Fabrice Fontaine [Mon, 13 Jul 2020 12:59:52 +0000 (14:59 +0200)]
package/wireshark: security bump to version 3.2.5
Fix CVE-2020-15466: It may be possible to make Wireshark consume
excessive CPU resources by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.
https://www.wireshark.org/security/wnpa-sec-2020-09.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Titouan Christophe [Mon, 13 Jul 2020 14:51:10 +0000 (16:51 +0200)]
package/{avro-c, python-avro}: bump to version 1.10.0
Drop patches that have been released upstream.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 13 Jul 2020 13:11:25 +0000 (15:11 +0200)]
package/freerdp: security bump to version 2.1.2
- Fix CVE-2020-4030: In FreeRDP before version 2.1.2, there is an out of
bounds read in TrioParse. Logging might bypass string length checks
due to an integer overflow.
- Fix CVE-2020-4031: In FreeRDP before version 2.1.2, there is a
use-after-free in gdi_SelectObject. All FreeRDP clients using
compatibility mode with /relax-order-checks are affected.
- Fix CVE-2020-4032: In FreeRDP before version 2.1.2, there is an
integer casting vulnerability in update_recv_secondary_order. All
clients with +glyph-cache /relax-order-checks are affected.
- Fix CVE-2020-4033: In FreeRDP before version 2.1.2, there is an out of
bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions
with color depth < 32 are affected.
- Fix CVE-2020-11095: In FreeRDP before version 2.1.2, an out of bound
reads occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11096: In FreeRDP before version 2.1.2, there is a global
OOB read in update_read_cache_bitmap_v3_order. As a workaround, one
can disable bitmap cache with -bitmap-cache (default).
- Fix CVE-2020-11097: In FreeRDP before version 2.1.2, an out of bounds
read occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11098: In FreeRDP before version 2.1.2, there is an
out-of-bound read in glyph_cache_put. This affects all FreeRDP clients
with `+glyph-cache` option enabled.
- Fix CVE-2020-11099: In FreeRDP before version 2.1.2, there is an out
of bounds read in license_read_new_or_upgrade_license_packet. A
manipulated license packet can lead to out of bound reads to an
internal buffer.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 13 Jul 2020 16:08:19 +0000 (18:08 +0200)]
package/gssdp: bump to version 1.2.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 13 Jul 2020 16:08:20 +0000 (18:08 +0200)]
package/gupnp: security bump to version 1.2.3
It includes the following commits:
https://github.com/GNOME/gupnp/commit/
66a73e96f5a733a149803a985686a4e4e196f90b
https://github.com/GNOME/gupnp/commit/
f943904e2d7f21601337b90058faf74b49c02796
which mitigate CVE-2020-12695
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Owen Walpole [Thu, 2 Jul 2020 03:53:27 +0000 (22:53 -0500)]
package/parprouted: new package
parprouted is a daemon for transparent IP (Layer 3) proxy ARP
bridging. This is useful for creation of transparent firewalls
and bridging networks with different MAC protocols. Also,
unlike standard bridging, proxy ARP bridging allows to bridge
Ethernet networks behind wireless nodes without using WDS or
layer 2 bridging.
https://www.hazard.maks.net/parprouted
Signed-off-by: Owen Walpole <owen@walpole.dev>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 12 Jul 2020 21:35:43 +0000 (23:35 +0200)]
package/keepalived: bump to version 2.1.4
This will fix a build failure with kernel 4.15 thanks to:
https://github.com/acassen/keepalived/commit/
d47ae3b1c853adefb9680ba31cf05c037d844445
Fixes:
- http://autobuild.buildroot.org/results/
db7f149f63e9180b22460caa74850673362aa17c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 12 Jul 2020 21:32:05 +0000 (23:32 +0200)]
package/xvisor: needs host-dtc
host-dtc is a mandatory dependency since version 0.3.0 and
https://github.com/xvisor/xvisor/commit/
e31344c9b5835c8a12bfffb3a359f343b273fab5
Fixes:
- http://autobuild.buildroot.org/results/
3f49302e7d05d666a51db0cb51365620a63e3b40
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Grzegorz Blach [Tue, 30 Jun 2020 09:56:02 +0000 (11:56 +0200)]
package/pigpio: bump to version 77
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Eloi Bail [Thu, 2 Jul 2020 08:36:19 +0000 (10:36 +0200)]
package/gst1-plugins-bayer2rgb-neon: bump to 0.4
Bump gst1-plugins-bayer2rgb-neon to 0.4.
