Mark Corbin [Fri, 29 Nov 2019 15:20:25 +0000 (15:20 +0000)]
package/mxsldr: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Fri, 29 Nov 2019 15:48:15 +0000 (15:48 +0000)]
package/opentyrian-data: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Fri, 29 Nov 2019 15:26:44 +0000 (15:26 +0000)]
package/netperf: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Fri, 29 Nov 2019 16:06:44 +0000 (16:06 +0000)]
package/oprofile: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Fri, 29 Nov 2019 16:14:00 +0000 (16:14 +0000)]
package/ortp: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Fri, 29 Nov 2019 16:01:14 +0000 (16:01 +0000)]
package/opkg: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 27 Nov 2019 22:27:23 +0000 (23:27 +0100)]
package/network-manager: add missing dependency on libglib2
Commit
7643ab05de860011e749aa720c92d5de150bee0a
("package/network-manager: drop obsolete dependencies") was a bit too
brutal in its dependency removal, as it forgot that removing dbus-glib
as a dependency would make libglib2 no longer part of the dependencies
of network-manager.
However, network-manager does require libglib2. From configure.ac:
PKG_CHECK_MODULES(GLIB, [gio-unix-2.0 >= 2.37.6 gmodule-2.0],
[AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/tap-driver.sh')
AC_SUBST(AM_TESTS_FD_REDIRECT, '--tap')],
[PKG_CHECK_MODULES(GLIB, gio-unix-2.0 >= 2.40 gmodule-2.0)
AC_SUBST(LOG_DRIVER, '$(top_srcdir)/build-aux/test-driver')])
So this commit re-adds libglib2 as a dependency, and propagates the
appropriate "depends on". Nothing selects BR2_PACKAGE_NETWORK_MANAGER,
so we don't have to propagate these additional "depends on" anywhere.
Fixes:
http://autobuild.buildroot.net/results/
2025b1bd721bb5c5fa6638ccf389d2fd8fd10339/
https://bugs.busybox.net/show_bug.cgi?id=12326
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Lubomir Rintel <lkundrak@v3.sk>
Cc: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 1 Dec 2019 09:54:23 +0000 (10:54 +0100)]
{linux, linux-headers}: bump 4.{14, 19}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Sat, 30 Nov 2019 19:30:31 +0000 (11:30 -0800)]
package/go: bump to 1.13.4
go1.13.4 (released 2019/10/31) with fixes to the net/http and syscall packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 29 Nov 2019 19:07:06 +0000 (20:07 +0100)]
package/opencv3: ensure the python module works when BR2_PACKAGE_PYTHON{, 3}_PYC_ONLY=y
The OpenCV Python module does a fairly strange thing to read a few
configuration details: it uses Python's execfile() to execute two .py
files and access a few variables. However, execfile() only works with
.py files and not .pyc files.
When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, the .py files are all removed,
causing the OpenCV Python module to not work:
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 89, in <module>
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 58, in bootstrap
File "usr/lib/python3.7/site-packages/cv2/__init__.py", line 56, in load_first_config
ImportError: OpenCV loader: missing configuration file: ['config.py']. Check OpenCV installation.
To fix this problem, this commit uses the newly introduced
<pkg>_KEEP_PY_FILES mechanism, to ensure the important config*.py
files are kept.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12171
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 29 Nov 2019 19:07:05 +0000 (20:07 +0100)]
package/{pkg-generic, python, python3}: add mechanism to exclude .py files from removal
When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, we force remove all .py files
from the system, as they have all been byte-compiled into their .pyc
variants.
However, it turns out that some packages (e.g: OpenCV) do some funky
things with a few .py files: they pass them through Python's
execfile() facility, which only works with .py files and not .pyc
files. It is used by OpenCV for example to read two small
configuration files.
In order to support such use cases, this commit introduces a very
simple mechanism by which packages can exclude some path patterns from
the .py removal: a per-package <pkg>_KEEP_PY_FILES variable that is
collected into a global PYTHON_KEEP_PY_FILES variable, then used by
the python/python3 target-finalize hooks.
