buildroot.git
7 years agopackage/bluez5_utils: security bump version to 5.47
Bernd Kuhls [Sat, 16 Sep 2017 08:41:17 +0000 (10:41 +0200)]
package/bluez5_utils: security bump version to 5.47

Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and
earlier are vulnerable to an information disclosure vulnerability which
allows remote attackers to obtain sensitive information from the bluetoothd
process memory.  This vulnerability lies in the processing of SDP search
attribute requests.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostella: fix error when building with uClibc-ng
Sergio Prado [Sat, 16 Sep 2017 13:37:09 +0000 (10:37 -0300)]
stella: fix error when building with uClibc-ng

The uClibc-ng C library defines a type called R0 that conflits with a
global variable called R0 from PaddleReader.cxx.

src/emucore/tia/PaddleReader.cxx:25:3: error: ‘constexpr const double R0’ redeclared as different kind of symbol
   R0 = 1.5e3,
   ^

/home/sprado/workspace/build/buildroot/build/stella_uclibc/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/sys/ucontext.h:42:3:note: previous declaration ‘<anonymous enum> R0’
   R0 = 0,
   ^~

So let's redefine R0 as a private member of the PaddleReader class.

This patch has already been accepted upstream [1] and should be removed in
the next version bump.

[1] https://github.com/stella-emu/stella/commit/391601d2386e41372d6fa198fbe40287d2e87542

Fixes:

http://autobuild.buildroot.net/results/9ab5772f01236eaa7def66a2f443f13efca8c34c
http://autobuild.buildroot.net/results/5a4a194fe85e04ab31b146367c5a45e4f7688fca
http://autobuild.buildroot.net/results/31f6bb3f5879d056fe152ca19b6b0367cc636212
...

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pinentry: bump version to 1.0.0
Bernd Kuhls [Sun, 17 Sep 2017 15:18:35 +0000 (17:18 +0200)]
package/pinentry: bump version to 1.0.0

Removed patch applied upstream:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commitdiff;h=f0db3192463cccf4541820de36d985629c4df6ee

Added sha256 hash.

Added dependencies to libassuan & libgpg-error needed after
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=302903f76b8d62b1e07219a203f7219cb3aff7d8

Removed CXXFLAGS added for gcc >= 5.x as noted by Thomas:
https://git.buildroot.net/buildroot/commit/package/pinentry?id=9694305ae0b2a7dbdcc74e2c646d392ceed9876f

Renamed configure option -pinentry-qt4 to -pinentry-qt after
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=abb59f50abf698ff1e56490fb39bcc98c26ab44b
Qt5 support, also added by this upstream commit, will be added to this
package with a subsequent commit.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/imagemagick: security bump to version 7.0.7-1
Bernd Kuhls [Sun, 17 Sep 2017 09:16:52 +0000 (11:16 +0200)]
package/imagemagick: security bump to version 7.0.7-1

Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pcmanfm: bump version to 1.2.5
Bernd Kuhls [Sun, 17 Sep 2017 08:27:27 +0000 (10:27 +0200)]
package/pcmanfm: bump version to 1.2.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libfm: bump version to 1.2.5
Bernd Kuhls [Sun, 17 Sep 2017 08:27:26 +0000 (10:27 +0200)]
package/libfm: bump version to 1.2.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pcsc-lite: bump version to 1.8.22
Bernd Kuhls [Sun, 17 Sep 2017 08:25:24 +0000 (10:25 +0200)]
package/pcsc-lite: bump version to 1.8.22

Release notes:
http://lists.alioth.debian.org/pipermail/pcsclite-muscle/2017-June/000925.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/pcre2: bump version to 10.30
Bernd Kuhls [Sun, 17 Sep 2017 08:20:33 +0000 (10:20 +0200)]
package/pcre2: bump version to 10.30

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/libgcrypt: bump version to 1.8.1
Bernd Kuhls [Sun, 17 Sep 2017 09:56:25 +0000 (11:56 +0200)]
package/libgcrypt: bump version to 1.8.1

Added sha1 hash provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/phytool: bump version to 2
Bernd Kuhls [Sun, 17 Sep 2017 09:40:02 +0000 (11:40 +0200)]
package/phytool: bump version to 2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/php-ssh2: bump version to 1.1.2
Bernd Kuhls [Sun, 17 Sep 2017 09:23:18 +0000 (11:23 +0200)]
package/php-ssh2: bump version to 1.1.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agonetsnmp: install all MIB files
Julien Floret [Fri, 8 Sep 2017 13:45:48 +0000 (15:45 +0200)]
netsnmp: install all MIB files

Since commit be8e32d585f3 ("netsnmp: configurable MIB modules"),
the list of MIB modules can be selected with a configuration option.

