James Hilliard [Sat, 18 Sep 2021 22:46:53 +0000 (16:46 -0600)]
package/gstreamer1/gstd: new package
We need to backport a few upstream still-pending PRs, to fix
cross-compilation, out-of-tree installation, and to relax requirements
on some tools.
The python support PR is backported too, but because python support was
not tested, it is forcibly disabled.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log with explanations
- backport upstream 253 (python) too
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
James Hilliard [Sat, 11 Sep 2021 16:50:19 +0000 (10:50 -0600)]
package/swupdate: use $(SWUPDATE_PKGDIR) for pkgdir path
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Mon, 6 Sep 2021 21:39:38 +0000 (23:39 +0200)]
package/libfuse3: bump to version 3.10.5
Bump libfuse3 to version 3.10.5 and remove local patch that has been
upstreamed.
Release notes:
Various improvements to make unit tests more robust.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 12 Sep 2021 19:40:57 +0000 (21:40 +0200)]
package/libfuse: fix build with glibc >= 2.34
Fix the following build failure with glibc >= 2.34:
ulockmgr_server.c:127:12: error: conflicting types for 'closefrom'; have 'int(int)'
127 | static int closefrom(int minfd)
| ^~~~~~~~~
In file included from ulockmgr_server.c:14:
/home/buildroot/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/unistd.h:363:13: note: previous declaration of 'closefrom' with type 'void(int)'
363 | extern void closefrom (int __lowfd) __THROW;
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/
3769b18ca804fba3b5974af799972a7d889b39a6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Martin Elshuber [Mon, 13 Sep 2021 14:26:50 +0000 (16:26 +0200)]
package/strongswan: fix broken dependency relation
The AKA backend for 3GPP2 requires libgmp (see
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
when selecting a crypto backend different from
BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
selected as well. When doing so, make fails since the package is in the
dependency chain but not selected:
$ make
Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
make: *** [Makefile:23: _all] Error 2
To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Sun, 12 Sep 2021 23:20:56 +0000 (01:20 +0200)]
DEVELOPERS: add myself to trace-cmd package
Add myself to trace-cmd package.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Sun, 12 Sep 2021 23:20:55 +0000 (01:20 +0200)]
package/trace-cmd: bump to version 2.9.5
Update to version 2.9.5 and remove local patches that have been upstreamed.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Sun, 12 Sep 2021 23:08:56 +0000 (01:08 +0200)]
package/trace-cmd: fix build for Sparc64
Trace-cmd needs -fPIC for Sparc64 platform otherwise it fails on linking,
so add -fPIC to CFLAGS when building for such platform.
Fixes;
http://autobuild.buildroot.net/results/c59/
c596f6308b7f4d44d9ba009ed0c395396fc72f47/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Sat, 18 Sep 2021 20:34:37 +0000 (22:34 +0200)]
package/libxkbcommon: change homepage/download url to https
- change homepage url to https (and remove trailing slash)
- change download url to https
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Nosthoff [Mon, 13 Sep 2021 16:46:03 +0000 (18:46 +0200)]
package/grpc: bump version to 1.40
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 12 Sep 2021 20:07:06 +0000 (22:07 +0200)]
package/minicom: drop autoreconf
autoreconf (and so AM_ICONV) is not needed since commit
2df32e0d4437b422175089edf1917219656fccef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 12 Sep 2021 19:53:33 +0000 (21:53 +0200)]
package/dovecot: drop host-gettext
AM_ICONV is not needed since drop of autoreconf in commit
03fbb81b8bab7bad135b59267533be7688babe39
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 12 Sep 2021 16:48:19 +0000 (18:48 +0200)]
package/fio: bump to version 3.28
This will fix the following build failure with kernel >= 5.14 thanks to
https://github.com/axboe/fio/commit/
382975557e632efb506836bc1709789e615c9094:
In file included from crc/../os/os.h:39,
from crc/crc32c-arm64.c:2:
crc/../os/os-linux.h:17:10: fatal error: linux/raw.h: No such file or directory
17 | #include <linux/raw.h>
| ^~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/
d85c044263c76ff7ef0fe47921d893a472954da9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 18 Sep 2021 18:58:14 +0000 (20:58 +0200)]
package/libyang: security bump to version 1.0.240
Fixes the following security issues:
- CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225,
it doesn't check whether the value of retval->ext[r] is NULL. In some
cases, it can be NULL, which leads to the operation of
retval->ext[r]->flags that results in a crash.
- CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial
of service through function lyxml_parse_mem(). lyxml_parse_elem()
function will be called recursively, which will consume stack space and
lead to crash.
- CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it
doesn't check whether the value of revision is NULL. If revision is NULL,
the operation of strcmp(revision, ext_plugins[u].revision) will lead to a
crash.
- CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it
asserts that the value of node->module can't be NULL. But in some cases,
node->module can be null, which triggers a reachable assertion (CWE-617).
- CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it
doesn't check whether the value of retval->ext[r] is NULL. In some cases,
it can be NULL, which leads to the operation of retval->ext[r]->flags that
results in a crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 18 Sep 2021 18:01:36 +0000 (20:01 +0200)]
package/fetchmail: security bump to version 6.4.22
Fixes the following security issues:
- CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session
encryption in some circumstances, such as a certain situation with IMAP
and PREAUTH.
https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Update COPYING hash for a clarification of the license situation with
openssl 3.x (which is Apache 2.0 licensed):
https://gitlab.com/fetchmail/fetchmail/-/commit/
8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Tue, 14 Sep 2021 21:04:23 +0000 (23:04 +0200)]
package/libinput: bump version to 1.19.0
- add new optional wayland, wayland-protocoll and libx11 dependencies
in case the debug gui is enabled (libgtk3 available)
For details see [1], [2].
[1] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041971.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041977.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Tue, 14 Sep 2021 21:01:54 +0000 (23:01 +0200)]
package/libxkbcommon: bump version to 1.3.1
For details (since 1.1.0) see [1]
[1] https://lists.freedesktop.org/archives/wayland-devel/2021-April/041762.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-May/041816.html
[3] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041976.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Tue, 14 Sep 2021 21:00:36 +0000 (23:00 +0200)]
package/iwd: bump version to 1.17
- Changelog (since 1.14, from [1]):
ver 1.17:
Fix issue with sending additional and vendor IEs.
Fix issue with IE ordering for 802.11-2020 support.
Fix issue with frequency update on channel switch events.
Fix issue with drivers and handling of IF_OPER_UP setting.
ver 1.16:
Fix issue with writing provisioning files with a passphrase.
Add support for Authenticator & Supplicant RSN Extension elements.
Add support for handling Transition Disable info.
Add support for SAE Hash-to-Element feature.
ver 1.15:
Add support for FT-over-DS procedure with multiple BSS.
Add support for estimation of VHT RX data rate.
Add support for exporting Daemon information.
[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Tue, 14 Sep 2021 21:00:35 +0000 (23:00 +0200)]
package/openresolv: bump version to 3.12.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Tue, 14 Sep 2021 21:00:34 +0000 (23:00 +0200)]
package/ell: bump version to 0.43
- Changelog (since 0.41, from [1]):
ver 0.43:
Add support for DHCP Rapid Commit feature.
Add support for DHCP authoritative mode feature.
ver 0.42:
Add support for constant time security functions.
Add support for manipulating DHCP leases.
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Tue, 14 Sep 2021 17:53:51 +0000 (19:53 +0200)]
package/feh: bump version to 3.7.1
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Nosthoff [Tue, 14 Sep 2021 13:50:57 +0000 (15:50 +0200)]
package/botan: fix boost dependency
only build --with-boost when both required modules (filesystem and system) are
also selected.
Fixes:
http://autobuild.buildroot.net/results/
4fbf2a63f9ddfbc540ce7dabd10964b311477c06
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 14 Sep 2021 21:11:06 +0000 (23:11 +0200)]
package/apitrace: fix build with glibc >= 2.34
Fix the following build failure with glibc >= 2.34:
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: CMakeFiles/egltrace.dir/dlsym.cpp.o: in function `dlsym':
dlsym.cpp:(.text+0x34): undefined reference to `__libc_dlopen_mode'
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: dlsym.cpp:(.text+0x46): undefined reference to `__libc_dlsym'
Fixes:
- http://autobuild.buildroot.org/results/
ac5e5b1e30249ae0fb8b9179338b47c60c026bcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 14 Sep 2021 21:25:48 +0000 (23:25 +0200)]
package/pv: bump to version 1.6.20
- Drop patch (already in version)
- Update indentation in hash file (two spaces)
https://github.com/a-j-wood/pv/releases/tag/v1.6.19
https://github.com/a-j-wood/pv/releases/tag/v1.6.20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 18 Sep 2021 16:59:46 +0000 (18:59 +0200)]
package/erlang: ignore Windows specific CVE-2021-29221
CVE-2021-29221 is a Windows specific issue:
A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3. By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System. This can occur only under specific
conditions on Windows with unsafe filesystem permissions.