This variable is intentionally not documented, this is really a hack
that we ideally would like to see go away, and we'd rather not see its
usage spread too much.
This is necessary to be able to fix bug #12171.
[Peter: check if PYTHON_KEEP_PY_FILES contains non-white space]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 29 Nov 2019 21:10:54 +0000 (22:10 +0100)]
{linux, linux-headers}: bump 4.{4, 9}.x / 5.3.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Nov 2019 20:31:05 +0000 (21:31 +0100)]
package/perl-gdtextutil: add license
Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Nov 2019 20:17:26 +0000 (21:17 +0100)]
package/lzma: add license
- lzma program is licensed under GPL-2.0+
- lzmadec program has no license information in source file
- lzmainfo program is licensed under LGPL-2.1+
- LzmaDecode.h is licensed under LGPL-2.1+ (or CPL) as stated in
src/sdk/7zip/Compress/LZMA_C/LzmaDecode.{c,h}, other sdk files have no
license information
- lzmore and lzgrep scripts are licensed under GPL-2.0+
- lzdiff script has no license information
- basic and perms tests are licensed under GPL-3.0+
- mkdtemp and test-lib.sh tests have no license information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Vetter [Fri, 29 Nov 2019 10:12:38 +0000 (11:12 +0100)]
package/tiff: security bump to 4.1.0
Fixes the following security vulnerabilities:
* CVE-2018-12900
* CVE-2018-17000
* CVE-2019-6128
* CVE-2019-7663
* CVE-2019-14973
* CVE-2018-19210
Remove because contained upstream:
0001-Fix-for-simple-memory-leak-that-was-assigned-CVE-2019-6128.patch
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 12:13:08 +0000 (12:13 +0000)]
package/libglob: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 28 Nov 2019 18:55:52 +0000 (19:55 +0100)]
package/pkg-generic.mk: make HOST_<pkg>_DL_OPTS inherit from <pkg>_DL_OPTS
Just like _SITE, _SOURCE, _SITE_METHOD, it is very likely that if
<pkg>_DL_OPTS is defined, the same value should be used for
HOST_<pkg>_DL_OPTS, so let's have the same inheritance logic than the
one we have for other variables.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12321
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Thu, 28 Nov 2019 23:30:17 +0000 (00:30 +0100)]
package/gst1-plugins-bad: remove rpi-userland extra include paths
Fixes #12366 [1]
The rpi-userland extra include paths where added with [2] including
a rpi-userland dependency for the dispmanx option.
The dispmanx option was moved to gst1-plugins-base with commit [3],
including the rpi-userland dependency, excluding the extra include
paths.
Tested gst1-plugins-base with dispmanx enabled compiles without
failures. It seems to be safe to remove the extra includes from
gst1-plugins-bad.
Fixes (from meson-log.txt):
Sanity check compile stderr:
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/IL:
No such file or directory
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vcos/pthreads:
No such file
arm-buildroot-linux-uclibcgnueabihf-gcc.br_real: error:
/.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/interface/vmcs_host/linux:
No such file
[1] https://bugs.busybox.net/show_bug.cgi?id=12366
[2] https://git.buildroot.net/buildroot/commit/?id=
962ffda68cd9b0c4ab6055c97c14e762a5439571
[3] https://git.buildroot.net/buildroot/commit/?id=
3f2aef56127fbe71378e6a2d55192a0835d962ab
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
James Hilliard [Thu, 28 Nov 2019 22:21:18 +0000 (15:21 -0700)]
package/python-cchardet: bump to version 2.1.5
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 29 Nov 2019 08:09:51 +0000 (09:09 +0100)]
package/oniguruma: security bump to version 6.9.4
- Retrieve official tarball to drop autoreconf
- Fixed CVE-2019-19012
- Fixed CVE-2019-19203 (Does not affect UTF-8, UTF-16 and UTF-32
encodings)
- Fixed CVE-2019-19204 (Affects only PosixBasic, Emacs and Grep
syntaxes)
- Fixed CVE-2019-19246
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 16:49:06 +0000 (16:49 +0000)]
package/most: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Nov 2019 20:40:48 +0000 (21:40 +0100)]
package/perl-gdgraph: fix license
Dustismo.LICENSE contains the license for the Dustismo_Sans.ttf font
file. The rest is licensed under the same terms as Perl as specified
in README so add README to license files and add GPL-2.0+ to license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 28 Nov 2019 15:37:18 +0000 (16:37 +0100)]
package/wolfssl: add upstream security fix for CVE-2019–18840
Fixes the following security vulnerability:
- CVE-2019-18840: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity
checks of memory accesses in parsing ASN.1 certificate data while
handshaking. Specifically, there is a one-byte heap-based buffer overflow
inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because
the domain name location index is mishandled. Because a pointer is
overwritten, there is an invalid free.
