Vadim Kochan [Fri, 25 Jan 2019 16:04:13 +0000 (17:04 +0100)]
package/vboot-utils: Add support for openssl 1.1.x
Backported changes from commit
bce7904376beee2912932433a4634c1c25afe2f5,
there was some conflicts in few places which includes openssl_compat.h and
1 place in vb2_rsa_sig_alg function.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Thu, 24 Jan 2019 10:07:17 +0000 (11:07 +0100)]
package/upmpdcli: fix static build issue
The spotify plugin requires shared library support and needs <dlfcn.h>.
Explicitly disable the spotify plugin when building upmpdcli in a static
context.
Fixes:
http://autobuild.buildroot.net/results/
cb942d3c5f68959d6cbc85535ccff4a275369f91/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Fri, 25 Jan 2019 18:50:52 +0000 (19:50 +0100)]
package/libarchive: add four security patches
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.
- CVE-2018-
1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-
1000877)
"libarchive version commit
416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."
- CVE-2018-
1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-
1000878)
"libarchive version commit
416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."
- CVE-2018-
1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-
1000879)
"libarchive version commit
379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."
- CVE-2018-
1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-
1000880)
"libarchive version commit
9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 19:46:06 +0000 (21:46 +0200)]
python-pyasn1-modules: bump to version 0.2.4
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 27 Jan 2019 17:08:08 +0000 (18:08 +0100)]
package/rpi-userland: bump version to
e5803f2c98
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 27 Jan 2019 17:08:07 +0000 (18:08 +0100)]
configs/raspberrypi*: bump kernel version to
83b36f98e1
Now based on 4.14.95 (from 4.14.91).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 27 Jan 2019 16:04:56 +0000 (17:04 +0100)]
package/freeswitch: bump version to 1.8.5
Removed patch 0002, not needed anymore after upstream commit
https://freeswitch.org/stash/projects/FS/repos/freeswitch/commits/
13f6890f411598bd2c567762d457d1a8163a7a8a
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 27 Jan 2019 16:04:21 +0000 (17:04 +0100)]
package/libpng: bump version to 1.6.36
License[1] was bumped to v2, for details see
http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/003791.html
[1] http://www.libpng.org/pub/png/src/libpng-LICENSE.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: use Libpng-2.0 as license tag]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 27 Jan 2019 15:29:46 +0000 (16:29 +0100)]
package/pngquant: bump version to 2.12.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 27 Jan 2019 15:12:48 +0000 (16:12 +0100)]
package/znc: bump version to 1.7.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sun, 27 Jan 2019 13:24:24 +0000 (14:24 +0100)]
prosody: bump to version 0.11.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:41 +0000 (09:04 +0100)]
perl-uri: bump to version 1.76
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:40 +0000 (09:04 +0100)]
perl-type-tiny: bump to version 1.004004
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:39 +0000 (09:04 +0100)]
perl-package-stash: bump to version 0.38
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:38 +0000 (09:04 +0100)]
perl-net-dns: bump to version 1.19
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:37 +0000 (09:04 +0100)]
perl-mojolicious: bump to version 8.11
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:36 +0000 (09:04 +0100)]
perl-gd: bump to version 2.70
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:35 +0000 (09:04 +0100)]
perl-file-slurp: bump to version 9999.25
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 26 Jan 2019 08:04:34 +0000 (09:04 +0100)]
perl-date-manip: bump to version 6.75
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 10:18:12 +0000 (11:18 +0100)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 10:10:37 +0000 (11:10 +0100)]
package/clamav: add optional dependency to pcre2
Upstream recommends pcre2 over pcre:
https://github.com/Cisco-Talos/clamav-devel/commit/
1f71c2b21ccaef412280471444f4d01ec9b8099d
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 10:10:36 +0000 (11:10 +0100)]