So ignore it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 18 Sep 2021 16:42:46 +0000 (18:42 +0200)]
package/botan: add upstream security fix for CVE-2021-40529
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 18 Sep 2021 16:11:30 +0000 (18:11 +0200)]
package/nodejs: security bump to version 12.22.6
Fixes the following security issues:
- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
insufficient relative path sanitization
- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:12 +0000 (23:04 +0200)]
package/gst1-interpipe: bump version to 1.1.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:11 +0000 (23:04 +0200)]
package/gst1-python: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:10 +0000 (23:04 +0200)]
package/gst-omx: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:09 +0000 (23:04 +0200)]
package/gstreamer1-editing-services: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:08 +0000 (23:04 +0200)]
package/gst1-rtsp-server: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:07 +0000 (23:04 +0200)]
package/gst1-vaapi: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:06 +0000 (23:04 +0200)]
package/gst1-libav: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:05 +0000 (23:04 +0200)]
package/gst1-devtools: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:04 +0000 (23:04 +0200)]
package/gst1-plugins-ugly: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:03 +0000 (23:04 +0200)]
package/gst1-plugins-bad: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:02 +0000 (23:04 +0200)]
package/gst1-plugins-good: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:01 +0000 (23:04 +0200)]
package/gst1-plugins-base: bump version to 1.18.5
- delete 0002-gstgl-Fix-build-when-Meson-0.58.0rc1.patch
(from upstream [1])
[1] https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/
90903917a8185e0f9add7af8153ae2fc9875fdcb
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Mon, 13 Sep 2021 21:04:00 +0000 (23:04 +0200)]
package/gstreamer1: bump version to 1.18.5
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
David Corbeil [Wed, 15 Sep 2021 00:10:28 +0000 (17:10 -0700)]
package/glmark2: bumped to latest version
Fixes a segfault happening on Raspberry Pi4 on the fourth test
Signed-off-by: David Corbeil <david.corbeil@dynonavionics.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Wed, 15 Sep 2021 19:16:03 +0000 (21:16 +0200)]
package/imlib2: bump version to 1.7.3
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Wed, 15 Sep 2021 19:15:37 +0000 (21:15 +0200)]
package/links: bump version to 2.24
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Wed, 15 Sep 2021 19:15:13 +0000 (21:15 +0200)]
package/libqmi: bump version to 1.30.2
Drop patch from this release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Wed, 15 Sep 2021 19:14:12 +0000 (21:14 +0200)]
package/bind: bump version to 9.11.35
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Wed, 15 Sep 2021 21:34:35 +0000 (23:34 +0200)]
package/wayland-protocols: bump version to 1.23
- convert to meson (as no configure script is provided, alternative
would be to enable autoreconf)
- disable tests
For details (since 1.21) see [1], [2].
[1] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041972.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041979.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 16 Sep 2021 16:48:21 +0000 (18:48 +0200)]
package/lxc: bump to version 4.0.10
https://discuss.linuxcontainers.org/t/lxc-4-0-10-has-been-released/11618
https://discuss.linuxcontainers.org/t/lxc-4-0-9-lts-has-been-released/10999
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 16 Sep 2021 16:49:25 +0000 (18:49 +0200)]
package/gerbera: bump to version 1.9.1
https://github.com/gerbera/gerbera/blob/v1.9.1/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 16 Sep 2021 16:50:40 +0000 (18:50 +0200)]
package/runc: bump to version 1.0.2
https://github.com/opencontainers/runc/releases/tag/v1.0.2
https://github.com/opencontainers/runc/releases/tag/v1.0.1
https://github.com/opencontainers/runc/releases/tag/v1.0.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Thu, 16 Sep 2021 20:46:06 +0000 (22:46 +0200)]
package/bison: bump version to 3.8.1
For details see [1] and [2].
