Thomas Petazzoni [Sun, 17 Feb 2019 14:12:09 +0000 (15:12 +0100)]
package/qt5/qt5webengine: add hashes for license files
This commit adds hashes for all licenses files found in
qt5webengine. In order to do this, it moves the hash file into a
per-version folder.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sun, 17 Feb 2019 14:12:08 +0000 (15:12 +0100)]
package/qt5: bump latest version to 5.12.1
qt5base:
- removed 0002-double-conversion-enable-for-aarch64_be.patch
(superseded by upstream commits [1] and [2])
- removed 0003-double-conversion-enable-for-or1k.patch
(superseded by upstream commits [1] and [2])
- rebased 0004-double-conversion-enable-for-microblaze.patch
qt5location:
- removed 0001-qdeclarativegeomap-fix-building-with-GCC-5.x.patch
(superseded by upstream commit [3])
[1] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
6a39e49a6cdeb28a04a3657bb6a22f848d5dfa9d
[2] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
4d40f09a45202dff901d4f970a6a7e939797138b
[3] https://code.qt.io/cgit/qt/qtlocation.git/commit/?id=
7bafbdc91f83165710ed74639b76b48b4494937a
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas:
- update chromium-latest.inc with the list of license files that
match qt5webengine 5.12.1
- drop patch in qt5location that has been upstreamed and therefore no
longer applies to 5.12.1]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 17 Feb 2019 14:12:07 +0000 (15:12 +0100)]
package/qt5/qt5webengine: generate chromium-lts.inc automatically
As a preparation to the bump of qt5webengine, this commit changes to a
mechanism where it is generated automatically. We use a fairly
convoluted 'find' expression to retrieve almost the same list of files
as the exist ones.
The following files are added:
- src/3rdparty/chromium/third_party/libxml/src/Copyright. This is the
file that was pointed to by the
src/3rdparty/chromium/third_party/libxslt/linux/COPYING symlink.
- src/3rdparty/chromium/third_party/libxml/src/Copyright
Two license.py scripts that are not license files are removed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 17 Feb 2019 14:12:06 +0000 (15:12 +0100)]
package/qt5/qt5webengine: generate chromium-latest.inc automatically
As a preparation to the bump of qt5webengine, this commit changes to a
mechanism where it is generated automatically. We use a fairly
convoluted 'find' expression to retrieve almost the same list of files
as the exist ones.
Two files are removed that are not really license files:
- src/3rdparty/chromium/third_party/WebKit/Source/build/scripts/license.py
- src/3rdparty/chromium/third_party/WebKit/Source/platform/wtf/NonCopyingSort.h
Three files are added, which are license files:
- src/3rdparty/chromium/third_party/webrtc/LICENSE_THIRD_PARTY
- src/3rdparty/chromium/third_party/libxml/src/Copyright
- src/3rdparty/chromium/third_party/libxslt/src/Copyright
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 17 Feb 2019 14:12:05 +0000 (15:12 +0100)]
package/qt5/qt5webengine: sort chromium-{latest, lts}.inc files
Having the contents of those files sorted will more easily allow to
generate them automatically and verify the differences when bumping
qt5webengine.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:07 +0000 (21:48 +0100)]
configs/freescale_imx8qxpmek: new defconfig
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
[Thomas: update DEVELOPERS file]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:06 +0000 (21:48 +0100)]
board/freescale/common/imx: add support for i.MX8X
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:05 +0000 (21:48 +0100)]
package/imx-mkimage: add support for i.MX8 and i.MX8X
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:04 +0000 (21:48 +0100)]
package/imx-mkimage: bump to rel_imx_4.14.78_1.0.0_ga
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:03 +0000 (21:48 +0100)]
package/freescale-imx/imx-sc-firmware: new package
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:02 +0000 (21:48 +0100)]
package/freescale-imx/firmware-imx: add support for i.MX8X
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Mon, 18 Feb 2019 20:48:02 +0000 (21:48 +0100)]
package/freescale-imx: add option for i.MX8X
Signed-off-by: André Hentschel <andre.hentschel@zf.com>
[Thomas: split up from the firmware-imx patch]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Joseph Kogut [Tue, 19 Feb 2019 19:46:37 +0000 (11:46 -0800)]
package/python-xlib: bump to version 0.25
LICENSE file changed due to line ending difference, updated checksum.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bartosz Bilas [Thu, 21 Feb 2019 20:41:19 +0000 (21:41 +0100)]
boot/barebox: bump version to 2019.02.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Thu, 21 Feb 2019 20:27:26 +0000 (17:27 -0300)]
package/snort: build with OpenAppID support if luajit/openssl is enabled
Since version 2.9.12, OpenAppID [1] is enabled by default.