For details, see the writeup:
https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-
185d233c27de
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 13:15:39 +0000 (13:15 +0000)]
package/libvorbis: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 13:08:10 +0000 (13:08 +0000)]
package/libsexy: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(500)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 13:01:09 +0000 (13:01 +0000)]
package/libsecret: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 12:56:22 +0000 (12:56 +0000)]
package/libpciaccess: update help text in Config.in
Add a short package description. Add an upstream URL to address
the 'Missing' URL status in the package stats web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 28 Nov 2019 14:43:44 +0000 (15:43 +0100)]
package/haproxy: security bump to version 2.0.10
Fixes the following security vulnerabilities:
- CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
Intermediary Encapsulation Attacks.
In addition, 2.0.6..10 fixes a number of bugs. See the changelog for
details:
https://www.haproxy.org/download/2.0/src/CHANGELOG
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 12:45:52 +0000 (12:45 +0000)]
package/liblockfile: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 12:38:31 +0000 (12:38 +0000)]
package/libiscsi: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. Removing
the trailing comment from the URL line addresses the 'Missing'
status in the package stats web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 12:28:52 +0000 (12:28 +0000)]
package/libhid: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 16:38:47 +0000 (16:38 +0000)]
package/mii-diag: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 16:18:02 +0000 (16:18 +0000)]
package/mediastreamer: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 16:23:56 +0000 (16:23 +0000)]
package/metacity: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 17:58:42 +0000 (17:58 +0000)]
package/musl: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
[Peter: also add URL to BR2_TOOLCHAIN_BUILDROOT_MUSL help]
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 28 Nov 2019 18:05:02 +0000 (19:05 +0100)]
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS
glibc versions prior to 2.23 have a <fts.h> implementation that is not
compatible with large file support, causing build failures such as:
In file included from selinux_restorecon.c:17:0:
/home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
Prior to commit
3fce6f1c150dbe4be58d083008ca8dbe7257836e
("package/libselinux: fix the build with Python 3.8"), we were not
passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with
3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the
PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the
build environment. While this is part of fixing the build of
libselinux with Python 3.8, it breaks the build because we are no
longer filtering out the -D_FILE_OFFSET_BITS=64 option from
CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it
gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV).
To avoid this, we pass CFLAGS/LDFLAGS *after*
$(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the
CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just
$(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything
specific.
Fixes:
http://autobuild.buildroot.net/results/
ef6ff91086a094eb25b145d66d072c6d2fc60154/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 28 Nov 2019 18:50:56 +0000 (19:50 +0100)]
{linux, linux-headers}: bump 4.{4, 9}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Nov 2019 21:09:20 +0000 (22:09 +0100)]
package/am33x-cm3: disable PIE
Fixes:
- http://autobuild.buildroot.org/results/
418a40b995e91bc66e692dfbc4b0521db3fa5fbb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Nov 2019 21:09:19 +0000 (22:09 +0100)]
package/am33x-cm3: disable SSP
Fixes:
- http://autobuild.buildroot.net/results/
3a3a21f3c35ea025e9b93e09c2454aed0ad31034
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Nov 2019 20:53:16 +0000 (21:53 +0100)]
package/collectd: rename --with-yajl
--with-yajl is not recognized so replace it by the correct
--with-libyajl option
The option is named --with-libyajl since a very long time (since at
least version 4.8.0 and
https://github.com/collectd/collectd/commit/
f154fb21fbb1fee2f2262d421eca32e7e340f420)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 27 Nov 2019 20:36:48 +0000 (21:36 +0100)]
package/nodejs: properly pass HOST_LDFLAGS when building host tools
After building host tools, we currently run a pass of patchelf to add
the proper RPATH to these tools so that they are able to find the
libraries they depend on.
