_PYQRCODE=y
BR2_PACKAGE_PYTHON_PYRATEMP=y
BR2_PACKAGE_PYTHON_PYRO=y
BR2_PACKAGE_PYTHON_PYROUTE2=y
BR2_PACKAGE_PYTHON_PYSENDFILE=y
BR2_PACKAGE_PYTHON_PYSMB=y
BR2_PACKAGE_PYTHON_PYSNMP_APPS=y
BR2_PACKAGE_PYTHON_PYSNMP_MIBS=y
BR2_PACKAGE_PYTHON_PYSOCKS=y
BR2_PACKAGE_PYTHON_PYTABLEWRITER=y
BR2_PACKAGE_PYTHON_PYTRIE=y
BR2_PACKAGE_PYTHON_PYUSB=y
BR2_PACKAGE_PYTHON_PYXB=y
BR2_PACKAGE_PYTHON_PYZMQ=y
BR2_PACKAGE_PYTHON_REQUESTS_TOOLBELT=y
BR2_PACKAGE_PYTHON_RPI_GPIO=y
BR2_PACKAGE_PYTHON_RTSLIB_FB=y
BR2_PACKAGE_PYTHON_SDNOTIFY=y
BR2_PACKAGE_PYTHON_SERIAL=y
BR2_PACKAGE_PYTHON_SETPROCTITLE=y
BR2_PACKAGE_PYTHON_SH=y
BR2_PACKAGE_PYTHON_SHUTILWHICH=y
BR2_PACKAGE_PYTHON_SIMPLEJSON=y
BR2_PACKAGE_PYTHON_SMBUS_CFFI=y
BR2_PACKAGE_PYTHON_SOCKETIO=y
BR2_PACKAGE_PYTHON_SORTEDCONTAINERS=y
BR2_PACKAGE_PYTHON_SPIDEV=y
BR2_PACKAGE_PYTHON_THRIFT=y
BR2_PACKAGE_PYTHON_TOMAKO=y
BR2_PACKAGE_PYTHON_TREQ=y
BR2_PACKAGE_PYTHON_U_MSGPACK=y
BR2_PACKAGE_PYTHON_UBJSON=y
BR2_PACKAGE_PYTHON_UJSON=y
BR2_PACKAGE_PYTHON_URLLIB3=y
BR2_PACKAGE_PYTHON_VERSIONTOOLS=y
BR2_PACKAGE_PYTHON_WATCHDOG=y
BR2_PACKAGE_PYTHON_WEB2PY=y
BR2_PACKAGE_PYTHON_WEBPY=y
BR2_PACKAGE_PYTHON_WHOOSH=y
BR2_PACKAGE_PYTHON_WS4PY=y
BR2_PACKAGE_PYTHON_WSACCEL=y
BR2_PACKAGE_PYTHON_XLUTILS=y

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:39 +02:00
Thomas Petazzoni
dc8a18f927 python-treq: needs host-python-incremental
The python-treq package lists the incremental Python module as part of
its setup_requires variable in setup.py, so it must be added as a host
dependency of the python-treq package to avoid build failures.

So far, this issue wasn't visible because python-treq selects
python-twisted, which itself selects the target python-incremental
package. Because python-incremental was before python-treq in the
alphabetic ordering, it was always built before python-treq. And due
to the fact that PYTHONPATH currently contains the directory with
target Python modules, the host Python interpreter was happily using
the target python-incremental while running on the host. But as we are
going to clean up PYTHONPATH, this will no longer be the case, and
hence python-treq needs to be fixed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:39 +02:00
Thomas Petazzoni
bd3a3f604e python-incremental: add host variant
A host variant of the python-incremental package will be needed for
the python-treq package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:39 +02:00
Thomas Petazzoni
d3921001a9 python-json-schema-validator: needs versiontools on the host
python-json-schema-validator does not need versiontools on the target,
but only on the host, as it's listed in setup_requires in setup.py.