package/clamav: bump version to 0.101.1
Removed patch applied upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 09:48:52 +0000 (10:48 +0100)]
package/samba4: security bump to version 4.9.4
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 09:35:46 +0000 (10:35 +0100)]
package/x11r7/xdriver_xf86-video-neomagic: bump version to 1.3.0
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 08:56:38 +0000 (09:56 +0100)]
package/x11r7/xdriver_xf86-video-mga: bump version to 2.0.0
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 08:53:32 +0000 (09:53 +0100)]
package/x11r7/xdriver_xf86-video-i128: bump version to 1.4.0
Removed patch applied upstream, added all hashes provided by upstream
and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 08:45:35 +0000 (09:45 +0100)]
package/x11r7/xapp_xcursorgen: bump version to 1.0.7
Added all hashes provided by upstream and license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 08:41:27 +0000 (09:41 +0100)]
package/vlc: bump version to 3.0.6
Rebased patch 0006, removed patch 0008 which is included in upstream
release version, renumbered remaining patches.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 26 Jan 2019 08:36:00 +0000 (09:36 +0100)]
package/libva: bump version to 2.4.0
Removed patch applied upstream:
https://github.com/intel/libva/commit/
62bad1239d8ea1bb269ca69d3469aa267f57cdec
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 06:33:16 +0000 (08:33 +0200)]
python-psycopg2: bump to version 2.7.7
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 06:33:15 +0000 (08:33 +0200)]
python-psutil: bump to version 5.5.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 06:33:14 +0000 (08:33 +0200)]
python-pip: bump to version 19.0.1
License change - a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 06:33:13 +0000 (08:33 +0200)]
python-msgpack: bump to version 0.6.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 26 Jan 2019 06:33:12 +0000 (08:33 +0200)]
python-engineio: bump to version 3.3.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Clayton Shotwell [Fri, 25 Jan 2019 20:35:04 +0000 (14:35 -0600)]
libwebsock: Fix openssl reporting in header
The websock_config.h file currently ends up being installed into the
sysroot with a #include "config.h" line but the config.h file does not
get copied into the sysroot. Refactoring the original patch to have the
configure script properly report whether or not SSL support is enabled
without using the config.h file.
Patch has been submitted upstream but may never be merged since upstream
appears to be dead.
https://github.com/payden/libwebsock/pull/38
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bernd Kuhls [Thu, 24 Jan 2019 16:52:43 +0000 (17:52 +0100)]
package/x11r7/xdriver_xf86-video-intel: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 24 Jan 2019 16:52:08 +0000 (17:52 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 18.3.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 24 Jan 2019 16:33:04 +0000 (17:33 +0100)]
package/libdrm: bump version to 2.4.97
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Serafini [Thu, 24 Jan 2019 10:50:33 +0000 (10:50 +0000)]
package/libqmi: bump to version 1.22.0
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Serafini [Thu, 24 Jan 2019 10:51:54 +0000 (10:51 +0000)]
package/libmbim: bum to version 1.18.0
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Serafini [Thu, 24 Jan 2019 10:52:46 +0000 (10:52 +0000)]
package/mobile-broadband-provider-info: bump to version
20190116
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nicolas Serafini [Thu, 24 Jan 2019 10:53:47 +0000 (10:53 +0000)]
package/ofono: bump to version 1.28
Add patch to fix musl TEMP_FAILURE_RETRY error
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 24 Jan 2019 17:55:25 +0000 (18:55 +0100)]
package/tor: bump version to 0.3.5.7
Patch rebased and re-formatted with git.
Release notes:
https://blog.torproject.org/new-releases-tor-0357-03410-and-03311
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Thu, 24 Jan 2019 08:22:05 +0000 (00:22 -0800)]
rpi-firmware: bump version to
81cca1a93
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Thu, 24 Jan 2019 08:16:33 +0000 (00:16 -0800)]
go: security bump to 1.11.5
Go 1.11.5 addresses a reported security issue, CVE-2019-6486.