However, there was still an hardcoded list of MIB files to exclude from
the target filesystem.
Since it is complicated to know which MIB files are necessary according
to the configuration, let's install all of them.

Cc: przemyslaw <przemyslaw.wrzos@calyptech.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
7 years agopackage/nmon: bump version to 16g
Bernd Kuhls [Wed, 13 Sep 2017 13:57:44 +0000 (15:57 +0200)]
package/nmon: bump version to 16g

Switched _SITE to https

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoshairport-sync: bump to version 3.1.2
Jörg Krause [Wed, 13 Sep 2017 19:40:06 +0000 (21:40 +0200)]
shairport-sync: bump to version 3.1.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/ndisc6: bump version to 1.0.3
Bernd Kuhls [Wed, 13 Sep 2017 09:38:23 +0000 (11:38 +0200)]
package/ndisc6: bump version to 1.0.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/ncmpc: bump version to 0.27
Bernd Kuhls [Wed, 13 Sep 2017 09:33:54 +0000 (11:33 +0200)]
package/ncmpc: bump version to 0.27

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/ncdu: bump version to 1.12
Bernd Kuhls [Wed, 13 Sep 2017 09:26:16 +0000 (11:26 +0200)]
package/ncdu: bump version to 1.12

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/nano: bump version to 2.8.7
Bernd Kuhls [Wed, 13 Sep 2017 09:02:23 +0000 (11:02 +0200)]
package/nano: bump version to 2.8.7

Added upstream patch to fix build error:

move.o: In function `do_page_up':
move.c:(.text+0x150): undefined reference to `leftedge_for'
move.o: In function `do_page_down':
move.c:(.text+0x20c): undefined reference to `leftedge_for'

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoluarocks: bump to version 2.4.3
Francois Perrad [Wed, 13 Sep 2017 08:23:56 +0000 (10:23 +0200)]
luarocks: bump to version 2.4.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibgpiod: bump version to v0.3.1
Bartosz Golaszewski [Wed, 13 Sep 2017 06:36:06 +0000 (08:36 +0200)]
libgpiod: bump version to v0.3.1

There aren't really any changes that matter for the buildroot image,
but the project has been moved over to kernel.org and is now available
in a release tarball, so simplify the .mk file by removing any
autoreconf stuff.

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agofscryptctl: bump version for AES-128-CBC / AES-128-CTS support
Peter Korsgaard [Wed, 13 Sep 2017 06:21:51 +0000 (08:21 +0200)]
fscryptctl: bump version for AES-128-CBC / AES-128-CTS support

Which are supported from linux-4.13 onwards.

While we're at it, add a DEVELOPERS entry.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopaho-mqtt-c: bump to version 1.2.0
Yegor Yefremov [Wed, 13 Sep 2017 06:07:18 +0000 (08:07 +0200)]
paho-mqtt-c: bump to version 1.2.0

Add a patch fixing compilation on the systems without C++ compiler.

Also add licence hashes.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibcurl: fix build without threads
Baruch Siach [Tue, 12 Sep 2017 11:43:58 +0000 (14:43 +0300)]
libcurl: fix build without threads

When c-ares is not enabled libcurl enables the threaded DNS resolver by
default. Make sure the threaded resolvers is disabled when the toolchain
does not support threads.

Add upstream patch that fixes the configure option for disabling the
threaded resolver.

Fixes:
http://autobuild.buildroot.net/results/39f/39fa63fb2ecb75e4b2521d1ee3dfa357c4e5c594/
http://autobuild.buildroot.net/results/dfd/dfd296086d0d6bed73b92fe2fa4ba5434dddf796/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopowerpc-utils: Bump version to 1.3.4
Joel Stanley [Wed, 13 Sep 2017 04:48:44 +0000 (14:48 +1000)]
powerpc-utils: Bump version to 1.3.4