OpenAppID depends on luajit and openssl. If we leave it enabled by
default, snort would require luajit. Since luajit is not available on
all architectures, that would limit the usage of the snort package.
Since not all users will need/use OpenAppID, let's leave it disabled by
default. To build with OpenAppID support, the user will need to enable
luajit and libssl.
Also, it is necessary to apply a patch to fix a compile error when
building OpenAppID with uclibc and musl. The build fails when
dereferencing the rpcent structure because rpc.h is not been included.
[1] https://www.snort.org/downloads/openappid/9553
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Thu, 21 Feb 2019 20:27:25 +0000 (17:27 -0300)]
package/snort: bump to version 2.9.12
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrien Gallouët [Wed, 20 Feb 2019 12:20:16 +0000 (12:20 +0000)]
package/glorytun: bump to version 0.1.0
The hash of the license file is only changed due to a year update:
-Copyright (c) 2015-2016, angt
+Copyright (c) 2015-2019, angt
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 22 Feb 2019 08:53:20 +0000 (10:53 +0200)]
package/czmq: bump to version 4.2.0
Modified patch to fit the new version.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 22 Feb 2019 08:53:24 +0000 (10:53 +0200)]
package/python-pyzmq: bump to version 18.0.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 22 Feb 2019 08:53:23 +0000 (10:53 +0200)]
package/python-py: bump to version 1.8.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 22 Feb 2019 08:53:22 +0000 (10:53 +0200)]
package/python-psutil: bump to version 5.5.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 22 Feb 2019 08:53:21 +0000 (10:53 +0200)]
package/python-pip: bump to version 19.0.3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Markus Steinhilber [Mon, 18 Feb 2019 14:01:53 +0000 (14:01 +0000)]
package/stm32flash: bump to version 0.5
Bump to latest official version.
Signed-off-by: Markus Steinhilber <markus.steinhilber@erbe-med.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Joseph Kogut [Mon, 18 Feb 2019 19:16:31 +0000 (11:16 -0800)]
package/python-sentry-sdk: bump to version 0.7.3
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Joseph Kogut [Mon, 18 Feb 2019 19:12:05 +0000 (11:12 -0800)]
package/python-websockets: bump to version 7.0
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Etienne Carriere [Wed, 30 Jan 2019 10:47:27 +0000 (11:47 +0100)]
package/optee-benchmark: new package
OP-TEE performance benchmark tools for the OP-TEE project.
This packages generates embedded Linux based OS materials used
to retrieve execution timing information on invocation of the
OP-TEE secure services.
It is added next to the OP-TEE client package in BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate the dependency of optee-client]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Etienne Carriere [Wed, 30 Jan 2019 10:47:26 +0000 (11:47 +0100)]
package/optee-test: new package
OP-TEE test package provide test materials as part of the OP-TEE
project helping platforms to verify their OP-TEE components
against a set of regression and performance tests.