Signed-off-by: Christian Stewart <christian@paral.in>
Acked-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Martin Kepplinger [Thu, 24 Jan 2019 08:05:55 +0000 (09:05 +0100)]
tslib: update to 1.19
For the curious, there's the short changelog summary:
https://github.com/kergoth/tslib/releases
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 23 Jan 2019 19:38:00 +0000 (20:38 +0100)]
libkcapi: fix build with gcc 8.2.x
Fixes:
- http://autobuild.buildroot.org/results/
8355bc42238e885f7f11ed3d9d37fc55ebdead2b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Wed, 23 Jan 2019 20:18:46 +0000 (14:18 -0600)]
package/iperf: fixed hash to match v2.0.13 archive
The iperf project changed the archive after the release without changing
the filename of the archive.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 23 Jan 2019 19:50:25 +0000 (20:50 +0100)]
musl: fix hash of license file
COPYRIGHT file has been updated between version 1.1.20 and 1.1.21:
https://git.musl-libc.org/cgit/musl/commit/COPYRIGHT?id=
c50985d5c8e316c5c464f352e79eeebfed1121a9
Fixes:
- http://autobuild.buildroot.org/results/
8cfa70b906221442c9e6dfd46b64011c987d24bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ryan Coe [Wed, 23 Jan 2019 15:09:11 +0000 (07:09 -0800)]
package/inadyn: bump version to 2.5
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ryan Coe [Wed, 23 Jan 2019 15:09:10 +0000 (07:09 -0800)]
package/libite: bump version to 2.0.2
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 23 Jan 2019 10:40:30 +0000 (11:40 +0100)]
package/subversion: security bump to version 1.9.10
Additional fixes for CVE-2017-9800: Malicious server can execute arbitrary
command on client and a number of crash fixes.
https://svn.apache.org/repos/asf/subversion/tags/1.9.10/CHANGES
Drop upstream SHA1 hash as that is no longer listed. Also add a hash for
the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 23 Jan 2019 09:59:27 +0000 (10:59 +0100)]
{linux, linux-headers}: bump 4.{9, 14, 19, 20}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Jan 2019 19:21:13 +0000 (20:21 +0100)]
dmalloc: fix build with strndup
Fixes:
- http://autobuild.buildroot.org/results/
5cfa01a41951ee3be2e8c1cb10edac3722d72c77
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Jan 2019 19:21:12 +0000 (20:21 +0100)]
dmalloc: fix build with strdup
Fixes:
- http://autobuild.buildroot.org/results/
3f2518f7a9e87034cd501ac3d121ea3a33827e7d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 21 Jan 2019 18:31:17 +0000 (19:31 +0100)]
sqlcipher: add license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 22 Jan 2019 11:58:05 +0000 (13:58 +0200)]
libssh: fix some -Werror=strict-overflow build failures
Add fixes for some of the build failures caused by strict-overflow
warnings. Patches #1, #2, and #4 are upstream. Patch #3 is pending
upstream.
Fixes:
http://autobuild.buildroot.net/results/923/
9239f230629ca4e381af5e8f43989997d9bfde99/
http://autobuild.buildroot.net/results/618/
6187b92bcdfd9281683c37906ae74f2e0c5e6d0e/
http://autobuild.buildroot.net/results/9eb/
9eb5ed92a923f0c038e3d913289eddc1cda1b62f/
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 22 Jan 2019 19:18:27 +0000 (20:18 +0100)]
package/upmpdcli: add upstream patch to fix musl build issue
upmpdcli 1.4.0 uses both the `uint64_t` and `u_int64_t` type. `uintN_t` is
standard C99 type available in `<stdint.h>`, whereas `u_intN_t` is defined in
`<sys/types.h>`.
Because of the missing include of `<sys/types.h>` building upmpdcli breaks now
when building with the musl C library, which is very strict:
```
src/mediaserver/cdplugins/netfetch.h:71:5: error: ‘u_int64_t’ does not name a type
u_int64_t datacount() {
```
Add a patch from upstream which fixes the issue by replacing `u_int64_t`
with `uint64_t`.