This also moves the source tree to the new official upstream location at
ibm-power-utilities GitHub organisation.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-ibmiotf: new package
Yegor Yefremov [Tue, 12 Sep 2017 09:50:56 +0000 (11:50 +0200)]
python-ibmiotf: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-xmltodict: new package
Yegor Yefremov [Tue, 12 Sep 2017 09:50:55 +0000 (11:50 +0200)]
python-xmltodict: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-iso8601: new package
Yegor Yefremov [Tue, 12 Sep 2017 09:50:54 +0000 (11:50 +0200)]
python-iso8601: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibmbim: add COPYING.LIB to LICENSE_FILES
Aleksander Morgado [Tue, 12 Sep 2017 08:42:39 +0000 (10:42 +0200)]
libmbim: add COPYING.LIB to LICENSE_FILES

mbimcli and mbim-network are GPLv2+ (COPYING file applies) and
libmbim-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibqmi: add COPYING.LIB to LICENSE_FILES
Aleksander Morgado [Tue, 12 Sep 2017 08:39:02 +0000 (10:39 +0200)]
libqmi: add COPYING.LIB to LICENSE_FILES

qmicli, qmi-network and qmi-firmware-update are GPLv2+ (COPYING file
applies) and libqmi-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agomodem-manager: add COPYING.LIB to LICENSE_FILES
Aleksander Morgado [Tue, 12 Sep 2017 08:34:06 +0000 (10:34 +0200)]
modem-manager: add COPYING.LIB to LICENSE_FILES

ModemManager and mmcli are GPLv2+ (COPYING file applies) and
libmm-glib is LGPLv2.1+ (COPYING.LIB file applies).

Also, setup hashes of the license files, for a correct
"make legal-info".

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agodownload/git: force gzip compression level 6
Petr Kulhavy [Mon, 11 Sep 2017 22:13:40 +0000 (00:13 +0200)]
download/git: force gzip compression level 6

Force gzip compression level 6 when calculating hash of a downloaded GIT repo.
To make sure the tar->gzip->checksum chain always provides consistent result.`

The script was relying on the default compression level, which must not be
necessarily consistent among different gzip versions. The level 6 is gzip's
current default compression level.

Signed-off-by: Petr Kulhavy <brain@jikos.cz>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agofscryptctl: new package
Peter Korsgaard [Tue, 12 Sep 2017 17:00:56 +0000 (19:00 +0200)]
fscryptctl: new package

fscryptctl is a low-level tool written in C that handles raw keys and
manages policies for Linux filesystem encryption.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/libsodium: bump version to 1.0.13
Bernd Kuhls [Sun, 10 Sep 2017 16:54:45 +0000 (18:54 +0200)]
package/libsodium: bump version to 1.0.13

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/zeromq: bump version to 4.1.6
Bernd Kuhls [Sun, 10 Sep 2017 16:54:44 +0000 (18:54 +0200)]
package/zeromq: bump version to 4.1.6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/fwup: bump version to 0.15.4
Bernd Kuhls [Sun, 10 Sep 2017 16:54:43 +0000 (18:54 +0200)]
package/fwup: bump version to 0.15.4

Removed patch applied upstream:
https://github.com/fhunleth/fwup/commit/0301cb4ffbf4705316ba017516745a535d66d552#diff-ce18c9a5ee5a2f36921fbc12b00cc0dd

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agojemalloc: bump version to 5.0.1
Eric Le Bihan [Sun, 10 Sep 2017 10:37:30 +0000 (05:37 -0500)]
jemalloc: bump version to 5.0.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/mx53loco: Bump U-Boot and kernel versions
Fabio Estevam [Mon, 11 Sep 2017 19:35:54 +0000 (16:35 -0300)]
configs/mx53loco: Bump U-Boot and kernel versions

Bump U-Boot to 2017.09 and kernel to 4.12.12 version.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agos6-linux-init: bump version to 0.3.1.1
Eric Le Bihan [Mon, 11 Sep 2017 13:31:51 +0000 (15:31 +0200)]
s6-linux-init: bump version to 0.3.1.1

Fixes:

- http://autobuild.buildroot.net/results/7208b2630832c3293db39affd7886691691770b4
- http://autobuild.buildroot.net/results/c10548ffde2d83b6298759793ef99a5142309678
- http://autobuild.buildroot.net/results/a0da44d547670bc46479980ac1b29e7e2421b378
- http://autobuild.buildroot.net/results/df7ec3facb183b7caf1a6eaff4f89a65961681fb
- http://autobuild.buildroot.net/results/fe7a32fbec5d64c359ad0326a01764a631dcc6f6
- http://autobuild.buildroot.net/results/79029d736910ca32567bc8a82ac6982c3ac1e1fb
- http://autobuild.buildroot.net/results/20091ae932385bd7ba4205626bce174e385da221
- http://autobuild.buildroot.net/results/c1cd69444abb32e77928e7d7363f5cdfea79dcf5

