Commit Graph

37551 Commits

Author SHA1 Message Date
Thomas Petazzoni
95389fe98c qt: add patch fixing build failure on ARMv8 in 32-bit mode
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:18:19 +02:00
Peter Korsgaard
f77fb7b585 libzip: security bump to version 1.3.0
Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:56 +02:00
Jörg Krause
0e19178c53 shairport-sync: bump to version 3.1.1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:33 +02:00
Romain Naour
66390e07c0 package/openpowerlink: bump to v2.6.1
http://openpowerlink.sourceforge.net/web/openPOWERLINK/Download/openPOWERLINK%202.6.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:08 +02:00
Peter Korsgaard
322599744c unrar: security bump to version 5.5.8
Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:15:08 +02:00
Peter Korsgaard
2a59db1bb0 strongswan: add upstream security patch
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:14:42 +02:00
Peter Korsgaard
0f5398f0e6 libsoup: security bump to version 2.56.1
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:14:09 +02:00
Peter Korsgaard
3b85d24c1d gd: security bump to version 2.2.5
Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
6913dd3cd2

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:13:57 +02:00
Fabio Estevam
f396d1310b configs/imx7dpico: Bump to 4.13 kernel
Bump to 4.13 kernel and remove all the dts patches as they
are part of upstream now.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:59:14 +02:00
Bernd Kuhls
cee153b838 package/php: bump version to 7.1.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:41:59 +02:00
Fabio Estevam
7c3ef9aac2 configs/imx6q-sabresd: Bump kernel to 4.13
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:08:49 +02:00
Fabio Estevam
412f046091 linux: bump default to version 4.13
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:08:09 +02:00
Fabio Estevam
f239daec64 linux-headers: bump to 4.13 kernel version
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:07:24 +02:00
Fabio Estevam
1576b89234 toolchain: add 4.13.x choice for headers
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:06:03 +02:00
Bernd Kuhls
19af2fe70c linux-headers: bump 4.{4, 9, 12}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:05:39 +02:00
Bernd Kuhls
7d8e2a307d package/eudev: bump version to 3.2.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:02:59 +02:00
Baruch Siach
d0bf15a829 strace: bump to version 4.19
Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:02:40 +02:00
Baruch Siach
aa70897e29 mbedtls: security bump to version 2.6.0
Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 11:18:26 +02:00
Bernd Kuhls
0dea780436 package/mesa3d-headers: bump version to 17.2.0
Forgot to bump this package in
https://git.buildroot.net/buildroot/commit/package/mesa3d?id=88b5e583a3b9389159c0b008f140aaa1cf578a3c

Fixes
http://autobuild.buildroot.net/results/ef2/ef23996ba10a2143087c3ff0b7549f4acbbe6777/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-07 09:20:48 +02:00
Bernd Kuhls
36be74f974 DEVELOPERS: add myself as maintainer for libpng
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:54:12 +02:00
Bernd Kuhls
4b11bb084e package/eudev: bump version to 3.2.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:48:44 +02:00
Aleksander Morgado
5cb40de7ee libqmi: add optional features
The libqmi library and tools come with several optional features that
may be enabled or disabled during build.

This patch adds support to automatically enable or disable them based
on the presence of the required dependencies for each:
 * QMI-over-MBIM is enabled if libmbim is selected.
 * udev support in qmi-firmware-update is enabled if libgudev is
   selected.
 * MM runtime check in qmi-firmware-update is enabled if ModemManager
   is selected (but we don't build-depend on it, the runtime check is
   done using plain glib2 DBus operations).

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:48:24 +02:00
Aleksander Morgado
e1c06945ee libmbim: add udev as optional feature
udev support will be enabled in the build if libgudev is selected.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:36:13 +02:00
Angelo Compagnucci
5cf9897f5b package/python-web2py: bump to version R-2.15.4
This patch bumps web2py to the latest version R-2.15.4 and bumps
also the python-pydal dependency to the required latest version 17.8.
Starting with version R-2.15.x web2py supports also python 3, so
updating the package to support both versions.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:34:57 +02:00
Baruch Siach
371d3a7ab8 mmc-utils: use upstream provided install target
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:31:20 +02:00
Yegor Yefremov
06a2d82de7 python-pytablewriter: bump to 0.24.0
Reorder and fix dependencies.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:25 +02:00
Yegor Yefremov
7a6d0a9dbc python-dataproperty: bump to version 0.25.6
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:21 +02:00
Yegor Yefremov
a4d15237c4 python-typepy: bump to version 0.0.20
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:19 +02:00
Yegor Yefremov
57bfe67b77 python-pytablereader: bump to version 0.13.3
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:18 +02:00
Yegor Yefremov
40f3658f8e python-simplesqlite: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: add upstream URL in Config.in.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:23:48 +02:00
Sven Haardiek
028cf5897c lcdproc: bump to version 0.5.9
This commit bumps lcdproc to version 0.5.9, and switches to the new
upstream on github.

The new version also compiles with musl without any patches.

Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:57:14 +02:00
Baruch Siach
bfa4428d78 expat: bump to version 2.2.4
Upstream migrated to automake for autotools: the "installlib" target
no longer exist, and we can use the standard "install" target, and
therefore drop the special INSTALL_STAGING_OPTS and
INSTALL_TARGET_OPTS variables.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:42:14 +02:00
Aleksander Morgado
596291dc89 libmbim: bump to version 1.14.2
New stable update in the 1.14.x series:
https://lists.freedesktop.org/archives/libmbim-devel/2017-August/000917.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:39:07 +02:00
Francois Perrad
4dd0919a47 xavante: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:31:04 +02:00
Francois Perrad
aad1825e93 wsapi-xavante: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:31:02 +02:00
Francois Perrad
c80c858bbc wsapi-fcgi: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:30:59 +02:00
Francois Perrad
82c6ac3599 wsapi: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:30:57 +02:00
Francois Perrad
ad8d1e444c rings: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:30:54 +02:00
Francois Perrad
a62942fdec luasql-sqlite3: fix LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:30:41 +02:00
Francois Perrad
d71a282652 luaexpat: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:27:44 +02:00
Francois Perrad
c7e40ece0a dado: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:27:41 +02:00
Francois Perrad
d859734973 coxpcall: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:27:39 +02:00
Francois Perrad
0044e612ec copas: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:27:36 +02:00
Francois Perrad
448475231c cgilua: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:20:30 +02:00
Yegor Yefremov
ee4679c7bb libcoap: bump to version 4.1.2
Remove upstreamed patch.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:15:15 +02:00
Yegor Yefremov
5f20f98401 scons: bump to version 2.5.1
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:14:43 +02:00
Yann E. MORIN
c8f51a00d8 docs/manual: add appendix about $(HOST_DIR)/usr
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:13:40 +02:00
Yann E. MORIN
11e548f1e6 docs/manual: add appendix about migration from older versions
... and move the br2-external migration to it.

Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:13:17 +02:00
Martin Bark
a4478b7dcd package/nodejs: bump version to 8.4.0
See https://nodejs.org/en/blog/release/v8.4.0/

An update to v8 6.0.286 has removed the need for mkpeephole and
0002-add-missing-stdarg-includes.patch

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:06:55 +02:00
Martin Bark
08456f52b0 package/libuv: bump version to 1.14.0
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:06:37 +02:00