buildroot.git
3 years agopackage/libvips: add zlib optional dependency
Fabrice Fontaine [Sun, 4 Apr 2021 14:30:42 +0000 (16:30 +0200)]
package/libvips: add zlib optional dependency

zlib is an optional dependency which is enabled by default since version
8.4.2 and
https://github.com/libvips/libvips/commit/5ab0001ec68a5f61396aecd8d2d7a619b1dbe1fa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/micropython: define MICROPY_NLR_SETJMP for xtensa
Chris Packham [Mon, 29 Mar 2021 07:28:28 +0000 (20:28 +1300)]
package/micropython: define MICROPY_NLR_SETJMP for xtensa

As suggested on https://github.com/micropython/micropython/issues/6551
define MICROPY_NLR_SETJMP to avoid the xtensa specific implementation
of nlr_push.

Fixes:
- http://autobuild.buildroot.net/results/5fc8669b5c768ccfc02bd20d1159bce7fe43683e

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-hiredis: bump to version 2.0.0
Grzegorz Blach [Wed, 31 Mar 2021 12:26:24 +0000 (14:26 +0200)]
package/python-hiredis: bump to version 2.0.0

Depends on BR2_PACKAGE_PYTHON3

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/tvheadend: add option to enable IPTV support
Bernd Kuhls [Sun, 4 Apr 2021 12:15:42 +0000 (14:15 +0200)]
package/tvheadend: add option to enable IPTV support

Some IPTV streams will need ffmpef, the command line tool), while some
won't, so we just suggest that to the user in the help text.

There were two alternatives, but neither were very convincing:
  - always enforce that ffmpeg is enabled
  - only enforce ffmpeg to be enabled when the package is already
    enabled

In either case, that may cary the ffmpeg tool when it really is not
needed. So leave it to the user to decide whether they want it or not.

tvheadend now has a bunch of options, so make it a sub-menu.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
  - do not forcibly enable ffmpeg-the-commandline-tool
  - one option per-commit
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tvheadend: add option to enable timeshift support
Bernd Kuhls [Sun, 4 Apr 2021 12:10:55 +0000 (14:10 +0200)]
package/tvheadend: add option to enable timeshift support

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: one option per-commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tvheadend: add option to enable Satellite/IP support
Bernd Kuhls [Sun, 4 Apr 2021 12:09:32 +0000 (14:09 +0200)]
package/tvheadend: add option to enable Satellite/IP support

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: one option per-commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tvheadend: add option to enable descrambler support
Bernd Kuhls [Sat, 3 Apr 2021 15:22:34 +0000 (17:22 +0200)]
package/tvheadend: add option to enable descrambler support

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: one option per-commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pcmanfm: fix build with gettext-tiny
Fabrice Fontaine [Mon, 29 Mar 2021 19:06:33 +0000 (21:06 +0200)]
package/pcmanfm: fix build with gettext-tiny

Fix build of pcmanfm in version 1.3.2 with gettext-tiny

Fixes:
 - http://autobuild.buildroot.org/results/69f4e5fa44208429b143011640971a61d709d5b1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/valgrind: bump version to 3.17.0
Peter Seiderer [Mon, 29 Mar 2021 17:41:11 +0000 (19:41 +0200)]
package/valgrind: bump version to 3.17.0

- bump version to 3.17.0
- adjust tool remove hooks according to the change to libexec
- fix massive remove hook, ms_script vs. ms_print
- add additional sha256 source package hash

For details see [1].

[1] https://www.valgrind.org/docs/manual/dist.news.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/wget: fix build with uclibc < 1.0.35
Fabrice Fontaine [Thu, 1 Apr 2021 06:02:22 +0000 (08:02 +0200)]
package/wget: fix build with uclibc < 1.0.35

Build of wget with uclibc < 1.0.35 is broken since bump to version
1.21.1 in commit 89a3f73910402ed40066eed076d5a53ac270307c

Fixes:
 - http://autobuild.buildroot.org/results/d507f8d8ae4dd6aac1e83b7cc81017caf0d2c30e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/sane-backends: add patch to fix compile for toolchains without thread support
Peter Seiderer [Wed, 31 Mar 2021 21:09:36 +0000 (23:09 +0200)]
package/sane-backends: add patch to fix compile for toolchains without thread support

Fixes:

  - http://autobuild.buildroot.net/results/c9b0e41d66211bcab231b5db78c6eebe4b1d78ba

  genesys/scanner_interface_usb.cpp: In member function ‘virtual void genesys::ScannerInterfaceUsb::sleep_us(unsigned int)’:
  genesys/scanner_interface_usb.cpp:484:10: error: ‘std::this_thread’ has not been declared
    484 |     std::this_thread::sleep_for(std::chrono::microseconds{microseconds});
        |          ^~~~

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libvips: add giflib optional dependency
Fabrice Fontaine [Wed, 31 Mar 2021 18:59:43 +0000 (20:59 +0200)]
package/libvips: add giflib optional dependency

giflib is an optional dependency which is enabled by default since
version 8.3.0 and
https://github.com/libvips/libvips/commit/d79407f285c768a7338e73ccfc6cf09480b95582

