buildroot.git
6 years agopackage/python-periphery: bump to version 1.1.2
Pierre-Jean Texier [Mon, 16 Sep 2019 15:39:12 +0000 (17:39 +0200)]
package/python-periphery: bump to version 1.1.2

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-validators: bump version to 0.12.6
Peter Korsgaard [Mon, 16 Sep 2019 14:34:25 +0000 (16:34 +0200)]
package/python-validators: bump version to 0.12.6

Includes a number of post-0.12.2 fixes, including a python 3.7 compatibility
fix:

https://github.com/kvesteri/validators/blob/master/CHANGES.rst

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agosupport/dependencies/dependencies.sh: check for JSON:PP Perl module
Adrian Perez de Castro [Sun, 15 Sep 2019 22:57:43 +0000 (01:57 +0300)]
support/dependencies/dependencies.sh: check for JSON:PP Perl module

The JSON::PP Perl module is used at build time by the webkitgtk and
wpewebkit packages.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-role-tiny: bump to version 2.000008
Francois Perrad [Tue, 17 Sep 2019 18:16:24 +0000 (20:16 +0200)]
package/perl-role-tiny: bump to version 2.000008

The project now ships a proper LICENSE file, with the complete license
text, so we use it instead of the README file. The license remains the
same as Perl, i.e Artistic license or GPL-1.0+.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-net-dns: bump to version 0.56
Francois Perrad [Tue, 17 Sep 2019 18:16:23 +0000 (20:16 +0200)]
package/perl-net-dns: bump to version 0.56

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-mailtools: bump to version 2.21
Francois Perrad [Tue, 17 Sep 2019 18:16:22 +0000 (20:16 +0200)]
package/perl-mailtools: bump to version 2.21

The license file hash has changed, due to changes in the installation
instructions.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-file-slurp: bump to version 9999.28
Francois Perrad [Tue, 17 Sep 2019 18:16:21 +0000 (20:16 +0200)]
package/perl-file-slurp: bump to version 9999.28

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-devel-stacktrace: bump to version 2.04
Francois Perrad [Tue, 17 Sep 2019 18:16:20 +0000 (20:16 +0200)]
package/perl-devel-stacktrace: bump to version 2.04

The copyright year in the LICENSE file was changed, which explains why
the hash is modified:

-This software is Copyright (c) 2000 - 2017 by David Rolsky.
+This software is Copyright (c) 2000 - 2019 by David Rolsky.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-date-manip: bump to version 6.78
Francois Perrad [Tue, 17 Sep 2019 18:16:19 +0000 (20:16 +0200)]
package/perl-date-manip: bump to version 6.78

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-class-method-modifiers: bump to version 2.13
Francois Perrad [Tue, 17 Sep 2019 18:16:18 +0000 (20:16 +0200)]
package/perl-class-method-modifiers: bump to version 2.13

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/fio: bump to version 3.15
Fabrice Fontaine [Mon, 16 Sep 2019 16:51:02 +0000 (18:51 +0200)]
package/fio: bump to version 3.15

- Remove patch (already in version)
- Change FIO_SITE to http://brick.kernel.dk/snaps to remove 'fio-'
  prefix from FIO_VERSION to match what is given by
  release-monitoring.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/fio: fix build with glibc 2.30
Fabrice Fontaine [Mon, 16 Sep 2019 16:51:01 +0000 (18:51 +0200)]
package/fio: fix build with glibc 2.30

Fixes:
 - http://autobuild.buildroot.org/results/ec93c8e7f046b081aaa9e0a76708d61ba1ab921c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-pip: bump to version 19.2.3
Adam Duskett [Mon, 16 Sep 2019 16:51:25 +0000 (09:51 -0700)]
package/python-pip: bump to version 19.2.3

Also:
  Select PYTHON_SSL or PYTHON3_SSL as pip connects to https://pypi.org
  making SSL mandatory for runtime.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/grpc: fix build with glibc 2.30
Fabrice Fontaine [Mon, 16 Sep 2019 16:53:31 +0000 (18:53 +0200)]
package/grpc: fix build with glibc 2.30

Fixes:
 - http://autobuild.buildroot.org/results/42eb63a89228d340cab05c7ab65fab9b02814689

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/haproxy: depends on BR2_TOOLCHAIN_HAS_SYNC_1
Fabrice Fontaine [Mon, 16 Sep 2019 17:01:24 +0000 (19:01 +0200)]
package/haproxy: depends on BR2_TOOLCHAIN_HAS_SYNC_1

