Commit Graph

46786 Commits

Author SHA1 Message Date
Fabrice Fontaine
5f867b988b package/dnsmasq: fix build with kernel >= 5.2
Fixes:
 - http://autobuild.buildroot.org/results/edfe5d208f1626903ce16cd481a29e54f9e8c611

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 22:47:37 +02:00
Fabrice Fontaine
bc153c3930 package/pdbg: fix musl build
Fixes:
 - http://autobuild.buildroot.org/results/81b1107bdb06250e1a7837506aec0c9762e771c5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 22:46:14 +02:00
Bernd Kuhls
2205122ee2 package/mpv: bump version to 0.29.1
Added license hash, removed patches:

0003: upstream PR was closed as 'merged'
0004: patch was backported and is now included

Renamed license file according to upstream change.

Support for sdl1 was removed upstream:
1dcf511376

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-02 22:25:55 +02:00
Peter Korsgaard
60d516989e {linux, linux-headers}: bump 4.{14, 19}.x / 5.2.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 19:46:55 +02:00
Peter Korsgaard
5660ed9c55 package/mosquitto: bump to version 1.6.4
Bugfix release, fixing a number of issues.  For details, see the
announcement:

https://mosquitto.org/blog/2019/08/version-1-6-4-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 19:46:48 +02:00
Peter Korsgaard
273427f928 package/imagemagick: fix host build for old distributions
Fixes:
http://autobuild.buildroot.net/results/5f0/5f0b85033e800c9eebc46812592966ec6826bb5d/

imagemagick uses clock_gettime, which was provided by librt rather than libc
in glibc < 2.17 - Causing link errors.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 19:46:40 +02:00
Arnout Vandecappelle (Essensium/Mind)
651524db3a package/Config.in: remove double /
Detected by check-package, which gets confused by it.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-02 18:43:57 +02:00
Arnout Vandecappelle (Essensium/Mind)
d5990601ba utils/checkpackagelib: CommentsMenusPackagesOrder: properly initialize levels
Fix an issue introduced by Arnout while committing. Jerzy originally
initialized the menu_of_packages, package and print_package_warning
members like they should be, but Arnout thought it wasn't needed and
removed that.

It is actually needed, to make sure the top level (level 0) works.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/264383157

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-02 18:43:52 +02:00
Francois Perrad
1a49dcb528 support/testing: improve test_luasyslog
Lua has a builtin lsyslog module, so let's test this one as well.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-02 17:35:44 +02:00
Titouan Christophe
22f3c69149 package/mosquitto: fix typo in Config.in
Introduced in ea989ad2b2

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 17:28:19 +02:00
Petr Vorel
74cbe7cbbf package/iputils: fix build with thread support disabled
Fixes:
http://autobuild.buildroot.net/results/10652b7bf6a606f0dd802916006c44abf3e5e059
http://autobuild.buildroot.net/results/9656af1aafbd2624fb75bf5fc1dfa13b6175c10b
http://autobuild.buildroot.net/results/2e170e149b293d40978e158d55dc0102315b9d86

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 17:27:16 +02:00
Marcel Patzlaff
59f5617148 package/pkg-kconfig.mk: new <pkg>-diff-config target
This patch introduces the new target to compare the current
configuration with the one derived from the defconfig + fragments (if
any). It helps identifying settings not yet inserted to the defconfig
or any fragment.

Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 17:18:25 +02:00
Marcel Patzlaff
38a1954ad9 package/pkg-kconfig.mk: reusability improvements
This patch refactors savedefconfig and the configuration re-generation
to separate macros so that the functionality can be re-used in further
rules.

Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 17:18:25 +02:00
Julien BOIBESSOT
9ace1cff33 package/mtd: needs zstd
For the target variant, zstd is an optional dependency when ubifs-tools
are enabled. For the host variant, we make it an unconditional
dependency.