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/jimtcl: bump to version 0.80
Francois Perrad [Sat, 3 Apr 2021 12:42:30 +0000 (14:42 +0200)]
package/jimtcl: bump to version 0.80

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libostree: bump to version 2021.1
Marcus Folkesson [Fri, 26 Mar 2021 07:41:50 +0000 (08:41 +0100)]
package/libostree: bump to version 2021.1

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libinput: bump version to 1.17.1
Peter Seiderer [Wed, 24 Mar 2021 21:27:55 +0000 (22:27 +0100)]
package/libinput: bump version to 1.17.1

For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-March/041758.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/ipset: bump to version 7.11
Fabrice Fontaine [Tue, 23 Mar 2021 19:44:22 +0000 (20:44 +0100)]
package/ipset: bump to version 7.11

Update indentation in hash file (two spaces)

http://git.netfilter.org/ipset/tree/ChangeLog?h=v7.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/smartmontools: bump to version 7.2
Fabrice Fontaine [Tue, 23 Mar 2021 19:36:16 +0000 (20:36 +0100)]
package/smartmontools: bump to version 7.2

Drop patch (already in version) and so autoreconf

https://www.smartmontools.org/browser/tags/RELEASE_7_2/smartmontools/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/jasper: bump version to 2.0.28
Michael Vetter [Mon, 29 Mar 2021 17:15:02 +0000 (19:15 +0200)]
package/jasper: bump version to 2.0.28

Changes:
  * Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
  * Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
  * Fix integral type sizing problem in JP2 codec. (#284)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/upx: fix CVE-2021-20285
Fabrice Fontaine [Wed, 31 Mar 2021 21:32:47 +0000 (23:32 +0200)]
package/upx: fix CVE-2021-20285

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw
allows attackers to cause a denial of service (SEGV or buffer overflow
and application crash) or possibly have unspecified other impacts via a
crafted ELF. The highest threat from this vulnerability is to system
availability.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gnutls: security bump to version 3.7.1
Fabrice Fontaine [Wed, 31 Mar 2021 21:47:05 +0000 (23:47 +0200)]
package/gnutls: security bump to version 3.7.1

- Fix CVE-2021-20231 and CVE-2021-20232:
  https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- Drop patch (not needed since:
  https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=b2d4b6c87827e34a694278d085a31508af052a37)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/botan: add support for riscv32
Fabrice Fontaine [Sat, 3 Apr 2021 15:29:30 +0000 (17:29 +0200)]
package/botan: add support for riscv32

Backport an upstream patch to add support for riscv32. Although this is
a new feature (new arch support), this is an upstream commit, so we can
expect it to be available in a future release.

Fixes:
 - http://autobuild.buildroot.org/results/1c399312dbec5d7a28ec90d62fdd8f47fa14ff4b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - technically, this is not a bug fix, but new arch support
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/perl-xml-libxml: add CPE variables
Fabrice Fontaine [Sat, 3 Apr 2021 15:38:01 +0000 (17:38 +0200)]
package/perl-xml-libxml: add CPE variables

cpe:2.3:a:xml-libxml_project:xml-libxml is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Axml-libxml_project%3Axml-libxml

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/samba4: update samba4-cache.txt for fcntl flags check
Bernd Kuhls [Sun, 4 Apr 2021 08:49:33 +0000 (10:49 +0200)]
package/samba4: update samba4-cache.txt for fcntl flags check

Fixes:
http://autobuild.buildroot.net/results/76a/76a411b78d764561457decd47b268f65059ba1b0/

Checking whether fcntl supports setting/geting hints : not found
..
Cross answers file /home/giuliobenetti/autobuild/run/instance-2/output-1/build/samba4-4.14.2/cache.txt is incomplete

Samba4 has added a check for fcntl F_{G,S}ET_RW_HINT /
F_{G,S}ET_FILE_RW_HINT handling since:
https://gitlab.com/samba-team/devel/samba/-/commit/5084a69de14f24e9d804998580eefcba773fdd5a

Which is supported by the Linux kernel since 4.13 in commit
c75b1d9421f80f41 (fs: add fcntl() interface for setting/getting
 write life time hints), so add it to the cache file.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/cifs-utils: add missing python dependencies
Fabrice Fontaine [Sat, 3 Apr 2021 13:23:49 +0000 (15:23 +0200)]
package/cifs-utils: add missing python dependencies

Add missing python dependencies which have been forgotten when bumping
to version 6.12 in commit b5dede7d1a03ab2b8caa0a8e79b09c8df6c62fe4

Fixes:
 - http://autobuild.buildroot.org/results/acdbf7c58ec8ae648f8048bc75650dcdcdca6285

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - dependencies are because of python3, not python
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libvpx: add LIBVPX_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 3 Apr 2021 08:55:30 +0000 (10:55 +0200)]
package/libvpx: add LIBVPX_CPE_ID_VENDOR

cpe:2.3:a:webmproject:libvpx is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awebmproject%3Alibvpx

