Fabrice Fontaine [Sat, 15 May 2021 09:11:18 +0000 (11:11 +0200)]
package/gstreamer1/gst1-rtsp-server: add CPE variables
cpe:2.3:a:gstreamer_project:gst-rtsp-server is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agst-rtsp-server
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 09:01:47 +0000 (11:01 +0200)]
package/gstreamer1/gst1-plugins-bad: add CPE variables
cpe:2.3:a:freedesktop:gst-plugins-bad is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Agst-plugins-bad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 08:54:38 +0000 (10:54 +0200)]
package/udisks: add UDISKS_CPE_ID_VENDOR
cpe:2.3:a:freedesktop:udisks is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Audisks
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Fri, 14 May 2021 22:03:16 +0000 (00:03 +0200)]
configs/beaglev: enable host jh71xx-tools
This host utility is useful to recover the bootloader.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Fri, 14 May 2021 22:03:15 +0000 (00:03 +0200)]
package/jh71xx-tools: new package
Add jh71xx-tools as a new host package, it includes a tool that allows
to recover the bootloader of JH71xx-based platforms, such as the
BeagleV.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- fix alphabetical order, spotted by Bin
- use LICENSE as license file, update license hash accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 08:34:53 +0000 (10:34 +0200)]
package/x11r7/libxcb: add LIBXCB_CPE_ID_VENDOR
cpe:2.3:a:x:libxcb is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 08:29:43 +0000 (10:29 +0200)]
package/x11r7/xlib_libdmx: add CPE variables
cpe:2.3:a:x:libdmx is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibdmx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 08:26:04 +0000 (10:26 +0200)]
package/x11r7/xlib_libXxf86vm: add CPE variables
cpe:2.3:a:x:libxxf86vm is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86vm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 15 May 2021 08:23:04 +0000 (10:23 +0200)]
package/x11r7/xlib_libXxf86dga: add CPE variables
cpe:2.3:a:x:libxxf86dga is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86dga
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 22:21:47 +0000 (00:21 +0200)]
package/x11r7/libXres: add CPE variables
cpe:2.3:a:x:libxres is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxres
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 22:17:31 +0000 (00:17 +0200)]
package/x11r7/xlib_libXpm: add CPE variables
cpe:2.3:a:libxpm_project:libxpm is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibxpm_project%3Alibxpm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 22:11:14 +0000 (00:11 +0200)]
package/x11r7/xlib_libFS: add CPE variables
cpe:2.3:a:x:libfs is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibfs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 22:06:16 +0000 (00:06 +0200)]
package/x11r7/xlib_libICE: add CPE variables
cpe:2.3:a:freedesktop:libice is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Alibice
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 22:02:12 +0000 (00:02 +0200)]
package/x11r7/xlib_libXt: add CPE variables
cpe:2.3:a:x:libxt is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:59:20 +0000 (23:59 +0200)]
package/x11r7/xlib_libXtst: add CPE variables
cpe:2.3:a:x:libxtst is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxtst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:55:18 +0000 (23:55 +0200)]
package/x11r7/xlib_libXcursor: add CPE variables
cpe:2.3:a:x:libxcursor is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcursor
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:51:32 +0000 (23:51 +0200)]
package/x11r7/xlib_libXdmcp: add CPE variables
cpe:2.3:a:x.org:libxdmcp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxdmcp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:48:12 +0000 (23:48 +0200)]
package/x11r7/xlib_libXext: add CPE variables
cpe:2.3:a:x:libxext is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxext
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:44:44 +0000 (23:44 +0200)]
package/x11r7/xlib_libXfixes: add CPE variables
cpe:2.3:a:x:libxfixes is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfixes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:41:11 +0000 (23:41 +0200)]
package/x11r7/xlib_libXinerama: add CPE variables
cpe:2.3:a:x:libxinerama is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxinerama
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 21:35:13 +0000 (23:35 +0200)]
package/x11r7/xlib_libXfont2: add CPE variables
cpe:2.3:a:x:libxfont is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfont
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Seiderer [Fri, 14 May 2021 17:54:29 +0000 (19:54 +0200)]
package/localedef: fix host gcc-11.x compile
Add two upstream patches fixing host gcc-11.x compile.