[1] https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00006.html
[2] https://fossies.org/linux/bison/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 17 Sep 2021 17:00:31 +0000 (19:00 +0200)]
package/libxcrypt: bump to version 4.4.26
This bump contains a single change to fix the following build failure
with Microblaze raised since bump to version 4.4.25 in commit
a071bec0a0cd928443223132d47564c90bc64713:
lib/crypt-gensalt-static.c:33:1: error: symver is only supported on ELF platforms
33 | SYMVER_crypt_gensalt;
| ^~~~~~~~~~~~~~~~~~~~
Update hash of LICENSING due to new file being added with
https://github.com/besser82/libxcrypt/commit/
4ab5f672eb6fb43c9bd83060ef48f90decd4989c
https://github.com/besser82/libxcrypt/blob/v4.4.26/NEWS
Fixes:
- http://autobuild.buildroot.org/results/
4766bfce9813b7f321369ec45298d16cd6dc251a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adrian Perez de Castro [Fri, 17 Sep 2021 18:31:32 +0000 (21:31 +0300)]
package/seatd: bump to version 0.6.2
Update seatd to version 0.6.2, which makes the patches unnecessary (they
have all been integrated in 0.6.0) and fixes a number of bugs. Some
Meson build options have been renamed, so the build recipe is updated
accordingly, too.
Release notes:
https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.0
https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.1
https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.2
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 21:01:26 +0000 (23:01 +0200)]
package/containerd: security bump to version 1.4.9
- Fix CVE-2021-32760:
https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
- Update indentation in hash file (two spaces)
https://github.com/containerd/containerd/releases/tag/v1.4.9
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.4.7
https://github.com/containerd/containerd/releases/tag/v1.4.6
https://github.com/containerd/containerd/releases/tag/v1.4.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Thu, 16 Sep 2021 17:37:03 +0000 (19:37 +0200)]
package/libiio: fix compile without thread support
- fix compile without thread support (add configure option
'-DNO_THREADS=ON' as requested)
Fixes:
- http://autobuild.buildroot.net/results/
2cca5952e7d677cd0d5fa97aa1a7bf3e722df3a2
CMake Error at CMakeLists.txt:409 (message):
Unable to find pthread dependency.
If you want to disable multi-threading support, set NO_THREADS=ON.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:40 +0000 (22:56 +0200)]
package/libvirt: security bump to version 7.7.0
- storage: Unlock pool objects on ACL check failures in
storagePoolLookupByTargetPath (CVE-2021-3667)
A logic bug in storagePoolLookupByTargetPath where the storage pool
object was left locked after a failure of the ACL check could
potentially deprive legitimate users access to a storage pool object
by users who don't have access.
- svirt: fix MCS label generation (CVE-2021-3631)
A flaw in the way MCS labels were generated could result in a VM's
resource not being fully protected from access by another VM were
it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
- Disable Cloud-Hypervisor driver added by
https://gitlab.com/libvirt/libvirt/-/commit/
56fbabf1a1e272c6cc50adcb603996cf8e94ad08
- Update indentation in hash file (two spaces)
https://gitlab.com/libvirt/libvirt/-/blob/v7.7.0/NEWS.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:39 +0000 (22:56 +0200)]
package/libvirt: add libnl optional dependency
libnl is an optional dependency (which is enabled by default) since the
addition of the package in commit
ccfc90e1010e42e6529afae3a5ea8bf7226dabc1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:38 +0000 (22:56 +0200)]
package/libvirt: disable docs and tests
Disable docs and tests which are enabled since the addition of the
package in commit
ccfc90e1010e42e6529afae3a5ea8bf7226dabc1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Sat, 18 Sep 2021 00:50:27 +0000 (17:50 -0700)]
package/openjdk{-bin}: bump versions to 11.0.12+7 and 16.0.2+7
As the github repository has changed from github.com/AdoptOpenJDK/ to
github.com/adoptium, both versions are updated in the same patch.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Wed, 15 Sep 2021 21:13:57 +0000 (23:13 +0200)]
package/qt5location: fix musl compile (pthread_getname_np)
- pthread_getname_np not available with musl libc, add patch to disable
usage for musl (patch inspired/ported from [1])
Fixes:
- http://autobuild.buildroot.net/results/
ed372a4a8e50d9e20be589eeda40c92888d709bc
platform/default/thread.cpp: In function ‘std::string mbgl::platform::getCurrentThreadName()’:
platform/default/thread.cpp:14:5: error: ‘pthread_getname_np’ was not declared in this scope; did you mean ‘pthread_setname_np’?