This was not noticed so far because host Python interpreter is started
with a PYTHONPATH that contains a directory with target Python
packages, so versiontools was found there. But as we are about to fix
PYTHONPATH to no longer include such a directory,
python-json-schema-validator would fail due to versiontools being
missed on the host.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:39 +02:00
Thomas Petazzoni
13582f3204 python-versiontools: add host variant
It will be needed by python-json-schema-validator.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:38 +02:00
Thomas Petazzoni
0767c6a307 python-u-msgpack: switch to setuptools instead of distutils
python-u-msgpack can use setuptools instead of distutils, and
using setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:31 +02:00
Thomas Petazzoni
77712325b3 python-pyro: switch to setuptools instead of distutils
python-pyro can use setuptools instead of distutils, and using
setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:24 +02:00
Thomas Petazzoni
b40e701ee2 python-pyasn: switch to setuptools instead of distutils
python-pyasn can use setuptools instead of distutils, and using
setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-13 10:54:10 +02:00
Ben Leinweber
730da52edc libxml-parser-perl: add LICENSE_FILES
There is copyright information in the top level README file. Use this
file as the license file which will be included by the `legal-info`
build rule.

Signed-off-by: Ben Leinweber <bleinweber@spaceflight.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:40:52 +02:00
Fabio Estevam
8e95c2e9ca linux-headers: bump 4.{9,11,12}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:39:09 +02:00
Fabio Estevam
1405f83cf8 linux: bump default to version 4.12.1
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:39:07 +02:00
Peter Korsgaard
80dacdaa47 configs: nexbox_a95x_defconfig: bump to kernel 4.12
Main difference is that the drm driver now supports the hdmi output.

The gxl variant device tree has been renamed in:

commit 7eea67101b9713ae438955e8899b3c4b078419f9
Author: Kevin Hilman <khilman@baylibre.com>
Date:   Fri Jan 20 07:57:52 2017 -0800

    ARM64: dts: meson-gxl: rename Nexbox A95x for consistency

    Since the GXL family has S905X and S905D SoCs, we're keeping the SoC
    name in the DTS filename for clarity.  Rename this file accordingly to
    be consistent with the rest of the GXL DTS files.

    Cc: Neil Armstrong <narmstrong@baylibre.com>
    Reviewed-by: Andreas Färber <afaerber@suse.de>
    Signed-off-by: Kevin Hilman <khilman@baylibre.com>

So adjust the defconfig and boot script to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:38:32 +02:00
Yegor Yefremov
2c6222c043 python-hyperlink: new package
Though PyPI says the license is BSD, GitHub repo has an MIT license
file since April 2017 and upstream setup.py was also fixed.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:37:01 +02:00
Yegor Yefremov
65dcaf0a8b python-sh: bump to version 1.12.14
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:33:56 +02:00
Yegor Yefremov
5beef05d1a python-pysocks: bump to version 1.6.7
Change setup type to setuptools and use proper license file.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:33:54 +02:00
Yegor Yefremov
4eacab9b3d python-markupsafe: bump to version 1.0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:33:53 +02:00
Yegor Yefremov
2d634d449c python-attrs: bump to version 17.2.0
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-12 18:33:52 +02:00
Luca Ceresoli
f307f840d3 olimex_a20_olinuxino_micro: bump to Linux 4.12
[Build- and run-tested]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-12 17:05:53 +02:00
Luca Ceresoli
19ffb84e03 olimex_a20_olinuxino_micro: bump to U-Boot 2017.5 and fix build
This defconfig does not build anymore since commit
6cda724efb ("package/gcc: switch to gcc
6.x as the default"). Fix by upgrading to the latest U-Boot version.

Fixes:
  In file included from include/linux/compiler.h:54:0,
                   from include/linux/bitops.h:5,
                   from ./include/common.h:20:
  include/linux/compiler-gcc.h:114:30: fatal error: linux/compiler-gcc6.h: No such file or directory
   #include gcc_header(__GNUC__)
                                ^
  compilation terminated.

[Build- and run-tested]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-12 17:03:15 +02:00
Yann E. MORIN
815d78f8ba fs/squashfs: cleanup if-else cascade
And add myself to the DEVELOPPERS for squashfs.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 22:33:51 +02:00
Jörg Krause
1a405ea56d gcc: bump 6.x series to version 6.4.0
Drop the following patches:
  * the Xtensa patches 870 and 871 are upstream now
  * patch 942 was backported to GCC 6 branch

Note, that a bz2 release tarball is not provided anymore and is replaced by
a xz tarball file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 22:17:12 +02:00
Peter Seiderer
2ab924213d pcre2: enable no MMU build
Use '--disable-pcre2grep-callout' for !BR2_USE_MMU, disables
fork usage.

