aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update for 2018.02.92018.02.9Gravatar Peter Korsgaard2018-12-202-2/+19
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* swupdate: ensure TARGET_CC is used for compiling/linkingGravatar Peter Korsgaard2018-12-181-0/+5
| | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/e302d0edb59ff7617b5f2d21f06eb65ae04981fe http://autobuild.buildroot.net/results/dbb69acadc20b4bb559311348eca276c1e6343f7 Swupdate uses $CROSS-cc instead of $CROSS-gcc, which is not available in all external toolchains, and use CC for linking. Ensure TARGET_CC is used for both. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 291ec1d2be2409fddc897a5f6ab28e6b8b56ce38) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-requests: bump to version 2.20.1Gravatar Asaf Kahlon2018-12-172-4/+4
| | | | | | | | | | | Fixes a bug introduced in 2.20.0 with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 745132abc05e9cb81b0015a1303a602437f0a06f) [Peter: mention fix from 2.20.0] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-requests: security bump to version 2.20.0Gravatar Asaf Kahlon2018-12-172-5/+5
| | | | | | | | | | | | | | | Fixes CVE-2018-18074: The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. LICENSE update: replaced http address with https. Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 42bebd1e7ce07608967c36e2877f578f4c143e5c) [Peter: mention security impact] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-requests: bump version to 2.19.1Gravatar Bernd Kuhls2018-12-172-5/+7
| | | | | | | | | Updated package using scanpypi, added license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 217fa315abca43579bb47637881fe4127da6584b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/go: security bump to version 1.9.7Gravatar Peter Korsgaard2018-12-162-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | go1.9.1 (released 2017/10/04) includes two security fixes. go1.9.2 (released 2017/10/25) includes fixes to the compiler, linker, runtime, documentation, go command, and the crypto/x509, database/sql, log, and net/smtp packages. It includes a fix to a bug introduced in Go 1.9.1 that broke go get of non-Git repositories under certain conditions. go1.9.3 (released 2018/01/22) includes fixes to the compiler, runtime, and the database/sql, math/big, net/http, and net/url packages. go1.9.4 (released 2018/02/07) includes a security fix to “go get”. go1.9.5 (released 2018/03/28) includes fixes to the compiler, go command, and net/http/pprof package. go1.9.6 (released 2018/05/01) includes fixes to the compiler and go command. go1.9.7 (released 2018/06/05) includes fixes to the go command, and the crypto/x509, and strings packages. In particular, it adds minimal support to the go command for the vgo transition. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ci20: Fix U-Boot build with codesourcery toolchainGravatar Ezequiel Garcia2018-12-162-0/+67
| | | | | | | | | | | | Currently, U-Boot is failing to build, due to some issues with the toolchain and the U-Boot port. Fix it. Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit aacf3acb8455682d8dac4a68cf0f7984dd71b549) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/luvi: add upstream patch to fix runtime issue with CMake 3.12+Gravatar Jörg Krause2018-12-161-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | luvi fails to run when it was build with CMake 3.12+: ``` [string "return require('init')(...)"]:1: module 'init' not found: no field package.preload['init'] no file './init.lua' no file '/usr/share/luajit-2.0.5/init.lua' no file '/usr/local/share/lua/5.1/init.lua' no file '/usr/local/share/lua/5.1/init/init.lua' no file '/usr/share/lua/5.1/init.lua' no file '/usr/share/lua/5.1/init/init.lua' no file './init.so' no file '/usr/local/lib/lua/5.1/init.so' no file '/usr/lib/lua/5.1/init.so' no file '/usr/local/lib/lua/5.1/loadall.so' ``` Looking at link.txt for the luvi executable shows that `-rdynamic` is not set anymore in CMake 3.12. This has the effect, that symbols are missing in the `.dynsym` section in the binary. The patch, sets `ENABLE_EXPORTS` to true in CMakeLists.txt to force setting `-rdynamic` explicitly. Upstream status: b8781653dcb8815a3019a77baf4f3b7f7a255ebe Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 56d2ac54dd6ff111cc1c6b2221903ccaf84de188) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/webkitgtk: security bump to version 2.22.5Gravatar Adrian Perez de Castro2018-12-162-5/+5
