This patch adds xradio wireless driver for SDIO WiFi chip XR819.
The out-of-tree driver is sourced from fifteenhex's work
on github https://github.com/fifteenhex/xradio
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: add entry in DEVELOPERS file.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Marcin Niestroj [Tue, 20 Jun 2017 15:16:31 +0000 (17:16 +0200)]
package/lua-flu: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: "depends on" before "select" in Config.in] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
Marcin Niestroj [Wed, 21 Jun 2017 07:03:53 +0000 (09:03 +0200)]
barebox: support multiple image files
Add support for specifying multiple image files in
BR2_TARGET_BAREBOX_IMAGE_FILE config option.
This is useful for boards with several RAM size variants.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: rename internal variable from $(1)_IMAGE_FILE to
$(1)_IMAGE_FILES.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Alexander Dahl [Wed, 21 Jun 2017 04:06:58 +0000 (06:06 +0200)]
iperf: fix tarball hashes changed upstream
Upstream uploaded a new tarball with the same version number 2016-09-08,
some time after the update to v2.0.9 in buildroot. Someone noticed, but
upstream set the ticket to wontfix, and promised to do better in the
future: https://sourceforge.net/p/iperf2/tickets/20/
Signed-off-by: Alexander Dahl <post@lespocky.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Tue, 20 Jun 2017 21:24:21 +0000 (23:24 +0200)]
c-ares: security bump to version 1.13.0
Fixes the following security issues:
CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.
https://c-ares.haxx.se/adv_20170620.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Tue, 20 Jun 2017 21:13:45 +0000 (23:13 +0200)]
apache: security bump to version 2.4.26
Fixes the following security issues:
CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.
CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.
CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
While we're at it, use the upstream sha256 checksum instead of sha1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Tue, 20 Jun 2017 20:55:34 +0000 (22:55 +0200)]
bind: security bump to version 9.11-P1
Fixes the following security issues:
CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.
CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.
Adam Duskett [Thu, 15 Jun 2017 12:13:12 +0000 (08:13 -0400)]
janus-gateway: add mqtt to transport section
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate paho-mqtt dependencies, use alphabetic ordering.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Thu, 15 Jun 2017 12:13:11 +0000 (08:13 -0400)]
janus-gateway: add rabbitmq to transports section
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate rabbitmq-c dependency, use alphabetic ordering.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Thu, 15 Jun 2017 12:13:09 +0000 (08:13 -0400)]
janus-gateway: add HTTP/REST to a new transport config section
janus-gateway supports many different transports, and currently there
is no implicit way to turn them off or on. Instead, if the dependency
happens to be built, then the transport is enabled.
Create a transports section in the config file and add
BR2_PACKAGE_JANUS_REST as the first transport.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate thread dependency.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Thu, 8 Jun 2017 21:05:08 +0000 (23:05 +0200)]
mtd: bump to version 2.0.0
This revision includes:
- Moving from a handwritten makefile to autotools.
- Restructuring and cleaning up the source tree.
- Fixing the problems that the patches in the package/mtd directory fixed.
Changes:
- Move from generic-package to autotools-package in mtd.mk.
- Remove no longer necessary patches.
- Update binary locations in mtd.mk
- Update library/header locations in mtd.mk
- Remove MTD_ADD_MISSING_LINTL definition from mtd.mk, as it's no longer
needed.
Tested with toolchains compiled with musl, uclibc, and glibc.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: additional improvements
- introduce hidden options BR2_PACKAGE_MTD_JFFS_UTILS,
BR2_PACKAGE_MTD_UBIFS_UTILS and BR2_PACKAGE_MTD_TESTS that match the
./configure options of mtd. Those hidden options select the
appropriate dependencies checked by the configure script, and are
selected by the existing per-tool Config.in options.
- .mk file is changed to handle properly the new hidden options
BR2_PACKAGE_MTD_JFFS_UTILS, BR2_PACKAGE_MTD_UBIFS_UTILS and
BR2_PACKAGE_MTD_TESTS.
- .mk file is changed to properly handle BR2_PACKAGE_ACL, by passing
--with-xattr/--without-xattr.
- remove HOST_MTD_BUILD_CMDS and HOST_MTD_INSTALL_CMDS, those are no
longer needed since we have an autotools-package now.
- MTD_STAGING_y and MTD_INSTALL_STAGING_CMDS are removed, we use the
default staging installation commands, that install everything that
is needed.
- the MTD_TARGETS_UBI_y variable is merged into MTD_TARGETS_y, as we no
longer need to distinguish both.
- integck installation logic is moved into MTD_TARGETS_y.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Mon, 5 Jun 2017 16:22:37 +0000 (18:22 +0200)]
package/x264: disable optional ffmpeg support
In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.
If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.
To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.
