Commit Graph

39478 Commits

Author SHA1 Message Date
Thomas De Schampheleire
b15a7a62d3 uboot: revert "uboot: use local libfdt.h"
This reverts commit 3a6573ccee.

It is no longer necessary after solving the problem differently.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:40:22 +01:00
Thomas De Schampheleire
baae5156ce uboot: use local fdt headers
After commit b8c3e94173 ("package/dtc: qemu system build need libfdt")
changed the dtc install target from 'install-bin' to 'install', uboot
compilation failures occurred because libfdt related headers were now
suddenly taken from output/host/include rather than from the uboot sources
itself.

Commit 3a6573ccee ("uboot: use local libfdt.h") solved this by patching
one specific uboot source file, tools/fdtgrep.c, to replace '<...>'-style
includes by '"..."'-style includes.

However, depending on the uboot version, this may not be enough: there may
be other references to fdt header files. In particular taking into account
that it is not uncommon to have vendor-provided uboot trees which have
custom changes.

The root of the problem is that the uboot.mk file passes the host compiler
as follows:
	UBOOT_MAKE_OPTS += \
		...
		HOSTCC="$(HOSTCC) $(HOST_CFLAGS)" \
		...
where HOST_CFLAGS contains the string '-I$(HOST_DIR)/include'
The uboot makefiles then use constructs of the form:
	$(CC) $(CPPFLAGS) $(CFLAGS) .....
where CPPFLAGS may contain -I references pointing to local directories.

On the expanded compiler command-line, Buildroot's '-I$(HOST_DIR)/include'
is thus present _before_ any -I to local directories, and thus takes
precedence.  And that becomes a problem for header files present both
locally as in the Buildroot host directory, which is the case for libfdt.

To fix this problem without having to patch u-boot sources, use '-idirafter'
rather than '-I' to pass the Buildroot host include directory. '-idirafter'
is basically the same thing, but adds the specified directory at the end
of the include precedence chain, rather than at the beginning.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:40:17 +01:00
John Keeping
eb1a45f4c1 libglib2: don't override ac_cv_func_strerror_r_char_p
libglib2 recently changed to use the result of the autoconf macro to
decide how to use strerror_r() in g_strerror() instead of embedding the
same preprocessor condition as in glibc's strings.h (upstream commit
c8e268bb was first included in release 2.53.4).

Following this change, if ac_cv_func_strerror_r_char_p is incorrectly
set to "no", the error string is an uninitialized buffer which cannot be
encoded as UTF-8.  The final result of this is that GLib functions that
are expected to fill in an error pointer on failure in fact leave this
pointing to NULL which is likely to cause a segfault in client
applications.

In fact the autoconf check compiles a test file but does not need to run
it, so the test is safe when cross-compiling and returns the correct
answer.  So remove this cached value and let the configure script figure
it out for itself, fixing g_strerror() on glibc systems.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:32:16 +01:00
Yegor Yefremov
3a0c20c530 scanpypi: add support for Python3
The script was changed via modernize utility. The only manual
made part was the handling of StringIO.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:21:54 +01:00
Peter Korsgaard
0b1583972d asterisk: security bump to version 14.7.6
Fixes the following security issues:

AST-2018-002: Crash when given an invalid SDP media format description

By crafting an SDP message with an invalid media format description Asterisk
crashes when using the pjsip channel driver because pjproject's sdp parsing
algorithm fails to catch the invalid media format description.

AST-2018-003: Crash with an invalid SDP fmtp attribute

By crafting an SDP message body with an invalid fmtp attribute Asterisk
crashes when using the pjsip channel driver because pjproject's fmtp
retrieval function fails to check if fmtp value is empty (set empty if
previously parsed as invalid).

AST-2018-004: Crash when receiving SUBSCRIBE request

When processing a SUBSCRIBE request the res_pjsip_pubsub  module stores the
accepted formats present in the Accept headers of the request.  This code
did not limit the number of headers it processed despite having a fixed
limit of 32.  If more than 32 Accept headers were present the code would
write outside of its memory and cause a crash.