Signed-off-by: Eloi Bail <eloi.bail@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Tue, 30 Jun 2020 22:07:14 +0000 (00:07 +0200)]
package/nfs-utils: bump version to 2.5.1
Bump to version 2.5.1 and remove local already upstreamed patch.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Wed, 1 Jul 2020 04:42:12 +0000 (22:42 -0600)]
package/zlib-ng: bump to version
9609cb56a8f62868ccf264493bc9c3b4d5762fcf
We need to update the location to point to the current maintained
upstream repo as well since the existing one is unmaintained.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Wed, 1 Jul 2020 04:36:05 +0000 (22:36 -0600)]
package/redis: bump to version 6.0.5
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 1 Jul 2020 05:18:51 +0000 (07:18 +0200)]
package/libva-utils: bump version to 2.8.0
Release notes:
https://github.com/intel/libva-utils/blob/v2.8-branch/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 1 Jul 2020 05:18:50 +0000 (07:18 +0200)]
package/libva: bump version to 2.8.0
Release notes: https://github.com/intel/libva/blob/v2.8-branch/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yegor Yefremov [Thu, 2 Jul 2020 12:23:54 +0000 (14:23 +0200)]
package/ntp: bump to version 4.2.8p15
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Thu, 2 Jul 2020 16:05:00 +0000 (18:05 +0200)]
package/libnss: bump version to 3.54
Bump version to 3.54 and remove 0002[1] and 0003[2] local patches that
has been upstreamed.
Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.54_release_notes
[1]: https://hg.mozilla.org/projects/nss/rev/
e955ece90b050e9da67528f09648945156d2bcea
[2]: https://hg.mozilla.org/projects/nss/rev/
f46fca8ced7fca6aa6de60e3170b2a3b6b2df565
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Paul Cercueil [Sun, 12 Jul 2020 19:57:12 +0000 (21:57 +0200)]
package/sdl_image: disable dynamic loading of libraries
The thing with Buildroot, is that we know in advance what will be in the
root filesystem. Therefore, we don't need SDL_image to probe for the
presence of libpng, libjpeg, libtiff or libwebp and dynamically load
them; SDL_image can be linked to them directly at compilation time.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Paul Cercueil [Sun, 12 Jul 2020 19:57:11 +0000 (21:57 +0200)]
package/sdl_image: fix WebP dynamically loaded on host build
Just like with libjpeg and libpng, we don't want libwebp to be
dynamically loaded by SDL_image at runtime.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tian Yuanhao [Thu, 2 Jul 2020 05:30:21 +0000 (13:30 +0800)]
package/ttyd: bump to version 1.6.1
Removed patches applied upstream.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 2 Jul 2020 05:35:56 +0000 (07:35 +0200)]
package/samba4: bump version to 4.11.10
Changelog:
https://www.samba.org/samba/history/samba-4.11.10.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yegor Yefremov [Thu, 2 Jul 2020 05:25:47 +0000 (07:25 +0200)]
package/gensio: bump to version 2.1.1
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 2 Jul 2020 05:19:50 +0000 (07:19 +0200)]
package/libudfread: bump version to 1.1.0
Changelog:
https://code.videolan.org/videolan/libudfread/-/blob/master/ChangeLog
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Wed, 1 Jul 2020 20:42:52 +0000 (17:42 -0300)]
package/stella: bump version to 6.2.1
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Martin Kepplinger [Wed, 1 Jul 2020 10:50:41 +0000 (12:50 +0200)]
package/tslib: update to 1.22
The removed patches are of course part of this release and
https://github.com/libts/tslib/releases has a very short changelog.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Suniel Mahesh [Sat, 4 Jul 2020 20:16:45 +0000 (01:46 +0530)]
configs/rock_pi_4: new defconfig
Add initial support for RK3399 based rockpi-4 targets (model A, B, C)
with below features:
- Custom U-Boot 2020.07-rc4
https://github.com/amarula/u-boot-amarula.git
branch rock-pi
- Linux 5.4.46
- GPT partition layout is being used
- Default packages from buildroot
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Suniel Mahesh [Sat, 4 Jul 2020 20:16:44 +0000 (01:46 +0530)]
configs/rock_pi_n10: new defconfig
Add initial support for RK3399PRO SOM based rockpi-n10 target
with below features:
- Custom U-Boot 2020.07-rc4
https://github.com/amarula/u-boot-amarula.git
branch rock-pi
- Linux 5.7.2
- GPT partition layout is being used
- Default packages from buildroot
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 12 Jul 2020 16:13:34 +0000 (13:13 -0300)]
package/batctl: bump version to 2020.2
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sun, 12 Jul 2020 14:58:25 +0000 (16:58 +0200)]
package/bluez-alsa: add patch for fixing build failure with gcc 10
A fix is available upstream but does not apply on the used version by
buildroot.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Jul 2020 19:23:13 +0000 (21:23 +0200)]
support/scripts/pkg-stats: fix flake8 warning
This fixes the following flake8 warning:
support/scripts/pkg-stats:1005:9: E117 over-indented
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gregory CLEMENT [Fri, 10 Jul 2020 11:22:37 +0000 (13:22 +0200)]
support/script/pkg-stats: handle exception when version comparison fails
With python 3, when a package has a version number x-y-z instead of