Fixes:
http://autobuild.buildroot.net/results/
f3082d2fdda8d73dbd9d3b65a08d844934066ef7
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 22 Jan 2019 18:15:42 +0000 (19:15 +0100)]
package/apache: security bump to version 2.4.38
Fixes the following security vulnerabilities:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 22 Jan 2019 13:58:46 +0000 (07:58 -0600)]
package/xerces: use new website (was redirecting)
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 22 Jan 2019 13:55:00 +0000 (07:55 -0600)]
package/rp-pppoe: update website url
The website for rp-pppoe moved from Roaring Penguin's main site to
a personal project page.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 22 Jan 2019 13:48:43 +0000 (07:48 -0600)]
package/openresolv: update webpage URL
Update URL to point at the project page vs just the GIT repository
containing the source code.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 22 Jan 2019 19:12:20 +0000 (21:12 +0200)]
package/lsof: bump to version 4.91
Add upstream provided md5 hash.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 22 Jan 2019 18:34:30 +0000 (12:34 -0600)]
package/iperf: bump to 2.0.13
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 22 Jan 2019 17:47:33 +0000 (19:47 +0200)]
package/ipset: bump to version 7.1
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gwenhael Goavec-Merou [Mon, 21 Jan 2019 20:04:50 +0000 (21:04 +0100)]
configs/qemu_riscv64_virt_defconfig: bump Linux version
Since riscv64 works with linux default defconfig, this patch drop custom config.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Tested-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 22 Jan 2019 08:01:05 +0000 (09:01 +0100)]
package/wavemon: add upstream patch to fix musl/uclibc build issue
In version 0.9.0 wavemon uses the GLIBC-specific extension `on_exit()`
which is not available in musl and uClibc.
According to the Linux kernel man page [1]: "Portable application should
avoid this function, and use the standard atexit(3) instead."
Add patch from upstream which is fixing this issue by dropping
`on_exit()` and using the standard `atexit()` instead. Note, that the commit
message of the upstream patch was changed to add some useful information.
[1] http://man7.org/linux/man-pages/man3/on_exit.3.html
Backported from:
f6e20c9c6e9b50963caaf5483248d329473a6815
Fixes:
http://autobuild.buildroot.net/results/
ae54441c65fe9a1bdcf743aa7f6a208e5545ca29
http://autobuild.buildroot.net/results/
40fd66e6a351a1acd537ade715ab3e993eddb1c1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 22 Jan 2019 08:54:36 +0000 (09:54 +0100)]
musl: bump to version 1.1.21
>From the upstream release announcement:
"""
This release makes improvements with respect to default thread stack size,
including increasing the default from 80k to 128k, increasing the default
guard size from 4k to 8k, and allowing the default to be increased via ELF
headers so that programs that need larger stacks can be build without
source-level changes, using just LDFLAGS. Insufficient stack size for AIO
threads on kernels that don't honor the constant MINSIGSTKSZ is also fixed.
The glob core has been rewritten to fix inability to see past
searchable-but-unreadable path components, and to avoid excessive stack usage
and unnecessary syscalls. The tsearch AVL tree implementation has also been
rewritten for better size and performance. The math library adds more native
single-instruction implementations for arm, s390x, powerpc, and x86_64.
Various bugs are fixed, including several possible deadlocks, one of which was
a new regression in 1.1.20.
"""
Drop upstream patch 0002 which is included in the release.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Mon, 21 Jan 2019 20:19:29 +0000 (22:19 +0200)]
python-uvloop: bump to version 0.11.3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Mon, 21 Jan 2019 20:19:28 +0000 (22:19 +0200)]
python-pyopenssl: bump to version 19.0.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabio Estevam [Mon, 21 Jan 2019 20:19:47 +0000 (18:19 -0200)]
configs/imx6-sabresd: Bump kernel version
Bump the kernel version to 4.19.16.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 19 Jan 2019 16:24:11 +0000 (17:24 +0100)]
libcpprestsdk: bump to version 2.10.9
- Remove second patch (already in version)
- Fix build with gcc 4.7:
https://github.com/Microsoft/cpprestsdk/commit/
e6498b2f99cf20163d8224716d8127f9089b01ef
Fixes:
- http://autobuild.buildroot.org/results/
a080dbe2977cd35e4f8351d864bd71aaa8f9b743
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Jan 2019 20:20:34 +0000 (21:20 +0100)]
shadowsocks-libev: fix static build with netfilter_conntrack
Fixes:
- http://autobuild.buildroot.org/results/
22a28e8fd8182e1c908541dbc5b0ee087c3803e6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Thu, 10 Jan 2019 22:42:35 +0000 (23:42 +0100)]
package/sunxi-mali-mainline-driver: bump version
For 4.20 support.