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/x11r7/xkeyboard-config: bump version to 2.32
Bernd Kuhls [Sat, 3 Apr 2021 07:56:04 +0000 (09:56 +0200)]
package/x11r7/xkeyboard-config: bump version to 2.32

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-net-http: bump version to 6.21
Bernd Kuhls [Sat, 3 Apr 2021 07:50:47 +0000 (09:50 +0200)]
package/perl-net-http: bump version to 6.21

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-net-dns: bump version to 1.30
Bernd Kuhls [Sat, 3 Apr 2021 07:50:46 +0000 (09:50 +0200)]
package/perl-net-dns: bump version to 1.30

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-digest-hmac: bump version to 1.04
Bernd Kuhls [Sat, 3 Apr 2021 07:50:44 +0000 (09:50 +0200)]
package/perl-digest-hmac: bump version to 1.04

Added by scancpan:
- new project URL
- new SITE
- new license file
- reformatted hashes

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-uri: bump version to 5.09
Bernd Kuhls [Sat, 3 Apr 2021 07:50:43 +0000 (09:50 +0200)]
package/perl-uri: bump version to 5.09

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-http-message: bump version to 6.29
Bernd Kuhls [Sat, 3 Apr 2021 07:50:42 +0000 (09:50 +0200)]
package/perl-http-message: bump version to 6.29

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoperl-html-parser: bump version to 3.76
Bernd Kuhls [Fri, 2 Apr 2021 17:38:26 +0000 (19:38 +0200)]
perl-html-parser: bump version to 3.76

Added by scancpan:
- runtime dependencies
- new project URL
- new SITE

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-crypt-openssl-guess: bump version to 0.12
Bernd Kuhls [Fri, 2 Apr 2021 17:38:25 +0000 (19:38 +0200)]
package/perl-crypt-openssl-guess: bump version to 0.12

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libvpx: bump version to 1.10.0
Bernd Kuhls [Fri, 2 Apr 2021 17:12:24 +0000 (19:12 +0200)]
package/libvpx: bump version to 1.10.0

Release notes:
https://chromium.googlesource.com/webm/libvpx/+/refs/tags/v1.10.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libhdhomerun: bump version to 20210224
Bernd Kuhls [Fri, 2 Apr 2021 16:48:03 +0000 (18:48 +0200)]
package/libhdhomerun: bump version to 20210224

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libebur128: bump version to 1.2.6
Bernd Kuhls [Fri, 2 Apr 2021 16:46:28 +0000 (18:46 +0200)]
package/libebur128: bump version to 1.2.6

Reformatted hashes.

Release notes:
https://github.com/jiixyj/libebur128/blob/master/README.md

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libva-utils: bump version to 2.11.1
Bernd Kuhls [Fri, 2 Apr 2021 16:43:32 +0000 (18:43 +0200)]
package/libva-utils: bump version to 2.11.1

Release notes:
https://github.com/intel/libva-utils/releases/tag/2.11.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libva: bump version to 2.11.0
Bernd Kuhls [Fri, 2 Apr 2021 16:43:31 +0000 (18:43 +0200)]
package/libva: bump version to 2.11.0

Release notes:
https://github.com/intel/libva/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoconfigs/amarula_vyasa_rk3288: bump Linux version to 5.11
Giulio Benetti [Fri, 2 Apr 2021 22:20:38 +0000 (00:20 +0200)]
configs/amarula_vyasa_rk3288: bump Linux version to 5.11

Bump Linux and headers version to 5.11

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoconfigs/amarula_vyasa_rk3288: bump u-boot version to 2021.01
Giulio Benetti [Fri, 2 Apr 2021 22:20:37 +0000 (00:20 +0200)]
configs/amarula_vyasa_rk3288: bump u-boot version to 2021.01

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mender: add nodbus to tags if dbus is not selected
Adam Duskett [Thu, 1 Apr 2021 15:44:53 +0000 (08:44 -0700)]
package/mender: add nodbus to tags if dbus is not selected

The README.md file suggests passing "nodbus" as a tag if dbus is not selected.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mender: make xz optional
Adam Duskett [Thu, 1 Apr 2021 15:44:52 +0000 (08:44 -0700)]
package/mender: make xz optional

According to the README.md file, xz is optional.
  - Remove the dependency on the xz package.
  - If the xz package is not selected, add "nolzma" to MENDER_TAGS

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mender/mender.mk: fix license list
Adam Duskett [Thu, 1 Apr 2021 15:44:51 +0000 (08:44 -0700)]
package/mender/mender.mk: fix license list

The license files were updated in the .hash file, but not in the .mk file.