Package is added in the BR package configuration next to the
OP-TEE client package.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0 with an added patch to fix an issue
reported by recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate !BR2_STATIC_LIBS dependency of optee-client
- make sure BR2_TARGET_OPTEE_OS_SDK is selected
- use a patch generated by git format-patch
- simplify the construct to build the examples]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Etienne Carriere [Wed, 30 Jan 2019 10:47:25 +0000 (11:47 +0100)]
package/optee-examples: new package
This package generates embedded Linux based OS userland client
applications and OP-TEE OS trusted applications all embedded in the
file system. These applications shows how to use the APIs OP-TEE OS is
based on, both in the non secure and secure worlds.
Package is added next to the OP-TEE client package in the BR package
configuration.
This change references in Buildroot the today's latest OP-TEE revision
release tagged 3.4.0 with an added patch to fix an issue reported by
recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- drop version selection
- propagate !BR2_STATIC_LIBS dependency of optee-client
- make sure BR2_TARGET_OPTEE_OS_SDK is selected
- use a patch generated by git format-patch
- simplify the construct to build the examples]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Etienne Carriere [Wed, 30 Jan 2019 10:47:24 +0000 (11:47 +0100)]
package/optee-client: new package
OP-TEE client API library and supplicant daemon from the
OP-TEE project are packaged in package/optee-client. An init script
launches the tee-supplicant deamon. Package is added to the
Security menu of BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- remove version selection
- add dependency on !BR2_STATIC_LIBS, as it unconditionally builds a
shared library]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Fri, 15 Feb 2019 19:49:49 +0000 (20:49 +0100)]
package/meson: bump version to 0.49.2
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Fri, 15 Feb 2019 19:49:48 +0000 (20:49 +0100)]
package/ninja: bump version to 1.9.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Tue, 12 Feb 2019 13:09:07 +0000 (15:09 +0200)]
package/wpewebkit: security bump to version 2.22.4
This is a maintenance release of the current stable WPE WebKit version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
https://wpewebkit.org/release/wpe-2.22.4.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
https://wpewebkit.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Tue, 12 Feb 2019 13:09:06 +0000 (15:09 +0200)]
package/wpebackend-fdo: bump to version 1.0.1
This release fixes contains a small fix which allows calling the
backend initialization routine more than once. Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.0.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 14 Feb 2019 21:53:15 +0000 (22:53 +0100)]
package/libmad: remove LIBMAD_LIBTOOL_PATCH=NO
Since commit
eae18d01abc737182fe171c908462499d5f1aaf0 "libmad: needs
autoreconf", autoreconf builds an up to date ltmain.sh so remove
LIBMAD_LIBTOOL_PATCH = NO which is not needed anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 12 Feb 2019 22:45:46 +0000 (23:45 +0100)]
package/libcpprestsdk: add optional websocketpp dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Tue, 12 Feb 2019 20:56:46 +0000 (21:56 +0100)]
package/edid-decode: bump version to
6def7bc
Changes since
f56f329:
0a454bc makefile: also honor LDFLAGS
9e59ba9 edid-decode: update links, add README
7684918 edid-decode: README: updates
bc1e846 edid-decode: reformat to linux kernel coding style
9cb3744 edid-decode: fix spurious warning about string termination
3b26b8a edid-decode: fix wrong sample rate unit
4437dd9 edid-decode: use const for unsigned char pointers to the EDID
eee377b edid-decode: add support for QuantumData 980 EDID file format
7d8f41f edid-decode: simplify data block parsing
8c81ccf Add Samsung UE49KS8005 EDID
ab18bef edid-decode: add HDMI Forum VSDB fields for HDMI 2.1b
e9ffafc edid-decode: add options and new output formats
b2da151 edid-decode: add --extract and --check options
5eeb151 edid-decode: replace AdobeYCC/RGB by opYCC/RGB
6def7bc edid-decode: make it easier to find the out-of-range monitor values
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Artem Senichev [Wed, 13 Feb 2019 08:51:11 +0000 (11:51 +0300)]
package/kexec: enable powerpc64le platforms
kexec has fully support of ppc64 platform:
https://www.kernel.org/doc/Documentation/kdump/kdump.txt
Signed-off-by: Artem Senichev <artemsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Wed, 13 Feb 2019 21:47:01 +0000 (22:47 +0100)]
Merge tag '2019.02-rc1' into next
Release 2019.02-rc1
Peter Korsgaard [Wed, 13 Feb 2019 08:03:54 +0000 (09:03 +0100)]
Update for 2019.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gerome Burlats [Tue, 12 Feb 2019 22:24:13 +0000 (23:24 +0100)]
configs/qemu: Update defconfigs to Linux 4.19.16
Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs,
except for riscv. riscv defconfigs are left unchanged because they have
a custom Linux repository causing more difficulties when upgrading to
4.19 for riscv32. And for the riscv64, it has been updated recently to
Linux 4.20 by another contributor.