14 | pthread_getname_np(pthread_self(), name, sizeof(name));
| ^~~~~~~~~~~~~~~~~~
| pthread_setname_np
[1] https://github.com/void-linux/void-packages/blob/
e64dd67f43c409d2b2db08214084e842d92ad620/srcpkgs/qt5/patches/0014-musl-set_thread_name_np.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add uClibc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hanspeter Portner [Fri, 17 Sep 2021 13:28:35 +0000 (15:28 +0200)]
board/freescale: add support for Image.gz to post-image
For the i.MX8 often an Image.gz is built. With these changes, if
BR2_LINUX_KERNEL_IMAGEGZ=y, the correct Image.gz file is now put into
the generated image instead of falling back to the non-existent zImage.
Signed-off-by: Hanspeter Portner <dev@open-music-kontrollers.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 19:48:19 +0000 (21:48 +0200)]
package/libkrb5: fix CVE-2021-37750
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 17 Sep 2021 22:19:34 +0000 (00:19 +0200)]
package/apache: security bump to version 2.4.49
Fix CVE-2021-33193: A crafted method sent through HTTP/2 will bypass
validation and be forwarded by mod_proxy, which can lead to request
splitting or cache poisoning. This issue affects Apache HTTP Server
2.4.17 to 2.4.48.
https://github.com/apache/httpd/blob/2.4.49/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bartosz Bilas [Fri, 17 Sep 2021 20:52:54 +0000 (22:52 +0200)]
boot/barebox: bump version to 2021.08.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Sat, 11 Sep 2021 08:20:47 +0000 (10:20 +0200)]
package/kodi: fix selection of dependencies
Commit
148e695e3756 (package/kodi: bump version to 19.0-Matrix) extended
the set of required libraries for various "platform" backends, by
selecting those libraries from the blind options. For example, we have:
config BR2_PACKAGE_KODI_PLATFORM_SUPPORTS_GBM
bool
default y
depends on [...]
select BR2_PACKAGE_LIBINPUT
[...]
However, that option is true as soon as the requirements are met (the
depends on), even when Kodi itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
libxbcommon, under two different conditions; we could make that a single
select, but the codition would need to be on two lines anyway, so meh...
This is not an ideal solution, because it is a bit ugly, but:
1) adding three new blind options just for the select is kinda extreme
and superfluous;
2) our Kodi packaging is already a bit ugly anyway.
Fixes: #14206
Reported-by: Thomas Ruschival <t.ruschival@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Kory Maincent [Tue, 14 Sep 2021 09:34:52 +0000 (11:34 +0200)]
fs/iso9660: switch from cdrkit to xorriso to build ISO9660 images
In order to add support for EFI-compatible ISO9660 images in future
patches, this commit switch the ISO9660 logic to use xorriso instead of
cdrkit. Indeed the genimageiso tool from cdrkit doesn't have the
--efi-boot option needed to generate an image compatible with EFI BIOS.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr: drop superfluous tool name from variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Kory Maincent [Tue, 14 Sep 2021 09:34:51 +0000 (11:34 +0200)]
package/xorriso: build host variant with zlib support
We will soon use xorriso in the ISO9660 image generation support, and
this requires having zlib support in host-xorriso.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Thu, 16 Sep 2021 20:36:38 +0000 (22:36 +0200)]
docs/website: update for 2021.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 15 Sep 2021 15:20:06 +0000 (17:20 +0200)]
Update for 2021.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
767a2da72fc1690fde33b665851f20492ba5cd75)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Sep 2021 20:28:43 +0000 (22:28 +0200)]
docs/website: update for 2021.05.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 15 Sep 2021 14:26:50 +0000 (16:26 +0200)]
Update for 2021.05.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
3466797cedb15097924bf207774d11a79d03a9ac)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Mon, 6 Sep 2021 15:26:14 +0000 (17:26 +0200)]
package/m4: bump to version 1.4.19
Remove upstream patches.