Baruch Siach [Fri, 16 Jun 2017 03:32:58 +0000 (06:32 +0300)]
lirc-tools: no need to check for clock_gettime
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Cc: Rhys Williams <github@wilberforce.co.nz> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Fri, 16 Jun 2017 03:32:48 +0000 (06:32 +0300)]
toolchain: remove CodeSourcery sh toolchain
Since glibc 2.17, executable link command need not include the -lrt option for
clock_* system calls. As a result, over time less and less software packages
bother to check whether to toolchain needs -lrt. We are now at a point where
maintainers refuse to add this complexity into their build system. This
requires Buildroot to carry patches fixing this issue indefinitely.
glibc 2.17 is now 4.5 years old. There is no reason to use an older version
with current software.
This commit removes the predefined profile for CodeSourcery sh toolchain that
is based on glibc 2.16. One may still use the custom external toolchain
support in Buildroot to get this toolchain back, and deal with any build
issues that this toolchain causes.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Fri, 16 Jun 2017 03:32:47 +0000 (06:32 +0300)]
toolchain: remove CodeSourcery x86 toolchain
Since glibc 2.17, executable link command need not include the -lrt option for
clock_* system calls. As a result, over time less and less software packages
bother to check whether to toolchain needs -lrt. We are now at a point where
maintainers refuse to add this complexity into their build system. This
requires Buildroot to carry patches fixing this issue indefinitely.
glibc 2.17 is now 4.5 years old. There is no reason to use an older version
with current software.
This commit removes the predefined profile for CodeSourcery x86 toolchain that
is based on glibc 2.16. One may still use the custom external toolchain
support in Buildroot to get this toolchain back, and deal with any build
issues that this toolchain causes.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libtirpc: Fix build error due to missing stdint.h inclusion
Add patch to fix following error:
| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
| if (len < (uintptr_t)xdrs->x_base) {
| ^~~~~~~~~
This error occurs with the latest glibc master version (during the testing I had
glibc commit 92bd70fb85bce57ac47ba5d8af008736832c955a), but doesn't occur with
version 2.25.
Patch includes stdint.h to provide uintptr_t.
It has been submitted upstream:
https://sourceforge.net/p/libtirpc/mailman/message/35850276/
Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
[Thomas: reformat as Git formatted patch.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Tue, 20 Jun 2017 11:49:52 +0000 (13:49 +0200)]
roseapplepi: backport upstream patches to fix build with gcc 6
The recent change to default to gcc 6 for the internal toolchain broke this
defconfig as the u-boot and linux kernel are too old to build with gcc 6.
Fit it by backporting the following commits:
- u-boot: 9b2c282b34 (compiler*.h: sync include/linux/compiler*.h with Linux 4.5-rc6)
- linux: cb984d101b (compiler-gcc: integrate the various compiler-gcc[345].h files)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Alexandre Esse [Tue, 20 Jun 2017 19:11:38 +0000 (21:11 +0200)]
v4l2loopback: new package
This package provides a kernel module and utilities in order to use
v4l2loopback virtual devices. This module allows you to create
"virtual video devices" normal (v4l2) applications will read these
devices as if they were ordinary video devices, but the video will not
be read from e.g. a capture card but instead it is generated by
another application.
Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Martin Bark [Tue, 20 Jun 2017 08:39:01 +0000 (09:39 +0100)]
package/nodejs: don't build cctest target
cctest is a test package that is built by default. We don't use of it
and recently it has been failing to build in the host-nodejs builds
so disable it.
ntp: enable/disable sntp support depending on BR2_PACKAGE_NTP_SNTP
We already have an option for selecting sntp support in ntp that can be
chosen from the menuconfig, and ntp's configure script has a --with-sntp
option (with its --without counterpart) which can be used for disabling
sntp support in ntp. However, we are not using it. This patch will make
use of it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Sun, 18 Jun 2017 21:35:02 +0000 (23:35 +0200)]
irssi: security bump to version 1.0.3
Fixes:
CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Koen Martens [Mon, 19 Jun 2017 16:55:06 +0000 (18:55 +0200)]
linuxconsoletools: new package
Linuxconsoletools contains the inputattach utility
to attach legacy serial devices to the Linux kernel
input layer and joystick utilities to calibrate and
test joysticks and joypads.
The buildroot package adds options to build only certain
tools.
website: http://sf.net/projects/linuxconsole/
Signed-off-by: Koen Martens <gmc@sonologic.nl>
[Thomas: minor tweaks to Config.in and .mk file.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
fcgiwrap's configure script appends -Werror to AM_CFLAGS, then use it
to build the package. This is an issue when Buildroot supports a new
compiler version and this version makes some warnings appear.
Luckily, one can provide CFLAGS=-Wno-error to the configure script so
it appends -Wno-error to AM_CFLAGS.