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13806
In file included from ../include/pthread.h:1,
from ../sysdeps/nptl/thread_db.h:25,
from ../nptl/descr.h:32,
from ../sysdeps/x86_64/nptl/tls.h:130,
from ../sysdeps/generic/libc-tsd.h:44,
from ./localeinfo.h:224,
from programs/ld-ctype.c:37:
../sysdeps/nptl/pthread.h:734:47: error: argument 1 of type ‘struct __jmp_buf_tag *’ declared as a pointer [-Werror=array-parameter=]
734 | extern int __sigsetjmp (struct __jmp_buf_tag *__env, int __savemask) __THROWNL;
| ~~~~~~~~~~~~~~~~~~~~~~^~~~~
In file included from ../include/setjmp.h:2,
from ../nptl/descr.h:24,
from ../sysdeps/x86_64/nptl/tls.h:130,
from ../sysdeps/generic/libc-tsd.h:44,
from ./localeinfo.h:224,
from programs/ld-ctype.c:37:
../setjmp/setjmp.h:54:46: note: previously declared as an array ‘struct __jmp_buf_tag[1]’
54 | extern int __sigsetjmp (struct __jmp_buf_tag __env[1], int __savemask) __THROWNL;
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 14 May 2021 20:28:38 +0000 (22:28 +0200)]
package/libxslt: fix build with latest libxml2
Build is broken since bump of libxml2 to version 2.9.11 in commit
a241dcec4188dbf30fbc8b65d7e6f2ece9da3d04 because libxslt calls the
following command "${XML_CONFIG} --libs print" which will return an
error code since
https://github.com/GNOME/libxml2/commit/
2a357ab99e6f5c9196384b11cd91dd993f93014c
Fixes:
- http://autobuild.buildroot.org/results/
47ceb8c24c9ead8a450b7fea3266f760d6b77b4f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 14 May 2021 09:43:09 +0000 (11:43 +0200)]
package/prosody: security bump to version 0.11.9
Fixes the following security issues:
- CVE-2021-32918: DoS via insufficient memory consumption controls
It was discovered that default settings leave Prosody susceptible to
remote unauthenticated denial-of-service (DoS) attacks via memory
exhaustion when running under Lua 5.2 or Lua 5.3. Lua 5.2 is the default
and recommended Lua version for Prosody 0.11.x series.
- CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU
consumption
It was discovered that Prosody does not disable SSL/TLS renegotiation,
even though this is not used in XMPP. A malicious client may flood a
connection with renegotiation requests to consume excessive CPU resources
on the server.
- CVE-2021-32921: Use of timing-dependent string comparison with sensitive
values
It was discovered that Prosody does not use a constant-time algorithm for
comparing certain secret strings when running under Lua 5.2 or later.
This can potentially be used in a timing attack to reveal the contents of
secret strings to an attacker.
- CVE-2021-32917: Use of mod_proxy65 is unrestricted in default
configuration
mod_proxy65 is a file transfer proxy provided with Prosody to facilitate
the transfer of files and other data between XMPP clients.
It was discovered that the proxy65 component of Prosody allows open access
by default, even if neither of the users have an XMPP account on the local
server, allowing unrestricted use of the server’s bandwidth.
- CVE-2021-32919: Undocumented dialback-without-dialback option insecure
The undocumented option ‘dialback_without_dialback’ enabled an
experimental feature for server-to-server authentication. A flaw in this
feature meant it did not correctly authenticate remote servers, allowing a
remote server to impersonate another server when this option is enabled.