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agouboot: bump to version 2017.09
Fabio Estevam [Mon, 11 Sep 2017 19:11:05 +0000 (16:11 -0300)]
uboot: bump to version 2017.09

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/gcc: fix ICE on xtensa, PR target/82181
Max Filippov [Tue, 12 Sep 2017 03:37:43 +0000 (20:37 -0700)]
package/gcc: fix ICE on xtensa, PR target/82181

Memory references to DI mode objects could incorrectly be created at
offsets that are not supported by instructions l32i/s32i, resulting in
ICE at a stage when access to the object is split into access to its
subwords:
  drivers/staging/rtl8188eu/core/rtw_ap.c:445:1:
     internal compiler error: in change_address_1, at emit-rtl.c:2126

Fixes: https://lkml.org/lkml/2017/9/10/151
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/ffmpeg: security bump to version 3.3.4
Bernd Kuhls [Tue, 12 Sep 2017 07:38:15 +0000 (09:38 +0200)]
package/ffmpeg: security bump to version 3.3.4

Fixes a number of integer overflows and DoS issues.

[Peter: explain security impact]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoolimex_imx233_olinuxino: bump versions
Francois Perrad [Tue, 12 Sep 2017 03:41:42 +0000 (05:41 +0200)]
olimex_imx233_olinuxino: bump versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoolimex_a20_olinuxino_lime: bump versions
Francois Perrad [Tue, 12 Sep 2017 03:41:41 +0000 (05:41 +0200)]
olimex_a20_olinuxino_lime: bump versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolirc-tools: bump to version 0.10.1
Baruch Siach [Tue, 12 Sep 2017 12:31:58 +0000 (15:31 +0300)]
lirc-tools: bump to version 0.10.1

Drop upstream patch.

Add an upstream patch fixing build without python.

Add two more patches (one of them upstream) fixing cross compile of the
python client library.

Enable devinput and uinput unconditionally to suppress non cross compile
compatible host checks.

Set DEVINPUT_HEADER to target header of input events to avoid use of
host header.

Add python3 as optional dependency.

Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/librsync: security bump to version 2.0.0
Bernd Kuhls [Tue, 12 Sep 2017 18:14:30 +0000 (20:14 +0200)]
package/librsync: security bump to version 2.0.0

Removed patch applied upstream, switched to cmake-package following
upstream removal of autoconf.

Short summary of changes:

version 1.0.1
- switched from autoconf to cmake

version 1.0.0:
- fixed CVE-2014-8242
- project moved to github

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agox11r7: xdriver_xf86-input-tslib: update to version 1.1.1
Martin Kepplinger [Sun, 10 Sep 2017 09:31:25 +0000 (11:31 +0200)]
x11r7: xdriver_xf86-input-tslib: update to version 1.1.1

Update to bugfix release 1.1.1, see

    https://github.com/merge/xf86-input-tslib/releases

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoaiccu: remove package
Alexander Mukhin [Sun, 10 Sep 2017 10:21:34 +0000 (13:21 +0300)]
aiccu: remove package

As the SixXS project has ceased its operation on 2017-06-06,
the aiccu utility has been removed.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agosmack: bump version to 1.3.1
Eric Le Bihan [Sun, 10 Sep 2017 10:40:36 +0000 (05:40 -0500)]
smack: bump version to 1.3.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoiperf: bump to version 2.0.10
Baruch Siach [Sun, 10 Sep 2017 18:52:58 +0000 (21:52 +0300)]
iperf: bump to version 2.0.10

Drop unused configure environment.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoRevert "bind: fix compilation when lmdb.h is present on host"
Thomas Petazzoni [Sun, 10 Sep 2017 15:16:15 +0000 (17:16 +0200)]
Revert "bind: fix compilation when lmdb.h is present on host"

This reverts commit 7c0ecd4d7526dedce85a49172b031f45cde19a4b, as it is
in fact a duplicate of commit
bb95fef1e0bec4ebc0584001f337438b17c4744d.