Fixes:
 - http://autobuild.buildroot.org/results/512904ace780508de5e3a56b0094bbe6287d751e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoboot/afboot-stm32: bump to version 0.2
Fabrice Fontaine [Mon, 16 Sep 2019 17:16:57 +0000 (19:16 +0200)]
boot/afboot-stm32: bump to version 0.2

Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libglib2: make util-linux an optional dependency
Adam Duskett [Mon, 16 Sep 2019 19:16:05 +0000 (12:16 -0700)]
package/libglib2: make util-linux an optional dependency

libglib2 needs util-linux only for libmount, which is a configuration option.
Instead, check if util-linux-libmount is selected, and if so, set the option
to true.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libglib2: bump to version 2.62.0
Adam Duskett [Mon, 16 Sep 2019 19:16:04 +0000 (12:16 -0700)]
package/libglib2: bump to version 2.62.0

Other changes:
 - Refactor 0002-add-option-to-build-tests.patch to work with the new version.
 - Add the new option oss_fuzz=disabled to HOST_LIBGLIB2_CONF_OPTS and
   LIBGLIB2_CONF_OPTS.
 - Change -Diconv=gnu to -Diconv=external as the option has changed.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: adjust e-mail address for Giulio Benetti
Giulio Benetti [Mon, 16 Sep 2019 20:04:45 +0000 (22:04 +0200)]
DEVELOPERS: adjust e-mail address for Giulio Benetti

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: add Pierre-Jean Texier for mxml
Pierre-Jean Texier [Mon, 16 Sep 2019 21:13:41 +0000 (23:13 +0200)]
DEVELOPERS: add Pierre-Jean Texier for mxml

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/mxml: bump to version 3.1
Pierre-Jean Texier [Mon, 16 Sep 2019 21:13:40 +0000 (23:13 +0200)]
package/mxml: bump to version 3.1

See https://github.com/michaelrsweet/mxml/releases/tag/v3.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/syslog-ng: version bump to 3.23.1
Chris Packham [Tue, 17 Sep 2019 08:51:20 +0000 (20:51 +1200)]
package/syslog-ng: version bump to 3.23.1

Update to latest syslog-ng version.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/wireguard: bump version to 0.0.20190913
Peter Korsgaard [Mon, 16 Sep 2019 21:14:38 +0000 (23:14 +0200)]
package/wireguard: bump version to 0.0.20190913

For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004539.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libopenssl: security bump to version 1.1.1d
Peter Korsgaard [Tue, 17 Sep 2019 13:23:18 +0000 (15:23 +0200)]
package/libopenssl: security bump to version 1.1.1d

Fixes the following security vulnerabilities:

- ECDSA remote timing attack (CVE-2019-1547)
  Severity: Low

- Fork Protection (CVE-2019-1549)
  Severity: Low

- Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
  Severity: Low

For more details, see the advisory:
https://www.openssl.org/news/secadv/20190910.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/openvmtools: source default file
Simon Rowe [Tue, 17 Sep 2019 09:31:41 +0000 (10:31 +0100)]
package/openvmtools: source default file

In the SYSV init script allow /etc/default/vmtoolsd to override $ARGS
(if it present)

Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libcroco: bump version to 0.6.13
Bernd Kuhls [Sat, 31 Aug 2019 10:35:19 +0000 (12:35 +0200)]
package/libcroco: bump version to 0.6.13

Removed patches applied upstream:
https://github.com/GNOME/libcroco/commit/898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
https://github.com/GNOME/libcroco/commit/9ad72875e9f08e4c519ef63d44cdbd94aa9504f7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/mosquitto: bump version to 1.6.5
Peter Korsgaard [Mon, 16 Sep 2019 07:32:01 +0000 (09:32 +0200)]
package/mosquitto: bump version to 1.6.5

Bugfix release, fixing a number of issues:

- Fix v5 DISCONNECT packets with remaining length == 2 being treated as a
  protocol error.  Closes #1367.
- Fix support for libwebsockets 3.x (excluding 3.2.0)
- Fix slow websockets performance when sending large messages.  Closes
  #1390.
- Fix bridges potentially not connecting on Windows.  Closes #478.
- Fix clients authorised using use_identity_as_username or
  use_subject_as_username being disconnected on SIGHUP.  Closes #1402.
- Improve error messages in some situations when clients disconnect.
  Reduces the number of "Socket error on client X, disconnecting" messages.
- Fix Will for v5 clients not being sent if will delay interval was greater
  than the session expiry interval.  Closes #1401.
- Fix CRL file not being reloaded on HUP.  Closes #35.
- Fix repeated "Error in poll" messages on Windows when only websockets
  listeners are defined.  Closes #1391.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopython-flask-login: bump to version 0.4.1
Sébastien Szymanski [Mon, 16 Sep 2019 07:19:55 +0000 (09:19 +0200)]
python-flask-login: bump to version 0.4.1