For more details, see the advisory:
https://prosody.im/security/advisory_20210512/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 13 May 2021 21:03:53 +0000 (23:03 +0200)]
test_docker_compose.py: Test the volume mount feature
Extend docker_compose_test() to expose /bin on the host to the container
through a volume mount and verify that /bin/busybox can be downloaded and
contains the right data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 13 May 2021 21:03:52 +0000 (23:03 +0200)]
test_docker_compose.py: Test the port publish feature
Extend docker_test() to expose a random (8888) port to verify that doesn't
fail, and extend the docker-compose test to run the busybox httpd in the
background, expose that as port 80 and verify that /etc/resolv.conf could be
fetched by wget.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 13 May 2021 21:03:51 +0000 (23:03 +0200)]
package/docker-engine: fix port forwarding for hosts without IPv6
docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
support:
docker: Error response from daemon: driver failed programming external
connectivity on endpoint naughty_moore
(
038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
starting userland proxy: listen tcp6 [::]:80: socket: address family not
supported by protocol.
Add a libnetwork patch from an upstream pull request to fix this, after
adjusting the patch to apply to docker-engine (which has libnetwork vendored
under vendor/github.com/docker/libnetwork):
- https://github.com/moby/libnetwork/pull/2635,
- https://github.com/moby/moby/pull/42322
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 14 May 2021 20:08:26 +0000 (22:08 +0200)]
package/live555: security bump to version 2021.05.03
Fix CVE-2021-28899: Vulnerability in the
AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession,
and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession
subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
http://live555.com/liveMedia/public/changelog.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 14 May 2021 19:52:34 +0000 (21:52 +0200)]
package/libxml2: bump to version 2.9.12
Brown-paper bag release:
https://github.com/GNOME/libxml2/commit/
b48e77cf4f6fa0792c5f4b639707a2b0675e461b
Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dick Olsson [Fri, 14 May 2021 12:55:21 +0000 (12:55 +0000)]
DEVELOPERS: add package/bitcoin for Dick Olsson
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 14 May 2021 07:51:30 +0000 (09:51 +0200)]
DEVELOPERS: add myself for bitcoin
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Petr Vorel [Thu, 29 Apr 2021 19:08:20 +0000 (21:08 +0200)]
ipackage/modem-manager: bump version to 1.16.4
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Thu, 29 Apr 2021 19:53:24 +0000 (21:53 +0200)]
package/opentyrian: switch to using github
OpenTyrian was previously managed in a Mercurial repository hosted on
Bitbucket. Mid-2020, Bitbucket shut off all its Mercurial repositories:
https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket
Since then, OpenTyrian's source code is inacessible, but we have had no
build failure associated as there is an old archive hosted on s.b.o, so
that all builds fallback to downloading that:
http://sources.buildroot.net/opentyrian/opentyrian-
9c9f0ec3532b.tar.gz
However, the project has been revived (kinda) on github:
https://github.com/opentyrian/opentyrian
Git commit
cf5dbeb69eebd9ef9afc4473088d9469b79589eb has been found to
be the closest, both in content and date, to the Mercuail reference
9c9f0ec3532b we were using. The only deltas are in Mercurial-specific
files:
b/.hg_archival.txt | 5 0 5 0 -----
b/.hgtags | 2 1 1 0 +-
2 files changed, 1 insertion(+), 6 deletions(-)
While at it, add a hash file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 14:40:48 +0000 (16:40 +0200)]
package/postgis: fix comment dependencies (binutils-bug-21464, binutils-bug-27597)
The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 14:40:47 +0000 (16:40 +0200)]
package/libgeos: fix comment dependencies (binutils-bug-12464, binutils-bug-27597)
The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Thu, 13 May 2021 14:37:31 +0000 (16:37 +0200)]
support/testing: remove TestPythonPy2Colorzero
The python2 support has been removed since the python-colorzero bump version to 2.0.
[1]
73bf3292e16b9419c5c88d10e9755d7208ca3623
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Thu, 13 May 2021 14:34:31 +0000 (16:34 +0200)]
support/testing: remove TestPythonPy2Gpiozero
The python2 support has been removed since the python-colorzero bump version to 2.0.