Patch for arm-versatile-nommu is changed into a git format
Add cache attributes for xtensa-lx60-nommu config because the commit
https://github.com/torvalds/linux/commit/
7bb516ca5424e12b42124fab2906b6da9c81ba9c
added a new config variable for memory cache attribute:
CONFIG_MEMMAP_CACHEATTR
All these updated configs have been built successfully.
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 11 Feb 2019 22:22:02 +0000 (23:22 +0100)]
utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling
For details, see https://github.com/snyk/zip-slip-vulnerability
Older python versions do not validate that the extracted files are inside
the target directory. Detect and error out on evil paths before extracting
.zip / .tar file.
Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.
Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:31 +0000 (01:35 -0800)]
docker-engine: fix runc version check warning
Fixes the startup warning from Docker:
failed to retrieve runc version: unknown output format: runc version commit ...
Introduces a patch to replace the faulty version detection logic in the Docker
engine.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:30 +0000 (01:35 -0800)]
docker-engine: bump to v18.09.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:29 +0000 (01:35 -0800)]
docker-cli: bump to v18.09.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:28 +0000 (01:35 -0800)]
docker-containerd: bump to v1.2.3
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:19 +0000 (15:26 +0100)]
package/mongodb: new package
Here is the list of the changes compared to the removed mongodb 3.3.4
version:
- Remove patch (not applicable anymore)
- Add patch (sent upstream) to fix openssl build with gcc 7 and
-fpermissive
- Remove 32 bits x86 platforms, removed since version 3.4:
https://docs.mongodb.com/manual/installation/#supported-platforms
- Change license: since October 2018, license is SSPL:
- https://www.mongodb.com/community/licensing
- https://jira.mongodb.org/browse/SERVER-38767
- gcc must be at least 5.3 so add a dependency on gcc >= 6
- Add a dependency on host-python-xxx modules:
https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md
- Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib
instead of embedded mongodb ones
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:18 +0000 (15:26 +0100)]
package/python-typing: add host variant
host-python-typing is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:17 +0000 (15:26 +0100)]
package/python-pyyaml: add host variant
host-python-pyyaml is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: s/HOST_PYTHON/HOST_PYTHON_PYYAML/]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:16 +0000 (15:26 +0100)]
package/libyaml: add host variant
host-libyaml is needed for host-python-pyyaml
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 13:15:04 +0000 (14:15 +0100)]
package/runc: add upstream security fix for CVE-2019-5736
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:
* Creating a new container using an attacker-controlled image.
* Attaching (docker exec) into an existing container which the
attacker had previous write access to.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/02/11/2
The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 13:15:03 +0000 (14:15 +0100)]
support/testing: build a glibc toolchain for docker / docker-compose tests
runc (which is a reverse dependency of docker-engine) is about to gain a
!uclibc dependency, so move to a glibc toolchain instead.
There are currently no prebuilt x86_64 / core2 / glibc toolchains available,
so instead use the internal toolchain backend to build one.
While we are at it, drop the infra.basetest.BASIC_TOOLCHAIN_CONFIG
reference, as that ARM toolchain configuration doesn't make any sense for
this x86-64 based test.
add docker / docker-compose tests
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 18:42:20 +0000 (20:42 +0200)]
package/ghostscript: add upstream security fixes
CVE-2019-6116: Remote code execution.
https://www.openwall.com/lists/oss-security/2019/01/23/5
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 16:57:29 +0000 (18:57 +0200)]
package/libarchive: add upstream security fixes
CVE-2019-
1000019: Crash when parsing some 7zip archives.