Reported-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux: bump default to version 4.13.1
Bernd Kuhls [Sun, 10 Sep 2017 07:13:33 +0000 (09:13 +0200)]
linux: bump default to version 4.13.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolinux-headers: bump 4.{9, 12, 13}.x series
Bernd Kuhls [Sun, 10 Sep 2017 07:13:32 +0000 (09:13 +0200)]
linux-headers: bump 4.{9, 12, 13}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopython-cryptography: add missing dependency on BR2_PACKAGE_PYTHON_HASHLIB
Yegor Yefremov [Thu, 7 Sep 2017 10:38:01 +0000 (12:38 +0200)]
python-cryptography: add missing dependency on BR2_PACKAGE_PYTHON_HASHLIB

HASHLIB is only needed for Python 2.

While at this sort dependencies alphabetically.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: add myself for modem-manager related packages
Aleksander Morgado [Thu, 7 Sep 2017 11:49:46 +0000 (13:49 +0200)]
DEVELOPERS: add myself for modem-manager related packages

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosmcroute: bump to version 2.3.1
Thomas Faivre [Thu, 7 Sep 2017 13:09:08 +0000 (15:09 +0200)]
smcroute: bump to version 2.3.1

Add optional dependency on libcap, which exists since this version
bump.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
[Thomas: add explicit --with-libcap.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agosupervisor: security bump to version 3.1.4
Peter Korsgaard [Thu, 7 Sep 2017 09:44:59 +0000 (11:44 +0200)]
supervisor: security bump to version 3.1.4

Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.

For more details, see
https://github.com/Supervisor/supervisor/issues/964

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoruby: add upstream security patches bumping rubygems to 2.6.13
Peter Korsgaard [Thu, 7 Sep 2017 09:17:55 +0000 (11:17 +0200)]
ruby: add upstream security patches bumping rubygems to 2.6.13

We unfortunately cannot use the upstream patches directly as they are not in
'patch -p1' format, so convert them and include instead.

Fixes:

CVE-2017-0899 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications that include terminal escape
characters.  Printing the gem specification would execute terminal escape
sequences.

CVE-2017-0900 - RubyGems version 2.6.12 and earlier is vulnerable to
maliciously crafted gem specifications to cause a denial of service attack
against RubyGems clients who have issued a `query` command.

CVE-2017-0901 - RubyGems version 2.6.12 and earlier fails to validate
specification names, allowing a maliciously crafted gem to potentially
overwrite any file on the filesystem.

CVE-2017-0902 - RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking vulnerability that allows a MITM attacker to force the RubyGems
client to download and install gems from a server that the attacker
controls.

For more details, see
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/terminology: bump to v1.1.1
Romain Naour [Thu, 7 Sep 2017 20:41:13 +0000 (22:41 +0200)]
package/terminology: bump to v1.1.1

https://sourceforge.net/p/enlightenment/mailman/message/36026490

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/efl: bump to 1.20.3
Romain Naour [Thu, 7 Sep 2017 20:41:12 +0000 (22:41 +0200)]
package/efl: bump to 1.20.3

https://www.enlightenment.org/news/efl-1.20.3

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/efl: fix build issue on big endian system
Romain Naour [Thu, 7 Sep 2017 20:41:11 +0000 (22:41 +0200)]
package/efl: fix build issue on big endian system

Fixes:
http://autobuild.buildroot.net/results/0f1/0f12919f59dc92a8d91e23d3b0c1120bc06720db
http://autobuild.buildroot.net/results/62e/62e96be61601347e92f9c115209af4962fe82492

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agobind: fix compilation when lmdb.h is present on host
Robin Jarry [Fri, 8 Sep 2017 14:02:49 +0000 (16:02 +0200)]
bind: fix compilation when lmdb.h is present on host

Bind autoconf scripts look for lmdb.h in /usr/include (even when
cross-compiling). When liblmdb-dev is installed, this causes the
following error:

    ...
    checking for lmdb library... yes
    checking for library containing mdb_env_create... no
    configure: error: found lmdb include but not library.

Fix this by disabling explicitly lmdb support.

Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibcurl: bump to version 7.55.1
Baruch Siach [Sat, 9 Sep 2017 20:10:55 +0000 (23:10 +0300)]
libcurl: bump to version 7.55.1

Drop upstream patch.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x11r7/xdriver_xf86-video-ati: bump version to 7.10.0
Bernd Kuhls [Sat, 9 Sep 2017 11:45:58 +0000 (13:45 +0200)]
package/x11r7/xdriver_xf86-video-ati: bump version to 7.10.0

Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agopackage/x11r7/xdriver_xf86-video-amdgpu: bump version to 1.4.0
Bernd Kuhls [Sat, 9 Sep 2017 11:45:57 +0000 (13:45 +0200)]
package/x11r7/xdriver_xf86-video-amdgpu: bump version to 1.4.0

Added sha512 hash provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostrace: update homepage link
Baruch Siach [Fri, 8 Sep 2017 09:23:49 +0000 (12:23 +0300)]
strace: update homepage link

strace moved to a new homepage as upstream commit 2bba131575878 (Update
homepage URL) indicates.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostrace: fix program_invocation_name uClibc declaration mismatch
Baruch Siach [Fri, 8 Sep 2017 09:23:48 +0000 (12:23 +0300)]
strace: fix program_invocation_name uClibc declaration mismatch

The local program_invocation_name declaration conflicts with the uClibc
one. Add a patch making this declaration depend on
!HAVE_PROGRAM_INVOCATION_NAME.

Fixes:
http://autobuild.buildroot.net/results/5f0/5f0852f3ffb46f8fb2b4c9318652c5ab3ab5e97d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Thomas: update patch status.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotcpdump: security bump to version 4.9.2
Peter Korsgaard [Fri, 8 Sep 2017 12:19:03 +0000 (14:19 +0200)]
tcpdump: security bump to version 4.9.2

Fixes the following security issues (descriptions not public yet):

    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibmodbus: bump to version 3.1.4
Yegor Yefremov [Fri, 8 Sep 2017 13:23:49 +0000 (15:23 +0200)]
libmodbus: bump to version 3.1.4

Disable tests compilation and documentation generation.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoconfigs: nexbox_a95x_defconfig: bump to kernel 4.13
Peter Korsgaard [Sat, 9 Sep 2017 09:41:25 +0000 (11:41 +0200)]
configs: nexbox_a95x_defconfig: bump to kernel 4.13

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agolibarchive: security bump to version 3.3.2
Baruch Siach [Sat, 9 Sep 2017 20:02:53 +0000 (23:02 +0300)]
libarchive: security bump to version 3.3.2

CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-linux-init: bump version to 0.3.1.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:21 +0000 (12:34 +0200)]
s6-linux-init: bump version to 0.3.1.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-linux-utils: bump version to 2.4.0.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:20 +0000 (12:34 +0200)]
s6-linux-utils: bump version to 2.4.0.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-portable-utils: bump version to 2.2.1.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:19 +0000 (12:34 +0200)]
s6-portable-utils: bump version to 2.2.1.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-rc: bump version to 0.2.1.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:18 +0000 (12:34 +0200)]
s6-rc: bump version to 0.2.1.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-networking: bump version to 2.3.0.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:17 +0000 (12:34 +0200)]
s6-networking: bump version to 2.3.0.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6-dns: bump version to 2.2.0.1
Eric Le Bihan [Sat, 9 Sep 2017 10:34:16 +0000 (12:34 +0200)]
s6-dns: bump version to 2.2.0.1

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agos6: bump version to 2.6.1.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:15 +0000 (12:34 +0200)]
s6: bump version to 2.6.1.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoexecline: bump version to 2.3.0.2
Eric Le Bihan [Sat, 9 Sep 2017 10:34:14 +0000 (12:34 +0200)]
execline: bump version to 2.3.0.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoskalibs: bump version to 2.6.0.0
Eric Le Bihan [Sat, 9 Sep 2017 10:34:13 +0000 (12:34 +0200)]
skalibs: bump version to 2.6.0.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agostella: fix build without threads support
Sergio Prado [Sat, 9 Sep 2017 11:05:36 +0000 (08:05 -0300)]
stella: fix build without threads support

Fix build error when building using toolchain without threads support:

src/common/tv_filters/AtariNTSC.hxx:172:16: error: 'thread' is not a member of 'std'
     unique_ptr<std::thread[]> myThreads;
                     ^~~

Since version 5.0.2, Stella needs a toolchain with threads support.