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/ytree: new package
Bernd Kuhls [Wed, 4 Sep 2019 21:21:17 +0000 (23:21 +0200)]
package/ytree: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/vnstat: bump version to 2.4
Bernd Kuhls [Wed, 4 Sep 2019 18:50:22 +0000 (20:50 +0200)]
package/vnstat: bump version to 2.4

Added license hash.

vnstat as of version 2.0 requires sqlite:
https://github.com/vergoh/vnstat/commit/bb24d7bd0f5e9051872f88a98f8b7906b4959aa7

Added --disable-extra-paths to _CONF_OPTS to prevent build error:
https://github.com/vergoh/vnstat/commit/fffc15d877edf37ff42ab057e1f30c70e6e99314

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libite: bump version to 2.1.0
Bernd Kuhls [Wed, 4 Sep 2019 18:03:20 +0000 (20:03 +0200)]
package/libite: bump version to 2.1.0

Added md5 hash provided by upstream.
Switched _SOURCE to .xz tarball provided by upstream.
This tarball contains a configure script so we do not need to
autoreconf anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/apr: fix non-portable atomics
Bernd Kuhls [Wed, 4 Sep 2019 19:33:15 +0000 (21:33 +0200)]
package/apr: fix non-portable atomics

apr-1.7.0 added support for 8 bytes atomics for 32 bit archs
https://github.com/apache/apr/commit/2f61f960c81e4a45f3849baa7563812e7e526436

We need to adjust our _CONF_OPTS which fixes an apache build error.

Fixes:
http://autobuild.buildroot.net/results/f24/f2461c1ed542e050afd761db5faeaaff1f51775b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/jsoncpp: bump version to 1.9.1
Bernd Kuhls [Wed, 4 Sep 2019 21:02:38 +0000 (23:02 +0200)]
package/jsoncpp: bump version to 1.9.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/jsoncpp: switch build system to meson
Bernd Kuhls [Wed, 4 Sep 2019 21:02:37 +0000 (23:02 +0200)]
package/jsoncpp: switch build system to meson

Bumping jsoncpp to 1.9.1 will cause a CMake-related build error:
https://github.com/open-source-parsers/jsoncpp/issues/970

To fix the bug upstream suggests to switch to meson:
"Our official policy has been only supporting the meson build, and
 having users submit fixes for the CMake build."
https://github.com/open-source-parsers/jsoncpp/issues/970#issuecomment-509794015

Remove all _CONF_OPTS as they are not supported by meson.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libpjsip: bump to 2.9
Luca Ceresoli [Thu, 5 Sep 2019 10:01:09 +0000 (12:01 +0200)]
package/libpjsip: bump to 2.9

Updates:
 - remove patch now upstream
 - remove --disable-oss, not supported anymore
 - 2.9 supports gnutls, add optional dependency
 - bonus: switch to https for downloading

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/lrzip: new package
Sam Lancia [Sun, 8 Sep 2019 08:03:16 +0000 (09:03 +0100)]
package/lrzip: new package

lrzip is a compression utility that excels at compressing
large files (usually > 10-50 MB)

Signed-off-by: Sam Lancia <sam@gpsm.co.uk>
[Thomas: license is GPL-2.0+, not GPL-2.0]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/expat: security bump to version 2.2.8
Peter Korsgaard [Sun, 15 Sep 2019 20:21:42 +0000 (22:21 +0200)]
package/expat: security bump to version 2.2.8

Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/ltp-testsuite: fix build with glibc 2.30
Fabrice Fontaine [Wed, 4 Sep 2019 21:32:56 +0000 (23:32 +0200)]
package/ltp-testsuite: fix build with glibc 2.30

Fixes:
 - http://autobuild.buildroot.org/results/e8b72f5d93d3565d41364a52c0024a0292a06b41

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luv: install libluv.pc.in
Fabrice Fontaine [Thu, 5 Sep 2019 17:07:31 +0000 (19:07 +0200)]
package/luv: install libluv.pc.in