Remove the gpiozero test with python2
[1]
73bf3292e16b9419c5c88d10e9755d7208ca3623
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adrian Perez de Castro [Thu, 13 May 2021 15:18:50 +0000 (18:18 +0300)]
package/libxml2: security bump to version 2.9.11
Update libxml2 to version 2.9.11, which incorporates all the patches
carried by Buildroot (which are hence removed), and includes fixes for
CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2021-3541 (at
least), as per
https://gitlab.gnome.org/GNOME/libxml2/-/issues/186#note_1104945
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 14 May 2021 05:59:45 +0000 (07:59 +0200)]
package/postgresql: security bump version to 13.3
Fixes CVE-2021-32027, CVE-2021-32028 & CVE-2021-32029:
https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 08:41:03 +0000 (10:41 +0200)]
boot/opensbi: only check/reference COPYING.BSD when _LATEST_VERSION is used
With the addition of support for custom opensbi version in commit
5c7166d387b (boot/opensbi: add support for version configuration), we can no
longer be sure that the license file name / hash will be correct in all
cases, so only specify COPYING.BSD when _LATEST_VERSION is used, similar to
how we do it for the Linux kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 08:41:02 +0000 (10:41 +0200)]
boot/opensbi: move patches to 0.9/ subdir to only apply when the 0.9 version is selected
With the addition of support for custom opensbi version in commit
5c7166d387b (boot/opensbi: add support for version configuration), we can no
longer be sure that the Buildroot patches can be applied - So move them to a
0.9 subdir to ensure they are only applied when the _LATEST_VERSION is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 07:41:04 +0000 (09:41 +0200)]
package/rt-tests: add patch to fix compatibility with make 3.81
Fixes:
http://autobuild.buildroot.net/results/
cf7c4f360f5464c700788cc8299fd086544c80e8/build-end.log
Older GNU make versions don't like the explicit undefine. It isn't really
needed as ifdef handles undefined and defined-to-the-empty-string the same
way, so just drop the undefine logic.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 12 May 2021 21:21:20 +0000 (23:21 +0200)]
package/bitcoin: security bump to version 0.21.1
Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/
20200202085526.35742-1-james.hilliard1@gmail.com
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 13 May 2021 07:04:31 +0000 (09:04 +0200)]
package/vlc: security bump version to 3.0.14
Removed patch 0002 which was applied upstream:
https://code.videolan.org/videolan/vlc/-/commit/
41caaa08cde60c4fec4bf2e5f9610e2a1b9e6a23
Renumbered remaining patches.
Release notes:
https://www.videolan.org/vlc/releases/3.0.13.html
https://www.videolan.org/vlc/releases/3.0.12-update.html
Version 3.0.13 fixes VideoLAN-SB-VLC-3013:
https://www.videolan.org/security/sb-vlc3013.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 09:39:25 +0000 (11:39 +0200)]
docs/website: update for 2021.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 09:05:47 +0000 (11:05 +0200)]
Update for 2021.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
76b4f9e9b658d3a4a72266e4aa2e63aa7a3f54f9)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 12 May 2021 08:49:31 +0000 (10:49 +0200)]
Update for 2021.05-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 8 May 2021 19:41:55 +0000 (21:41 +0200)]
boot/opensbi: unconditionally disable SSP
Fix build failure raised since commit
810ba387bec3c5b6904e8893fb4cb6f9d3717466
Fixes:
- https://gitlab.com/kubu93/buildroot/-/jobs/
1247043359
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Joachim Wiberg [Wed, 12 May 2021 04:24:54 +0000 (06:24 +0200)]
package/sysklogd: bump to version 2.2.3
https://github.com/troglobit/sysklogd/releases/tag/v2.2.3
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 9 May 2021 16:43:39 +0000 (18:43 +0200)]
package/kodi: bump version to 19.1
Removed patch 0002 which was applied upstream:
https://github.com/xbmc/xbmc/commit/
c9cf94d3108d742e50ea73b5553125ef5e405c73
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 9 May 2021 06:54:10 +0000 (08:54 +0200)]
package/kodi-pvr-nextpvr: bump version to 8.2.3-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.nextpvr/blob/Matrix/pvr.nextpvr/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 11 May 2021 09:48:45 +0000 (09:48 +0000)]
package/luvi: bump to version 2.12.0
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 11 May 2021 09:35:42 +0000 (09:35 +0000)]
package/luv: bump to version 1.41.0-0