Fixes:
http://autobuild.buildroot.net/results/bd30388ee24294158d0a373764408c8c846853d4
http://autobuild.buildroot.net/results/ad1571cecfc697650b436c147b5f3a1b4326091d
http://autobuild.buildroot.net/results/10b73362358f3af45534a0cd096672dd1460a7d0

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agoDEVELOPERS: add myself as a maintainer for lcdproc
Sven Haardiek [Fri, 8 Sep 2017 08:36:33 +0000 (10:36 +0200)]
DEVELOPERS: add myself as a maintainer for lcdproc

Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopython-paho-mqtt: bump to version 1.3.0
Yegor Yefremov [Fri, 8 Sep 2017 08:38:16 +0000 (10:38 +0200)]
python-paho-mqtt: bump to version 1.3.0

Change setup type to setuptools.

Add a patch removing the pytest-runner dependency. The patch was sent
upstream.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoqt: add patch fixing build failure on ARMv8 in 32-bit mode
Thomas Petazzoni [Fri, 8 Sep 2017 07:35:07 +0000 (09:35 +0200)]
qt: add patch fixing build failure on ARMv8 in 32-bit mode

The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibzip: security bump to version 1.3.0
Peter Korsgaard [Thu, 7 Sep 2017 21:21:33 +0000 (23:21 +0200)]
libzip: security bump to version 1.3.0

Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoshairport-sync: bump to version 3.1.1
Jörg Krause [Fri, 8 Sep 2017 07:25:20 +0000 (09:25 +0200)]
shairport-sync: bump to version 3.1.1

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/openpowerlink: bump to v2.6.1
Romain Naour [Thu, 7 Sep 2017 21:43:55 +0000 (23:43 +0200)]
package/openpowerlink: bump to v2.6.1

http://openpowerlink.sourceforge.net/web/openPOWERLINK/Download/openPOWERLINK%202.6.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agounrar: security bump to version 5.5.8
Peter Korsgaard [Thu, 7 Sep 2017 16:58:38 +0000 (18:58 +0200)]
unrar: security bump to version 5.5.8

Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agostrongswan: add upstream security patch
Peter Korsgaard [Thu, 7 Sep 2017 15:26:55 +0000 (17:26 +0200)]
strongswan: add upstream security patch

Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolibsoup: security bump to version 2.56.1
Peter Korsgaard [Thu, 7 Sep 2017 15:07:54 +0000 (17:07 +0200)]
libsoup: security bump to version 2.56.1

Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agogd: security bump to version 2.2.5
Peter Korsgaard [Thu, 7 Sep 2017 14:45:51 +0000 (16:45 +0200)]
gd: security bump to version 2.2.5

Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/imx7dpico: Bump to 4.13 kernel
Fabio Estevam [Thu, 7 Sep 2017 19:16:17 +0000 (16:16 -0300)]
configs/imx7dpico: Bump to 4.13 kernel

Bump to 4.13 kernel and remove all the dts patches as they
are part of upstream now.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/php: bump version to 7.1.9
Bernd Kuhls [Sun, 3 Sep 2017 15:38:06 +0000 (17:38 +0200)]
package/php: bump version to 7.1.9

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agoconfigs/imx6q-sabresd: Bump kernel to 4.13
Fabio Estevam [Sun, 3 Sep 2017 22:58:34 +0000 (19:58 -0300)]
configs/imx6q-sabresd: Bump kernel to 4.13

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux: bump default to version 4.13
Fabio Estevam [Sun, 3 Sep 2017 22:58:33 +0000 (19:58 -0300)]
linux: bump default to version 4.13

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump to 4.13 kernel version
Fabio Estevam [Sun, 3 Sep 2017 22:58:32 +0000 (19:58 -0300)]
linux-headers: bump to 4.13 kernel version

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agotoolchain: add 4.13.x choice for headers
Fabio Estevam [Sun, 3 Sep 2017 22:58:31 +0000 (19:58 -0300)]
toolchain: add 4.13.x choice for headers

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agolinux-headers: bump 4.{4, 9, 12}.x series
Bernd Kuhls [Thu, 7 Sep 2017 18:23:49 +0000 (20:23 +0200)]
linux-headers: bump 4.{4, 9, 12}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agopackage/eudev: bump version to 3.2.4
Bernd Kuhls [Thu, 7 Sep 2017 18:22:04 +0000 (20:22 +0200)]
package/eudev: bump version to 3.2.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agostrace: bump to version 4.19
Baruch Siach [Thu, 7 Sep 2017 17:32:44 +0000 (20:32 +0300)]
strace: bump to version 4.19

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 years agombedtls: security bump to version 2.6.0
Baruch Siach [Tue, 5 Sep 2017 19:05:26 +0000 (22:05 +0300)]
mbedtls: security bump to version 2.6.0

Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>