x.y.z, then the version returned by LooseVersion can't be compared
which raises a TypeError exception:
Traceback (most recent call last):
File "./support/scripts/pkg-stats", line 1062, in <module>
__main__()
File "./support/scripts/pkg-stats", line 1051, in __main__
check_package_cves(args.nvd_path, {p.name: p for p in packages})
File "./support/scripts/pkg-stats", line 613, in check_package_cves
if pkg_name in packages and cve.affects(packages[pkg_name]):
File "./support/scripts/pkg-stats", line 386, in affects
return pkg_version <= cve_affected_version
File "/usr/lib64/python3.8/distutils/version.py", line 58, in __le__
c = self._cmp(other)
File "/usr/lib64/python3.8/distutils/version.py", line 337, in _cmp
if self.version < other.version:
TypeError: '<' not supported between instances of 'str' and 'int'
This patch handles this exception by adding a new return value when
the comparison can't be done. The code is adjusted to take of this
change. For now, a return value of CVE_UNKNOWN is handled the same way
as a CVE_DOESNT_AFFECT return value, but this can be improved later
on.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ramon Fried [Mon, 6 Jul 2020 09:37:43 +0000 (12:37 +0300)]
package/bitwise: new package
Bitwise is multi base interactive calculator supporting dynamic base
conversion and bit manipulation. It's a handy tool for low level
hackers, kernel developers and device drivers developers.
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Paul Cercueil [Thu, 2 Jul 2020 15:25:47 +0000 (17:25 +0200)]
package/sdl_mixer: add MIDI support using Timidity
Add MIDI playback support using SDL_mixer' built-in Timidity synth.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Paul Cercueil [Thu, 2 Jul 2020 15:25:46 +0000 (17:25 +0200)]
pakcage/sdl_mixer: add optional dependency on FluidSynth for MIDI
Add support for MIDI playback using FluidSynth.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kamel Bouhara [Mon, 6 Jul 2020 15:30:40 +0000 (17:30 +0200)]
package/libodb-boost: new package
This package contains the Boost ODB profile library. The Boost profile
provides support for persisting Boost smart pointers, containers, and
value types with the ODB system.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kamel Bouhara [Mon, 6 Jul 2020 15:30:39 +0000 (17:30 +0200)]
package/libodb-mysql: new package
This package contains the MySQL ODB runtime library. Every application
that includes code generated for the MySQL database will need to link
to this library.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 6 Jul 2020 15:30:38 +0000 (17:30 +0200)]
package/libodb-pgsql: new package
This package contains the PostgreSQL ODB runtime library.
Every application that includes code generated for the PostgreSQL
database will need to link to this library.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel: Fix incorrect license, remove unneeded dependency on host-odb]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 6 Jul 2020 15:30:37 +0000 (17:30 +0200)]
package/libodb: new package
This package contains the common ODB runtime library. Every application
that includes code generated by the ODB compiler will need to link to this
library.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel:
- Fix incorrect license
- Remove unneeded dependency on host-odb]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 6 Jul 2020 15:30:36 +0000 (17:30 +0200)]
package/odb: new package
ODB is an open-source, cross-platform, and cross-database
object-relational mapping (ORM) system for C++. It allows you to
persist C++ objects to a relational database without having to deal
with tables, columns, or SQL and without manually writing any mapping
code.
ODB supports MySQL, SQLite, PostgreSQL, Oracle, and Microsoft SQL
Server relational databases as well as C++98/03 and C++11 language
standards. It also comes with optional profiles for Boost and Qt
which allow you to seamlessly use value types, containers, and smart
pointers from these libraries in your persistent C++ classes.
This package is used for auto-generating ODB specific header files
into useable code that can be linked against a seperate libodb and a
specific libodb database library. As such, it is only needed as a
host program and is not user selectable.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel: Fix incorrect odb license]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[Thomas: add patch fixing gcc10 build, add references to upstream
commits]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Kamel Bouhara [Mon, 6 Jul 2020 15:30:35 +0000 (17:30 +0200)]
support/dependencies: add BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
Some packages requires support on the build machine to create gcc
plugins. This commit adds a blind option,
BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT, which such packages can
select. When this option is enabled, the logic in support/dependencies
verifies that everything needed on the build machine to build gcc
plugins is available.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 6 Jul 2020 15:30:34 +0000 (17:30 +0200)]
package/libcutl: new package
libcutl is distributed in source code and includes the standard autotools
build system as well as the VC++ project files. It is a dependency for odb.