git shortlog --invert-grep --grep travis --no-merges
143ff2b17de63ce931c4f758771969e75c09a4c7..
Roman Stratiienko (1):
mali: support building against 4.20
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jared Bents [Thu, 17 Jan 2019 15:05:42 +0000 (09:05 -0600)]
package/openresolv: update to fix install location
Update to install in /sbin as expected by other applications
such as strongswan instead of /usr/sbin
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 16 Jan 2019 21:46:18 +0000 (22:46 +0100)]
exempi: fix libiconv dependency
Fixes:
- http://autobuild.buildroot.org/results/
a77a891683ae9a135dc31be1b419061922d0e1ba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Jan 2019 18:09:22 +0000 (19:09 +0100)]
tekui: disable parallel build
It seems tekui has parallel build issues since November 2017:
- Fatal error: can't create build/posix/directfb_lua.lo: No such file or directory
- /home/peko/autobuild/instance-3/output/host/bin/microblazeel-buildroot-linux-uclibc-ar: ../../lib/posix/libtekdebug.a: No such file or directory
- Fatal error: can't create build/posix/visual_mod.lo: No such file or directory
So disable parallel build
Fixes:
- http://autobuild.buildroot.org/results/
0732568fcbaa6829154fa91c352b52f074384df0
- http://autobuild.buildroot.org/results/
580593e79bc4ecdea1dc71d16607e5c88f87403c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Jan 2019 09:15:25 +0000 (10:15 +0100)]
libftdi1: fix python build with cmake < 3.7
Fixes:
- http://autobuild.buildroot.org/results/
1091872e2b77d789e361d1ddefd235c738933c55
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sun, 20 Jan 2019 18:43:45 +0000 (20:43 +0200)]
rtc-tools: rtc-sync needs threads support
Fixes:
http://autobuild.buildroot.net/results/573/
57350271eff9284a8b07ceef02a9960f3568a0a3/
http://autobuild.buildroot.net/results/b6c/
b6cf05deab77c7a84c721c95d9d618b1ddc2957e/
http://autobuild.buildroot.net/results/187/
1877cfbbe37ef15c16cec5d6ad6e3d4d60bc3cbc/
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 20 Jan 2019 12:02:21 +0000 (13:02 +0100)]
ocrad: bump to version 0.27
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Jan 2019 09:47:51 +0000 (10:47 +0100)]
libupnpp: remove AUTORECONF
Commit
9b551dacf74445d58aaefef349e2817e009c9d5d removed patch on
configure.ac so remove uneeded LIBUPNPP_AUTORECONF
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 20 Jan 2019 09:47:50 +0000 (10:47 +0100)]
libupnpp: fix libupnp dependency
Commit
9b551dacf74445d58aaefef349e2817e009c9d5d added support for
libupnp18 but without updating LIBUPNPP_DEPENDENCIES
Fixes:
- http://autobuild.buildroot.org/results/
aa734318b9ad318d25e772585c8794429cc0f489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 16 Jan 2019 19:29:10 +0000 (20:29 +0100)]
odhcp6c: fix build with gcc 8
Retrieve and backport upstream patch to fix build with gcc 8
Fixes:
- http://autobuild.buildroot.org/results/
1c6f0d1f2fcd3474af81b3851d875f834a3a0a4f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Wed, 16 Jan 2019 21:02:29 +0000 (22:02 +0100)]
package/upmpdcli: bump to version 1.4.0
upmpdcli switched license from GPL-2.0+ to LGPL-2.1+, therefore update
the hash file for the license file "COPYING".