Fixes [1]:

    CCLD     pcre2grep
  src/pcre2grep-pcre2grep.o: In function `pcre2grep_callout':
  pcre2grep.c:(.text+0x402): undefined reference to `fork'
  collect2: error: ld returned 1 exit status

[1] http://autobuild.buildroot.net/results/2c2/2c2665844748a3bdb010315200eea70aa3504b95

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:38:43 +02:00
Francois Perrad
0c23c1bb7f olimex_imx233_olinuxino: bump versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:37:30 +02:00
Baruch Siach
714df4cfed libssh2: add mbedtls backend
libssh2 support mbedtls as crypto back-end library since version 1.8.0.

Default to mbedtls since it's smaller than either libgcrypt or openssl.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:34:56 +02:00
Bernd Kuhls
cf9b7cedac package/apache: bump version to 2.4.27
Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html
Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:31:17 +02:00
Peter Korsgaard
474daa20f8 mpg123: security bump to version 1.25.2
>From the release notes:

 - Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
   disclosure.
 - Avoid left-shifts of negative integers in layer I decoding.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:31:07 +02:00
Peter Korsgaard
1b76bf7669 mosquitto: bump version to 1.4.14
Drop CVE 2017-9868 patch as that is now upstream.

1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.

Use HTTPS for the download as the server uses HSTS, thus saving a redirect.

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:31:01 +02:00
Peter Korsgaard
91f4c9d412 php: security bump to version 7.1.7
Fixes the following security issues:

CVE-2017-7890 - Buffer over-read into uninitialized memory.  The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.

CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.

CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.

CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.

CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function.  NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:30:52 +02:00
Peter Korsgaard
2015d83dd5 xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972
Add upstream patches fixing the following security issues:

CVE-2017-10971:
	The endianess handling for X Events assumed a fixed size of X Event structures and
	had a specific 32 byte stack buffer for that.

	However "GenericEvents" can have any size, so if the events were sent in the wrong
	endianess, this stack buffer could be overflowed easily.

	So authenticated X users could overflow the stack in the X Server and with the X
	server usually running as root gaining root prileveges.

CVE-2017-10972:
	An information leak out of the X server due to an uninitialized stack area when swapping
	event endianess.

For more details, see the advisory:

http://www.openwall.com/lists/oss-security/2017/07/06/6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:30:37 +02:00
Baruch Siach
0ca3017034 efivar: fix build with gcc 7
Add upstream patch fixing a warning that breaks the build because of -Werror.

Fixes:
http://autobuild.buildroot.net/results/33a/33adc3ef139d6814aef4c92ae0bcc4c810ab0b86/
http://autobuild.buildroot.net/results/e7d/e7d80e823e13edc6698148244553bd90367bcd03/
http://autobuild.buildroot.net/results/3b6/3b61246f8b04a332d1c61732f0eb6e50ea8ca366/

Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-11 17:04:45 +02:00
Arnout Vandecappelle
704db1586c support/testing: unbreak run-tests -l
In commit b78b50465c, the initialisation
of BRTest.builddir was moved to the __init__ function. However, it is
set based on BRTest.outputdir and that is only set when the -o argument
is given to run-tests. When called as "run-tests -l", there is no -o
argument so BRTest.outputdir remains unset.

To fix, keep BRTest.builddir at None when BRTest.outputdir is None.

While we're at it, drop the direct access to the class member. If a
subclass wishes to set outputdir to something else before calling
BRTest.__init__, they are free to do so.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reported-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 23:51:33 +02:00
Yann E. MORIN
9d06e91df8 arch/arm: fix -mcpu default values for AArch64
We have to specify the -mcpu value, even in 64-bit mode.

For AArch64, +fp and +simd are the default, so they are totally useless.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 18:04:16 +02:00
Arnout Vandecappelle
392b0a26f5 toolchain-external: default BR2_TOOLCHAIN_EXTERNAL_PATH to empty
It makes no sense to default to an arbitrary path. In addition, it in
fact works correctly when it is empty. In that case, the toolchain will
be searched in PATH.