COPYING hash changed because the URLs were converted to https.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Perrad [Mon, 6 Sep 2021 15:25:40 +0000 (17:25 +0200)]
package/libressl: bump to version 3.3.4
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Perrad [Mon, 6 Sep 2021 15:25:25 +0000 (17:25 +0200)]
package/perl-type-tiny: bump to version 1.012004
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Perrad [Mon, 6 Sep 2021 15:25:24 +0000 (17:25 +0200)]
package/perl-libwww-perl: bump to version 6.56
License hash changed due to removal of EOL whitespace and spelling
fixes.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Perrad [Mon, 6 Sep 2021 15:25:23 +0000 (17:25 +0200)]
package/perl-io-socket-ssl: bump to version 2.072
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Mon, 13 Sep 2021 20:34:06 +0000 (22:34 +0200)]
package/polkit: drop dbus build dependency
Drop dbus build dependency to avoid the following build failure since
commit
1db13226394ff7e6f5e7ca643e275f35d6c633bb if systemd-polkit is
enabled:
package/dbus/dbus.mk:124: *** Recursive variable 'DBUS_FINAL_RECURSIVE_DEPENDENCIES' references itself (eventually). Stop.
Fixes:
- http://autobuild.buildroot.org/results/
0e038fae0f5fc2db3e85be05db4612e4f2395e35
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 15 Sep 2021 06:03:18 +0000 (08:03 +0200)]
package/libexif: fix build with gcc 4.8
Fix the following build failure with gcc 4.8 raised since bump to
version 0.6.23 in commit
e2f805097611b4828d2cba6168472aac6dedeafe:
exif-gps-ifd.c: In function 'exif_get_gps_tag_info':
exif-gps-ifd.c:62:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < sizeof(exif_gps_ifd_tags) / sizeof(ExifGPSIfdTagInfo); ++i) {
^
exif-gps-ifd.c:62:3: note: use option -std=c99 or -std=gnu99 to compile your code
Fixes:
- http://autobuild.buildroot.org/results/
7dd222e06d1e6611449fb8fe7516817c9ad43d65
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 14 Sep 2021 16:17:31 +0000 (18:17 +0200)]
package/x11r7/xapp_xeyes: add xlib_libXi mandatory dependency
Build fails since commit
c47ebe7aeb70015614ff1d477dc1a71e8c161425
because xlib_libXi is a mandatory dependency since version 1.2.0 and
https://gitlab.freedesktop.org/xorg/app/xeyes/-/commit/
420c2d8517246c9e422739cadb7acb29e35a3bed:
configure: error: Package requirements (xi >= 1.7 x11 xt xext xmu xproto >= 7.0.17) were not met:
Package 'xi', required by 'virtual:world', not found
Fixes:
- http://autobuild.buildroot.org/results/
896f45fb9eadcd235aeab096db479ee0aa5d0860
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: split multi-line dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 14 Sep 2021 16:17:30 +0000 (18:17 +0200)]
package/x11r7/xapp_xeyes: xrender is optional, not mandatory
xrender is optional, not mandatory since its addition in version 1.0.99:
https://gitlab.freedesktop.org/xorg/app/xeyes/-/commit/
5e825a140f4022b88dd7a1a20a9a01b653f1a95c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Heiko Thiery [Tue, 14 Sep 2021 19:27:42 +0000 (21:27 +0200)]
boot/uboot: fix hook to copy imx firmware files
Simplification has broken it. Fix it again.