AST-2018-005: Crash when large numbers of TCP connections are closed suddenly

A crash occurs when a number of authenticated INVITE messages are sent over
TCP or TLS and then the connection is suddenly closed.  This issue leads to
a segmentation fault.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:19:01 +01:00
Giulio Benetti
14b7b8ac50 sunxi-mali-mainline-driver: bump version
For 4.16 support.

git shortlog --invert-grep --grep travis --no-merges e752ddc8c4b9f2b9b9c6d193e2ba354caf8707f5..
Giulio Benetti (1):
      mali: Fix build in 4.16

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:18:14 +01:00
Romain Naour
ee5efb4644 package/mesa3d-demos: bump to 8.4.0
Use the new upstream url.
Added all hashes provided by upstream.
Rebase patch on top of 8.4.0 and convert it to git formated patch.
Add a comment above "MESA3D_DEMOS_AUTORECONF = YES"

See https://lists.freedesktop.org/archives/mesa-dev/2018-February/186542.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 22:06:46 +01:00
Gaël PORTAY
cc2f3a2a59 pkgconf: pkg-config.in: exec pkgconf
Replace the shell script with pkgconf without creating a new process.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:55:28 +01:00
Gaël PORTAY
cc526b428b pkgconf: pkg-config.in: double quote $@
The shell expands "$@" as "$1" "$2" "$3"... while it expands $@ as $1 $2
$3. With the second form, we loses spaces in positional parameters.

As example, the following call

        pkg-config --cflags "one two" three

is wrapped as

        pkgconf --cflags one two three

while we are expecting

        pkgconf --cflags "one two" three

"$@" is really useful when writing wrappers. It passes the positional
arguments *as* they are given.

Double quote $@ to prevent from splitting elements.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:55:25 +01:00
Peter Korsgaard
c9c2ed71a0 website: update package number text
We have quite a bit more than "hundreds of packages" nowadays:

find package -name \*.mk | wc -l
2285

So adjust the text to say 'several thousand' instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:54:57 +01:00
Alex Baldwin
e44ae2afe7 liblo: link with libatomic when available
liblo uses atomic builtins that are only available inside libatomic on
some architectures, so link with it when available.

Fixes:

  http://autobuild.buildroot.net/results/c8bed3a3fa7d2b2258f573cbfcb01af07419e0bf/

Signed-off-by: Alex Baldwin <alexbaldwinmusic@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:54:47 +01:00
Alex Baldwin
2759ba0397 liblo: disable werror to fix build issues
Pass the --disable-werror option to remove -Werror, and therefore
avoid a number of build failures.

Fixes:

  http://autobuild.buildroot.net/results/61ab7e23d2ef62f055efc74a998e3c108a3cdb43

Signed-off-by: Alex Baldwin <alexbaldwinmusic@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:54:47 +01:00
Fabrice Fontaine
a93a7afb81 azmq: add NPTL dependency
boost-log depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL so add this
dependency to azmq

Fixes:
 - http://autobuild.buildroot.net/results/ffa5f21d7e7c38ea7adebc84f1cc8ee4cff74f1b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-25 21:38:46 +01:00
Simon van der Veldt
382fe9f926 linux: allow both in-tree and custom dts files
For some boards, for example the Raspberry Pi, it's necessary to build
in-tree dts files as well as custom/out of tree dts-files (dt-blob.bin).
The existing logic made these two options exclusive, this commit changes
that to allow both in-tree as well as custom sources for dts files.