CVE-2019-
1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Grégoire Delattre [Tue, 12 Feb 2019 17:05:15 +0000 (18:05 +0100)]
board/pc: fix typo in board/pc/post-build.sh
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 12 Feb 2019 14:36:30 +0000 (08:36 -0600)]
package/sqlcipher: force libopenssl
v3.2.0 has a bug in the configure step which causes it to fail when being
built against libressl. As libopenssl is selected as the default, the
autobuilders have not uncovered this failure. The issue has been confirmed
in LTS 2018.02.10 (probably broken prior to that as well) and is not
related to the Openssl bump to 1.1.x.
Thread with more details
http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 13:28:27 +0000 (15:28 +0200)]
package/jpeg-turbo: add upstream security fixes
CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.
CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.
Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 12:13:04 +0000 (14:13 +0200)]
openssh: add upstream security fixes
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.
CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 18:57:58 +0000 (19:57 +0100)]
CHANGES: add recent changes
In preparation for 2019.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Fri, 8 Feb 2019 21:31:19 +0000 (22:31 +0100)]
package/uboot-tools: bump to version 2019.01
Adapt patch 0002 and 0003 for version 2019.01.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Fri, 8 Feb 2019 21:31:18 +0000 (22:31 +0100)]
boot/uboot: bump to version 2019.01
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 12 Feb 2019 08:33:51 +0000 (09:33 +0100)]
package/luv: bump to version 1.25.0-0
Remove upstream patch which is included in the new release.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 11 Feb 2019 20:53:17 +0000 (21:53 +0100)]
package/libxkbcommon: bump version to 0.8.3
For details see [1]:
- Fix build of static libraries with meson.
- New API: XKB_KEY_XF86MonBrightnessCycle/XKB_KEY_XF86RotationLockToggle
[1] https://lists.freedesktop.org/archives/wayland-devel/2019-February/039970.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 11 Feb 2019 20:52:49 +0000 (21:52 +0100)]
package/libinput: bump version to 1.12.6
Two quirks for specific devices, two little cleanups (for
details see [1])
- rebased 0001-meson.build-enable-CPP-include-check-only-in-case-CP.patch
[1] https://lists.freedesktop.org/archives/wayland-devel/2019-January/039864.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 11 Feb 2019 21:43:57 +0000 (22:43 +0100)]
package/ncmpc: fix build on sparc
Fixes:
- http://autobuild.buildroot.org/results/
7ac1a07e4f72633d3ec92b79dc5d8c062490abdc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Tue, 5 Feb 2019 20:41:52 +0000 (21:41 +0100)]
package/cog: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Tue, 5 Feb 2019 20:41:51 +0000 (21:41 +0100)]
package/wpewebkit: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
[Thomas:
- add missing depends on BR2_HOST_GCC_AT_LEAST_4_8
- improve comments on depends on
- add missing "comment" for toolchain dependencies
- add missing "depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS" on the
Config.in comment
- add missing "select BR2_PACKAGE_WAYLAND", which is needed to select
BR2_PACKAGE_WAYLAND_PROTOCOLS
- fix typoes in the JIT enabling code that was using
WEBKITGTK_CONF_OPTS instead of WPEWEBKIT_CONF_OPTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Tue, 5 Feb 2019 20:41:50 +0000 (21:41 +0100)]
package/wpebackend-fdo: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Tue, 5 Feb 2019 20:41:49 +0000 (21:41 +0100)]
package/libwpe: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Mon, 11 Feb 2019 19:35:16 +0000 (20:35 +0100)]
package/libva-utils: fix build failure when x11 support is disabled
Fixes
http://autobuild.buildroot.net/results/2f8/
2f89e41f79e8bec1c0561b486ae5750fc87a6320/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 10 Feb 2019 13:51:30 +0000 (14:51 +0100)]
package/sg3_utils: ensure to build against librt when needed
The sg3_utils has provisions to build against librt when needed, but
forgot to use that mechanism for the sg_turs program. This commit
fixes that. The patch has been submitted upstream to the sg3_utils
author.