| | | | | | | | | | | | | | | | | | | | | | This is a maintenance release of the current stable WebKitGTK+ version, which contains security fixes for CVE identifiers: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, and CVE-2018-4464. Additionally, it fixes a couple of build failures in unusual build configurations. Release notes can be found in the announcement: https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html More details on the issues covered by security fixes can be found in the corresponding security advisory: https://webkitgtk.org/security/WSA-2018-0009.html Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 6bbfaf1d400417b7555fd0c67617cc25c7cc7b68) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/swupdate: Update to version 2018.11Gravatar Jared Bents2018-12-162-2/+3
| | | | | | | | | | | | | | | | | | | | Update to version 2018.11 to resolve the following build failure: corelib/channel_curl.c: In function ‘channel_map_curl_error’: corelib/channel_curl.c:298:2: error: duplicate case value case CURLE_SSL_CACERT: ^ corelib/channel_curl.c:297:2: error: previously used here case CURLE_PEER_FAILED_VERIFICATION: ^ when building with CONFIG_DOWNLOAD=y. This issue is happening since the libcurl bump to 7.62.0. Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 1040b1863404d8c35fb81912be68bd92f5c4a6a8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/swupdate: default website have a new APIGravatar Julien Corjon2018-12-161-1/+1
| | | | | | | | | | | | 2018.03 introduce a new website with Websocket asynchronous communication[1] [1] https://github.com/sbabic/swupdate/blob/master/doc/source/mongoose.rst Signed-off-by: Julien Corjon <corjon.j@ecagroup.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2d9e9d04d7e810e4c97f14dd84acfbdb43b9b3ea) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* swupdate: bump to version 2018.03Gravatar Jörg Krause2018-12-165-214/+13
| | | | | | | | | | | | | | | | | | | | | | | | Remove upstream patches: * 0001-compat.h-introduce-compatibility-header.patch * 0002-Fix-build-if-DOWNLOAD-is-set-but-no-JSON.patch Update note about bundled modified version of mongoose 6.11. Update licenses. Some files are LGPL-2.1+ now. Remove Public Domain as the relevant bundled sqlite3 code was removed some time age. Regenerated the .config file by doing: ``` make swupdate-menuconfig make swupdate-update-config ``` .. and removing the paths for the build options manually. Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 26184c2815072e2ab5ba6eb3e13542684d65c55a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* nginx: bump to version 1.15.7Gravatar Peter Korsgaard2018-12-162-2/+2
| | | | | | | | | | | | | | | | | | | 1.15.7 contains a number of bugfixes. From the changes file: *) Bugfix: memory leak on errors during reconfiguration. *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and $upstream_header_time variables. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. https://nginx.org/en/CHANGES Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit bc60c57f6920ce055acb11ef4e3e7c2123ce9bf7) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libgpgme: properly tweak gpgme-configGravatar Thomas Petazzoni2018-12-161-0/+1
| | | | | | | | | | libgpgme installs a gpgme-config script, it should be tweaked using the <pkg>_CONFIG_SCRIPTS mechanism. This is generally useful and is going to be particularly important with per-package directories. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 3df53aa11dce9f80a2f97709c3a7056af4d13439) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/uclibc: add custom bits/poll.h for xtensaGravatar Max Filippov2018-12-161-0/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Definitions of POLLWRNORM, POLLWRBAND and POLLREMOVE in xtensa linux kernel are non-standard. Provide bits/poll.h with correct values for these constants for uclibc-ng. This fixes the following strace build errors: In file included from xlat/pollflags.h:4:0, from poll.c:34: ./static_assert.h:40:24: error: static assertion failed: "POLLWRBAND != 0x0100" # define static_assert _Static_assert ^ xlat/pollflags.h:75:1: note: in expansion of macro ‘static_assert’ static_assert((POLLWRBAND) == (0x0100), "POLLWRBAND != 0x0100"); ^~~~~~~~~~~~~ ./static_assert.h:40:24: error: static assertion failed: "POLLREMOVE != 0x0800" # define static_assert _Static_assert ^ xlat/pollflags.h:117:1: note: in expansion of macro ‘static_assert’ static_assert((POLLREMOVE) == (0x0800), "POLLREMOVE != 0x0800"); ^~~~~~~~~~~~~ Fixes: http://autobuild.buildroot.net/results/5a0112b7a2c81fa5253c9adc93efe415256cd811 Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 95f11fb25d68a5b92426710eeeb0841771d151a4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/liquid-dsp: add missing dependency on fftwGravatar Thomas Petazzoni2018-12-161-0/+3