Enable Lua 5.4 support which is fixed now.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Tue, 11 May 2021 09:17:05 +0000 (09:17 +0000)]
package/upmpdcli: bump to version 1.5.12
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 11 May 2021 17:49:21 +0000 (19:49 +0200)]
package/php: bump version to 7.4.19
Changelog: https://www.php.net/ChangeLog-7.php#7.4.19
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 30 Apr 2021 20:55:37 +0000 (22:55 +0200)]
package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.1
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003083.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 30 Apr 2021 20:55:36 +0000 (22:55 +0200)]
package/x11r7/xorgproto: bump version to 2021.4
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003085.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 11 May 2021 15:58:29 +0000 (17:58 +0200)]
package/tor: bump version to 0.4.5.8
Release notes: https://blog.torproject.org/node/2031
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 11 May 2021 15:41:17 +0000 (17:41 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.4-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 11 May 2021 15:41:16 +0000 (17:41 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.21.3-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Grzegorz Blach [Sun, 2 May 2021 12:56:16 +0000 (14:56 +0200)]
package/python-pyjwt: Bump to version 2.1.0
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Wed, 5 May 2021 19:22:10 +0000 (21:22 +0200)]
package/log4qt: add telnet optional logging
Telnet logging is an optional feature that's disabled by default.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Wed, 5 May 2021 18:10:12 +0000 (20:10 +0200)]
package/log4qt: link with latomic if needed
Fixes:
- http://autobuild.buildroot.net/results/fb5/
fb52f5366a25230606149f44dc46f86f0273a680/
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:54:18 +0000 (11:54 +0200)]
package/libcamera: bump version to
3a1f67a
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:48:29 +0000 (11:48 +0200)]
package/rpi-wifi-firmware: bump version to
4c47758
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:48:28 +0000 (11:48 +0200)]
package/rpi-bt-firmware: bump version to
4c47758
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:48:27 +0000 (11:48 +0200)]
package/rpi-userland: bump version to
45a0022
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:48:26 +0000 (11:48 +0200)]
package/rpi-firmware: bump version to
1a46874
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 2 May 2021 09:48:25 +0000 (11:48 +0200)]
configs/raspberrypi*: bump kernel version to
96110e9 (5.10.33)
Now based on 5.10.33 (from 5.10.1).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Fri, 30 Apr 2021 21:18:50 +0000 (23:18 +0200)]
package/libinput: bump version to 1.17.2
For details see [1].
[1] https://lists.freedesktop.org/archives/wayland-devel/2021-April/041809.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 11 May 2021 09:32:16 +0000 (11:32 +0200)]
CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 10 May 2021 20:51:22 +0000 (22:51 +0200)]
package/elfutils: bump to version 0.184
https://sourceware.org/pipermail/elfutils-devel/2021q2/003797.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 10 May 2021 21:23:12 +0000 (23:23 +0200)]
package/gerbera: bump to version 1.8.1
https://github.com/gerbera/gerbera/releases/tag/v1.8.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 10 May 2021 20:40:13 +0000 (22:40 +0200)]
package/domoticz: needs gcc >= 6
domoticz fails to build with gcc 5 since bump to version 2021.1 in
commit
33b49c4ae33e767b86130cbc1844e2003bbe0f98 because domoticz needs
C++14 since
https://github.com/domoticz/domoticz/commit/
bdf82257dc93daa78b0179a0229539553b608f6b
Fixes:
- http://autobuild.buildroot.org/results/
f4f9caa44d1836279c3806bc990a1203bf743c0d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 10 May 2021 20:37:10 +0000 (22:37 +0200)]
package/ruby: links with atomic if needed
Build fails since bump to version 3.0.0 in commit
af5226f2fd1292a26f2dfda32f41cbbad7aa4cc because ruby needs atomic
operation support since
https://github.com/ruby/ruby/commit/
6ed6b85ece8733518a7da0c3ec714f20d1102bf5
Fixes:
- http://autobuild.buildroot.org/results/
84ee5f4688be994a5440c3a61bddabee72ca3b3c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcin Niestroj [Mon, 10 May 2021 09:27:26 +0000 (11:27 +0200)]
package/lvm2: bump version to 2.03.12
Downstream patches have been mainlined in commits [1] (v2.03.06) and
[2] (v2.03.12). Second patch was slightly modified, so replace
--disable-symvers with --with-symvers=no.
