Commit Graph

33408 Commits

Author SHA1 Message Date
Peter Korsgaard
81dc283a00 gd: security bump to version 2.2.3
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:

- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)

Using application provided parameters, in these cases invalid data causes
the issues:

 - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
 - fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
 - improve color check for CropThreshold

The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that.  Notice that this issue has been fixed
upstream post-2.2.3:

https://github.com/libgd/libgd/issues/339

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:01:42 +01:00
Peter Korsgaard
4153e9f25a libopenh264: bump to version 1.6.0
Contains a number of bugfixes, some of which may be security related:

http://www.openwall.com/lists/oss-security/2017/01/02/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:01:35 +01:00
Gustavo Zacarias
4df8b4d8cd granite: bump to version 0.4.0.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:53:42 +01:00
Bernd Kuhls
268e5b82a6 package/zlib: bump version to 1.2.10
Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:51:26 +01:00
Gustavo Zacarias
e143b0c73e mpv: bump to version 0.23.0
enca and libguess options have been dropped so adjust accordingly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:51:11 +01:00
Gustavo Zacarias
5807b9ce35 flac: bump to version 1.3.2
And delete upstream patches.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:50:26 +01:00
Peter Korsgaard
103fd78bf7 collectd: fix riemann write plugin dependencies
Fixes:
http://autobuild.buildroot.org/results/fe5/fe5b5ed6355a794e84894c4aaf62eda6529ed184/
http://autobuild.buildroot.org/results/6c3/6c393cffb6ad4e676e311e9fc23ddbb2bcc2cf36/

The plugin uses the riemann-c-client library since commit d55584214206
(write_riemann: Use riemann-c-client), so adjust the dependencies to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:48:59 +01:00
Peter Korsgaard
8d68b3b957 riemann-c-client: new package
Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 23:48:56 +01:00
Fabio Estevam
c929c53f92 configs/mx53loco: Bump kernel and U-Boot versions
Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:28:15 +01:00
Gustavo Zacarias
2895cf7640 m4: bump to version 1.4.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:25:22 +01:00
Gustavo Zacarias
63a7277107 musl: security bump to version 1.1.16
Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.

Drop upstream patch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:51 +01:00
Gustavo Zacarias
190ba02f38 xz: bump to version 5.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:18 +01:00
Gustavo Zacarias
e759f8dcb8 freetype: bump to version 2.7.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:24:02 +01:00
Gustavo Zacarias
ec1d29c889 sqlite: bump to version 3.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:23:45 +01:00
Gustavo Zacarias
8718bb82cb weston: fix DEPENDENCIES typo
Fixes a build failure with the PPS patchset since libva isn't populated.

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:21:18 +01:00
Gustavo Zacarias
8425ec6fa7 mpv: fix DEPENDENCIES typo
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-03 16:20:30 +01:00
Eric Le Bihan
32fe6a540b skalibs: make ld use dummy file when configuring
For some architectures, like Xtensa or HPPA, ld from binutils requires
the output file to be a regular file, as mentioned in a bug report on
the mailing list [1].

So, use a dummy file as output file for ld, instead of /dev/null, when
trying to detect some libraries at configuration time.

Fixes http://autobuild.buildroot.net/results/288/288fc31cd10ffe3cd93371c7be37d79452a91768/

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19526

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:34:59 +01:00
Fabio Estevam
027d8141c5 udoo: mx6qdl: Use the preferred form for disabling a symbol
Even though 'CONFIG_USB=n' does the job, let's switch to the more
standard way for disabling a Kconfig symbol.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:23:57 +01:00
Romain Naour
9cb4058e60 package/intltool: remove target variant
The target variant depends on BR2_HOST_ONLY which is just like BROKEN
(i.e not defined anywere). BR2_HOST_ONLY was introduced by [1] back in
2010 and nobody seems to need it. So remove intltool for the target.