Fixes: af99e7a5f3863049 ("boot/uboot: copy IMX firmware files to uboot package dir")
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 13 Sep 2021 21:09:28 +0000 (23:09 +0200)]
package/libmaxminddb: bump to version 1.6.0
https://github.com/maxmind/libmaxminddb/releases/tag/1.6.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 14 Sep 2021 05:40:37 +0000 (07:40 +0200)]
package/pcre: fix license hash
Commit
0e5a901d3141a3d7e477f0fb79e8f6a748f06449 forgot to update license
hash (updates in year and email)
Fixes:
- http://autobuild.buildroot.org/results/
045cd98a4067f1314deb66f52240d2db2000ec4d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 13 Sep 2021 20:58:19 +0000 (22:58 +0200)]
package/fdk-aac: bump to version 2.0.2
Update indentation in hash file (two spaces)
https://github.com/mstorsjo/fdk-aac/releases/tag/v2.0.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 13 Sep 2021 20:51:31 +0000 (22:51 +0200)]
package/python-pillow: security bump to version 8.3.2
- Fix CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Update indentation in hash file (two spaces)
https://github.com/python-pillow/Pillow/releases/tag/8.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 13 Sep 2021 20:44:24 +0000 (22:44 +0200)]
package/gd: security bump to version 2.3.3
- Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
the vendor's position is "The GD2 image format is a proprietary image
format of libgd. It has to be regarded as being obsolete, and should
only be used for development and testing purposes."
- Drop patch (already in version)
- Update hash of COPYING (duplicate merged and title added with
https://github.com/libgd/libgd/commit/
82d260950589563a1af9c56f4ce5fde843a695ae
https://github.com/libgd/libgd/commit/
6013c7bcf6eb795dba584f92d3824ebd3ae60202)
https://github.com/libgd/libgd/releases/tag/gd-2.3.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Thu, 9 Sep 2021 08:35:36 +0000 (10:35 +0200)]
package/pcre: bump to version 8.45
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Fri, 10 Sep 2021 06:22:54 +0000 (08:22 +0200)]
package/luaposix: bump to version 35.1
diff LICENSE:
-Copyright (C) 2006-2020 luaposix authors
+Copyright (C) 2006-2021 luaposix authors
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 10 Sep 2021 06:49:11 +0000 (08:49 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.1.8
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-September/000644.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Julien Olivain [Mon, 13 Sep 2021 18:44:17 +0000 (20:44 +0200)]
package/fluidsynth: bump to version 2.2.3
For change log since v2.2.2, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.3
./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 20:32:56 +0000 (22:32 +0200)]
package/libxcrypt: security bump to version 4.4.25
- Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
- Update hash of LICENSING due to files being updated with:
https://github.com/besser82/libxcrypt/commit/
44e9eb57b462cfbaeb085cea0e308511565f4a12
https://github.com/besser82/libxcrypt/commit/
578271c3776a442fa55ac5f5ea83c7dc83ede979
https://github.com/besser82/libxcrypt/blob/v4.4.25/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 20:20:56 +0000 (22:20 +0200)]
package/stress-ng: bump to version 0.13.1
This will fix the following build failure with glibc >= 2.34 thanks to
https://github.com/ColinIanKing/stress-ng/commit/
7c4f74761089177127c2cfe6685b7886aa231885
core-helper.c: In function 'stress_sighandler':
core-helper.c:1340:31: error: storage size of 'stack' isn't constant
1340 | static uint8_t MLOCKED_DATA stack[SIGSTKSZ + STACK_ALIGNMENT];
| ^~~~~
https://github.com/ColinIanKing/stress-ng/blob/V0.13.01/debian/changelog
Fixes:
- http://autobuild.buildroot.org/results/
3c2d624d1af776162978a6a72343bc04448d2885
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 19:48:15 +0000 (21:48 +0200)]
package/botan: bump to version 2.18.1
Drop patches (already in version)
https://github.com/randombit/botan/blob/2.18.1/news.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 18:47:24 +0000 (20:47 +0200)]
package/libssh2: bump to version 1.10.0
- Drop patches (already in version) and so autoreconf
- Update hash of COPYING due to updates in year and authors with
https://github.com/libssh2/libssh2/commit/
53ff2e6da450ac1801704b35b3360c9488161342
https://github.com/libssh2/libssh2/commit/
c998f79384116e9f6633cb69c2731c60d3a442bb
https://github.com/libssh2/libssh2/commit/
635caa90787220ac3773c1d5ba11f1236c22eae8
- Update indentation in hash file (two spaces)
https://www.libssh2.org/changes.html#1.10.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 18:34:53 +0000 (20:34 +0200)]