[1] https://github.com/lvmteam/lvm2/commit/
125f27ac37bc9b93cc96f64052b9681b3d479ee1
[2] https://github.com/lvmteam/lvm2/commit/
1cedbaf13778de02e38b5dc80a7af246b7ec83e5
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcin Niestroj [Mon, 10 May 2021 09:27:25 +0000 (11:27 +0200)]
package/lvm2: use http instead of ftp
ftp links do not seem to be accessible anymore. Replace them with http.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 11 May 2021 07:09:07 +0000 (09:09 +0200)]
boot/Config.in: fix beaglev-ddrinit include after rename
Commit
3b551f68a55d74f (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to
match renamed upstream repo) forgot to update the include in boot/Config.in,
breaking menuconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Edgar Bonet [Mon, 10 May 2021 14:18:34 +0000 (16:18 +0200)]
configs/acmesystems_acqua_a5_{256, 512}mb: add openssl host dependency
The Linux build needs openssl:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
1240157423
https://gitlab.com/buildroot.org/buildroot/-/jobs/
1240157424
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sébastien Szymanski [Mon, 10 May 2021 08:18:32 +0000 (10:18 +0200)]
package/boost: fix broken BOOST_SITE URL
Current URL returns 403 error:
--2021-05-10 10:04:12-- https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.bz2
Resolving dl.bintray.com... 18.193.131.58, 3.66.199.110
Connecting to dl.bintray.com|18.193.131.58|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-05-10 10:04:12 ERROR 403: Forbidden.
Bintray has been sunset on May 1st:
https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/
Update the URL to the new upstream location to fix this issue.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Arnout Vandecappelle (Essensium/Mind) [Wed, 5 May 2021 19:13:44 +0000 (21:13 +0200)]
support/testing: add sudo package test
Create a new user 'sudotest' to validate that sudo really works (i.e.
properly has setuid).
Creating the user and adding it to sudoers is done at runtime, otherwise
we'd need to add extra files to the config which complicates things a
little bit.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 5 May 2021 15:58:18 +0000 (17:58 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.21.2-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 5 May 2021 15:58:17 +0000 (17:58 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 10 May 2021 09:06:57 +0000 (11:06 +0200)]
boot/beaglev-ddrlnit: rename to beaglev-ddrinit to match renamed upstream repo
And adjust DEVELOPERS and beaglev_defconfig to match.
The typo in the repo name has now been fixed:
https://github.com/starfive-tech/beagle_ddrinit/issues/6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 6 May 2021 20:50:48 +0000 (22:50 +0200)]
package/bullet: needs dynamic library
Build without dlfcn.h fails because bullet3 is not disabled since
commit
5f154799b6ed772a0c028072996e110fac131508
Fixes:
- http://autobuild.buildroot.org/results/
ab2efdd1eac64474adf00d8e60b42110c6e89143
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 7 May 2021 18:30:09 +0000 (20:30 +0200)]
package/hwloc: bump to version 2.4.1
- Add ac_cv_prog_cc_c99 to avoid a build failure due to
https://github.com/open-mpi/hwloc/commit/
f2226f76e104923a76c5d09328284104abad6b01
- Update hash of COPYING, copyrights added with
https://github.com/open-mpi/hwloc/commit/
ebaa3595e2ddc6e0e94e8ea5b1472f1a21969c80
- Update indentation in hash file (two spaces)
As a side effect, this will remove numactl dependency (which raises a
build failure with sparc v8 since commit
4ed540ddf59bec4b389be44d7f42820d2466904f) thanks to:
https://github.com/open-mpi/hwloc/commit/
e6a53bbf65458fd5fe4d45d5a83027b530566591
https://github.com/open-mpi/hwloc/blob/hwloc-2.4.1/NEWS
Fixes:
- http://autobuild.buildroot.org/results/
5f9394d3bab4e83edbea9bc607c3e135adfdabbc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 9 May 2021 13:34:12 +0000 (15:34 +0200)]
package/putty: fix build on uclibc
Fix build failure on uclibc raised since bump to version 0.75 in commit
d562009f7b9701cb20bc4b1d389d19f9a647cc3b
Fixes:
- http://autobuild.buildroot.org/results/
726f7c5ce13e78ed91e827b872e9d7ccfa13f298
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 8 May 2021 19:41:54 +0000 (21:41 +0200)]