Signed-off-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
[Arnout: re-wrap help, add extra empty line, change = into +=]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-02-25 17:19:11 +01:00
Antoine Tenart
e1a8cdca5d iptables: bump to version 1.6.2
Also removed a patch fixing the build with musl as it made its way into
the 1.6.2 version.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-23 16:52:06 +01:00
Erik Larsson
8b8f664a94 linux-firmware: add firmware for ath10k QCA6174 module
Signed-off-by: Erik Larsson <karl.erik.larsson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-23 14:47:31 +01:00
Baruch Siach
38d8d86d31 patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-23 09:08:48 +01:00
Baruch Siach
3b7a59304a mbedtls: security bump to version 2.7.0
CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
denial of service (buffer overflow) via a crafted certificate chain that
is mishandled during RSASSA-PSS signature verification within a TLS or
DTLS session.

CVE-2018-0488: When the truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application packet within a TLS
or DTLS session.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-23 09:08:25 +01:00
Fabio Estevam
3733907f67 linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-22 23:18:10 +01:00
Fabio Estevam
c36c51d848 linux: bump default to version 4.15.5
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-22 23:18:05 +01:00
Giulio Benetti
4de24dc4a9 sunxi-mali-mainline-driver: set parallel build according to buildroot
sunxi-mali-mainline-driver builds using parallel compilation by default,
using -j $(nproc), but this could be not wanted.

Pass -j $(PARALLEL_JOBS) to build using jobs configured in buildroot.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-21 22:47:33 +01:00
Romain Naour
b910cba2c7 package/{mesa3d, mesa3d-headers}: bump version to 17.3.5
This is a emergency release fixing major a issue in the RADV driver [1].

[1] https://lists.freedesktop.org/archives/mesa-announce/2018-February/000401.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-21 21:37:30 +01:00
Zoltan Gyarmati
937a2cf5a9 package/gpsd: disable profiling support on ARC
With the currently used ARC glibc version the profiling build fails with
linking error to __mcount. The ARC glibc version arc-2018.03-eng007+
fixes this, therefore when glibc is bumped, this restriction can be
removed.

Fixes:
    http://autobuild.buildroot.net/results/88870f5bf4aff557d8eac4e1cc5d3e397e607af0/

Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-21 21:29:25 +01:00
Ryan Coe
e10f1eb5b1 libite: update path for license files
Two of the license files have moved in the source package. Update the package
to reflect these changes.

Fixes:
http://autobuild.buildroot.net/results/8fd71513f021652a9a4ff2354dd5fe4fedf3d557
http://autobuild.buildroot.net/results/6a1ab663f1093351662ca7b86c9224a630798f35
http://autobuild.buildroot.net/results/066373da2da2cc8c0c22cc4a3048d1b187c9c389
http://autobuild.buildroot.net/results/edad6ac5d3f61257e99b90c6f54d4d6786aa7ad7
http://autobuild.buildroot.net/results/c2b72c2a32de949a5b1ab46d6d7c540353cfaf5e
http://autobuild.buildroot.net/results/8635ca4bbec464d196846a4018d1228d6651b211

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-21 21:02:00 +01:00
Peter Korsgaard
8343069e2c exim: add upstream security fix
Fixes the following security issue:

CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent.  A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.

Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-20 09:04:53 +01:00
Peter Korsgaard
157a198d30 quagga: add upstream security fixes
Fixes the following security issues:

CVE-2018-5378

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly bounds check data sent with a NOTIFY to a peer, if an
    attribute length is invalid. A configured BGP peer can take
    advantage of this bug to read memory from the bgpd process or cause
    a denial of service (daemon crash).

    https://www.quagga.net/security/Quagga-2018-0543.txt

CVE-2018-5379

    It was discovered that the Quagga BGP daemon, bgpd, can double-free
    memory when processing certain forms of UPDATE message, containing
    cluster-list and/or unknown attributes, resulting in a denial of
    service (bgpd daemon crash).

    https://www.quagga.net/security/Quagga-2018-1114.txt

CVE-2018-5380

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly handle internal BGP code-to-string conversion tables.