Because ODB is a host-only package, and no other package depends on libcutl,
this package will also be a host-only package.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maeva Manuel [Fri, 10 Jul 2020 08:16:54 +0000 (10:16 +0200)]
package/freescale-imx/firmware-imx: bump version to 8.8
This version is aligned with 5.4.24_2.1.0 NXP Linux BSP.
License was updated from:
LA_OPT_NXP_Software_License v10 December 2019
to:
LA_OPT_NXP_Software_License v11 February 2020
which explains the change of EULA/COPYING license files.
Tested-by: Julien Olivain <julien.olivain@oss.nxp.com>
[Julien: tested on i.MX8M Mini EVK Rev A with LPDDR4]
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
[Stephane: tested on i.MX8MQ and i.MX8MN]
Tested-by : Maeva Manuel <maeva.manuel@oss.nxp.com>
[Maeva: tested on i.MX8QM MEK rev B0 and i.MX8QXP MEK rev B0]
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maeva Manuel [Fri, 10 Jul 2020 08:16:55 +0000 (10:16 +0200)]
package/freescale-imx/imx-seco: bump version to 3.6.3
This version is aligned with 5.4.24_2.1.0 NXP Linux BSP.
Firmware file names now include the SoC revision.
In order not to break the compatibility with the imx-seco 2.3.1
package, it remains B0 support for i.MX8QXP MEK. C0 support should
introduce a Kconfig option and this will be done in a future patch.
License was updated from:
LA_OPT_NXP_Software_License v10 December 2019
to:
LA_OPT_NXP_Software_License v11 February 2020
which explains the change of EULA/COPYING license files.
Tested-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
[Maeva: tested on i.MX8QXP MEK (Board rev D1, SoC rev B0)
and on i.MX8QM MEK (SoC rev B0)]
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Fri, 10 Jul 2020 12:11:26 +0000 (14:11 +0200)]
configs/freescale_imx8mnevk: bump BSP components to 5.4.24_2.1.0
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 12 Jul 2020 07:12:00 +0000 (09:12 +0200)]
package/kodi-pvr-mythtv: bump version to 5.10.18-Leia
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sun, 12 Jul 2020 06:54:07 +0000 (08:54 +0200)]
package/moarvm: bump to version 2020.06
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 20 Jun 2020 20:28:33 +0000 (22:28 +0200)]
package/tinydtls: fix build on big endian
Fixes:
- http://autobuild.buildroot.org/results/
e8704e02fdede7b63e22da552292977b23380b32
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 12 Jul 2020 08:16:47 +0000 (10:16 +0200)]
Config.in.legacy: drop legacy handling for BR2_PACKAGE_FIRMWARE_DDRFW_* options
These options were only added in commit
6bb7f3b81092e7005470c7d689a566dbc1d059c6, which was made after the
2020.05 release. So they are not part of any release at this point,
which makes legacy handling unnecessary.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 5 Jul 2020 16:52:42 +0000 (13:52 -0300)]
package/agentpp: bump version to 4.3.1
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 5 Jul 2020 16:52:41 +0000 (13:52 -0300)]
package/snmppp: bump version to 3.4.1
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Sun, 5 Jul 2020 21:54:35 +0000 (15:54 -0600)]
package/python-greenlet: bump to version 0.4.16
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Sun, 5 Jul 2020 21:42:30 +0000 (15:42 -0600)]
package/python-aioconsole: bump to version 0.2.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 5 Jul 2020 18:36:59 +0000 (15:36 -0300)]
package/check: bump version to 0.15.0
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lyle Franklin [Sun, 5 Jul 2020 18:28:45 +0000 (14:28 -0400)]
package/jq: bump version to
a17dd32
Bump jq package to latest to fix seg fault errors reported at
https://github.com/stedolan/jq/issues/2003
Signed-off-by: Lyle Franklin <lylejfranklin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 5 Jul 2020 18:27:53 +0000 (15:27 -0300)]
package/ccid: bump version to 1.4.33
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 11 Jul 2020 13:58:43 +0000 (15:58 +0200)]
package/vsftpd: add systemd unit
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 11 Jul 2020 18:40:08 +0000 (20:40 +0200)]
package/ffmpeg: bump version to 4.3.1
Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;h=
be7588bbbf6d0568282a057e858d9aa694388e85;hb=refs/heads/release/4.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sat, 11 Jul 2020 18:15:38 +0000 (20:15 +0200)]
package/aumix: add debian patch for fixing build with gcc 10
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 11 Jul 2020 18:12:44 +0000 (20:12 +0200)]
package/tor: bump version to 0.4.3.6
Release notes for 0.4.3.5: https://blog.torproject.org/node/1872
"Tor 0.4.3.5 is the first stable release in the 0.4.3.x series."