Fixes:
http://autobuild.buildroot.org/results/42c2987e5cf2bb8918f7fdbd8303951f34b8ead1
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/samba4: update samba4-cache.txt for fcntl flags check
Peter Korsgaard [Fri, 2 Apr 2021 18:25:19 +0000 (20:25 +0200)]
package/samba4: update samba4-cache.txt for fcntl flags check

Fixes:
http://autobuild.buildroot.net/results/a5d/a5db81fca8ec07159b69b108b742f3d060e3316a/

Checking whether fcntl supports flags to send direct I/O availability signals                   : not found
..
Cross answers file /srv/storage/autobuild/run/instance-3/output-1/build/samba4-4.14.2/cache.txt is incomplete

Samba4 has added a check for fcntl F_{G,S}ETOWN_EX handling since:
https://gitlab.com/samba-team/devel/samba/-/commit/5084a69de14f24e9d804998580eefcba773fdd5a

Which is supported by the Linux kernel since 2.6.32 in commit
ba0a6c9f6fceed11 (fcntl: add F_[SG]ETOWN_EX), so add it to the cache file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/rpm: security bump to version 4.16.1.3
Fabrice Fontaine [Fri, 2 Apr 2021 19:33:43 +0000 (21:33 +0200)]
package/rpm: security bump to version 4.16.1.3

- Fix arbitrary data copied from signature header past signature
  checking (CVE-2021-3421)
- Fix signature check bypass with corrupted package (CVE-2021-20271)
- Fix missing bounds checks in headerImport() and headerCheck()
  (CVE-2021-20266)
- Fix missing sanity checks on header entry count and region data
  overlap
- Fix access past end of header if the last entry is string type
- Fix unsafe headerCopyLoad() still used in codebase

Drop all patches (already in version)

https://rpm.org/wiki/Releases/4.16.1.3.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lldpd: add LLDPD_CPE_ID_VENDOR
Fabrice Fontaine [Fri, 2 Apr 2021 19:54:07 +0000 (21:54 +0200)]
package/lldpd: add LLDPD_CPE_ID_VENDOR

cpe:2.3:a:lldpd_project:lldpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alldpd_project%3Alldpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lldpd: security bump to version 1.0.9
Fabrice Fontaine [Fri, 2 Apr 2021 19:52:52 +0000 (21:52 +0200)]
package/lldpd: security bump to version 1.0.9

- Out-of-bound read access when parsing LLDP-MED civic address in
  liblldpctl for malformed fields.
- Fix memory leak when receiving LLDPU with duplicate fields.
  CVE-2020-27827.
- More memory leak fixes on duplicate TLVs in LLDP, CDP and EDP
  (related to CVE-2020-27827).

https://github.com/lldpd/lldpd/blob/1.0.9/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/kodi-vfs-libarchive: bump version to 2.0.1-Matrix
Bernd Kuhls [Sat, 3 Apr 2021 06:35:59 +0000 (08:35 +0200)]
package/kodi-vfs-libarchive: bump version to 2.0.1-Matrix

Release notes:
https://github.com/xbmc/vfs.libarchive/releases/tag/2.0.1-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/go: bump version to 1.16.3
Christian Stewart [Sat, 3 Apr 2021 06:45:38 +0000 (23:45 -0700)]
package/go: bump version to 1.16.3

go1.16.3 (released 2021/04/01) includes fixes to the compiler, linker, runtime,
the go command, and the testing and time packages.

https://golang.org/doc/go1.16

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qpid-proton: fix build without C++
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:43 +0000 (18:33 +0200)]
package/qpid-proton: fix build without C++

Fixes:
 - http://autobuild.buildroot.org/results/05f344151100219c159ca4d466a453df96bf07fa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - move code in thread condition, to avoid setting -DBUILD_CPP twice
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qpid-proton: fix build without threads
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:41 +0000 (18:33 +0200)]
package/qpid-proton: fix build without threads

Build of qpid-proton is broken since bump to version 0.33.0 in commit
d4c0fde91da0d79204a21ed8de1bd410efa1c4d6 because epoll proactor
unconditonally uses pthread

Fixes:
 - http://autobuild.buildroot.org/results/ec34da16a11f0600ecfbbbc4039e8210aea0498c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: C++ precision in comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pkg-cmake.mk: don't unconditionally set CMAKE_CXX_COMPILER
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:42 +0000 (18:33 +0200)]
package/pkg-cmake.mk: don't unconditionally set CMAKE_CXX_COMPILER

Don't unconditionally set CMAKE_CXX_COMPILER as it will raise a build
failure on qpid-proton because "if the toolchain specifies a value for
CMAKE_CXX_COMPILER, then CMake assumes the compiler works and goes
straight ahead trying to use it":
https://cmake.org/cmake/help/latest/module/CheckLanguage.html
https://issues.apache.org/jira/browse/PROTON-2365

Fixes:
 - http://autobuild.buildroot.org/results/05f344151100219c159ca4d466a453df96bf07fa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: rename placeholder]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/netsnmp: fix script net-snmp-create-v3-user's usage of 'ps'.
Nicolas Cavallari [Wed, 31 Mar 2021 08:14:47 +0000 (10:14 +0200)]
package/netsnmp: fix script net-snmp-create-v3-user's usage of 'ps'.

net-snmp-create-v3-user uses ps to check if snmpd is running.  To know
how to invoke 'ps', the build system use 'which ps' and does other
checks for the output format of 'ps', therefore inspecting 'ps' on the
build machine instead of the target.

If the build machine runs a OS like Debian, that uses a merged-usr and a
PATH of '/usr/bin:/bin', then 'which ps' returns /usr/bin/ps, which will
not work on the target if it does not also use a merged-usr.