boot/opensbi: bump to version 0.9
https://github.com/riscv/opensbi/releases/tag/v0.9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vincent Stehlé [Sun, 9 May 2021 10:01:41 +0000 (12:01 +0200)]
configs/wandboard: bump kernel and U-Boot versions
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, switch U-Boot to the Kconfig build system and add some more
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 7 May 2021 20:58:44 +0000 (22:58 +0200)]
package/rust: security bump to version 1.52.0
Fix CVE-2020-36317, CVE-2020-36318, CVE-2020-36323, CVE-2021-28877,
CVE-2021-28875, CVE-2021-28876, CVE-2021-28878 and CVE-2021-28879
https://github.com/rust-lang/rust/blob/1.52.0/RELEASES.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vincent Stehlé [Sun, 9 May 2021 17:15:05 +0000 (19:15 +0200)]
configs/pandaboard: bump kernel and U-Boot versions
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, enable VFPv3 with 32 registers (instead of 16) and add a few
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 8 May 2021 21:07:02 +0000 (23:07 +0200)]
{linux, linux-headers}: bump 4.19.x / 5.{4, 10, 11, 12}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alexander Dahl [Sat, 8 May 2021 19:53:42 +0000 (21:53 +0200)]
package/putty: bump to version 0.75
Upstream does not set -Werror in its build files anymore. License file
just changed copyright years and holders. PGP signatures of source
tarball and hashes were checked.
Link: https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.75.html
Link: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 8 May 2021 18:44:16 +0000 (20:44 +0200)]
package/monkey: drop package
As stated in commit
26a7d912f4a44bce558ee24bbadb5d10527f68c1, upstream
is aware than the lack of release is an issue but no comments since
2018: https://github.com/monkey/monkey/issues/276
Moreover, TLS support is broken since 2016 but again upstream does not
seem to care about it: https://github.com/monkey/monkey/issues/336
So just drop monkey
Fixes:
- http://autobuild.buildroot.org/results/
0626ebab4f084d9b97d6696c7d4ebf7760d776a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
John Keeping [Fri, 7 May 2021 15:21:59 +0000 (16:21 +0100)]
package/cryptsetup: disable tmpfiles.d for host build
When building host-cryptsetup, if tmpfiles.d support is enabled then the
install step tries to install /usr/lib/tmpfiles.d/cryptsetup.conf
globally on the host system.
Even if the tmpfiles.d config were installed correctly in the host
directory, nothing would ever run these rules, so disable this feature
via configure.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcin Niestroj [Fri, 7 May 2021 17:43:55 +0000 (19:43 +0200)]
package/python-pytest: bump to version 6.2.4
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 8 May 2021 07:39:44 +0000 (09:39 +0200)]
package/haproxy: bump to version 2.2.14
http://www.haproxy.org/download/2.2/src/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 7 May 2021 20:21:04 +0000 (22:21 +0200)]
package/ruby: security bump to version 3.0.1
This release includes security fixes:
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows
https://www.ruby-lang.org/en/news/2021/04/05/ruby-3-0-1-released/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 7 May 2021 07:06:14 +0000 (09:06 +0200)]
package/xen: bump version to 4.14.2
Includes a number of bugfixes and the security fixes up to 368, so drop
those.
For details, see the release notes:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 7 May 2021 06:28:21 +0000 (08:28 +0200)]
package/go: security bump to version 1.16.4
Fixes the following security issues:
- CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
unrecoverable panic when reading a very large header (over 7MB on 64-bit
architectures, or over 4MB on 32-bit ones). Transport and Client are
vulnerable and the program can be made to crash by a malicious server.
Server is not vulnerable by default, but can be if the default max header
of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
in which case the program can be made to crash by a malicious client.
https://github.com/golang/go/issues/45710
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>