buildroot.git
3 years agopackage/libmdbx: bump version to 0.10.3
Leonid Yuriev [Mon, 6 Sep 2021 18:23:42 +0000 (21:23 +0300)]
package/libmdbx: bump version to 0.10.3

Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/libgpgme: fix build with glibc >= 2.34
Fabrice Fontaine [Mon, 6 Sep 2021 16:39:37 +0000 (18:39 +0200)]
package/libgpgme: fix build with glibc >= 2.34

Fix the following build failure with glibc >= 2.34:

posix-io.c: In function '_gpgme_io_spawn':
posix-io.c:577:23: error: void value not ignored as it ought to be
  577 |             while ((i = closefrom (fd)) && errno == EINTR)
      |                       ^

Fixes:
 - http://autobuild.buildroot.org/results/b11094ddd35263071b7dd453a6590c5b684026ff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/cryptopp: bump to version 8.5.0
Fabrice Fontaine [Sun, 19 Sep 2021 10:08:42 +0000 (12:08 +0200)]
package/cryptopp: bump to version 8.5.0

https://www.cryptopp.com/release850.html
https://www.cryptopp.com/release840.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tclap: bump to version 1.2.4
Fabrice Fontaine [Sun, 19 Sep 2021 10:00:29 +0000 (12:00 +0200)]
package/tclap: bump to version 1.2.4

Update indentation in hash file (two spaces)

https://sourceforge.net/p/tclap/code/ci/v1.2.4/tree/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/cppzmq: bump to version 4.8.1
Fabrice Fontaine [Sun, 19 Sep 2021 09:53:43 +0000 (11:53 +0200)]
package/cppzmq: bump to version 4.8.1

https://github.com/zeromq/cppzmq/releases/tag/v4.8.1
https://github.com/zeromq/cppzmq/releases/tag/v4.8.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wayland-protocols: fix build without host-wayland
Fabrice Fontaine [Sun, 19 Sep 2021 09:39:01 +0000 (11:39 +0200)]
package/wayland-protocols: fix build without host-wayland

Don't require wayland-scanner if tests are disabled to avoid the
following build failure raised since bump to version 1.23 in commit
7eedc9cc1e0c3cce1c18cb150157cb2346075b23:

Build-time dependency wayland-scanner found: NO (tried pkgconfig and cmake)

../output-1/build/wayland-protocols-1.23/meson.build:11:0: ERROR: Dependency "wayland-scanner" not found, tried pkgconfig and cmake

Fixes:
 - http://autobuild.buildroot.org/results/2744e50465a9cd9d3726d23298ad6c943ef49a21

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/swupdate: add option to enable USB install
James Hilliard [Sun, 19 Sep 2021 08:09:02 +0000 (02:09 -0600)]
package/swupdate: add option to enable USB install

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
  - do not default to 'y'
  - add comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-rsa: add PYTHON_RSA_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 19 Sep 2021 08:52:44 +0000 (10:52 +0200)]
package/python-rsa: add PYTHON_RSA_CPE_ID_VENDOR

cpe:2.3:a:python-rsa_project:python-rsa is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-rsa_project%3Apython-rsa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mesa3d: fix build on m68k
Giulio Benetti [Sun, 19 Sep 2021 00:51:54 +0000 (02:51 +0200)]
package/mesa3d: fix build on m68k

mesa3d uses very big switch statements, which causes the build to fail
on m68k, beause the offsets there are only 16-bit.

We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit
offsets for switch statements, but this is only available starting with
gcc 7 [0] [1].

Fixes:
http://autobuild.buildroot.net/results/60c4653c2a93125edbdd0beb43cd47301643464a/

Note: we have two packages that select mesa3d, but:
    package/intel-mediadriver/
        -> already depends on x86_64, so implies !m68k

    package/x11r7/xdriver_xf86-video-imx-viv/
        -> imx is an ARM, but xdriver_xf86-video-imx-viv is missing
           a depends on BR2_arm (although the comments do have that
           dependency). However, it depends on other imx related
           packages, and they depend on either arm or aarch64, so
           that implies !m68k.

As such, we do not need to propagate that new dependency.

[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c15
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c16

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
  - add comment
  - reword commit log, add BZ references, add non-propagation notes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gstd: new package
James Hilliard [Sat, 18 Sep 2021 22:46:53 +0000 (16:46 -0600)]
package/gstreamer1/gstd: new package

We need to backport a few upstream still-pending PRs, to fix
cross-compilation, out-of-tree installation, and to relax requirements
on some tools.

The python support PR is backported too, but because python support was
not tested, it is forcibly disabled.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
  - expand commit log with explanations
  - backport upstream 253 (python) too
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/swupdate: use $(SWUPDATE_PKGDIR) for pkgdir path
James Hilliard [Sat, 11 Sep 2021 16:50:19 +0000 (10:50 -0600)]
package/swupdate: use $(SWUPDATE_PKGDIR) for pkgdir path

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libfuse3: bump to version 3.10.5
Giulio Benetti [Mon, 6 Sep 2021 21:39:38 +0000 (23:39 +0200)]
package/libfuse3: bump to version 3.10.5

Bump libfuse3 to version 3.10.5 and remove local patch that has been
upstreamed.