Hardcode 'ps' to be /bin/ps to fix this issue and to improve build
reproducibility.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libcurl: security bump to version 7.76.0
Baruch Siach [Wed, 31 Mar 2021 17:15:52 +0000 (20:15 +0300)]
package/libcurl: security bump to version 7.76.0

CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (since 7.63.0)

CVE-2021-22876: Automatic referer leaks credentials (since 7.1.1)

This version adds optional dependency on libgsasl.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libvips: add poppler optional dependency
Fabrice Fontaine [Tue, 30 Mar 2021 21:43:31 +0000 (23:43 +0200)]
package/libvips: add poppler optional dependency

poppler is an optional dependency which is enabled by default since
version 8.3.0 and
https://github.com/libvips/libvips/commit/8da4e706dd60aba1a69e49bd562d8de225d2404d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libupnp: disable samples
Fabrice Fontaine [Tue, 30 Mar 2021 21:42:13 +0000 (23:42 +0200)]
package/libupnp: disable samples

Disable samples which are built (but not installed) by default since at
least version 1.6.0 and
https://github.com/pupnp/pupnp/commit/89e7a40fcc5c51afacdc9d5f3d18f5338b2bc5e9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mender: install dbus authentication file if dbus is selected
Adam Duskett [Sat, 20 Mar 2021 22:28:35 +0000 (15:28 -0700)]
package/mender: install dbus authentication file if dbus is selected

While not a requirement to run mender itself, the mender-connect package
requires this file to be installed to talk to mender.

Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/x11r7/xapp_xkbcomp: bump version to 1.4.5
Bernd Kuhls [Sat, 27 Mar 2021 12:59:47 +0000 (13:59 +0100)]
package/x11r7/xapp_xkbcomp: bump version to 1.4.5

Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003075.html

Update license hash after upstream removed trailing whitespaces:
https://cgit.freedesktop.org/xorg/app/xkbcomp/commit/COPYING?id=3b3d25dd32ba48fd6d15ca98baf7109af21e1d97

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/xtables-addons: bump version to 3.17
Peter Seiderer [Sun, 21 Mar 2021 14:38:32 +0000 (15:38 +0100)]
package/xtables-addons: bump version to 3.17

Changelog ([1]):

  v3.18 (2021-03-11)
  ==================
  - xt_pknock: fix a build failure on ARM 32-bit

  v3.17 (2021-02-28)
  ==================
  - xt_pknock: cure a NULL deref

  v3.16 (2021-02-24)
  ==================
  - xt_pknock: build fix for ILP32 targets

  v3.15 (2021-02-05)
  ==================
  - xt_ECHO: support new function signature of security_skb_classify_flow
  - xt_lscan: add --mirai option
  - Support for Linux 5.11

  v3.14 (2020-11-24)
  ==================
  - DELUDE, ECHO, TARPIT: use actual tunnel socket (ip_route_me_harder).
  - geoip: scripts for use with MaxMind DB have been brought back,
    partly under new names.
  - Gave xt_geoip_fetch a more fitting name, xt_geoip_query.

[1] https://fossies.org/linux/privat/xtables-addons-3.18.tar.xz/xtables-addons-3.18/doc/changelog.txt

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/qwt: bump version to 6.1.6
Peter Seiderer [Sun, 21 Mar 2021 10:31:20 +0000 (11:31 +0100)]
package/qwt: bump version to 6.1.6

Changelog ([1]):

  1) Maintenance
    - QwtPlotLayout::activate: avoid compiler issues with Qt 5.15
    - QwtPointPolar: missing copy constructor added

[1] https://sourceforge.net/p/qwt/code/HEAD/tree/tags/qwt-6.1.6/CHANGES-6.1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/siproxd: remove license file hash for internal libltdl
Alexander Dahl [Wed, 17 Mar 2021 06:11:33 +0000 (07:11 +0100)]
package/siproxd: remove license file hash for internal libltdl

In a first draft of what ended up in commit 3efc5a250c1c
("package/siproxd: new package") libltdl was optionally built from an
internal copy of siproxd.  Now external libltdl is selected
unconditionally, thus the license file of the internal copy of libtool
does not apply anymore.

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mender: bump version to 2.5.0
Adam Duskett [Sat, 20 Mar 2021 22:28:34 +0000 (15:28 -0700)]
package/mender: bump version to 2.5.0

Other changes:
  - Add host-pkgconf as a dependency. It's used to find OpenSSL.
  - Set new license hashes.

Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mender/mender.mk: fix linker version argument
Adam Duskett [Sat, 20 Mar 2021 22:28:33 +0000 (15:28 -0700)]
package/mender/mender.mk: fix linker version argument

The current linker flag "-X main.Version=$(MENDER_VERSION)" no longer points
to the correct location, which results in "version: unknown" when runnning
"mender -version." Update the linker flag to point to the correct location.

Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mender/mender.mk: use MENDER_PKGDIR variable
Adam Duskett [Sat, 20 Mar 2021 22:28:32 +0000 (15:28 -0700)]
package/mender/mender.mk: use MENDER_PKGDIR variable

Currently there is a mix of calls to package/mender and $(MENDER_PKGDIR) in the
mender.mk file. Standardize the calls to only $(MENDER_PKGDIR).

Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/efivar: disable -Werror
Fabrice Fontaine [Mon, 22 Mar 2021 07:00:47 +0000 (08:00 +0100)]
package/efivar: disable -Werror

Fix the following build failure with gcc 10:

/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-none-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2   -I/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/src/include/   -specs=/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/gcc.specs  -L.  -fPIC -Wl,-z,muldefs     -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -o efivar efivar.c -lefivar -ldl
In file included from efivar.h:28,
                 from efivar.c:40:
In function 'text_to_guid',
    inlined from 'parse_name.constprop' at efivar.c:157:8:
guid.h:106:2: error: 'strncpy' output may be truncated copying 8 bytes from a string of length 38 [-Werror=stringop-truncation]
  106 |  strncpy(eightbytes, text, 8);
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Fixes:
 - http://autobuild.buildroot.org/results/fcba72d359f4128515560e9105384cd4deff5043

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/start-stop-daemon: bump version to 1.20.7.1
Peter Seiderer [Sun, 21 Mar 2021 21:00:13 +0000 (22:00 +0100)]
package/start-stop-daemon: bump version to 1.20.7.1

- rebased 0001-add-uclibc-alias-and-musl.patch
- rebased 0002-just-warn-on-missing-arch.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/tzdata: bump version to 2021a
Peter Seiderer [Sun, 21 Mar 2021 20:58:06 +0000 (21:58 +0100)]
package/tzdata: bump version to 2021a

For details see [1].

[1] https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/sdl2: drop tslib
Fabrice Fontaine [Sun, 21 Mar 2021 16:21:28 +0000 (17:21 +0100)]
package/sdl2: drop tslib

non existing tslib support has been dropped since version 2.0.14 and
https://github.com/libsdl-org/SDL/commit/4c96faee578efcba3f2d6afe8e2122f26b1dfb0b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agosupport/scripts: fix pycompile for short filenames
Bert Outtier [Mon, 29 Mar 2021 10:55:54 +0000 (12:55 +0200)]
support/scripts: fix pycompile for short filenames

Signed-off-by: Bert Outtier <outtierbert@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/acmesystems_acqua_a5: new defconfigs
Edgar Bonet [Mon, 22 Mar 2021 17:14:24 +0000 (18:14 +0100)]
configs/acmesystems_acqua_a5: new defconfigs

The Acqua A5 is a system on module based on the Microchip SAMA5D31 SoC:

    https://www.acmesystems.it/acqua

It is available in both 256 MiB and 512 MiB versions, hence the two
defconfig files. These configs build microSD card images with:

    - AT91Bootstrap 3
    - Linux 5.4.107
    - default buildroot packages (uClibc, Busybox)

The device tree blob comes from Acme Systems:

    https://github.com/AcmeSystems/dts-archive

It is licensed under GPLv2 or later.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/s390-tools: fix zkey build
Fabrice Fontaine [Mon, 22 Mar 2021 07:44:42 +0000 (08:44 +0100)]
package/s390-tools: fix zkey build

Build of zkey fails since bump to version 2.16.0 in commit
b82b58a8ddc3d079aa2976b3dafbc965b6107648

Fixes:
 - http://autobuild.buildroot.org/results/e7f229a98dab188ee9c40e4709fd26bfa67358d3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/wpebackend-fdo: bump to version 1.8.3
Adrian Perez de Castro [Tue, 30 Mar 2021 19:51:18 +0000 (22:51 +0300)]
package/wpebackend-fdo: bump to version 1.8.3

This minor release fixes an issue which would cause applications using
wpewebkit and webkitgtk freeze under certain conditions during normal
browsing. Release notes:

  https://wpewebkit.org/release/wpebackend-fdo-1.8.3.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wpa_supplicant: annotate CVE-2021-27803
Fabrice Fontaine [Mon, 22 Mar 2021 19:13:16 +0000 (20:13 +0100)]
package/wpa_supplicant: annotate CVE-2021-27803

Add a WPA_SUPPLICANT_IGNORE_CVES entry for CVE-2021-27803 which was
fixed by commit 9ada4eb2f1c3d67ee49f6f5466738bcd821fc647, which we
have backported as
0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/binutils: add patches to fix OpenRisc bug 27624
Giulio Benetti [Mon, 22 Mar 2021 15:56:55 +0000 (16:56 +0100)]
package/binutils: add patches to fix OpenRisc bug 27624

These patches fix OpenRisc linker bug 27624 that affects packages
libtheora, protobuf and zeromq.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/pkg-kconfig: fix error string
Giulio Benetti [Mon, 29 Mar 2021 22:41:54 +0000 (00:41 +0200)]
package/pkg-kconfig: fix error string

Current error string speaks only about "fragment" but here we also deal
with Kconfig files, so let's add "file or fragment" instead of "fragment".