Unfortunately, the "torque" host tool is used during the build itself,
before we have a chance to run "patchelf" on it. Since it is linked
against libcrypto.so available in $(HOST_DIR)/lib, the build aborts
because the RPATH is not set.
To fix this, we make sure that $(HOST_LDFLAGS) are properly taken into
account: since they contain the -Wl,-rpath option, the host tools will
have the correct RPATH. This both fixes the build failure, and makes
the patchelf hack no longer necessary.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12211
http://autobuild.buildroot.net/results/
a1f5e336ddaf386ba08eb5a7a299a48e2bdfe2d9/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 27 Nov 2019 20:36:47 +0000 (21:36 +0100)]
package/nodejs: use --with-arm-fpu option on ARM
nodejs can use some FPU instructions on ARM, but it needs to know that
thanks to the --with-arm-fpu option. Without this, it may use the
wrong FPU setting, such as use VFPv3 even if only a VFPv3-D16 is
available. This has been reported as bug #12166, where the compiled
node binary had some floating point instructions using floating point
registers above 16 on a VFPv3-D16 system.
This commit makes sure we pass the appropriate --with-arm-fpu value
when it makes sense. Note that NodeJS only has explicit support for a
subset of the FPUs, for the ones that are not explicitly supported, we
simply pass no --with-arm-fpu value.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12166
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 27 Nov 2019 20:36:46 +0000 (21:36 +0100)]
package/nodejs: properly pass the --with-arm-float-abi on ARM
When commit
0064132ba032da39cefa4fffe59c31a71d1f1ddb introduced ARM64
support in nodejs.mk, it incorrectly kept the NODEJS_ARM_FP
definition. This variable is used to pass --with-arm-float-abi, which
in NodeJS's configure.py script is only used when --dest-cpu=arm, and
not when --dest-cpu=arm64.
So we are passing --with-arm-float-abi=<something> for ARM64, which
has no effect, and we are no longer passing it on ARM.
This commit fixes that by putting the NODEJS_ARM_FP definition back at
the right location.
Fixes:
0064132ba032da39cefa4fffe59c31a71d1f1ddb
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Vetter [Wed, 27 Nov 2019 12:52:45 +0000 (13:52 +0100)]
package/libstrophe: bump to version 0.9.3
Changes:
* PLAIN mechanism is used only when no other mechanisms are supported
* Legacy authentication is disabled by default, can be enabled with
connection flag XMPP_CONN_FLAG_LEGACY_AUTH
* Session is not established if it is optional
* Fixed a bug causing a reused connection not to cleanup properly
* Improved debug logging in OpenSSL module
* Few memory leaks fixed
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:49:44 +0000 (11:49 +0000)]
package/liberation: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:43:41 +0000 (11:43 +0000)]
package/libdvdnav: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in as it
is pointing to an old page.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:36:29 +0000 (11:36 +0000)]
package/libdvdread: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:28:14 +0000 (11:28 +0000)]
package/libbson: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:13:12 +0000 (11:13 +0000)]
package/libass: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 11:07:18 +0000 (11:07 +0000)]
package/leafnode2: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mark Corbin [Thu, 28 Nov 2019 10:48:20 +0000 (10:48 +0000)]
package/kf5: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 16 Nov 2019 09:10:04 +0000 (10:10 +0100)]
system: allow not setting a default, system-wide time zone
It is valid that there is no system-wide default time zone defined, in
which case Etc/UTC is assumed.