[1] 0b876d3977

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:17:38 +01:00
Yann E. MORIN
0d7b6a470f package/systemd-bootchart: bump version
Get rid of our patch, applied upstream. Which means we no longer need to
run intltoolize. So drop the dependency on host-intltool

Fixes:
    http://autobuild.buildroot.net/results/696/696254009f830134ef9398369ca2cbb257b33f52/
    http://autobuild.buildroot.org/results/aca/aca210de7d3f2eda54e5630206e9ff80d72d85c5/
    http://autobuild.buildroot.org/results/e5d/e5df8d11bfce4ba7a4c5c760b4784c31c506d8d4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-01 09:02:59 +01:00
Fabio Estevam
9baa390f83 configs/warpboard: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-31 09:18:25 +01:00
Fabio Estevam
b18ecaf849 configs/warpboard: Bump kernel and U-Boot versions
Bump kernel to version 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-31 09:17:49 +01:00
Jörg Krause
8d9937b61b package/busybox: add patch to fix dependency for IFUPDOWN_UDHCPC_CMD_OPTIONS
Upstream commit a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and
ifdown individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.

Add a patch which fixes the dependency by checking for IFUP or IFDOWN,
instead of the obsolete IFUPDOWN.

Upstream status: Pending
http://lists.busybox.net/pipermail/busybox/2016-December/085034.html

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:29 +01:00
Jörg Krause
8f55961eed package/busybox: update minimal configuration file
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the minimal configuration file. There is at
least one issue using the old configuration with the newer busybox:

* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0

Update the minimal configuration file by loading the busybox.config file
and saving it back.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:25 +01:00
Jörg Krause
0de6137d6f package/busybox: update configuration file
Commit 44a563dbc0 bumps busybox to version
1.26.0, but does not update the configuration file. There is at least
one issue using the old configuration with the newer busybox:

* IFUPDOWN is split into IFUP and IFDOWN in version 1.26.0

Update the configuration file by loading the busybox.config file and
saving it back.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:44:22 +01:00
Baruch Siach
e58b15b1bf wireshark: fix build with musl
Add a patch adding missing sys/time.h header.

Fixes:
http://autobuild.buildroot.net/results/cd8/cd883b40503a6f4d3035e09a383db2d5a21162ad/
http://autobuild.buildroot.net/results/1ae/1ae34debe7e95eab33a895ecdf04c0ddf96cf4ab/
http://autobuild.buildroot.net/results/4af/4afe968e698f62c6bdbec35e53d35c361c5e852b/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:17:45 +01:00
Fabio Estevam
8f817c3039 configs/warp7: Add floating point support
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:17:23 +01:00
Fabio Estevam
ecb1296717 configs/imx6ulpico: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:15:24 +01:00
Fabio Estevam
05affd1b89 configs/imx6ulpico: Select floating point
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:15:22 +01:00
Fabio Estevam
446416d4ab configs/imx6ulpico: Bump to U-Boot 2016.11
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:15:07 +01:00
Gustavo Sverzut Barbieri
c72dc476e9 eudev: fix build with <2.6.34 kernels
Add missing defines so eudev builds for older kernels, not having
BTN_TRIGGER_HAPPY (2.6.34) or INPUT_PROP_MAX (2.6.38).

Patch submitted upstream: https://github.com/gentoo/eudev/pull/139

[Peter: clarify versions]
Signed-off-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 22:08:01 +01:00
Gustavo Zacarias
d4e08cdeaa libpng: security bump to version 1.6.27
Fixes a NULL pointer dereference bug in png_set_text_2()
CVE not assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 21:12:43 +01:00
Gustavo Zacarias
fd469943b9 libgcrypt: bump to version 1.7.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 21:12:36 +01:00
Gustavo Zacarias
3cc9d41479 whois: bump to version 5.2.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-30 21:10:43 +01:00
Peter Korsgaard
67f23a77c2 Update for 2016.11.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-29 22:24:06 +01:00
Peter Korsgaard
e5782ec233 CHANGES: update for 2016.11.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf8fdcc2fa)
2016-12-29 22:13:23 +01:00
Peter Korsgaard
9f57959147 cryptopp: fixup DOS newlines in CVE-2016-9939 patch
The patch did contain the correct newlines, but they got stripped by
patchwork so now the patch no longer applies.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-29 00:01:54 +01:00
Danomi Manchego
e298cf06f6 luarocks: fix target-finalize hook processing
The LUAROCKS_TARGET_FINALIZE_HOOKS is not running, so detritus is being left
in /usr/lib/luarocks.  This is because host-luarocks is built by being a
dependency in the luarocks package infrastructure, not by being selected by
kconfig symbol.  This means that the $(PKG)_KCONFIG_VAR in pkg-generic.mk is
not met, and (HOST_)LUAROCKS_TARGET_FINALIZE_HOOKS is not added to the
global TARGET_FINALIZE_HOOKS.