Release notes for 0.4.3.6: https://blog.torproject.org/node/1900
The fix for CVE-2020-15572 "Fix a crash due to an out-of-bound memory
access when Tor is compiled with NSS support" does not affect buildroot
because we do not support building tor with libnss.
Rebased patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 11 Jul 2020 18:00:29 +0000 (20:00 +0200)]
package/libcec: bump version to 4.0.7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Fri, 10 Jul 2020 12:00:45 +0000 (14:00 +0200)]
package/freescale-imx/firmware-imx: clarify installation of firmware files
The newly introduced BR2_PACKAGE_FIRMWARE_IMX_NEEDS_xxx symbols are
used in lieu of the SoC type when installing images or binaries on
target.
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Fri, 10 Jul 2020 12:00:44 +0000 (14:00 +0200)]
package/freescale-imx/firmware-imx: add options for all i.MX FW needs
Some SoCs need a HDMI FW for their bootloader, some other require
EPDC, SDMA and/or VPU.
Instead of trying to "guess" what firmware images need to be installed
in firmware-imx.mk, let the Config framework do the job and allow each
SoC to pick what firmware they need.
Note that this patch should also help introducing an eventual DP FW,
as Gary mentioned in a separate thread [1].
[1] http://lists.busybox.net/pipermail/buildroot/2020-May/283181.html
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Fri, 10 Jul 2020 12:00:42 +0000 (14:00 +0200)]
package/freescale-imx: move DDR FW choice down to firmware-imx package
The DDR FW along with all other FW code that need to be used in
bootloader or installed on target are related to the firmware-imx
package.
This patch does this job as well as fixing the conjugation of NEED*s*
in the symbol name. Also take advantage of this patch to make the DDR
FW dependant on BR2_PACKAGE_FIRMWARE_IMX.
In addition, the BR2_PACKAGE_FIRMWARE_DDRFW_* option was incorrect, as
there is no package matching this name. So we rename them to
BR2_PACKAGE_FIRMWARE_IMX_*, and add the appropriate Config.in.legacy
handling.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Fri, 10 Jul 2020 12:00:43 +0000 (14:00 +0200)]
package/freescale-imx/firmware-imx: fix sdma/vpu firmware install path
In a patch set that did not get in for other reasons, Sebastien proposed
to fix the install path directory of the sdma and vpu firmware code [1]:
"Mainline and NXP kernels expect the sdma firmware to be in
/lib/firmware/imx/sdma so fix the install path [...]"
By looking at the code, I believe this is correct even though I have no
means to test it.
[1] http://lists.busybox.net/pipermail/buildroot/2020-June/284875.html
Suggested-by: Sébastien Szymanski <sebastien.szymanski at armadeus.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maeva Manuel [Mon, 6 Jul 2020 09:10:45 +0000 (11:10 +0200)]
configs/freescale_imx8qxpmek: bump BSP components to version 5.4.24_2.1.0
Tested-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maeva Manuel [Mon, 6 Jul 2020 09:10:44 +0000 (11:10 +0200)]
configs/freescale_imx8qmmek: bump BSP components to version 5.4.24_2.1.0
Tested-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Fri, 10 Jul 2020 11:52:48 +0000 (14:52 +0300)]
package/webkitgtk: security bump to version 2.28.3
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html
A detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Fri, 10 Jul 2020 11:47:30 +0000 (14:47 +0300)]
package/wpewebkit: security bump to version 2.28.3
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.28.3.html
A detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 10 Jul 2020 14:53:16 +0000 (16:53 +0200)]
package/php: bump version to 7.4.8
Quoting https://www.php.net/
"For windows users running an official build, this release contains a
patched version of libcurl addressing CVE-2020-8159.
For all other consumers of PHP, this is a bug fix release."
Changelog: https://www.php.net/ChangeLog-7.php#7.4.8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:51 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable VIRTIO_FS driver
virtio-fs allow sharing a directory between the host and the guest.
It require virtiofsd daemon running before starting Qemu.
The wiki [1] recommand to enable the following kernel options:
CONFIG_VIRTIO
CONFIG_VIRTIO_FS
CONFIG_DAX
CONFIG_FS_DAX
CONFIG_DAX_DRIVER
CONFIG_ZONE_DEVICE
But virtio-fs works fine with only VIRTIO_FS.
Note: ZONE_DEVICE can only be enabled on aarch64 since kernel >= 5.7.
ARCH_ENABLE_MEMORY_HOTREMOVE support is missing for previous kernel [2].