Fixes: #12316
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Martin Bark <martin@barkynet.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Richard Braun <rbraun@sceen.net>
Cc: Andrew Trapani <andrew.trapani@ontera.bio>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 25 Nov 2019 20:55:20 +0000 (21:55 +0100)]
package/libdrm: fix nouveau tests compile for musl
Add openembedded provided patch [2] to fix musl toolchain compile failures
because of different ioctl() signatures, (int, int, ...) vs. (int, unsigned
long, ...).
Fixes:
../tests/nouveau/threaded.c:39:5: error: conflicting types for 'ioctl'
int ioctl(int fd, unsigned long request, ...)
[1] http://autobuild.buildroot.net/results/
047f149a928ac2a17e25211a0a8a264ebae369ac
[2] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-graphics/drm/libdrm/musl-ioctl.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 12:06:45 +0000 (12:06 +0000)]
package/c-capnproto: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 19:46:35 +0000 (19:46 +0000)]
package/kexec-lite: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 19:36:32 +0000 (19:36 +0000)]
package/iw: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 19:18:59 +0000 (19:18 +0000)]
package/ifenslave: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 19:01:44 +0000 (19:01 +0000)]
package/hicolor-icon-theme: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 18:54:19 +0000 (18:54 +0000)]
package/gtkperf: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 16:12:08 +0000 (16:12 +0000)]
package/gr-osmosdr: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 15:57:39 +0000 (15:57 +0000)]
package/gqview: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 15:46:24 +0000 (15:46 +0000)]
package/glib-networking: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 15:24:43 +0000 (15:24 +0000)]
package/fswebcam: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 15:00:28 +0000 (15:00 +0000)]
package/fmt: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 14:54:42 +0000 (14:54 +0000)]
package/flashbench: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 14:07:26 +0000 (14:07 +0000)]
package/fastd: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 13:55:13 +0000 (13:55 +0000)]
package/faifa: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 13:43:30 +0000 (13:43 +0000)]
package/elf2flt: add an upstream URL to Config.in.host
Add an upstream URL to the help text in Config.in.host. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 12:24:36 +0000 (12:24 +0000)]
package/ca-certificates: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 12:34:56 +0000 (12:34 +0000)]
package/cog: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 12:45:28 +0000 (12:45 +0000)]
package/copas: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 12:54:31 +0000 (12:54 +0000)]
package/dmraid: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Tue, 26 Nov 2019 13:20:55 +0000 (13:20 +0000)]
package/doom-wad: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Byrne [Tue, 26 Nov 2019 09:52:04 +0000 (09:52 +0000)]
package/minicom: make default port and lock directory fixed defaults
Minicom's configure script will set values for the default port and lock
directory based on the configuration of the host machine, which is not
useful for cross-compiling or reproducible builds, so instead set them
to sensible default values.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bartosz Bilas [Mon, 25 Nov 2019 07:03:19 +0000 (08:03 +0100)]
package/libftdi: don't override license files variable
Fixes:
package/libftdi/libftdi.mk:22: conditional override of variable LIBFTDI_LICENSE_FILES
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Mon, 25 Nov 2019 20:36:58 +0000 (20:36 +0000)]
package/bind: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Mon, 25 Nov 2019 20:24:39 +0000 (20:24 +0000)]
package/bcg729: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mark Corbin [Mon, 25 Nov 2019 20:05:48 +0000 (20:05 +0000)]
package/atk: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Mon, 25 Nov 2019 18:54:05 +0000 (19:54 +0100)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.3.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 25 Nov 2019 15:12:29 +0000 (16:12 +0100)]
package/libdrm: disable nouveau test for static build
Fixes:
[46/66] Compiling C object 'tests/nouveau/
e47a46e@@threaded@exe/threaded.c.o'.