package/vim: security bump to version 8.2.3432
- Fix CVE-2021-3770: vim is vulnerable to Heap-based Buffer Overflow
- Update hash of README.txt due to changes not related to license:
https://github.com/vim/vim/commit/
f2a44e5c48b029666ded556e2ab052dfc1266d62
https://github.com/vim/vim/commit/
89a9c159f23fb7b3e24e6d09068adfc24a73afcb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 16:56:43 +0000 (18:56 +0200)]
package/libssh: security bump to version 0.9.6
Fix CVE-2021-3634: A flaw has been found in libssh in versions prior to
0.9.6. The SSH protocol keeps track of two shared secrets during the
lifetime of the session. One of them is called secret_hash and the other
session_id. Initially, both of them are the same, but after key
re-exchange, previous session_id is kept and used as an input to new
secret_hash. Historically, both of these buffers had shared length
variable, which worked as long as these buffers were same. But the key
re-exchange operation can also change the key exchange method, which can
be based on hash of different size, eventually creating "secret_hash" of
different size than the session_id has. This becomes an issue when the
session_id memory is zeroed or when it is used again during second key
re-exchange.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 12 Sep 2021 16:50:05 +0000 (18:50 +0200)]
package/libexif: security bump to version 0.6.23
- Drop patches (already in version)
- Fix some more denial of service (compute time or stack exhaustion)
counter-measures added that avoid minutes of decoding time with
malformed files found by OSS-Fuzz
https://github.com/libexif/libexif/releases/tag/v0.6.23
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Nosthoff [Mon, 13 Sep 2021 13:07:10 +0000 (15:07 +0200)]
package/protobuf: update github url
protobuf moved from the google org to protocolbuffers in 2018.
There is a redirect but we should use the official url.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 12 Sep 2021 12:22:52 +0000 (14:22 +0200)]
package/bluez5_utils: fix build
pause() is defined in glibc since the very early times; it appears in
upstream commit
28f540f45bba (initial import) in 1995 [0].
Bluez has been defining a function named pause() for ages too, since
comit
caab74c97542 (media: Implement new callbacks for pass-through
operations) in 2013 [1]
With the recent bump to glibc 2.34.xxx, the build now fails because the
two pause() clash:
profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
1284 | static bool pause(void *user_data)
| ^~~~~
In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
from profiles/audio/media.c:21:
/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
489 | extern int pause (void);
| ^~~~~
The culprit is indeed glibc 2.34, as can be seen in this result matrix:
\ bluez5_utils
glibc \ 5.60 | 5.61
-------\-------+--------
2.33 | OK | OK
-------+-------+--------
2.34 | KO | KO
Even though we first bumped to glibc 2.34, then to blues5_utils 5.61,
we did not notice build issues with bluez5_utils 5.60 because the two
bumps were too close to each other for the failure to trigger in the
autobuilders.
The underlying reason that pause() is now causing issues with glibc 2.34
is not obvious: glibc is a big beast, and finding such issues is not
easy. However, we can see that the pause() provided by NPTL has been
dropped in favour of the generic one, so maybe this is causing symbol
visibility or weakness to change or something...
We fix that by renaming the local pause() in bluez5_utils with a
namespace-prefix, like some other functions there already have.
Fixes:
- http://autobuild.buildroot.org/results/c4f/
c4fbface34be8815838fd7201621d7a8fddd32c5/
- http://autobuild.buildroot.org/results/62b/
62b88740f19fbe4a1ad7959dc141d539eb88c1f8/
[0] https://sourceware.org/git/?p=glibc.git;a=commit;h=
28f540f45bbacd939bfd07f213bcad2bf730b1bf
[1] https://github.com/bluez/bluez/commit/
caab74c97542a56b591f0b16b44ab6ba4b40f0f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log with the glibc culprit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Nosthoff [Sun, 12 Sep 2021 15:36:30 +0000 (17:36 +0200)]
package/boost: anotate patches
* add changelog and Signed-off-by to patches
* use correct name for patch 0002
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Jan Havran [Mon, 6 Sep 2021 15:21:34 +0000 (17:21 +0200)]
package/bluez-tools: bump to version
f65321736475429316f07ee94ec0deac8e46ec4a
Minor fixes:
- build with gcc 10 (drop patch)
- correct the signal handler registration bt-agent
Other changes:
- remove incorrectly handled error argument from device_* calls
- add UUID for SIMAccess
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>