This mod fixes this issue by adding the host-luarocks hook directly
to TARGET_FINALIZE_HOOKS when either lua or luajit is enabled.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 23:55:11 +01:00
Danomi Manchego
2ffd07aaae luafilesystem: add license file
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 23:28:51 +01:00
Fabio Estevam
cf82c1866b configs/warp7: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 23:21:53 +01:00
Fabio Estevam
26e27bd22f configs/warp7: Bump to mainline kernel 4.9
Use mainline 4.9 instead of a custom kernel based on NXP 4.1.

As mx7 boots in non-secure mode in mainline kernel, change the
U-Boot target to "warp7".

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 23:20:35 +01:00
Fabio Estevam
356776d9ad DEVELOPERS: Add entry for udoo_neo and wandboard
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 23:20:04 +01:00
Peter Korsgaard
60d86c81cc libsigrokdecode: bump to version 0.4.1
For details, see:
https://www.sigrok.org/blog/libsigrokdecode-041-released

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 11:18:18 +01:00
Peter Korsgaard
222808a4b6 cryptopp: add upstream security fix for CVE-2016-9939
Fixes security issue (DoS) in Crypto++ ASN1 decoder:

https://github.com/weidai11/cryptopp/issues/346

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 11:18:09 +01:00
Baruch Siach
d91ce1aa08 fs/tar: make --no-recursion effective
The tar --no-recursion option is position sensitive. It only affects following
file listing options. Move --no-recursion before the -T option to make it
effective. This fixes duplication of entries in the generated rootfs.tar
archive.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 10:13:21 +01:00
Bernd Kuhls
0e3526c10e DEVELOPERS: remove perl-db-file
Package perl-db-file was removed today:
https://git.buildroot.net/buildroot/commit/?id=8546ff31c58b2501a69e49bc0f27a4ffa1d2ae08

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-28 09:17:43 +01:00
Romain Naour
b3c6181de8 toolchain-external: bump CodeSourcery NIOSII to 2016.11
Keep BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19405 since it's not fixed in
Binutils 2.26.

Runtime tested with an experimental version of Qemu 2.7 for Nios2.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-27 23:36:42 +01:00
Bernd Kuhls
0d5b2e9da9 package/znc: bump version to 1.6.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-27 23:36:16 +01:00
Gustavo Zacarias
c7bdef0d23 linux-headers: bump 3.18.x and 4.1.x series
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-27 23:35:44 +01:00
Yann E. MORIN
e09e1873a1 support/dependencies: ensure we have 'file' on the host
Recently, the autoconf macros for libtool started using '/usr/bin/file'
to determine the type of library that is generated by the toolchain.
Packages that use this recent version of the libtool autoconf macros
will fail in a rather dramatic way when /usr/bin/file is not present
on the host: the package will still build but no shared library is
generated, which in turn may cause build failures in other packages
that link with it.

For example, libpng's configure determines that it is not possible to
build a shared library on MIPS64 because the expected output from 'file'
is not present. Therefore, only a static libpng.a is built. Later,
bandwithd links with -lpng but it doesn't use the pkg-config's
Private-Libs (because it's not linking statically) and it doesn't have
access to the NEEDED reference from the shared library. Therefore, it
doesn't link with zlib and fails with

    pngrutil.c:(.text+0x55c): undefined reference to `inflate'

We cant use host-file because it is itself an autotools package and is
itself using libtool, so this would be a chicken-n-egg problem. Besides,
the libtool script really wants to call /usr/bin/file, so it would not
even find our host-file anyway.

So, just require that '/usr/bin/file' is present on the host.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-12-27 18:02:42 +01:00