FAILED: tests/nouveau/
e47a46e@@threaded@exe/threaded.c.o
./tests/nouveau/threaded.c:24:10: fatal error: dlfcn.h: No such file or directory
#include <dlfcn.h>
[1] http://autobuild.buildroot.net/results/
3042637f54d2d232904ea009455cae82e159ea2e
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Sun, 24 Nov 2019 21:23:09 +0000 (22:23 +0100)]
package/jpeg-turbo: security bump to version 2.0.3
Fixes the following security vulnerabilities:
- CVE-2019-2201: In generate_jsimd_ycc_rgb_convert_neon of
jsimd_arm64_neon.S, there is a possible out of bounds write due to a
missing bounds check. This could lead to remote code execution in an
unprivileged process with no additional execution privileges needed.
For more details, see the upstream bugtracker:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
Additionally, it fixes a number of other issues. From the release notes:
- Fixed a regression in the SIMD feature detection code, introduced by the
AVX2 SIMD extensions (2.0 beta1[1]), that was known to cause an illegal
instruction exception, in rare cases, on CPUs that lack support for CPUID
leaf 07H (or on which the maximum CPUID leaf has been limited by way of a
BIOS setting.)
- The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the
decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1)
fancy chroma upsampling algorithm, rounding up or down the upsampled
result for alternate pixels rather than always rounding down. This
ensures that, regardless of whether a 4:2:2 JPEG image is rotated or
transposed prior to decompression (in the frequency domain) or after
decompression (in the spatial domain), the final image will be similar.
- Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan
script containing one or more scans with lengths divisible by 16 would
result in an error ("Missing Huffman code table entry") and an invalid
JPEG image.
- Fixed an issue whereby tjDecodeYUV() and tjDecodeYUVPlanes() would throw
an error ("Invalid progressive parameters") or a warning ("Inconsistent
progression sequence") if passed a TurboJPEG instance that was previously
used to decompress a progressive JPEG image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 24 Nov 2019 20:59:17 +0000 (21:59 +0100)]
package/bind: security bump to version 9.11.13
Fixes the following security vulnerabilities:
- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
(9.11.11..12 were not released)
Upstream moved to a 2019-2020 signing key, so update comment in hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Mon, 25 Nov 2019 10:50:40 +0000 (11:50 +0100)]
package/libnss: security bump to version 3.47.1
Fixes the following security issues:
CVE-2019-11745: EncryptUpdate should use maxout, not block size
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 24 Nov 2019 18:01:57 +0000 (19:01 +0100)]
package/libftdi1: fix license
The GPL only applies to the C++ bindings and eeprom utility, which are
conditionally enabled with BR2_PACKAGE_LIBFTDI1_LIBFTDIPP1 and
BR2_PACKAGE_LIBFTDI1_FDTI_EEPROM, respectively.
The COPYING.LIB is indeed the LGPL-2.0, but the source file for
libftdi1 states LGPL-2.1-only, see src/ftdi.c
The src/ftdi_stream.c also bears a notice of the MIT license, so the
library itself is under both LGPL-2.1-only and MIT.
Note: the COPYING.GPL license file may get added twice to the list, but
that is not a problem in practice: it is just copied twice.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- GPL-2.0 also applies to the ftdi_eeprom utility
- s/ftdipp1/libftdipp1/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Sun, 24 Nov 2019 21:12:57 +0000 (22:12 +0100)]
package/libftdi: remove unused license
Commit
9b0b15e90b (package/libftdi: add license) was too hastily fixed,
with confusion between libftdi and libftdi1. The MIT-licensed file is
not present in libftdi; it is only in libftdi1.
Remove the unused MIT license from the list.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 24 Nov 2019 19:07:28 +0000 (20:07 +0100)]
package/systemd: fix license hash
Bump to 243.4 forgot to update hash of README file (update to the
requirements).
Fixes:
- http://autobuild.buildroot.org/results/
eae13046b90253cdb2bf260e10b316386dff4eb1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why README was changed]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 24 Nov 2019 10:08:46 +0000 (11:08 +0100)]
package/libftdi: add license
The COPYING.LIB license file contains the test of the LGPL-2.0, but the
source code itself explicitly refers to the GPL-2.1-only. Additionally,
parts of the library (src/ftdi_stream.c) are under the MIT license.