Fixes:
http://autobuild.buildroot.net/results/
67b890a41d05497820ea4f44e187257dd6818b0b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 8 Feb 2019 20:46:56 +0000 (21:46 +0100)]
package/libupnp18: fix static linking with mpd
- Add a call to PKG_CHECK_MODULES in configure.ac to get openssl
libraries and its dependencies if openssl support is enabled
- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
pupnp (such as mpd) will be able to retrieve openssl libraries
Fixes:
- http://autobuild.buildroot.org/results/
a4148e516070b79816769f3443fc24d6d8192073
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Wed, 6 Feb 2019 12:09:18 +0000 (06:09 -0600)]
package/sqlcipher: add OpenSSL 1.1.x compatibility
Fixes
http://autobuild.buildroot.net/results/5e2/
5e2c3178d8a6e11b1af1c37144737097730ba222/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Fri, 8 Feb 2019 20:50:41 +0000 (21:50 +0100)]
package/opentracing-cpp: needs dynamic library support
opentracing-cpp requires dlfcn.h from src/dynamic_load_unix.cpp.
This file is compiled unconditionally.
Disable opentracing-cpp on BR2_STATIC_LIBS configurations.
Fixes: http://autobuild.buildroot.net/results/454173aef9ff7c808294a974088d7682cad240a8/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Sat, 9 Feb 2019 16:35:55 +0000 (17:35 +0100)]
package/wine: bump to version 4.0
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Sun, 10 Feb 2019 17:55:45 +0000 (19:55 +0200)]
package/libuv: bump to version 1.26.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 10 Feb 2019 17:27:39 +0000 (18:27 +0100)]
package/brcm-patchram-plus: bump to version
95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
- Remove patch (already in version)
- Use COPYING as license file as COPYING has been fixed by:
https://github.com/AsteroidOS/brcm-patchram-plus/commit/
95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 10 Feb 2019 15:48:15 +0000 (16:48 +0100)]
package/googlefontdirectory: better solution to avoid check-package warning
Rather than tell check-package to ignore a false-positive issue, just
avoid the issue to begin with, by using an intermediate variable to
construct the list of licenses.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Etienne Carriere [Wed, 30 Jan 2019 10:47:23 +0000 (11:47 +0100)]
boot/optee-os: new package
OP-TEE OS is maintained by the OP-TEE project. It provides an
open source solution for development and integration of secure
services for Armv7-A and Armv8-A CPU based platforms supporting
the TrustZone technology. This technology enables CPUs to
concurrently host a secure world as the OP-TEE OS and a non-secure
world as a Linux based OS.
The OP-TEE project maintains other packages to leverage OP-TEE on
Linux kernel based OSes. An OP-TEE interface driver is available
in the Linux kernel since 4.12 upon CONFIG_OPTEE.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
https://www.op-tee.org/
https://github.com/OP-TEE/optee_os
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- pass CFG_ARM32_core=y when building for ARMv7, otherwise the build
fails
- add a check that verifies that BR2_TARGET_OPTEE_OS_PLATFORM is not
empty
- minor formatting fixes/adjustements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 8 Feb 2019 21:40:48 +0000 (22:40 +0100)]
package/ncmpc: add pcre optional dependency
pcre dependency has been added in version 0.32:
https://github.com/MusicPlayerDaemon/ncmpc/commit/
0b3169510014f0f336de58864b97a3cc0f308500
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 8 Feb 2019 21:40:47 +0000 (22:40 +0100)]
package/ncmpc: bump to version 0.33
- Remove second patch (already in version)
- Replace true/false by enabled/disabled, see:
https://github.com/MusicPlayerDaemon/ncmpc/commit/
67d96543e64ec2eff2d3e9907c570ca09918c893
- Add new boost system dependency:
https://github.com/MusicPlayerDaemon/ncmpc/commit/
74cc24bdfcfd0ba288b78f0fb75f409832d7586d
https://github.com/MusicPlayerDaemon/ncmpc/commit/
bef9017712da31b750799e6c7fb9d2829fa5e69c
- Remove glib dependency:
https://github.com/MusicPlayerDaemon/ncmpc/commit/
dfcb3ab0216d6c9ae35d06060cee806bd919c2ba
- Disable new regex option (based on pcre)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Tue, 5 Feb 2019 14:31:24 +0000 (15:31 +0100)]
package/openjdk-bin: new package
Paradoxically, building OpenJDK requires a pre-existing JDK. This
pre-existing JDK is called the "boot JDK."