Fixes:
http://autobuild.buildroot.org/results/99baf1de106f9c80a32e665263c1e4278097643d (target)
http://autobuild.buildroot.org/results/e3b96704f0b23e82999aa3d6e93233edecbecfe7 (host)

Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Tested-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr: fix the target variant too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-02 17:10:50 +02:00
Arnout Vandecappelle (Essensium/Mind)
d7215f2bbb package/quagga: fix static linking with getopt
quagga has its own copy of getopt_long() instead of using the system's,
and this copy also defines the opterr and optind variables. Obviously,
this is only apparent when linking statically.

This problem can easily be avoided by making sure that getopt() itself
is defined too. This way, there is no reason any more to pull in libc's
getopt() and the corresponding definitions of opterr and optind. Note
that getopt() itself is pulled in by netsnmp, not by quagga itself.

Fortunately, there's a REALLY_NEED_PLAIN_GETOPT flag that we can define
to make sure getopt() does get built by quagga. We can safely do this
unconditionally (instead of only when BR2_PACKAGE_QUAGGA_SNMP and
BR2_STATIC_LIBS are enabled): without netsnmp, getopt() will simply not
be used, and with dynamic libs there's no risk of conflicts anyway.

Fixes:
http://autobuild.buildroot.net/results/0ac598c2259a8d7e8b72d4e8ed95079675b31b84

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 10:29:07 +02:00
Thomas Petazzoni
b9c2894298 package/bison: fix parallel build issue
Following the bump of Bison to 3.4.1 in commit
d3c2f33543, the build started failing on
autobuilders using a fairly old version of make (3.81). The failure is
caused by a parallel build problem in examples/c/reccalc/.

Fixing it is not trivial, and would require autoreconf, which then
fails due to help2man being missing. So for the time being, simply
disable parallel build on bison.

The issue has been reported to the bug-bison@ mailing list, but the
e-mail doesn't appear yet in the mailing list archives.

Fixes:

  http://autobuild.buildroot.net/results/856/8568bcef944096f2c21470d36f02b520989af5eb/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-02 09:46:23 +02:00
Mark Corbin
1003af2ebe support/config-fragments: add RISC-V 64-bit musl autobuild config
Add a RISC-V 64-bit autobuild configuration for the internal
toolchain with musl.

Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 23:55:40 +02:00
Fabrice Fontaine
332c7b1992 package/dropwatch: remove binutils dependency
Add a patch to make binutils optional and disable it in the context of
buildroot as suggested by Thomas in
https://patchwork.ozlabs.org/patch/1134299

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 23:26:25 +02:00
Angelo Compagnucci
74d9e5d9b8 package/mono: bump to version 6.0.0.313
This patch bumps mono to version 6.0.0.313 and it's related dependency
monolite to version d0aa6798-834d-11e9-b38a-3b0d70487d01.

The hash of the mono license file has changed, with the following
modification:

-* mcs/nunit24: MS-PL
-

However, this modification is in the "Build Time Code" section, which
describes the license of the parts of the code used only at build
time, which we don't document in the <pkg>_LICENSE
variable. Therefore, no relevant licensing change has occured from the
point of view of <pkg>_LICENSE.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Thomas: update the hash of the license file, and add a corresponding
explanation in the commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 23:06:09 +02:00
Bernd Kuhls
b9833c6f52 package/php: security bump version to 7.3.8
Release notes: https://www.php.net/ChangeLog-7.php#7.3.8

Fixes CVE-2019-11042 & CVE-2019-11041

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 22:53:13 +02:00
Philip Molloy
ffe9eaf337 system: directly use system shell as root shell
Rather than through the /bin/sh symlink, because because invocating bash as
sh causes bash to mimic sh (see INVOCATION in bash(1)).

Signed-off-by: Philip Molloy <philip.a.molloy@gmail.com>
[yann.morin.1998@free.fr: use the system shell, not a new option,
 as suggested by Arnout]
[Peter: describe why this is done using the description from Philip's help
 text]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 22:49:50 +02:00
Arnout Vandecappelle (Essensium/Mind)
0a4e1fc054 utils/checkpackagelib: CommentsMenusPackagesOrder: use regex for source
The 'source' strings identify which package is incorrectly ordered. We
need to extract the actual package name from that string, which is
currently done with constants that assume the file is package/Config.in.