The C++ bindings are udner the GPL-2.0-only with an exception, which is
expressed in the LICENSE file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- the library is under both GPL-2.1-only and MIT
- the GPL-2.0-only only applies to the C++ bindings
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 24 Nov 2019 09:10:51 +0000 (10:10 +0100)]
package/gob2: add license
gob2 itself is GPL-2.0+, but it is a code generator. The code generated
by gob2 id not covered by gob2's license, and this is made explicit in
an accompanying license file.
So we include both license files.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- add COPYING.generated-code
- expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sun, 24 Nov 2019 10:15:16 +0000 (11:15 +0100)]
Update for 2019.11-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 23 Nov 2019 23:05:28 +0000 (00:05 +0100)]
package/tftpd: add license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Mon, 18 Nov 2019 21:10:46 +0000 (22:10 +0100)]
package/faifa: fix incorrect library symlink
As spotted in
http://autobuild.buildroot.net/results/a61/
a612cb7a85927d8cfe55c95c34d2901e7694fab0//diffoscope-results.txt,
faifa installs a library symlink with an incorrect target, which was
detected by the reproducible build logic, but is in fact wrong in any
case:
-lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-1/target/usr/lib/libfaifa.so.0
+lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-2/target/usr/lib/libfaifa.so.0
In practice, this is not a problem at runtime, as the .so symlink is
not used: the library soname is libfaifa.so.0. However, it still makes
sense to fix.
It is fixed by backporting an upstream commit. We considered bumping
to a newer version, but the latest version requires a new dependency
(libevent), so we preferred the backporting approach.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Jérémy Rosen [Tue, 19 Nov 2019 20:23:35 +0000 (21:23 +0100)]
package/systemd: bump to v243.4
Upstream systemd-stable has started tagging point releses.
The commit we currently used has now been tagged as v243.3, and this
brings us to v243.4.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- expand commit log to explain previous version
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Titouan Christophe [Sat, 23 Nov 2019 20:01:42 +0000 (21:01 +0100)]
package/redis: bump to version 5.0.7
Changes announced upstream:
Upgrade urgency HIGH: many issues fixed, some may have an impact.
Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 22 Nov 2019 22:55:31 +0000 (23:55 +0100)]
package/asterisk: security bump to version 16.6.2
Fixes the following security vulnerabilities:
AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address. A REGISTER does not need to occur, and calls can be hijacked as a
result. The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known. This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.
https://downloads.asterisk.org/pub/security/AST-2019-006.pdf
AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.
https://downloads.asterisk.org/pub/security/AST-2019-007.pdf
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.
https://downloads.asterisk.org/pub/security/AST-2019-008.pdf
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Sat, 23 Nov 2019 17:46:55 +0000 (09:46 -0800)]
package/zip: add license hash
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adam Duskett [Sat, 23 Nov 2019 17:46:54 +0000 (09:46 -0800)]
package/perl: add license hash
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 17 Nov 2019 16:44:52 +0000 (17:44 +0100)]
package/spice: security bump to version 0.14.2
- Fix CVE-2019-3813: fix off-by-one error in group/slot boundary check
- Add license hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 17 Nov 2019 16:44:51 +0000 (17:44 +0100)]
package/spice-protocol: bump to version 0.14.0
- This bump is needed for spice 0.14.2
- Add license hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 21 Nov 2019 21:37:33 +0000 (22:37 +0100)]
package/php: bump version to 7.3.12
Release notes of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.3.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adrian Perez de Castro [Fri, 22 Nov 2019 18:00:13 +0000 (20:00 +0200)]
package/webkitgtk: security bump to version 2.26.2
This is a minor release which includes fixes for CVE-2019-8812 and
CVE-2019-8814.
This release also fixes the build with WebDriver disabled and without
X11, so "0001-GTK-ANGLE-s-eglplatform.h-is-build-broken-with-DENAB.patch"
and "0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch" are not
needed anymore (and therefore removed). There is also a performance
improvement for a regression related to fallback font selection, and a
couple of small fixes. The full release notes are available at:
https://webkitgtk.org/2019/11/06/webkitgtk2.26.2-released.html
The detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2019-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>