The boot JDK for building JDK major version N should be a JDK of major
version N-1, so for building JDK11, JDK10 would be needed. This
requirement is an issue when building on most distributions, as the
host JDK tends to be JDK8.
The AdoptOpenJDK project provides binaries that can act as the boot
JDK to build the target JDK, which is what this package provides.
Currently, only a x86_64 host is supported, for two reasons:
1) A 32bit x86 binary distribution is not available from AdoptOpenJDK
2) We didn't had access to a host machine using an architecture other
than x86-64
The provided unpack200 has an invalid RPATH and relies on libzlib.
When host-libzlib runs the install step, the following error is
generated:
*** ERROR: package host-libzlib installs executables without proper RPATH:
*** $(HOST_DIR)/bin/unpack200
Because unpack200 is a deprecated tool, removing it after installation
is safe and fixes the issue.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas:
- fix comments in the code
- use the more usual "cp -dpfr" command to copy files over]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 10 Feb 2019 13:18:59 +0000 (14:18 +0100)]
package/brcm-patchram-plus: fix license file hash
Commit
684bcc45e52a8300a2115799e96017b180695a14
("package/brcm-patchram-plus: fix build on sparc") added a patch that
modifies the src/main.c file, without paying attention to the fact
that this file is used as the license file for the package, and
therefore the .hash had to be updated at the same time. This commit
updates the license file hash as needed. There are obviously no
licensing related changes in the SPARC build fixes.
Fixes:
http://autobuild.buildroot.net/results/
083ce1c3100b10e40480e6330ce0c29dde51f5e0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:28 +0000 (20:13 +0100)]
package/systemd: add optional bash-completion dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:27 +0000 (20:13 +0100)]
package/systemd: add optional cryptsetup dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:26 +0000 (20:13 +0100)]
package/systemd: add optional valgrind dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Fri, 8 Feb 2019 23:46:54 +0000 (07:46 +0800)]
package/zbar: bump to version
681b0f305fb5c5bb0df8437f7d740b29a93a7889
Zbar now has a dbus API which we should enable when dbus is present.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Sat, 9 Feb 2019 15:05:22 +0000 (17:05 +0200)]
package/python-pip: bump to version 19.0.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Sat, 9 Feb 2019 15:05:21 +0000 (17:05 +0200)]
package/python-lxml: bump to version 4.3.1
iso-schematron.rng change: update RNG schema to 2016 specification.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Sat, 9 Feb 2019 15:05:20 +0000 (17:05 +0200)]
package/python-cython: bump to version 0.29.5
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 9 Feb 2019 16:28:14 +0000 (17:28 +0100)]
package/clamav: needs wchar
Fixes
http://autobuild.buildroot.net/results/77c/
77cd536a0fab78eabe27e055d28db2da354008d7/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 10 Feb 2019 10:04:13 +0000 (11:04 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 18.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 10 Feb 2019 10:03:13 +0000 (11:03 +0100)]
package/libva-utils: bump version to 2.4.0
Removed patch 0002, applied upstream.