[1] https://virtio-fs.gitlab.io/howto-qemu.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=
bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:50 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable TPM tis support
Qemu aarch64 virt machine support TPM using a swtmp [1] TPM emulator
provided on the qemu command line [2].
[1] https://github.com/stefanberger/swtpm/wiki
[2] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=
c294ac327ca99342b90bd3a83d2cef9b447afaa7
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:49 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable ARM_SMMU_V3
>From [1]:
Support for implementations of the ARM System MMU architecture
version 3 providing translation support to a PCIe root complex.
ARM SMMU is supported since Qemu v3.0.0 [2].
ARM_SMMU_V3 can be enabled with: -M virt,iommu=smmuv3
dmesg:
arm-smmu-v3
9050000.smmuv3: ias 44-bit, oas 44-bit (features 0x00000305)
arm-smmu-v3
9050000.smmuv3: allocated 262144 entries for cmdq
arm-smmu-v3
9050000.smmuv3: allocated 131072 entries for evtq
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/iommu/Kconfig?h=v5.4.42#n390
[2] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=
527773eeef9f2225370f9c17c35074b2ed0ced92
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:48 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable QEMU firmware configuration (fw_cfg)
>From [1]:
This kernel option allow exporting of the QEMU firmware configuration (fw_cfg)
file entries via sysfs. Entries are found under /sys/firmware/fw_cfg when this
option is enabled and loaded.
Enable the suboption to allow the qemu_fw_cfg device to be initialized via the
kernel command line or using a module parameter.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/firmware/Kconfig?h=v5.4.42#n187
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:47 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable VIRTIO_GPU driver
This driver is intended to be used by mesa virgl Gallium on the guest.
virtio-gpu is enabled by adding "-device virtio-gpu-pci" on the qemu
command line.
It's detected by lspci and dmesg log:
$ lspci
00:01.0 Display controller: Red Hat, Inc. Virtio GPU (rev 01)
$ dmesg
virtio-pci 0000:00:01.0: enabling device (0000 -> 0002)
[drm] pci: virtio-gpu-pci detected at 0000:00:01.0
[drm] virgl 3d acceleration not supported by host
[drm] EDID support available.
[TTM] Zone kernel: Available graphics memory: 51876 KiB
[TTM] Initializing pool allocator
[TTM] Initializing DMA pool allocator
[drm] number of scanouts: 1
[drm] number of cap sets: 0
[drm] Initialized virtio_gpu 0.1.0 0 for virtio2 on minor 0
The framebuffer interface fb0 is now present in /dev
$ ls /dev/fb*
/dev/fb0
See:
https://www.kraxel.org/blog/2019/09/display-devices-in-qemu/
https://at.projects.genivi.org/wiki/display/WIK4/GENIVI+Technical+Summit+Session+Content+2018?preview=%
2F28412356%
2F28412481%2F2018-10-11_GeniviBangalorTechSummit_Virtio_GPU.pdf
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:46 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: enable PCIe and PCI host generic driver
Add the CONFIG_PCI symbol due a change in kernel 5.0 [1].
The option was previously enabled by default (default y).
"PCI: consolidate PCI config entry in drivers/pci
There is no good reason to duplicate the PCI menu in every architecture.
Instead provide a selectable HAVE_PCI symbol that indicates availability
of PCI support, and a FORCE_PCI symbol to for PCI on and the handle the
rest in drivers/pci."
Qemu aarch64 provide a PCIe Host bridge but it require CONFIG_PCI_HOST_GENERIC
enabled in the kernel.
With CONFIG_PCI_HOST_GENERIC enabled PCIe host bridge is detected:
$ dmesg
pci-host-generic
4010000000.pcie: host bridge /pcie@
10000000 ranges:
pci-host-generic
4010000000.pcie: IO 0x3eff0000..0x3effffff -> 0x00000000
pci-host-generic
4010000000.pcie: MEM 0x10000000..0x3efeffff -> 0x10000000
pci-host-generic
4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000
pci-host-generic
4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff]
pci-host-generic
4010000000.pcie: PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [bus 00-ff]
pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff]
pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff]
pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000
$ lspci
00:00.0 Host bridge: Red Hat, Inc. QEMU PCIe Host bridge
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=
eb01d42a77785ff96b6e66a2a2e7027fc6d78e4a
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:45 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: add RTC PL031 driver
Qemu for the aarch64 virt emulate an RTC PL031 device.
Enable the kernel support to allow setting the system time.