| | | | | | | | | | | | | | | | | | When one of BR2_PACKAGE_FFTW_PRECISION_* is enabled, liquid-dsp links against fftw3f, fftw3 or fftw3l, but forgets to add the fftw package in its dependencies. It works fine in practice because "fftw" is before "liquid-dsp" in the alphabetic ordering, but building with "make liquid-dsp" or with per-package directory causes a build failure. Fix that by adding the missing dependencies. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com> Reviewed-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2517fa73edcb48d05fae7795ea75591e004a0177) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sdl2_net: add missing host-pkgconf dependencyGravatar Thomas Petazzoni2018-12-161-1/+1
| | | | | | | | | | | | | | | | | The sdl2_net configure script uses pkg-config to finx sdl2. If it doesn't find pkg-config, it tries to locate sdl2-config, and defaults to /usr/bin/sdl2-config, which causes the build to fail with: arm-linux-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include/SDL2' Fix this by adding host-pkgconf to the dependencies of sdl2_net. We could have added the right autoconf cache variable to tell the configure script where sdl2-config is located, but since pkg-config is tried first, let's use that. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c2a1bcb1b3e56c16a8433a516646d4eb8581fd91) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/wine: host-wine also needs bison and flexGravatar Thomas Petazzoni2018-12-161-0/+1
| | | | | | | | | | | | | | | | | | | Just like the build of the target wine, the build of host wine also needs bison and flex, otherwise the build fails with: checking for flex... no configure: error: no suitable flex found. Please install the 'flex' package. (and similarly for bison once host-flex is provided) This was detected using per-package directories. It used to "work" because host-wine comes alphabetically after host-flex and host-bison, which are dependencies of target wine. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit e4d153b16ac51df1e8294eaf2413e43131620a7f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/nodejs: security bump to version 8.14.0Gravatar Peter Korsgaard2018-12-162-3/+3
| | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: - Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) - Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) - Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) - Node.js: HTTP request splitting (CVE-2018-12116) - OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) - OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) For more details, see the announcement: https://nodejs.org/en/blog/release/v8.14.0/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0de2c9c76cd0a522fc1eb4b8d63bb5070efaecd3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/nodejs: bump version to 8.12.0Gravatar Martin Bark2018-12-162-3/+3
| | | | | | | | | See https://nodejs.org/en/blog/release/v8.12.0/ Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e75d9c6bcf4349c75ee958150d0acf70e7da1df3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libopenssl: use HTTPS for URLGravatar Joel Stanley2018-12-161-1/+1
| | | | | | | | | | | | | The host forces HTTPS regardless. This can be seen in the build logs: >>> host-libopenssl 1.0.2q Downloading URL transformed to HTTPS due to an HSTS policy --2018-12-10 09:53:27-- https://www.openssl.org/source/openssl-1.0.2q.tar.gz Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 4d6fa0376064dcd3bc2901402307d6730e7b4b8b) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libpjsip: add optional dependency on libgsmGravatar Bernd Kuhls2018-12-161-1/+10
| | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 94e7a91092781dbb7cf882f155358334bef1e368) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libpjsip: add optional dependency on speexGravatar Bernd Kuhls2018-12-161-2/+12
| | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit b9c6b38f2a2a43900d899af356415eea746157c8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libpjsip: disable build of test binariesGravatar Bernd Kuhls2018-12-161-0/+3
| | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 8e50901517f8adf7c5b3a273a0876c836bd3292f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libmpd: fix build with strndupGravatar Fabrice Fontaine2018-12-161-0/+24
| | | | | | | | | | | | | | | | | Retrieve a patch from upstream to include config.h otherwise build will fail when trying to redefine strndup: libmpd-internal.h:210:10: error: expected identifier or '(' before '__extension__' char * strndup (const char *s, size_t n); Indeed, without an include on config.h, HAVE_STRNDUP won't be defined Fixes: - http://autobuild.buildroot.org/results/a174818fa768b029d19b033139f9c5e0aaaed149 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b65c8e28ce19cee143db251d48482c3c7d2692c2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libmpd: add hash for license fileGravatar Fabrice Fontaine2018-12-161-0/+1
| | | | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 8e884ba02be77bd91ef2ffe067d4220ce06e9850) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* php: security bump to version 7.2.13Gravatar Peter Korsgaard2018-12-162-2/+2
| | | | | | | | | | | | | | | | | Fixes CVE-2018-19518: University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 1af52321389f56cec4888389b2161cc1ee2bfaed) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/php: bump version to 7.2.12Gravatar Bernd Kuhls2018-12-163-8/+10
| | | | | | | | | | | | Changelog: http://www.php.net/ChangeLog-7.php#7.2.12 Rebased patch 0004 and updated license hash after white space removal: https://github.com/php/php-src/commit/902d39a3a79c6efe93c8879575fdd5a759cf03de Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d383a73a8e5f45f291afda56af912ab088f2f255) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/php: bump version to 7.2.11Gravatar Bernd Kuhls2018-12-163-73/+2
| | | | | | | | | | | Changelog: http://www.php.net/ChangeLog-7.php#7.2.11 Removed patch 0008, applied upstream. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8dc3d02bacc65aa6eb5660a7331e594651c4e7fd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* squashfs: do not force gzip support if lz4/xz/zstd is selectedGravatar Peter Korsgaard2018-12-161-1/+7
| | | | | | | | | | | | | The logic to ensure at least one compression backend is selected was not updated when lz4, xz and zstd were introduced - Fix that. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Peter Seiderer <ps.report@gmx.net> [Peter: add comment as suggested by Peter Seiderer] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 84aeb4419f394b2eb11a22a962bc20e05b311b5f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/pps-tools: bump version to fix usage without bashGravatar Thomas Petazzoni2018-12-162-2/+2
| | | | | | | | | | | | | | | | As reported in bug #11426, the ppsfind shell script uses /bin/bash, but the Buildroot pps-tools package doesn't depend on bash. In fact, upstream has fixed the problem, and the script can now be used with a POSIX shell, and the shebang is /bin/sh. This commit therefore bumps pps-tools to the latest upstream commit, which is precisely this fix. Fixes bug #11426. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 5c89726d9fe5072dc92bf2c407bd5aebff2703d2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/lynx: add dependency on host-pkgconfGravatar Thomas Petazzoni2018-12-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The Lynx configure script uses pkg-config when available: checking for nios2-buildroot-linux-gnu-pkg-config... /home/thomas/projets/buildroot/output/host/bin/pkg-config checking pkg-config for openssl... yes [...] checking pkg-config for ncurses... yes Using pkg-config avoids build failures such as: checking for _nc_freeall... no configure: error: Configuration does not support color-styles make: *** [/home/test/autobuild/run/instance-1/output/build/lynx-2.8.9rel.1/.stamp_configured] Error 1 When building with "make lynx", so that pkg-config is not built before. The issue is that in this case, lynx configure script picks up the ncurses6-config script for the host ncurses instead of the one in staging. Using pkg-config solves that nicely. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 67ee7f9eb1bce1542e0a8845d492635151dce36e) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* linux: ensure images/ exist before creating files thereGravatar Yann E. MORIN2018-12-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | When using an initramfs, on the first-pass build, we create a dummy cpio so that the build succeeeds. The real cpio will come later, and we'll do a second-pass build to use the actual cpio. However, when we touch that dummy cpio, the images/ directory may not yet exist, since commit d0f4f95e39 (Makefile: rework main directory creation logic) removed its creation at the begining of the build, to only at the moment we need it, i.e. during the *_INSTALL_IMAGES_CMDS steps. However, the linux build is not a _INSTALL_IMAGES_CMDS step, so there is no guarantee that images/ already exist at that time. Fix that by explicitly creating images/ before touching the dummy cpio. Reported-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Matthew Weber <matthew.weber@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 524fb10bbe2038ea7ca45493193073d31732d1de) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libiscsi: do not built the manpagesGravatar Yann E. MORIN2018-12-161-1/+1
| | | | | | | | | | The pre-rendered, bundled ones are still installed, though, but they get removed in target-finalize anyway. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 5b5c84a2a82407f7728d53ac79f0fde59f677fc3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libiscsi: fix build due to warningsGravatar Yann E. MORIN2018-12-161-0/+2