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/perl-parse-yapp: remove useless dependencies
Francois Perrad [Tue, 30 Mar 2021 09:00:26 +0000 (11:00 +0200)]
package/perl-parse-yapp: remove useless dependencies

Parse-Yapp comes with a Makefile.PL,
so it is built with the perl core module ExtUtils-MakeMaker

regenerated with `utils/scancpan -force -host Parse-Yapp`

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/modem-manager: bump version to 1.16.2
Petr Vorel [Mon, 29 Mar 2021 18:49:34 +0000 (20:49 +0200)]
package/modem-manager: bump version to 1.16.2

It requires libqmi >= 1.28.0

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/frr: bump to 7.5.1 version
Vadym Kochan [Mon, 22 Mar 2021 13:12:28 +0000 (15:12 +0200)]
package/frr: bump to 7.5.1 version

This is a maintenance release of FRR 7.5 with lots of bug fixes:

    https://github.com/FRRouting/frr/releases/tag/frr-7.5.1

Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/gnutls: drop unrecognized option
Fabrice Fontaine [Mon, 29 Mar 2021 19:30:58 +0000 (21:30 +0200)]
package/gnutls: drop unrecognized option

crywrap has been dropped since version 3.6.12 and
https://github.com/gnutls/gnutls/commit/c991b5223140e4ef311afac0f25272e602238826

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libqmi: fix build when libc doesn't define ARPHRD_RAWIP
Aleksander Morgado [Mon, 29 Mar 2021 22:35:42 +0000 (00:35 +0200)]
package/libqmi: fix build when libc doesn't define ARPHRD_RAWIP

The ARPHRD_RAWIP symbol is used in the rmnet backend in the link
management support now included in libqmi.

If libc doesn't provide this symbol yet, define it ourselves. The
symbol will only be used if rmnet is enabled in the kernel anyway.

This patch will be included in the next libqmi 1.28.4.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr:
  - do an actual backport now it's been applied upstream
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/fastd: add FASTD_CPE_ID_VERSION
Alexander Dahl [Mon, 29 Mar 2021 19:29:05 +0000 (21:29 +0200)]
package/fastd: add FASTD_CPE_ID_VERSION

With that FASTD_CPE_ID expands to:

    cpe:2.3:a:fastd_project:fastd:21.0:*:*:*:*:*:*:*

That's the same as listed on
https://nvd.nist.gov/products/cpe/detail/826746

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libqmi: switch to the new option to disable -Werror
Fabrice Fontaine [Mon, 29 Mar 2021 21:19:56 +0000 (23:19 +0200)]
package/libqmi: switch to the new option to disable -Werror

--enable-more-warnings has been dropped since version 1.26.0 and
https://github.com/freedesktop/libqmi/commit/9f31a45d5fc137431705d47b83669f35259932b4

Instead, a new --disable-Werror option has been added, through the use
of AX_COMPILER_FLAGS, so use that to explicitly request wrnings not be
treated as errors.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: use --disable-Werror instead of nothing]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/squid: security bump to version 4.14
Peter Korsgaard [Tue, 30 Mar 2021 06:10:03 +0000 (08:10 +0200)]
package/squid: security bump to version 4.14

Fixes the following security issues:

- CVE-2020-25097: HTTP Request Smuggling

  Due to improper input validation Squid is vulnerable to an HTTP Request
  Smuggling attack.

For more details, see the advisory:
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/lua: bump to version 5.4.3
Francois Perrad [Tue, 30 Mar 2021 09:01:13 +0000 (11:01 +0200)]
package/lua: bump to version 5.4.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/stellarium: bump version to 0.21.0
Bernd Kuhls [Tue, 30 Mar 2021 07:10:47 +0000 (09:10 +0200)]
package/stellarium: bump version to 0.21.0

Release notes:
http://stellarium.org/release/2021/03/28/stellarium-0.21.0.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/sqlcipher: security bump to version 4.4.3
Fabrice Fontaine [Mon, 29 Mar 2021 20:49:03 +0000 (22:49 +0200)]
package/sqlcipher: security bump to version 4.4.3

Fix CVE-2021-3119: Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer
dereferencing issue related to sqlcipher_export in crypto.c and
sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a
remote denial of service attack. For example, an SQL injection can be
used to execute the crafted SQL command sequence, which causes a
segmentation fault.

https://github.com/sqlcipher/sqlcipher/blob/v4.4.3/CHANGELOG.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-urllib3: security bump to version 1.26.4
Fabrice Fontaine [Mon, 29 Mar 2021 20:39:42 +0000 (22:39 +0200)]
package/python-urllib3: security bump to version 1.26.4

Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
omits SSL certificate validation in some cases involving HTTPS to HTTPS
proxies. The initial connection to the HTTPS proxy (if an SSLContext
isn't given via proxy_config) doesn't verify the hostname of the
certificate. This means certificates for different servers that still
validate properly with the default urllib3 SSLContext will be silently
accepted.

https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-lxml: security bump to version 4.6.3
Fabrice Fontaine [Mon, 29 Mar 2021 20:33:41 +0000 (22:33 +0200)]
package/python-lxml: security bump to version 4.6.3