In addition, only 'source' lines that are indented with a tab are
checked. This kind of indentation is done in package/Config.in, but not
e.g. boot/Config.in.

Therefore, use a regular expression to match the 'source' lines, and to
extract the directory part from it.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 22:48:59 +02:00
Jerzy Grzegorek
83a34f7705 utils/checkpackagelib: CommentsMenusPackagesOrder: append elements to arrays if needed
In the future, the nesting level of menus, comments and conditions may
increase. The fixed array length used now is not appropriate. Therefore,
append elements to the arrays if needed.

Also change order of variables.

Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 22:48:59 +02:00
Arnout Vandecappelle (Essensium/Mind)
c62a282920 utils/checkpackagelib: CommentsMenusPackagesOrder: fix 'menuconfig' handling
The CommentsMenusPackagesOrder check builds the 'state' to track the
depth of menus and conditions. However, a menuconfig doesn't create a
menu by itself - it is always followed by a condition that implies the
menu. As a result, when unwinding the 'state', the level will be wrong.

Fix this by checking for menu followed by a space, so it no longer
matches menuconfig. For consistency, do the same for comment and if
as well.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 22:48:59 +02:00
Arnold Bloemert
f0453de25d package/gst1-plugins-good: add shout2 plugin option
Signed-off-by: Arnold Bloemert <abloemert@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-01 21:10:52 +02:00
Romain Naour
a2e71ff581 package/piglit: new package
Piglit is an open-source test suite for OpenGL implementations.
It's an python3 script based around several tools like glxinfo,
wflinfo, dmesg.

Even though waffle support can be replaced by freeglut,
using pliglit with waffle is recommended since freeglut
will be replaced by waffle.

Add host-python-{mako,numpy,six} dependency since the build system
is checking with the host-python interpreter.

There is no comment about waffle dependency due to too complex
dependencies of waffle.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Reworked during the Buildroot summer camp 2019]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Arnout: small corrections to license info. It's messy.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-01 21:01:17 +02:00
Ricardo Martincoski
450863097f support/testing: use virtio-rng-pci to test syslog-ng
Recent versions of syslog-ng need some entropy on startup.
So use VirtIORNG to provide it. In order to accomplish this:
 - build the kernel containing the driver;
 - pass '-device virtio-rng-pci' to qemu.

Use the same kernel version and kernel config as qemu_arm_versatile.
It already has PCI enabled but it does not have HW_RANDOM_VIRTIO, so add
a defconfig fragment to enable the drivers.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/259856394

At the same time, fix a typo (missing '#') that resulted in the
generation of root.tar. This file is not used in the test.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:31:54 +02:00
Ludovic Desroches
d63e171bfc configs/atmel: kernel needs host openssl to build
Since commit df7005975e, the linux
configuration requires host-openssl to be built.

Reported-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:24:09 +02:00
Ludovic Desroches
a946dce75e configs/atmel: bump to linux4sam_6.1
Only the atmel_sama5d27_som1 board was bumped to linux4sam_6.1 so update
the other boards.

Moreover, display variant device trees are no longer in the linux4sam
kernel tree as we have adopted the DT overlays. In case of interest for those
DTs, please use the Microchip external available here:
https://github.com/linux4sam/buildroot-external-microchip

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:23:33 +02:00
Ludovic Desroches
285d306a58 board/atmel: genimage: remove display variant dtbs
Display variant dtbs are no longer part of the linux-at91 tree.

Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:23:25 +02:00
Petr Vorel
9440f3554b package/iputils: use capabilities if possible
If support for extended attributes is enabled, then we can use them to
store capabilities. If not, we keep using the setuid bit.

arping does not get a capability, as it can be used for arp poisoning.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr:
  - resort to using q full-fledged conditional block
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:22:03 +02:00
Yann E. MORIN
d413204a32 package/iputils: drop setuid on arping
arping can be used for arp poisoning, so it should really not be setuid.