    https://www.quagga.net/security/Quagga-2018-1550.txt

CVE-2018-5381

    It was discovered that the Quagga BGP daemon, bgpd, can enter an
    infinite loop if sent an invalid OPEN message by a configured peer.
    A configured peer can take advantage of this flaw to cause a denial
    of service (bgpd daemon not responding to any other events; BGP
    sessions will drop and not be reestablished; unresponsive CLI
    interface).

    https://www.quagga.net/security/Quagga-2018-1975.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 23:48:35 +01:00
Gaël PORTAY
737278c2cc qt5webengine: fix build issue with alsa
Qt WebEngine auto-guesses if it compiles support for alsa. When the
alsa-lib config is enabled but the features mixer, rawmidi, hwdep and
seq are not also enabled, it leads to a build failure.

Lets the developer decide whether or not support for alsa in Qt
WebEngine by adding the new config BR2_PACKAGE_QT5WEBENGINE_ALSA that
selects the features it needs when it is set.

Fixes [1].

[1]: http://autobuild.buildroot.net/results/d81537a8f67bb0a3625057560b2f16daf4828f98/build-end.log

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 23:45:38 +01:00
Christian Stewart
576437cdb1 go: bump to 1.10
This commit bumps the Go programming language to the 1.10 release.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:55:27 +01:00
Ryan Coe
c8e60ff15e inadyn: bump version to 2.3
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:51:49 +01:00
Ryan Coe
fd57625386 libite: bump version to 2.0.1
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:51:14 +01:00
Peter Korsgaard
b1e4a38383 wireguard: bump version to 0.0.20180218
Fixes a memory leak and various minor tooling fixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:35:22 +01:00
Peter Korsgaard
2dc4e64354 e2fsprogs: bump version to 1.43.9
Drop 0001-libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch as it
is now upstream.

Only contains minor bugfixes since 1.43.8 and no new features.

>From the release notes:

Remove the huge file flag from libe2p (and hence from chattr/lsattr),
since it was never made visible by the kernel.  Remove the description
of some compression related flags, and add a description of the
encrypted file flag, and the project hierarchy flag.

Remove a misplaced "MNP is unsupported" message from debugfs.

Fix a build failure in lib/ext2fs/swapfs.c on big-endian systems.
(Addresses Debian Bug #886119)

Fix various Debian packaging issues.  (Addresses Debian Bug #269569).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:34:54 +01:00
Ryan Coe
fcdaab19bb mariadb: security bump version to 10.1.31
Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server : Partition). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:34:10 +01:00
Adam Duskett
6c628cade9 zic: bump to 2018c
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 20:32:43 +01:00
Thomas De Schampheleire
21114013e8 jq: compile as _GNU_SOURCE to fix segfault when compiled with gcc 6
When compiling host-jq with gcc 6+, running it gives an immediate segfault.
Reported upstream: https://github.com/stedolan/jq/issues/1598

The issue can be solved by compiling with _GNU_SOURCE as extra preprocessor
define. Once the issue is solved upstream, this change can be reverted.

As the issue will normally be the same for target, apply the same fix there.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-19 19:00:49 +01:00
Fabio Estevam
aa77030b8f linux-headers: bump 4.{4, 9, 14, 15}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:59:25 +01:00
Fabio Estevam
562d734c27 linux: bump default to version 4.15.4
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:59:20 +01:00
Peter Korsgaard
cc9282ae8c libvorbis: add upstream security fixes
Fixes the following security issues:

CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:56:19 +01:00
Peter Korsgaard
f55ab4a08f glibc: security bump to the latest commit on 2.26 branch
Fixes the following security issues according to NEWS:

CVE-2018-6485: An integer overflow in the implementation of the
posix_memalign in memalign functions in the GNU C Library (aka