Note, that upmpdcli depends on libupnpp 0.17.0.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Wed, 16 Jan 2019 21:02:28 +0000 (22:02 +0100)]
package/libupnpp: bump to version 0.17.0
libupnpp 0.17.0 adds compatibility for libupnp 1.8. Therefore, we prefer
selecting libupnp 1.8 and falling back to libupnp 1.6.
Drop patch 0001, which has been merged upstream.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 08:44:54 +0000 (10:44 +0200)]
python-txtorcon: bump to version 19.0.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 08:44:53 +0000 (10:44 +0200)]
python-logbook: bump to version 1.4.3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 08:44:52 +0000 (10:44 +0200)]
python-bcrypt: bump to version 3.1.6
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 08:44:51 +0000 (10:44 +0200)]
libuv: bump to version 1.25.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Jan 2019 22:05:41 +0000 (23:05 +0100)]
unixodbc: needs dynamic library
Fixes:
- http://autobuild.buildroot.org/results/
1036ee061ce7f7747d5514c61866da60bcfae769
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: propagate to PHP_EXT_PDO_UNIXODBC as well]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Sat, 19 Jan 2019 21:29:34 +0000 (16:29 -0500)]
php: security bump to 7.3.1
Fixes the following security issue:
- CVE-2018-19935: Allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an empty string in the
message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 16 Jan 2019 21:00:16 +0000 (22:00 +0100)]
php: switch to pcre2
php moved from pcre to pcre2 since bump to version 7.3 and
http://github.com/php/php-src/commit/
a5bc5aed71f7a15f14f33bb31b8e17bf5f327e2d
This fixes a build failure: without this change, if BR2_PACKAGE_PCRE is
set, external pcre support in php is (wrongly) enabled with
--with-pcre-regex but because pcre2 was not found, php fallbacks on
built-in pcre2 without the "SLJIT_SINGLE_THREADED hack"
Fixes:
- http://autobuild.buildroot.org/results/
40ef339019203d2cc49d388e222cf17c3ca37944
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 16 Jan 2019 21:00:15 +0000 (22:00 +0100)]
Revert "package/php: fix building pcre extension"
This reverts commit
745f884e41b5f350296e8448f5fc31d20f67a077.
This was the wrong fix: issue is that php moves from pcre to pcre2 since
version 7.3.0 and
http://github.com/php/php-src/commit/
a5bc5aed71f7a15f14f33bb31b8e17bf5f327e2d
This patch will always disable external pcre2 support and raise a build
failure when toolchaine does not have pthread
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 10:01:48 +0000 (12:01 +0200)]
python-cython: bump to version 0.29.3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 19 Jan 2019 10:01:47 +0000 (12:01 +0200)]
python-crossbar: bump to version 19.1.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Jan 2019 21:17:56 +0000 (22:17 +0100)]
gnu-efi: fix build with gcc 4.8
Fixes:
- http://autobuild.buildroot.org/results/
a0ca37b5ed27af445344e3ac49dc87bb17512c50
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Jan 2019 20:40:43 +0000 (21:40 +0100)]
libgeotiff: bump to version 1.4.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 18 Jan 2019 19:56:41 +0000 (20:56 +0100)]
tesseract-ocr: disable documentation
Fixes:
- http://autobuild.buildroot.org/results/
a608e9bfb2b0161c45ae490e2866d96763593723
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos Santos [Fri, 18 Jan 2019 18:46:25 +0000 (16:46 -0200)]
package/syslog-ng: fix startup with systemd
By default syslog-ng installs a .service that requires a config file at
/etc/default, so provide one with the default values.
It's also necessary to enable the service by means of a symlink created
at /etc/systemd/system/multi-user.target.wants.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 18 Jan 2019 09:22:12 +0000 (10:22 +0100)]
package/pango: add upstream security fix for CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other
products, allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted text with
invalid Unicode sequences.
https://nvd.nist.gov/vuln/detail/CVE-2018-15120
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>