Follow upstream switch of release tarball to bz2 and new location.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chris Packham [Sun, 10 Feb 2019 08:07:32 +0000 (21:07 +1300)]
package/gst1-shark: select BR2_PACKAGE_GSTREAMER1_GST_DEBUG
gst-shark needs gstreamer to be compiled with debugging support enabled.
Make this selection automatically when the gst-shark package is
selected.
Fixes:
- http://autobuild.buildroot.net/results/
09b894b0775df2dd87d8fb2d53c6a243d8668aba/
- and many more
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Sat, 9 Feb 2019 14:07:40 +0000 (16:07 +0200)]
package/webkitgtk: security bump to version 2.22.6
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
https://webkitgtk.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 9 Feb 2019 16:19:53 +0000 (17:19 +0100)]
package/libopenssl: add runtime fixes for tor
For details see https://bugs.archlinux.org/task/61623
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 9 Feb 2019 18:20:58 +0000 (19:20 +0100)]
package/mosquitto: security bump to version 1.5.6
Fixes the following security issues:
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password. If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username. In particular, a
blank line will be treated as a valid empty username. Other security
measures are unaffected. Users who have only used the mosquitto_passwd
utility to create and modify their password files are unaffected by this
vulnerability. Affects version 1.0 to 1.5.5 inclusive.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances. Affects versions
1.0 to 1.5.5 inclusive.
CVE-2018-12546: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration option
check_retain_source has been introduced to enforce checking of the retained
message source on publish.
Add two upstream post-1.5.6 patches to fix a build error in the bridge code
when ADNS is enabled and when building with older toolchains not defaulting
to C99 mode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 9 Feb 2019 17:25:19 +0000 (18:25 +0100)]
package/php: security bump to version 7.3.2
Rebased patch 0004.
This bump fixes https://bugs.php.net/bug.php?id=77369,
status of CVE-ID: needed
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Tue, 5 Feb 2019 16:09:59 +0000 (17:09 +0100)]
package/xenomai: move arch restriction to Cobalt core, no restriction for Mercury
Xenomai has two mutually exclusive cores:
- Cobalt: dual-kernel approach: patched kernel + userland
- Mercury: only userland
In the Cobalt core, not all architectures are supported. This is the source
of the existing ARCH_SUPPORTS variable.
In the Mercury core, there is no imposed architecture restriction.
Rename the XENOMAI_ARCH_SUPPORTS flag to XENOMAI_COBALT_ARCH_SUPPORTS and
move its check from the Xenomai package to the Cobalt core.
Nevertheless, even for Mercury, there are some restrictions:
- pthread_atfork is used, which requires an MMU
- sync functions like __sync_sub_and_fetch and __sync_add_and_fetch are
expected.
As the corresponding 'linux extension' selects Xenomai, we add the
MMU and sync dependencies there too. They may or may not already be covered
by XENOMAI_COBALT_ARCH_SUPPORTS flag.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 9 Feb 2019 10:11:38 +0000 (11:11 +0100)]
package/libopenssl: renumber patches
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 8 Feb 2019 22:38:56 +0000 (23:38 +0100)]
package/brcm-patchram-plus: fix build on sparc
On SPARC, the definitions of
B2500000,
B3000000,
B3500000 and
B4000000
are not necessarily available, so use those values only if defined in
the kernel headers.
It fixes SPARC build failures such as:
main.c:382:13: error: '
B2500000' undeclared here (not in a function)
{
2500000,
B2500000 },
^~~~~~~~
main.c:383:13: error: '
B3000000' undeclared here (not in a function)
{
3000000,
B3000000 },
^~~~~~~~
main.c:385:13: error: '
B3500000' undeclared here (not in a function)
{
3500000,
B3500000 },
^~~~~~~~
main.c:386:13: error: '
B4000000' undeclared here (not in a function)
{
4000000,
B4000000 }
Fixes:
- http://autobuild.buildroot.org/results/
f7012c08c935c3a6ccae50b84170190af5cd5cba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>