CVE-2018-6551: The malloc implementation in the GNU C Library (aka glibc or
libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on
i386, did not properly handle malloc calls with arguments close to SIZE_MAX
and could return a pointer to a heap region that is smaller than requested,
eventually leading to heap corruption.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:55:40 +01:00
Peter Korsgaard
44cec6431c Update for 2018.02-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 23:03:43 +01:00
Peter Korsgaard
5e66d15646 libcpprestsdk: needs host-pkgconf
Commit d2f0a9bba4 (libcpprestsdk: fix building as a static library)
changed libcpprestsdk to use pkg-config to find the linker flags for
openssl, so ensure it is available.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:35:36 +01:00
Marcus Folkesson
eaa81347ad libostree: bump to version 2018.2
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:16:20 +01:00
Bernd Kuhls
cbd12ed37e package/{mesa3d, mesa3d-headers}: bump version to 17.3.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:13:24 +01:00
Bernd Kuhls
480e8f734f package/ffmpeg: bump version to 3.4.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:10:05 +01:00
Peter Korsgaard
1d339809d6 sunxi-mali-mainline-driver: bump version
For 4.15 support and various fixes.  This version now uses quilt to apply
patches, which is not a required dependency of Buildroot - So add a
POST_PATCH hook to change it to use apply-patches.sh instead.

git shortlog --invert-grep --grep travis --no-merges 42c7c139c14103a83bb2ad7e7a1f0ed491f96500..
Giulio Benetti (7):
      Fix bulding driver twice.
      Fix 0014-mali-Make-devfreq-optional.patch
      Add unapply_patches function in build.sh
      Fix 0013-mali-support-building-against-4.15.patch
      Add clean option to build.sh
      Add parallel building by default and -j option to override jobs number.
      Add 0015 parallel build patch to quilt series

Jonathan Liu (2):
      Add note about FRONTBUFFER_LOCKING environment variable
      Fix Qt capitalization and add link to website

Maxime Ripard (12):
      mali: Fix build in 4.15
      mali: Make reserved memory optional as it should be
      mali: sunxi: Set platform bus type right after device allocation
      mali: Make devfreq optional
      mali: Actually fix the build
      build: Treat patch and make failures as errors
      build: Make patch return immediately on error
      build: Make sure that we're building a supported release
      README: fix the casing of sunXi
      README: Talk about triple buffering
      build: Switch to quilt
      patches: Move version-specific patches to their directory

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 21:45:02 +01:00
Peter Korsgaard
4fdf2d642b sunxi-mali-mainline-driver: new package
Add allwinner mali kernel driver package.  Used in combination with
userspace Allwinner openGL libraries, it gives possibility to use 3D openGL
SoC acceleration.

[Peter: Rename to sunxi-mali-mainline-driver.  Use revision selection from
	sunxi-mali-mainline package.  Depend on that package and default to
	y if dependencies are met. Tweak Linux config]
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 21:44:55 +01:00
Peter Korsgaard
7e469bb646 sunxi-mali-mainline: new package
Add Allwinner Mali openGL userspace driver r6p2.
Used combined with kernelspace Mali driver,
it gives possibility to use 3D openGL SoC acceleration.
It provides fbdev libraries and headers.
It is compatible with Linux >= 4.4 as sunxi-mali-driver-mainline.

[Peter: Move version logic to Config.in, ensure directories exists]
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Reviewed-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 21:33:32 +01:00
Baruch Siach
4081ee424a iproute2: fix build with uclibc-ng
ublibc-ng does not provide PF_VSOCK/AF_VSOCK definitions. Add them
locally until ucblibc-ng updates its headers.

Fixes:
http://autobuild.buildroot.net/results/3d5/3d5a29e3c61ff071628c2937844ea4156059b3dd/

Cc: Petr Vorel <petr.vorel@gmail.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-15 10:05:12 +01:00
Carlos Santos
ca0e627200 liburiparser: bump to version 0.8.5 and move to GitHub
uriparser 0.8.5 with bugfixes has been released. It has also moved from
SourceForge to GitHub:

    https://uriparser.github.io/

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-14 22:09:10 +01:00
Fabrice Fontaine
18f33eee21 libupnp: bump to version 1.6.25
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-14 22:05:26 +01:00