Archive 1.30.1-0 doesn't contain libluv.pc.in which will break the build

Fixes:
 - http://autobuild.buildroot.org/results/5ec6b5a3622c343f7e401b7da7d4a1da15be2733

This issue has been fixed upstream in
https://github.com/luvit/luv/commit/946784fba047bcd275554b5040949e3d70994b30,
which should be in the next release.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/libcamera: link with atomic when needed
Fabrice Fontaine [Thu, 5 Sep 2019 16:53:06 +0000 (18:53 +0200)]
package/libcamera: link with atomic when needed

Fixes:
 - http://autobuild.buildroot.org/results/1f0b8338f5f39aa86b9d432598dae2f53c5f7c84

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/uclibc: fix termios redefinition issue for PowerPC
Vadim Kochan [Sun, 8 Sep 2019 07:29:59 +0000 (10:29 +0300)]
package/uclibc: fix termios redefinition issue for PowerPC

Fix redefinition of 'struct termios' by syncing termios powerpc headers
from glibc, the commit which fixed the same issue in glibc:

    d4795e4a43e6f0c221bc5dc64c612206a21a177b PowerPC: Fix termios definitions

    https://sourceware.org/git/?p=glibc.git;a=commit;h=d4795e4a43e6f0c221bc5dc64c612206a21a177b

it fixed the following bug request:

    https://bugzilla.redhat.com/show_bug.cgi?id=1122714

In case of Buildroot it fixes flashrom build for PowerPC.

Fixes:
http://autobuild.buildroot.net/results/797dde5cbf0e94162c7cc7b557841605c78ac2f3/

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/x11r7/xlib_libXpm: add license file, add hashes
Christopher McCrory [Sun, 8 Sep 2019 16:13:16 +0000 (09:13 -0700)]
package/x11r7/xlib_libXpm: add license file, add hashes

Add COPYRIGHT to LICENSE_FILES, and add hashes for both license files.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/x11r7/xlib_libXt: add license file hash
Christopher McCrory [Sun, 8 Sep 2019 16:13:09 +0000 (09:13 -0700)]
package/x11r7/xlib_libXt: add license file hash

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/x11r7/xlib_libXaw: add license file hash
Christopher McCrory [Sun, 8 Sep 2019 16:12:58 +0000 (09:12 -0700)]
package/x11r7/xlib_libXaw: add license file hash

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/zsh: bump to version 5.7.1
Christopher McCrory [Sun, 8 Sep 2019 16:12:52 +0000 (09:12 -0700)]
package/zsh: bump to version 5.7.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/xxhash: bump to version 0.7.1
Christopher McCrory [Sun, 8 Sep 2019 16:12:43 +0000 (09:12 -0700)]
package/xxhash: bump to version 0.7.1

update hash for xxhsum.c, only code changes, not license.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/xterm: bump to version 348
Christopher McCrory [Sun, 8 Sep 2019 16:12:37 +0000 (09:12 -0700)]
package/xterm: bump to version 348

Replace version.c by COPYING in LICENSE_FILES, and add a hash for the
license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: drop version.c in the license files, the newly introduced
COPYING file is much better]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/xtables-addons: bump to version 3.4
Christopher McCrory [Sun, 8 Sep 2019 16:12:29 +0000 (09:12 -0700)]
package/xtables-addons: bump to version 3.4

Add hash for LICENSE.

This version works with linux kernel 5.0 and newer. It requires
CONFIG_NF_NAT enabled in the kernel configuration, otherwise it fails
to build:

ERROR: "nf_nat_setup_info" [/home/thomas/projets/buildroot/output/build/xtables-addons-3.4/extensions/xt_DNETMAP.ko] undefined!

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: enable CONFIG_NF_NAT in the kernel configuration.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/xfsprogs: bump to version 5.2.1
Christopher McCrory [Sun, 8 Sep 2019 16:12:23 +0000 (09:12 -0700)]
package/xfsprogs: bump to version 5.2.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/wireshark: bump to version 3.0.3
Christopher McCrory [Sun, 8 Sep 2019 16:12:17 +0000 (09:12 -0700)]
package/wireshark: bump to version 3.0.3

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/slang: bump to version 2.3.2
Christopher McCrory [Sun, 8 Sep 2019 16:11:52 +0000 (09:11 -0700)]
package/slang: bump to version 2.3.2

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/rrdtool: bump to version 1.7.2
Christopher McCrory [Sun, 8 Sep 2019 16:11:47 +0000 (09:11 -0700)]
package/rrdtool: bump to version 1.7.2