| | | | | | | | | | | Fixes: http://autobuild.buildroot.org/results/55b/55bf50fc7dcd465b71b5757434887dd3d0b25abc/ http://autobuild.buildroot.org/results/98d/98dcfe5c9fc3babd5c8d3116d5128d437715c44e/ Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit d2d81637ee6483aa23a2266154efd3d047bc0bb6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{9, 14, 19}.x seriesGravatar Peter Korsgaard2018-12-161-2/+2
| | | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 177a8a5fd966c09c237dc93cc8e131dbb5dfadd2) [Peter: drop 4.19.x, linux / hash changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libcurl: use GnuTLS's default cert pathGravatar Trent Piepho2018-12-161-1/+2
| | | | | | | | | | | | | | | | | | | | libcurl doesn't find any trust path for CA certs when it cross-compiles. When using OpenSSL, it is explicitly configured to use the SSL cert directory with OpenSSL style hash files in it. But with GnuTLS, it gets nothing. Rather than configure libcurl to use the OpenSSL directory or a bundle file, configure it to use the GnuTLS default. This way the CA certs path can be configured in one place (gnutls) and then libcurl and anyone else who uses gnutls can default to that. Also, when libcurl with gnutls is configured to use a directory, it ends up loading each cert three times. Signed-off-by: Trent Piepho <tpiepho@impinj.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 43b4d3ae4557b97d84c06a8a79a4f40a31c67697) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/gnutls: give library a default trust locationGravatar Trent Piepho2018-12-161-0/+7
| | | | | | | | | | | | | | | | | | | | | | | Gnutls is building with no default location to look for CA certs. Since there are buildroot packages to provide these, configure it to use them by default. Configure gnutls to find them using the bundle file which contains all certs, rather than looking in the cert directory. When gnutls is told to use the directory, it loads *every* file in it. This means it loads the bundle with all certs, then loads each cert a second time using the individual pem files, and then loads them all the third time via the hash symlinks to the pem files. When p11-kit is enabled, use its trust module instead of the bundle file. p11-kit can be configured to use the bundle (the default), but it can do other things too, such as integrate with the "trust" command for adding and removing trust anchors. Signed-off-by: Trent Piepho <tpiepho@impinj.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 379306e8f2394d6f75ac138673dbf6be9ae9155a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x seriesGravatar Peter Korsgaard2018-12-111-3/+3
| | | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 85d00b3c8eaec4fc9b9a754246f4e6db151321b8) [Peter: drop 4.19.x, linux / hash changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/uclibc: add upstream patch to fix aarch64 issuesGravatar Waldemar Brodkorb2018-12-101-0/+169
| | | | | | | | | | fstatfs/statfs on aarch64 seems broken, add a patch from uClibc-ng upstream git to fix it. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 2179ca4a61b4574854075e4cdc1e2b851fa0d5b3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/c-ares: use LICENSE.mdGravatar Fabrice Fontaine2018-12-032-2/+4
| | | | | | | | | | | | c-ares has a LICENSE.md file since version 1.12 and https://github.com/c-ares/c-ares/commit/4e861351d9deaef7b78aee50ce9229325f4fc59a So use it instead of one of the source file and add its hash Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit c9dfcbd6ee4ed6878bb081e918c4b7e36955d67c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* glibc: bump version for post-2.26 security fixesGravatar Peter Korsgaard2018-12-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerability: CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. Adhemerval Zanella (2): Fix misreported errno on preadv2/pwritev2 (BZ#23579) x86: Fix Haswell CPU string flags (BZ#23709) Alexandra Hájková (1): Add an additional test to resolv/tst-resolv-network.c Andreas Schwab (1): libanl: properly cleanup if first helper thread creation failed (bug 22927) Florian Weimer (3): preadv2/pwritev2: Handle offset == -1 [BZ #22753] conform: XFAIL siginfo_t si_band test on sparc64 CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] Ilya Yu. Malakhov (1): signal: Use correct type for si_band in siginfo_t [BZ #23562] Martin Kuchta (1): pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538] Stefan Liebler (2): Fix segfault in maybe_script_execute. Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275] Szabolcs Nagy (1): i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* php: intl support needs dynamic libraryGravatar Fabrice Fontaine2018-12-031-2/+3
| | | | | | | | | | | | | | getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp and icu library so add a !BR2_STATIC_LIBS dependency to BR2_PACKAGE_PHP_EXT_INTL Fixes: - http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f108445a3dd791d961bc0063ab9ea8877081fe16) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-numpy: fix build with lapackGravatar Fabrice Fontaine2018-12-031-0/+2
| | | | | | | | | | | | | | | | | If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of python-numpy will fail if lapack is built before python-numpy because lapack does not provide blas library So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if BR2_PACKAGE_CLAPACK is not set Fixes: - http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 76815cd1e556816f885d817576d83df67f579612) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ghostscript: security bump to version 9.26Gravatar Peter Korsgaard2018-12-032-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. - CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. - CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. - CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. - CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. - CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. For more details, see the release notes: https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit e52b02677a2b207e89092bcd67a1c03450a26f66) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* freetype: bump version to 2.9.1Gravatar Peter Seiderer2018-12-032-5/+9
| | | | | | | | | | | | | | | | | | According to [1]: - fixes CVE-2018-6942: A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file - needs '--enable-freetype-config' for freetype-config installation [1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902 [Peter: also pass --enable-freetype-config for host variant] Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 750d43ae14e935f08ea3d39a5081306295d83bb2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/freetype: bump version to 2.9Gravatar Bernd Kuhls2018-12-033-7/+7
| | | | | | | | | | | | | Changelog: https://sourceforge.net/projects/freetype/files/freetype2/2.9/ Upstream changed its project URL to https in docs/FTL.TXT. We do the same in Config.in and update the license hash for docs/FTL.TXT. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 0d386f8847ef1849794237378b8d9a4740059d1d) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libopenssl: security bump to version 1.0.2qGravatar Peter Korsgaard2018-12-032-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: *) Microarchitecture timing vulnerability in ECC scalar multiplication OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. (CVE-2018-5407) [Billy Brumley] *) Timing vulnerability in DSA signature generation The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. (CVE-2018-0734) [Paul Dale] For more information, see the changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 3301b6e1b2e8b22f6caef58ce9289f1ada147f67) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* xfsprogs: Define PLATFORM to linuxGravatar Florian Fainelli2018-12-031-1/+1
| | | | | | | | | | | | | | | | | | | | PLATFORM is an environment variable used by xfsprogs' configure script to determine the platform for which the applications are being built. If we set some incorrect/unsupported value through e.g: export, this will be picked up by xfsprogs' configure script and used as-is and assigned to PKG_PLATFORM, which will lead to build failures. If PLATFORM was empty/unset, then uname on the host building xfsprogs gets used to determine the build platform, which again could be incorrect if we e.g: built xfsprogs on a Darwin system. Since we are obviously building for Linux, let's just make sure we define it that way which solves both issues. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 257a2118be2b0664e2b8dbda344a74443f70db86) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: security bump to version 4.8.7Gravatar Peter Korsgaard2018-12-032-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: - CVE-2018-14629: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. - CVE-2018-16841: When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. There is no further vulnerability associated with this issue, merely a denial of service. - CVE-2018-16851: During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. - CVE-2018-16853: A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory we clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. For more details, see the release notes: https://www.samba.org/samba/history/samba-4.8.7.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>