"date" now return the current time:
Sun Jul 5 20:38:50 UTC 2020
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Mon, 6 Jul 2020 23:41:44 +0000 (01:41 +0200)]
board/qemu/aarch64-virt/linux.config: regenerate after kernel version bump
Regenerate the with savedefconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Tue, 7 Jul 2020 23:35:23 +0000 (20:35 -0300)]
package/cutelyst: bump version to 2.11.0
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Tue, 7 Jul 2020 21:34:08 +0000 (23:34 +0200)]
package/libnspr: bump version to 4.26
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 10 Jul 2020 05:15:21 +0000 (07:15 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 20.1.3
Renumbered patches, rebased patch 0003.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Thu, 9 Jul 2020 23:37:40 +0000 (20:37 -0300)]
package/babeld: bump version to 1.9.2
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Thu, 9 Jul 2020 22:38:11 +0000 (19:38 -0300)]
package/dhcpcd: bump version to 9.1.4
Also separate the fields in the hash file by two spaces and change the
hash of the license file (copyright message changed from 2019 to 2020).
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sam Voss [Thu, 9 Jul 2020 21:57:59 +0000 (16:57 -0500)]
package/sqlite: security bump to version 3.32.3
Fixes the following CVEs:
- CVE-2019-19923 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service condition because of a NULL
pointer dereferencing while handling `SELECT DISTINCT`statements.
- CVE-2019-19924 (Fixed in 3.31.0)
The SQLite mishandles certain SQL commands due to improper error
handling by ` sqlite3WindowRewrite() ` function.
- CVE-2020-13435 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of query rewriting. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-13632 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper pointer
management in the FTS3 virtual table module. An attacker could exploit
this vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13434 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of floating-point operations. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13871 (Fixed in 3.32.3)
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
- CVE-2020-13630 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to a use after free
issue in the FTS3 virtual table module. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-15358 (Fixed in 3.32.3)
SQLite is vulnerable to a heap-based buffer overflow flaw in part of an
optimization feature. An attacker able to issue specially crafted
queries could cause the application to crash, resulting in a
denial-of-service (DoS).
- CVE-2020-9327 (Fixed in 3.32.0)
SQLite is vulnerable to a Null pointer dereference flaw. A remote
attacker able to issue specially crafted SQL statements may be able to
cause a segmentation fault and application crash, resulting in a
denial-of-service (DoS).
- CVE-2019-19645 (Fixed in 3.31.0)
It was discovered that SQLite contains an denial-of-service (DoS)
vulnerability. An attacker could exploit this to trigger an infinite
recursion resulting in excessive resource consumption leading to a DoS
condition.
- CVE-2019-19926 (Fixed in 3.31.0)
The SQLite allows denial-of-service attack due to improper input
validation of user-supplied input.
- CVE-2020-11655 (Fixed in 3.32.0)
SQLite contains a memory corruption vulnerability. Successfully
exploiting this issue may allow attackers to cause a denial-of-service
(DoS). This allows an attacker to cause SQLite to crash by issuing a
crafted SQL query to the database.
- CVE-2019-19925 (Fixed in 3.31.0)
The INSERT statement fails when the zip file path is `NULL`.
- CVE-2019-19242 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying a maliciously crafted query to
cause an application crash.
- CVE-2019-19244 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service. An attacker could exploit
this vulnerability by providing a crafted SELECT statement to the SQL
server, resulting in an application crash.
- CVE-2020-13631 (Fixed in 3.32.0)
SQLite is vulnerable to data manipulation due to improper management of
virtual tables. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-11656 (Fixed in 3.32.0)
SQLite contains a Use-After-Free vulnerability. Successfully exploiting
this issue may allow attackers to cause a denial-of-service (DoS). This
allows an attacker to cause SQLite to crash by issuing a crafted SQL
query to the database.
- CVE-2019-19880 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of memory resources. A remote attacker could cause a victim's instance
of the application to crash by submitting crafted request that will lead
to the application parsing problematic integer values.
- CVE-2019-20218 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper
exception handling which could lead to unwinding of the `WITH` stack
following parsing errors. An attacker could exploit this vulnerability
by supplying a system with maliciously crafted input.
- CVE-2019-19603 (Fixed in 3.31.0)
It was discovered that SQLite contains a denial-of-service (DoS)
vulnerability. An authenticated attacker could exploit this
vulnerability by creating tables with the same name as shadow table
names.
- CVE-2019-19959 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of system memory resources. A remote attacker could cause a victim's
instance of the application to crash by causing it to process a SQL
statement that references a maliciously crafted file name.
- CVE-2019-19646 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying malicious SQL in order to crash
the application.