Update hash for license files (update in year and address, some
whitespace changes)

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/aespipe: bump to version 2.4e
Fabrice Fontaine [Sun, 8 Sep 2019 08:01:39 +0000 (10:01 +0200)]
package/aespipe: bump to version 2.4e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agosupport/scripts/pkg-stats: simplify Git commit id retrieval
Thomas Petazzoni [Thu, 12 Sep 2019 16:55:22 +0000 (18:55 +0200)]
support/scripts/pkg-stats: simplify Git commit id retrieval

As suggested by Baruch Siach, using "git rev-parse HEAD" is a lot
simpler than playing around with "git log" to just retrieve the commit
id corresponding to the current HEAD.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luvi: fixup the 'v' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 18:19:01 +0000 (20:19 +0200)]
package/luvi: fixup the 'v' prefix in the version

In order for the luvi version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LUVI_SOURCE and LUVI_SITE and not LUVI_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/openpowerlink: fixup the 'V' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 18:14:40 +0000 (20:14 +0200)]
package/openpowerlink: fixup the 'V' prefix in the version

In order for the openpowerlink version to match what is given by
release-monitoring.org, the 'V' prefix should be encoded in
OPENPOWERLINK_SOURCE and OPENPOWERLINK_SITE and not
OPENPOWERLINK_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/python-sip: add hashes for license files
Mohana Datta Yelugoti [Wed, 11 Sep 2019 13:47:18 +0000 (19:17 +0530)]
package/python-sip: add hashes for license files

Signed-off-by: Mohana Datta Yelugoti <ymdatta.work@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoconfigs/lafrite: new defconfig
Peter Korsgaard [Sat, 14 Sep 2019 05:56:20 +0000 (07:56 +0200)]
configs/lafrite: new defconfig

Add basic support for the Libre Computer "La Frite" SBC.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/eudev: add missing user/groups "kvm" and "render"
Carlos Santos [Sun, 15 Sep 2019 12:32:30 +0000 (09:32 -0300)]
package/eudev: add missing user/groups "kvm" and "render"

They are required by the default udev rules.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12141
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: add Pierre-Jean Texier for fping
Pierre-Jean Texier [Sun, 15 Sep 2019 13:02:04 +0000 (15:02 +0200)]
DEVELOPERS: add Pierre-Jean Texier for fping

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/fping: bump to version 4.2
Pierre-Jean Texier [Sun, 15 Sep 2019 13:02:03 +0000 (15:02 +0200)]
package/fping: bump to version 4.2

See full Changelog: http://fping.org/dist/CHANGELOG.md

Also add hash for license file

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luarocks: refactor Buildroot addon with new argparse module
Francois Perrad [Tue, 10 Sep 2019 03:30:09 +0000 (05:30 +0200)]
package/luarocks: refactor Buildroot addon with new argparse module

The wellknown module `argparse` is now used by LuaRocks 3.2.0, instead
of a homemade argument parsing.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luarocks: fix generated configuration when luajit
Francois Perrad [Tue, 10 Sep 2019 03:30:08 +0000 (05:30 +0200)]
package/luarocks: fix generated configuration when luajit

this trick removes the need of the patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luarocks: bump to version 3.2.1
Francois Perrad [Tue, 10 Sep 2019 03:30:07 +0000 (05:30 +0200)]
package/luarocks: bump to version 3.2.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/eventlog: remove package
Chris Packham [Mon, 9 Sep 2019 09:54:32 +0000 (21:54 +1200)]
package/eventlog: remove package

Since syslog-ng 3.11.1 eventlog has been bundled with the sources.
Remove the separate package.

We don't add Config.in.legacy handling because eventlog was only used
by syslog-ng, and was not really meant to be used by anyone else, so
there is no point in warning users who had this package enabled in
their configuration that it no longer exists, as it was only used by
syslog-ng, and syslog-ng now bundles eventlog.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
[Thomas: extend explanation about why we don't have any
Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/paho-mqtt-c: bump to version 1.3.1
Julien Grossholtz [Mon, 9 Sep 2019 08:35:31 +0000 (10:35 +0200)]
package/paho-mqtt-c: bump to version 1.3.1

paho-mqtt-c 1.3.1 is the latest stable release. The latest release
contains various bug fixes and adds TLS-PSK encryption support.