Fix CVE-2021-28957: lxml 4.6.2 allows XSS. It places the HTML action
attribute into defs.link_attrs (in html/defs.py) for later use in input
sanitization, but does not do the same for the HTML5 formaction
attribute.

https://github.com/lxml/lxml/blob/lxml-4.6.3/CHANGES.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mariadb: security bump to version 10.3.28
Fabrice Fontaine [Mon, 29 Mar 2021 20:26:13 +0000 (22:26 +0200)]
package/mariadb: security bump to version 10.3.28

Fix CVE-2021-27928: A remote code execution issue was discovered in
MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18,
and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep
patch through 2021-03-03 for MySQL. An untrusted search path leads to
eval injection, in which a database SUPER user can execute OS commands
after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not
affect an Oracle product.

https://mariadb.com/kb/en/mariadb-10328-release-notes/
https://mariadb.com/kb/en/mariadb-10328-changelog/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/haserl: security bump to version 0.9.36
Fabrice Fontaine [Mon, 29 Mar 2021 20:10:26 +0000 (22:10 +0200)]
package/haserl: security bump to version 0.9.36

2021-03-07 0.9.36
* Fix sf.net issue #5 - its possible to issue a PUT request
without a CONTENT-TYPE.   Assume an octet-stream in that case.
* Change the Prefix for variables to be the REQUEST_METHOD
(PUT/DELETE/GET/POST)
**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
* Mitigations vs running haserl to get access to files not
available to the user.

- Fix CVE-2021-29133: Lack of verification in haserl, a component of
  Alpine Linux Configuration Framework, before 0.9.36 allows local users
  to read the contents of any file on the filesystem.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/haserl: add HASERL_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 29 Mar 2021 20:10:25 +0000 (22:10 +0200)]
package/haserl: add HASERL_CPE_ID_VENDOR

cpe:2.3:a:haserl_project:hserl is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahaserl_project%3Ahaserl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/wireshark: security bump to version 3.4.4
Fabrice Fontaine [Mon, 29 Mar 2021 19:54:07 +0000 (21:54 +0200)]
package/wireshark: security bump to version 3.4.4

Fix CVE-2021-22191: Improper URL handling in Wireshark 3.4.0 to 3.4.3
and 3.2.0 to 3.2.11 could allow remote code execution via via packet
injection or crafted capture file.

https://www.wireshark.org/security/wnpa-sec-2021-03.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/pulseview: fix patch
Fabrice Fontaine [Thu, 25 Mar 2021 07:34:34 +0000 (08:34 +0100)]
package/pulseview: fix patch

Commit 4b7db318262a023a4a5396b06adafd9fd19d40a3 forgot to restore
upstream patch

Fixes:
 - http://autobuild.buildroot.org/results/589cfc6ea43dc5e714751f05be488f5c469641b9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qt5webkit: add SoB line to 'Fix ICU related compile failures from capital...
Henri Roosen [Mon, 29 Mar 2021 08:28:55 +0000 (10:28 +0200)]
package/qt5webkit: add SoB line to 'Fix ICU related compile failures from capital bool' patch

Fixes: 0f6c209a1d76 ("package/qt5webkit: fix ICU related compile failures from capital bool defines")
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboard/beaglebone: remove genimage_linux41.cfg
Michael Nosthoff [Mon, 22 Mar 2021 15:29:17 +0000 (16:29 +0100)]
board/beaglebone: remove genimage_linux41.cfg

Commit 5502a889dd9f065ec4694a993cfa509377da2cce
("configs/beaglebone_qt5: don't use custom post-image script") removed the use
of genimage_linux41.cfg but didn't remove the file.

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libmbim: bump version to 1.24.6
Petr Vorel [Thu, 25 Mar 2021 18:00:23 +0000 (19:00 +0100)]
package/libmbim: bump version to 1.24.6

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/ca-certificates: bump to version 20210119
John Keeping [Thu, 25 Mar 2021 14:39:46 +0000 (14:39 +0000)]
package/ca-certificates: bump to version 20210119

Upstream has switched to requiring python3, so change the dependency to
always use host-python3.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/janet: bump to version 1.15.4
Francois Perrad [Mon, 22 Mar 2021 19:42:21 +0000 (20:42 +0100)]
package/janet: bump to version 1.15.4

remove 2 patches merged upstream

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/x11r7/xorgproto: reformat license hashes
Bernd Kuhls [Sat, 27 Mar 2021 12:56:29 +0000 (13:56 +0100)]
package/x11r7/xorgproto: reformat license hashes

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xorgproto: bump version to 2021.3
Bernd Kuhls [Sat, 27 Mar 2021 12:56:28 +0000 (13:56 +0100)]
package/x11r7/xorgproto: bump version to 2021.3

Release notes:
https://lists.x.org/archives/xorg-announce/2021-February/003072.html
https://lists.x.org/archives/xorg-announce/2021-February/003073.html

Update license hash after upstream typo fix:
https://cgit.freedesktop.org/xorg/proto/xorgproto/commit/COPYING-x11proto?id=09602b2130b3710bcca4d2707132bd47d4a832ef

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>