- CVE-2019-19317 (Fixed in 3.31.0)
SQLite contains a denial-of-service (DoS) vulnerability due to incorrect
logic in name lookups. An attacker could exploit this to cause a
application crash.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
CC: Peter Korsgard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Thu, 9 Jul 2020 20:12:35 +0000 (22:12 +0200)]
package/luaossl: bump to version
20200709
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 10 Jul 2020 06:21:02 +0000 (08:21 +0200)]
package/libcec: downgrade to version 4.0.5
According to
https://github.com/Pulse-Eight/libcec/releases/tag/libcec-5.0.0
version 5.0.0 is "not compatible with Kodi 18.x. Please use libCEC
4.0.5 instead."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Thu, 9 Jul 2020 06:06:50 +0000 (09:06 +0300)]
package/libcurl: fix no-proxy build with bearssl and nss
Add two patches fixing build against BearSSL and NSS TLS implementations
when BR2_PACKAGE_LIBCURL_PROXY_SUPPORT is disabled.
Fixes:
http://autobuild.buildroot.net/results/
4d37d9163bfece536974f15f16b2ebfc5fabc539/
http://autobuild.buildroot.net/results/
387e8baa13d0f07ed4dfd5b6ee3b933d4843c0e8/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sergio Prado [Tue, 7 Jul 2020 21:19:47 +0000 (18:19 -0300)]
package/dvb-apps: add hash file
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stefan Sørensen [Tue, 23 Jun 2020 10:15:33 +0000 (12:15 +0200)]
package/gnutls: fix build with uClibc
Since v3.6.14 gnutls wants to use the 'e' flag with fopen to set the
O_CLOEXEC flags. Since this is a glibc extension, it will trigger a
gnulib override of fopen on non-glibc systems, but that override
breaks the uClibc stdio.h header.
Fixes:
http://autobuild.buildroot.org/results/02f/
02f2b524add307c8f7cc1af1ed0783bb1baf029a
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Mon, 6 Jul 2020 01:09:52 +0000 (19:09 -0600)]
package/libcamera: fix install staging typo
This won't enable install to staging unless capitalized.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Kamel Bouhara [Mon, 6 Jul 2020 15:34:06 +0000 (17:34 +0200)]
package/zip: install to staging
Install header files and libraries into the staging area.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
James Hilliard [Tue, 7 Jul 2020 20:04:31 +0000 (14:04 -0600)]
package/python-greenlet: enable build for x86_64
Commit
30f1decec2c (package/python-greenlet: enable only on supported
architectures) forgot to allow x86_64.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: split off the x86_64 support to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
James Hilliard [Tue, 7 Jul 2020 20:04:31 +0000 (14:04 -0600)]
package/python-greenlet: really enable for i386
Commit
30f1decec2c (package/python-greenlet: enable only on supported
architectures) mis-typed the architecture name fox 286-32: BR2_x86
doesn't exist in buildroot; it is BR2_i386.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- just do the s/x86/i386/ fix for easy backport
- x86_64 split off to its own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Pierre-Jean Texier [Mon, 6 Jul 2020 18:29:45 +0000 (20:29 +0200)]
package/libevent: bump to version 2.1.12
See full changelog https://raw.githubusercontent.com/libevent/libevent/release-2.1.12-stable/ChangeLog
And update hash file formatting (2 spaces).
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[yann.morin.1998@free.fr: drop md5, add sha256]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Francois Perrad [Tue, 7 Jul 2020 05:35:52 +0000 (07:35 +0200)]
configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Francois Perrad [Tue, 7 Jul 2020 08:06:44 +0000 (10:06 +0200)]
package/luaposix: bump to version 35.0
LICENSE diff:
- Copyright (C) 2006-2019 luaposix authors
+ Copyright (C) 2006-2020 luaposix authors
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: simplify help entry]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Ignacy Gawędzki [Tue, 7 Jul 2020 09:33:57 +0000 (11:33 +0200)]
package/angularjs: bump version to 1.8.0
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Santosh Multhalli [Tue, 7 Jul 2020 13:06:54 +0000 (18:36 +0530)]
package/valijson: bump version to 0.3
Signed-off-by: Santosh Multhalli <santosh.multhalli@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Chris Packham [Tue, 7 Jul 2020 09:46:11 +0000 (21:46 +1200)]
syslog-ng: version bump to 3.28.1
Signed-off-by: Chris Packham <judge.packham@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Tue, 7 Jul 2020 16:08:57 +0000 (18:08 +0200)]
package/sunxi-mali-mainline-driver: bump version
For 5.6 and 5.7 support.
git shortlog --invert-grep --grep=Travis --no-merges
ec654ee9caeb0c4348caacd0cf5eb2730d1d70e2..
Jonathan Liu (2):
mali: Fix build for 5.6
mali: Fix build for 5.7
Maxime Ripard (3):
Create travis.yml
actions: Add feedparser to the host
travis: Try to fix the push code
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Mylène Josserand [Tue, 7 Jul 2020 07:53:37 +0000 (09:53 +0200)]
DEVELOPERS: Update Mylene's email
Signed-off-by: Mylène Josserand <mylene.josserand@collabora.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>