Thomas Petazzoni [Mon, 19 Jun 2017 07:26:12 +0000 (09:26 +0200)]
configs/qemu_sh4*: rename back the linux config file to linux-4.9.config
In commit 28d97609b25cb534a55b6cf6b1945428e817c54a ("configs/qemu:
bump to the latest kernel version") updated most qemu defconfigs to
use Linux 4.11. However, for the SH4 configurations, Linux 4.9 was
kept, because 4.11 apparently has an issue.
Unfortunately, while the defconfigs for SH4 were unchanged, the Linux
kernel configuration file was renamed from linux-4.9.config to
linux-4.11.config.
This commit renames the Linux configuration files back to their
previous name, linux-4.9.config, matching what the Qemu SH4 defconfigs
specify.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Chakra Divi [Sun, 18 Jun 2017 18:23:09 +0000 (23:53 +0530)]
board: move nanopi-neo under friendlyarm
As the vendor folder friendlyarm is created, move board nanopi-neo
also under vendor folder.
Signed-off-by: Chakra Divi <chakra@openedev.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Alexandre Esse [Fri, 16 Jun 2017 23:29:27 +0000 (01:29 +0200)]
kvazaar: new package
Kvazaar is an open-source HEVC encoder licensed under LGPLv2.1.
This provides tools to encode raw video into HEVC stream.
website: http://ultravideo.cs.tut.fi/
Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
[Thomas: add --without-cryptopp to explicitly disable support for this
optional dependency, use SPDX license code, fix Config.in] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Carlos Santos [Sat, 17 Jun 2017 18:43:06 +0000 (15:43 -0300)]
util-linux: bump to version 2.30
- Update the "basic set" description to include fincore, which is built
by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Remove patch already applied upstream.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Alexander Dahl [Sat, 17 Jun 2017 07:27:26 +0000 (09:27 +0200)]
dropwatch: bump to master and fix site
The tool was hosted at fedorahosted.org which was shut down in early
2017. According to a private conversation with the upstream maintainer,
the new home for this tool is on infradead.org so far. So the SITE was
adapted accordingly.
Additionally the version was bumped from 1.4 to current master. This
allows to drop one build patch. The other patches were recreated with
Git.
Cc: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Alexander Dahl <post@lespocky.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bernd Kuhls [Sat, 17 Jun 2017 07:19:57 +0000 (09:19 +0200)]
package/mesa3d: always pass --with-platforms
If --with-platforms is not used mesa3d defaults to x11:
https://cgit.freedesktop.org/mesa/mesa/tree/configure.ac?h=17.1#n1641
https://cgit.freedesktop.org/mesa/mesa/tree/configure.ac?h=17.1#n1659
This will break configure when x11 is not needed because the defconfig
has no mesa3d drivers enabled. To solve the problem we always pass
--with-platforms, even with empty values and also for non-egl builds.
Bernd Kuhls [Sat, 17 Jun 2017 07:19:56 +0000 (09:19 +0200)]
package/mesa3d: rename MESA3D_EGL_PLATFORMS to MESA3D_PLATFORMS
No code changes, this patch prepares for updates to platform handling
after upstream deprecated --with-egl-platforms in favour of
--with-platforms
https://cgit.freedesktop.org/mesa/mesa/commit/?h=17.1&id=7748c3f5eb1d98ca97d2cf6e516ff54a5d75130a
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Fri, 16 Jun 2017 21:24:04 +0000 (23:24 +0200)]
pandaboard_defconfig: bump u-boot to 2017.05 to fix build with gcc 6
The recent change to default to gcc 6 for the internal toolchain broke this
defconfig as the u-boot doesn't contain commit 9b2c282b34 (compiler*.h: sync
include/linux/compiler*.h with Linux 4.5-rc6) which was added during the
2016.03 cycle.
Fix the build by bumping u-boot to 2017.05.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 16 Jun 2017 14:41:43 +0000 (16:41 +0200)]
openblocks_a6_defconfig: bump to linux-4.11.5 to fix build with gcc 6
The recent change to default to gcc 6 for the internal toolchain broke this
defconfig, as the kernel doesn't contain commit cb984d101b (compiler-gcc:
integrate the various compiler-gcc[345].h files) which was added during the
4.2 cycle.
Fix the build by bumping the kernel to 4.11.5.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Luca Ceresoli [Wed, 14 Jun 2017 11:22:27 +0000 (13:22 +0200)]
arm-trusted-firmware: cleanup make target handling
ARM_TRUSTED_FIRMWARE_MAKE_TARGET is expanded, but it's never assigned
so it is always empty. On the other hand the make targets are defined
in ARM_TRUSTED_FIRMWARE_MAKE_OPTS, which should contain options, not
targets.
Clean it all up by moving the targets in the proper place, replacing
the useless $(ARM_TRUSTED_FIRMWARE_MAKE_TARGET).
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>