Release notes: https://github.com/eclipse/paho.mqtt.c/milestone/6?closed=1

Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoDEVELOPERS: add Yegor Yefremov to dhcpcd and nftables package
Yegor Yefremov [Mon, 9 Sep 2019 08:54:36 +0000 (10:54 +0200)]
DEVELOPERS: add Yegor Yefremov to dhcpcd and nftables package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/paho-mqtt-cpp: bump to version 1.0.1
Refik TUZAKLI [Mon, 9 Sep 2019 08:47:12 +0000 (08:47 +0000)]
package/paho-mqtt-cpp: bump to version 1.0.1

Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/qemu: add optional dependency on nettle
Alexander Dahl [Wed, 11 Sep 2019 08:40:39 +0000 (10:40 +0200)]
package/qemu: add optional dependency on nettle

Qemu can optionally depend on nettle if available, so we should take
into account this optional dependency.

Cc: Florian Wolters <florian@florian-wolters.de>
Signed-off-by: Alexander Dahl <post@lespocky.de>
[Thomas: reword commit log, so that it makes sense in the context of
upstream Buildroot]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/thttpd: fix systemd startup
Carlos Santos [Wed, 28 Aug 2019 02:16:25 +0000 (23:16 -0300)]
package/thttpd: fix systemd startup

Create the configuration file as /etc/thttpd.conf, as expected by the
systemd unit file.

This matches other web server packages that install configuration files
at /etc/lighttpd/, /etc/apache2, etc.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/bc: bump to 1.07.1
Matt Weber [Fri, 13 Sep 2019 18:57:42 +0000 (13:57 -0500)]
package/bc: bump to 1.07.1

* Added license hash files
* Updated site to new GNU location
* Reconfig required to use newer automake
* Dropped patch for 01_array_initialize.patch as it was fixed
* Refactored patches for makeinfo variable and write io errs
* Added new dc fix exit code patch from Debian sid
* Added new libmath offline gen cross-compile patch from Yocto

Upstream patch status: Pending

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/links: add hash for COPYING file
Petr Vorel [Fri, 13 Sep 2019 21:13:53 +0000 (23:13 +0200)]
package/links: add hash for COPYING file

Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoconfigs/raspberrypi0: use dedicated rpi0 dts file
Peter Korsgaard [Sat, 14 Sep 2019 12:05:29 +0000 (14:05 +0200)]
configs/raspberrypi0: use dedicated rpi0 dts file

Since the bump to the 20190819 snapshot there is now a dedicated dts file
for the rpi0, so use that rather than the rpi-b-plus one:

https://github.com/raspberrypi/linux/commit/bd1336d8b6544ce5c7ddb197c3d8c539082dac66

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agoconfigs/raspberrypi0w: fix dts file name after kernel bump
Peter Korsgaard [Sat, 14 Sep 2019 12:05:28 +0000 (14:05 +0200)]
configs/raspberrypi0w: fix dts file name after kernel bump

Fixes #12816

Commit 42d22f3bdba41da ({configs/raspberrypi,package/rpi-firmware}: bump
kernel/firmware to 20190819 version) updated the kernel version but failed
to take into consideration that the rpi0w dts file has been renamed:

https://github.com/raspberrypi/linux/commit/6f91b5dbfdb62a434571a73f2dc15181963e3bea

Fix it by renaming the dts/dtb file referenced from the kernel build and
genimage.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/util-linux: create $(TARGET_DIR)/etc/pam.d if necessary
Carlos Santos [Sat, 14 Sep 2019 16:41:43 +0000 (13:41 -0300)]
package/util-linux: create $(TARGET_DIR)/etc/pam.d if necessary

Useful for test purposes when we want to install util-linux with a
custom TARGET_DIR, e.g.

    $ make util-linux-reinstall TARGET_DIR=/tmp/util-linux

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/kompexsqlite: use github macro
Fabrice Fontaine [Sat, 14 Sep 2019 14:52:42 +0000 (16:52 +0200)]
package/kompexsqlite: use github macro

Use github macro and drop SOURCE variable to keep the default SOURCE
value which gives a much more sensible tarball name

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/thttpd: fix init script
Carlos Santos [Sun, 15 Sep 2019 00:06:57 +0000 (21:06 -0300)]
package/thttpd: fix init script

The init script provided by thttpd is for FreeBSD. Add a custom one,
made specifically for Buildroot.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/flatcc: bump to version 0.6.0
Fabrice Fontaine [Sun, 15 Sep 2019 11:43:58 +0000 (13:43 +0200)]
package/flatcc: bump to version 0.6.0

Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/findutils: bump to version 4.7
Fabrice Fontaine [Sun, 15 Sep 2019 11:32:46 +0000 (13:32 +0200)]
package/findutils: bump to version 4.7

- Remove patches (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/sslh: fixup the 'v' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 17:46:30 +0000 (19:46 +0200)]
package/sslh: fixup the 'v' prefix in the version

In order for the sslh version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
SSLH_SOURCE and not SSLH_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/chrony: drop musl patch
Fabrice Fontaine [Sat, 14 Sep 2019 09:32:27 +0000 (11:32 +0200)]
package/chrony: drop musl patch

This patch is not needed as musl defines SCM_TIMESTAMPING_PKTINFO since
version 1.1.19 and
https://git.musl-libc.org/cgit/musl/commit/?id=c35a8bf456ca6ef74e3cc7c4d8f63572bc1e1167

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/chrony: bump to version 3.5
Fabrice Fontaine [Sat, 14 Sep 2019 09:32:26 +0000 (11:32 +0200)]
package/chrony: bump to version 3.5

Remove second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/cbootimage: bump to version 1.8
Fabrice Fontaine [Sat, 14 Sep 2019 07:24:17 +0000 (09:24 +0200)]
package/cbootimage: bump to version 1.8

- Remove patch (already in version)
- Remove glic or uclibc toolchain dependency, not needed since
  https://github.com/NVIDIA/cbootimage/commit/3b3c3cccf0640326229935be5ff702ac948fd51b
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/wireguard: bump version to 0.0.20190905
Peter Korsgaard [Wed, 11 Sep 2019 13:19:14 +0000 (15:19 +0200)]
package/wireguard: bump version to 0.0.20190905

For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004483.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libnss: fix build failure on aarch64_be
Giulio Benetti [Wed, 11 Sep 2019 13:17:11 +0000 (15:17 +0200)]
package/libnss: fix build failure on aarch64_be

Fixes:
http://autobuild.buildroot.net/results/bfd29593bb6c53d3e9e2d02d2ed6bea360d99c00/

In libnss there is a bug leading to build failure due to double declared
functions. This is due to 2 different #ifdef statements treating the
same function-set.

Add patch to fix this by making the 2 #ifdef statements equal.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years ago{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Peter Korsgaard [Wed, 11 Sep 2019 11:40:35 +0000 (13:40 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/libcurl: security bump to version 7.66.0
Peter Korsgaard [Wed, 11 Sep 2019 11:27:35 +0000 (13:27 +0200)]
package/libcurl: security bump to version 7.66.0

Fixes the following security vulnerabilities:

CVE-2019-5481: FTP-KRB double-free
https://curl.haxx.se/docs/CVE-2019-5481.html

CVE-2019-5482: TFTP small blocksize heap buffer overflow
https://curl.haxx.se/docs/CVE-2019-5482.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 years agopackage/kompexsqlite: fixup the 'v' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 17:22:56 +0000 (19:22 +0200)]
package/kompexsqlite: fixup the 'v' prefix in the version

In order for the kompexsqlite version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
KOMPEXSQLITE_SOURCE and not KOMPEXSQLITE_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/zziplib: fixup the 'v' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 17:06:33 +0000 (19:06 +0200)]
package/zziplib: fixup the 'v' prefix in the version

In order for the zziplib version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ZZIPLIB_SITE and not ZZIPLIB_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/perl-class-std-fast: fixup the 'v' prefix in the version
Fabrice Fontaine [Wed, 11 Sep 2019 17:01:50 +0000 (19:01 +0200)]
package/perl-class-std-fast: fixup the 'v' prefix in the version

In order for the perl-class-std-fast version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
PERL_CLASS_STD_FAST_SOURCE and not PERL_CLASS_STD_FAST_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/nodejs: security bump to version v10.16.3
Peter Korsgaard [Thu, 12 Sep 2019 19:43:54 +0000 (21:43 +0200)]
package/nodejs: security bump to version v10.16.3

Fixes the following security vulnerabilities:

- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
  from a specified resource over multiple streams.  They manipulate window
  size and stream priority to force the server to queue the data in 1-byte
  chunks.  Depending on how efficiently this data is queued, this can
  consume excess CPU, memory, or both, potentially leading to a denial of
  service.

- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume excess
  CPU, memory, or both, potentially leading to a denial of service.

- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way that
  causes substantial churn to the priority tree.  This can consume excess
  CPU, potentially leading to a denial of service.

- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
  sends an invalid request over each stream that should solicit a stream of
  RST_STREAM frames from the peer.  Depending on how the peer queues the
  RST_STREAM frames, this can consume excess memory, CPU, or both,
  potentially leading to a denial of service.

- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
  frames to the peer.  Since the RFC requires that the peer reply with one
  acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
  equivalent in behavior to a ping.  Depending on how efficiently this data
  is queued, this can consume excess CPU, memory, or both, potentially
  leading to a denial of service.

- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
  headers with a 0-length header name and 0-length header value, optionally
  Huffman encoded into 1-byte or greater headers.  Some implementations
  allocate memory for these headers and keep the allocation alive until the
  session dies.  This can consume excess memory, potentially leading to a
  denial of service.

- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave the
  TCP window closed so the peer cannot actually write (many of) the bytes on
  the wire.  The attacker then sends a stream of requests for a large
  response object.  Depending on how the servers queue the responses, this
  can consume excess memory, CPU, or both, potentially leading to a denial
  of service.

- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
  with an empty payload and without the end-of-stream flag.  These frames
  can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.  The peer spends
  time processing each frame disproportionate to attack bandwidth.  This can
  consume excess CPU, potentially leading to a denial of service.
  (Discovered by Piotr Sikora of Google)

Notice that this version bump requires nghttp2 1.39.2.  It also includes an
(unconditional) embedded copy of brotli.

Update the license hash because of copyright year changes and the addition
of the MIT-style license text for large_pages and brotli.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/nghttp2: security bump to version 1.39.2
Peter Korsgaard [Thu, 12 Sep 2019 19:43:53 +0000 (21:43 +0200)]
package/nghttp2: security bump to version 1.39.2

Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/jo: bump to version 1.2
Peter Korsgaard [Thu, 12 Sep 2019 19:56:05 +0000 (21:56 +0200)]
package/jo: bump to version 1.2

Drop the v prefix on the download URL as the 1.2 git tag is just '1.2' and
add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/ccache: bump to version 3.7.4
Asaf Kahlon [Fri, 13 Sep 2019 14:16:27 +0000 (17:16 +0300)]
package/ccache: bump to version 3.7.4

- Update CCACHE_SITE to github.

- The hash of the license file is updated. There were two changes:

  * The reference to the credits.html file changed from
    ccache.samba.org to ccache.dev

  * The MIT license text for minitrace.[ch] was added, but it doesn't
    change the fact that the whole is under GPL-3.0, and we anyway
    already had "GPL-3.0, others" in CCACHE_LICENSE

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/luksmeta: bump to version v9
Peter Korsgaard [Thu, 12 Sep 2019 20:14:37 +0000 (22:14 +0200)]
package/luksmeta: bump to version v9

Bugfix release, fixing a potential infinite loop when handling the LUKS
header:

git shortlog v8..v9
Daniel Kopeček (2):
      Use asciidoc as the manual page source format
      Generate manual page from source during build time

Milan Broz (1):
      Fix infinite loop when initializing trimmed LUKS header.

Nathaniel McCallum (3):
      Fix invalid man page section reference
      Fix typos in the man page
      Release version 9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/wine: bump to version 4.0.2
André Hentschel [Thu, 12 Sep 2019 21:16:29 +0000 (23:16 +0200)]
package/wine: bump to version 4.0.2

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/links: bump to version 2.20
Petr Vorel [Thu, 29 Aug 2019 20:02:12 +0000 (22:02 +0200)]
package/links: bump to version 2.20

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/gawk: bump to version 5.0.1
Christopher McCrory [Fri, 30 Aug 2019 18:44:12 +0000 (11:44 -0700)]
package/gawk: bump to version 5.0.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agopackage/nfs-utils: always use libtirpc and enable IPv6
Carlos Santos [Wed, 11 Sep 2019 20:33:44 +0000 (17:33 -0300)]
package/nfs-utils: always use libtirpc and enable IPv6

nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.

As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 years agosupport/scripts/pkg-stats: extract current commit id, not master
Thomas Petazzoni [Thu, 29 Aug 2019 07:22:33 +0000 (09:22 +0200)]
support/scripts/pkg-stats: extract current commit id, not master

pkg-stats extracts the Buildroot commit id from which the package
information was collected. However, when doing so, it always assumes
we're using the master branch, by running "git log master".

But in fact, pkg-stats can be run from any branch/tag, so it makes a
lot more sense to use "git log HEAD".

Cc: victor.huesca@bootlin.com
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>