Update the help text to explain the above, and also that the compiler
is supposed to be in the bin subdirectory.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 18:03:13 +02:00
Arnout Vandecappelle
b78b50465c support/testing: move BRTest initialisation to __init__
BRTest's setUp() method contains a few assignments that initialize its
member variables. Since we will want to use these in test case
overrides, move them to the __init__ function.

Also allow the config member to be overridden, rather than always
taking the class member.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 17:46:25 +02:00
Arnout Vandecappelle
73e7bcdd87 support/testing: strip /usr/ part from HOST_DIR
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 17:46:22 +02:00
Arnout Vandecappelle
2a47bd37b5 toolchain-wrapper: remove remaining references to HOST_DIR/usr
Commit 14151d77af that eliminated
$(HOST_DIR)/usr seriously missed the toolchain-wrapper - only a single
reference was updated, the other three were missed. Commit
015d68c84c removed one more. This commit
finally removes the two remaining ones.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 17:46:11 +02:00
Arnout Vandecappelle
ce58db7232 Makefile: properly create $(HOST_DIR)/usr compatibility symlink
Up to now we created the $(HOST_DIR)/usr compatibility symlink as part
of the creation of $(HOST_DIR) itself. However, when the user specifies
a custom BR2_HOST_DIR, it is possible that the directory already exists
so this rule will never trigger.

Therefore, add an explicit rule for creating $(HOST_DIR)/usr and add
this rule to the dependencies of the dirs target. HOST_DIR itself goes
back to the standard rule for directories. The order-only dependency of
STAGING_DIR isn't needed any more either: HOST_DIR is implicitly
created if needed by mkdir -p, and we don't need to trigger the
HOST_DIR rule any more if the directory already exists.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-10 17:45:57 +02:00
Peter Korsgaard
00d73749e2 i2c-tools: use upstream tarball
Tarballs of the releases are now again available:

https://www.spinics.net/lists/linux-i2c/msg30349.html

So change back to that instead of getting the source code from git.

While we're at it, add a hash for the license file.

[Peter: Also update Config.in homepage URL as pointed out by Baruch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-10 14:24:36 +02:00
Baruch Siach
816ba1cee5 libssh2: fix link with libgcrypt
libssh2 uses the implicit 'yes' argument of the --with-libgcrypt parameter as
a library path prefix, which breaks the build. Pass the library path as
--with-libgcrypt argument to fix that. Drop the unneeded
--with-libgcrypt-prefix.

Fixes:
http://autobuild.buildroot.net/results/ac3/ac3a3f5871a6c20f5407a468809682ce491b9cb3/
http://autobuild.buildroot.net/results/ba3/ba31fa11b2ce2875649414dd9093e039dfc129e8/
http://autobuild.buildroot.net/results/b07/b07bbbf7fe164ba6dc435de6d8b41fadff7a3b08/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-09 23:10:22 +02:00
Naoki Matsumoto
49dfb3306f pcre2: new package
Signed-off-by: Naoki Matsumoto <n-matsumoto@melcoinc.co.jp>
Signed-off-by: Brent Sink <brents_3@hotmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas:
 - reassign authorship to Naoki Matsumoto
 - add entry to DEVELOPERS file
 - fix broken patch
 - add comment about where the PGP signature was coming from]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-09 18:13:39 +02:00
Waldemar Brodkorb
e91f959e84 uclibc: fix issues with udp.h, missing stdint.h
Fixes:
  http://autobuild.buildroot.net/results/3e4/3e468c7b1be376024422e2f06750571f64f433a2/
  http://autobuild.buildroot.net/results/8c6/8c629a1c5c4a1d78c8bf09a091a332a424a0f757/

Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-09 18:04:37 +02:00
Andre Renaud
11a37d6b80 opencv: enable NEON optimizations if possible
Signed-off-by: Andre Renaud <andre@ignavus.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-09 17:28:58 +02:00
Arnout Vandecappelle
0611045c42 manual: patches are not applied for SITE_METHOD = local
We had several remarks on the mailing list of users that were surprised
that patches were not applied for packages whose SITE_METHOD is local.
So document this.

Note that for OVERRIDE_SRCDIR itself it is already documented:

  When Buildroot finds that for a given package, an
  <pkg>_OVERRIDE_SRCDIR has been defined, it will no longer attempt to
  download, extract and patch the package. Instead, it will directly use
  the source code available in in the specified directory.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-09 17:25:48 +02:00