Reported-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:21:27 +02:00
Fabrice Fontaine
6f05569211 package/gmrender-resurrect: bump to version a7b0b1b9ca482d2d34ac62c2f2dc0cf0dfbb702b
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:14:48 +02:00
Fabrice Fontaine
ff68ca92cb package/cloop: bump to version 3.14.1.2
- Remove patch, it is not needed anymore as CFLAGS/LDFLAGS are now
  correctly passed to extract_compressed_fs. CFLAGS/LDFLAGS are not
  passed to cloop_suspend but it isn't built. Moreover original CFLAGS
  are lost but this is acceptable)
- Switch site to http://snapshot.debian.org/archive/debian as
  http://debian-knoppix.alioth.debian.org/packages/sources/cloop is not
  available anymore
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:12:19 +02:00
Fabrice Fontaine
edf97df877 package/cloop: needs _GNU_SOURCE
host-cloop needs _GNU_SOURCE for loff_t otherwise build fails with gcc
8.3.0 on:
extract_compressed_fs.c: In function 'main':
extract_compressed_fs.c:55:2: error: unknown type name 'loff_t'; did you mean 'off_t'?
  loff_t *offsets;

Fixes:
 - No autobuilder failures

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 20:12:04 +02:00
Vincent Stehlé
499dfc9410 qemu: fix host virtfs option
Fix the build of host-qemu with virtfs enabled: fix a typo in makefile
conditional and add a dependency on host-libcap as that is a dependency of
virtfs support:

    if test "$virtfs" != no && test "$cap" = yes && test "$attr" = yes ; then
      virtfs=yes

The virtfs configuration option was added by commit e0f49e6484
("package/qemu: add option to enable virtual filesystem in host qemu").

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 19:56:03 +02:00
Fabrice Fontaine
02137d6397 package/glib-networking: needs dynamic library
glib-networking uses the meson's shared_module function

This is a partly revert of commit
ed3eef6bb4 'package/glib-networking: bump
to version 2.61.1' re-adding the dynamic library dependency due to the
meson's build system and not from gnutls

Fixes:
 - http://autobuild.buildroot.org/results/60037e37e020404485df9814f3f3ad4e3b2abdb3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 19:38:46 +02:00
Arnout Vandecappelle (Essensium/Mind)
8bfc93ba6b .gitlab-ci.yml: regenerate for new defconfig
Commit a8fac3fcfc introduced qemu_ppc_mac99_defconfig but forgot to
add it to .gitlab-ci.yml.

Do that now.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/263733672

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-01 18:50:59 +02:00
Fabrice Fontaine
cf5170adae package/assimp: bump to version 4.1.0
- Remove second patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 18:47:12 +02:00
Matt Weber
2abba0dfb3 package/llvm: disable libxml2
libxml2 is needed during Windows builds to populate the COFF
file manifest info.  This isn't required for Linux builds.

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-01 18:43:19 +02:00
Matt Weber
d899557e4e package llvm/clang: note about version bumping dep
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-01 18:42:09 +02:00
Peter Korsgaard
a62cd7dd4c package/python-django: security bump to version 2.2.4
Fixes the following security issues:

CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator

If django.utils.text.Truncator's chars() and words() methods were passed the
html=True argument, they were extremely slow to evaluate certain inputs due
to a catastrophic backtracking vulnerability in a regular expression.  The
chars() and words() methods are used to implement the truncatechars_html and
truncatewords_html template filters, which were thus vulnerable.

The regular expressions used by Truncator have been simplified in order to
avoid potential backtracking issues.  As a consequence, trailing punctuation
may now at times be included in the truncated output.

CVE-2019-14233: Denial-of-service possibility in strip_tags()

Due to the behavior of the underlying HTMLParser,
django.utils.html.strip_tags() would be extremely slow to evaluate certain
inputs containing large sequences of nested incomplete HTML entities.  The
strip_tags() method is used to implement the corresponding striptags
template filter, which was thus also vulnerable.

strip_tags() now avoids recursive calls to HTMLParser when progress removing
tags, but necessarily incomplete HTML entities, stops being made.

Remember that absolutely NO guarantee is provided about the results of
strip_tags() being HTML safe.  So NEVER mark safe the result of a
strip_tags() call without escaping it first, for example with
django.utils.html.escape().

CVE-2019-14234: SQL injection possibility in key and index lookups for
JSONField/HStoreField

Key and index lookups for django.contrib.postgres.fields.JSONField and key
lookups for django.contrib.postgres.fields.HStoreField were subject to SQL
injection, using a suitably crafted dictionary, with dictionary expansion,
as the **kwargs passed to QuerySet.filter().

CVE-2019-14235: Potential memory exhaustion in
django.utils.encoding.uri_to_iri()

If passed certain inputs, django.utils.encoding.uri_to_iri could lead to
significant memory usage due to excessive recursion when re-percent-encoding
invalid UTF-8 octet sequences.

uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8
octet sequences.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 18:38:12 +02:00
Bernd Kuhls
29ee5bb352 package/nano: bump version to 4.3
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2019-06/msg00004.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 18:31:51 +02:00
Carlos Santos
ffe5fcadfc package/dhcp: fix target installation
We don't use "make install" for the target installation so we must pick
the executables from the ".libs" directories on which libtool generates
them otherwise we install the automatically generated wrapper scripts.

This was not necessary before the upgrade to version 4.4.1.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12051

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 18:26:09 +02:00
Fabrice Fontaine
2405cd042a package/rtorrent: bump to version 0.9.8
Remove patch (already in version) and drop AUTORECONF as it is not
needed anymore

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 18:21:03 +02:00
Fabrice Fontaine
26545af9a1 package/libtorrent: bump to version 0.13.8
Remove both patches (already in version) and drop AUTORECONF as it is
not needed anymore

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 18:20:40 +02:00
Pierre-Jean Texier
070bebfa0b package/tinyxml2: bump to version 7.0.1
Even though the hash of the license file changes, there are no changes
in the licensing terms themselves. There are changes in other parts of
readme.md, and whitespace changes in the licensing terms, but no
licensing term changes per-se.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[Thomas: add explanation about the license file hash change]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 18:18:11 +02:00
Francois Perrad
0b32cd888e package/luaposix: bump to version 34.1.1
the module std.normalize is no longer a dependency

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 18:11:33 +02:00
Fabrice Fontaine
2174355059 package/duktape: bump to version 2.4.0
Update hash for license file (update in year:
bcb37439d6)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 18:11:07 +02:00
Victor Huesca
294fc3218c support/scripts/pkg-stats: retrieve packages latest version using processes
The major bottleneck in pkg-stats is the time spent waiting for
answers from remote servers. Two functions involve such communication
with remote servers:

- 'check_package_urls' which checks that each package upstream website
  is up, it is efficient due to the use of process-pools thanks to
  Matt Weber.

- 'check_package_latest_version' which fetches the latest package
  version from release-monitoring, it uses a http-pool but runs
  sequentially.

This patch extends the use of process-pools to 'check_latest_version'.
Due to some limitations of multiprocess callbacks, this patch loses
the overall progress of packages in favour of just the current package
name.

Runtimes for this function are ~3m vs ~25m for the linear version.
Tested on an i7 7500U (2/4 cores/threads @3.5GHz) with 15ms ping.

Note: There have already been work trying to parallelize this function
using threads but there were a failure on some configurations [1].
This implementation rely on a dedicated module already in use on this
script, so it's unlikely to see failure with this version.

[1] http://lists.busybox.net/pipermail/buildroot/2018-March/215368.html

Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 18:04:09 +02:00