Release notes:
Various improvements to make unit tests more robust.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libfuse: fix build with glibc >= 2.34
Fabrice Fontaine [Sun, 12 Sep 2021 19:40:57 +0000 (21:40 +0200)]
package/libfuse: fix build with glibc >= 2.34

Fix the following build failure with glibc >= 2.34:

ulockmgr_server.c:127:12: error: conflicting types for 'closefrom'; have 'int(int)'
  127 | static int closefrom(int minfd)
      |            ^~~~~~~~~
In file included from ulockmgr_server.c:14:
/home/buildroot/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/unistd.h:363:13: note: previous declaration of 'closefrom' with type 'void(int)'
  363 | extern void closefrom (int __lowfd) __THROW;
      |             ^~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/3769b18ca804fba3b5974af799972a7d889b39a6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/strongswan: fix broken dependency relation
Martin Elshuber [Mon, 13 Sep 2021 14:26:50 +0000 (16:26 +0200)]
package/strongswan: fix broken dependency relation

The AKA backend for 3GPP2 requires libgmp (see
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
when selecting a crypto backend different from
BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
selected as well. When doing so, make fails since the package is in the
dependency chain but not selected:

  $ make
  Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.  Stop.
  make: *** [Makefile:23: _all] Error 2

To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.

Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoDEVELOPERS: add myself to trace-cmd package
Giulio Benetti [Sun, 12 Sep 2021 23:20:56 +0000 (01:20 +0200)]
DEVELOPERS: add myself to trace-cmd package

Add myself to trace-cmd package.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/trace-cmd: bump to version 2.9.5
Giulio Benetti [Sun, 12 Sep 2021 23:20:55 +0000 (01:20 +0200)]
package/trace-cmd: bump to version 2.9.5

Update to version 2.9.5 and remove local patches that have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/trace-cmd: fix build for Sparc64
Giulio Benetti [Sun, 12 Sep 2021 23:08:56 +0000 (01:08 +0200)]
package/trace-cmd: fix build for Sparc64

Trace-cmd needs -fPIC for Sparc64 platform otherwise it fails on linking,
so add -fPIC to CFLAGS when building for such platform.

Fixes;
    http://autobuild.buildroot.net/results/c59/c596f6308b7f4d44d9ba009ed0c395396fc72f47/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libxkbcommon: change homepage/download url to https
Peter Seiderer [Sat, 18 Sep 2021 20:34:37 +0000 (22:34 +0200)]
package/libxkbcommon: change homepage/download url to https

- change homepage url to https (and remove trailing slash)
- change download url to https

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/grpc: bump version to 1.40
Michael Nosthoff [Mon, 13 Sep 2021 16:46:03 +0000 (18:46 +0200)]
package/grpc: bump version to 1.40

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/minicom: drop autoreconf
Fabrice Fontaine [Sun, 12 Sep 2021 20:07:06 +0000 (22:07 +0200)]
package/minicom: drop autoreconf

autoreconf (and so AM_ICONV) is not needed since commit
2df32e0d4437b422175089edf1917219656fccef

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/dovecot: drop host-gettext
Fabrice Fontaine [Sun, 12 Sep 2021 19:53:33 +0000 (21:53 +0200)]
package/dovecot: drop host-gettext

AM_ICONV is not needed since drop of autoreconf in commit
03fbb81b8bab7bad135b59267533be7688babe39

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/fio: bump to version 3.28
Fabrice Fontaine [Sun, 12 Sep 2021 16:48:19 +0000 (18:48 +0200)]
package/fio: bump to version 3.28

This will fix the following build failure with kernel >= 5.14 thanks to
https://github.com/axboe/fio/commit/382975557e632efb506836bc1709789e615c9094:

In file included from crc/../os/os.h:39,
                 from crc/crc32c-arm64.c:2:
crc/../os/os-linux.h:17:10: fatal error: linux/raw.h: No such file or directory
   17 | #include <linux/raw.h>
      |          ^~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/d85c044263c76ff7ef0fe47921d893a472954da9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libyang: security bump to version 1.0.240
Peter Korsgaard [Sat, 18 Sep 2021 18:58:14 +0000 (20:58 +0200)]
package/libyang: security bump to version 1.0.240

Fixes the following security issues:

- CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225,
  it doesn't check whether the value of retval->ext[r] is NULL.  In some
  cases, it can be NULL, which leads to the operation of
  retval->ext[r]->flags that results in a crash.

- CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial
  of service through function lyxml_parse_mem().  lyxml_parse_elem()
  function will be called recursively, which will consume stack space and
  lead to crash.

- CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it
  doesn't check whether the value of revision is NULL.  If revision is NULL,
  the operation of strcmp(revision, ext_plugins[u].revision) will lead to a
  crash.

- CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it
  asserts that the value of node->module can't be NULL.  But in some cases,
  node->module can be null, which triggers a reachable assertion (CWE-617).

- CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it
  doesn't check whether the value of retval->ext[r] is NULL.  In some cases,
  it can be NULL, which leads to the operation of retval->ext[r]->flags that
  results in a crash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/fetchmail: security bump to version 6.4.22
Peter Korsgaard [Sat, 18 Sep 2021 18:01:36 +0000 (20:01 +0200)]
package/fetchmail: security bump to version 6.4.22

Fixes the following security issues:

- CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session
  encryption in some circumstances, such as a certain situation with IMAP
  and PREAUTH.
  https://www.fetchmail.info/fetchmail-SA-2021-02.txt

Update COPYING hash for a clarification of the license situation with
openssl 3.x (which is Apache 2.0 licensed):

https://gitlab.com/fetchmail/fetchmail/-/commit/8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libinput: bump version to 1.19.0
Peter Seiderer [Tue, 14 Sep 2021 21:04:23 +0000 (23:04 +0200)]
package/libinput: bump version to 1.19.0

- add new optional wayland, wayland-protocoll and libx11 dependencies
  in case the debug gui is enabled (libgtk3 available)

For details see [1], [2].

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041971.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041977.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libxkbcommon: bump version to 1.3.1
Peter Seiderer [Tue, 14 Sep 2021 21:01:54 +0000 (23:01 +0200)]
package/libxkbcommon: bump version to 1.3.1

For details (since 1.1.0) see [1]

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-April/041762.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-May/041816.html
[3] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041976.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/iwd: bump version to 1.17
Peter Seiderer [Tue, 14 Sep 2021 21:00:36 +0000 (23:00 +0200)]
package/iwd: bump version to 1.17

- Changelog (since 1.14, from [1]):

  ver 1.17:
    Fix issue with sending additional and vendor IEs.
    Fix issue with IE ordering for 802.11-2020 support.
    Fix issue with frequency update on channel switch events.
    Fix issue with drivers and handling of IF_OPER_UP setting.

  ver 1.16:
    Fix issue with writing provisioning files with a passphrase.
    Add support for Authenticator & Supplicant RSN Extension elements.
    Add support for handling Transition Disable info.
    Add support for SAE Hash-to-Element feature.

  ver 1.15:
    Add support for FT-over-DS procedure with multiple BSS.
    Add support for estimation of VHT RX data rate.
    Add support for exporting Daemon information.

[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/openresolv: bump version to 3.12.0
Peter Seiderer [Tue, 14 Sep 2021 21:00:35 +0000 (23:00 +0200)]
package/openresolv: bump version to 3.12.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/ell: bump version to 0.43
Peter Seiderer [Tue, 14 Sep 2021 21:00:34 +0000 (23:00 +0200)]
package/ell: bump version to 0.43

- Changelog (since 0.41, from [1]):

  ver 0.43:
    Add support for DHCP Rapid Commit feature.
    Add support for DHCP authoritative mode feature.

  ver 0.42:
    Add support for constant time security functions.
    Add support for manipulating DHCP leases.

[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/feh: bump version to 3.7.1
Petr Vorel [Tue, 14 Sep 2021 17:53:51 +0000 (19:53 +0200)]
package/feh: bump version to 3.7.1

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/botan: fix boost dependency
Michael Nosthoff [Tue, 14 Sep 2021 13:50:57 +0000 (15:50 +0200)]
package/botan: fix boost dependency

only build --with-boost when both required modules (filesystem and system) are
also selected.

Fixes:
http://autobuild.buildroot.net/results/4fbf2a63f9ddfbc540ce7dabd10964b311477c06

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/apitrace: fix build with glibc >= 2.34
Fabrice Fontaine [Tue, 14 Sep 2021 21:11:06 +0000 (23:11 +0200)]
package/apitrace: fix build with glibc >= 2.34

Fix the following build failure with glibc >= 2.34:

/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: CMakeFiles/egltrace.dir/dlsym.cpp.o: in function `dlsym':
dlsym.cpp:(.text+0x34): undefined reference to `__libc_dlopen_mode'
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: dlsym.cpp:(.text+0x46): undefined reference to `__libc_dlsym'

Fixes:
 - http://autobuild.buildroot.org/results/ac5e5b1e30249ae0fb8b9179338b47c60c026bcc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pv: bump to version 1.6.20
Fabrice Fontaine [Tue, 14 Sep 2021 21:25:48 +0000 (23:25 +0200)]
package/pv: bump to version 1.6.20

- Drop patch (already in version)
- Update indentation in hash file (two spaces)

https://github.com/a-j-wood/pv/releases/tag/v1.6.19
https://github.com/a-j-wood/pv/releases/tag/v1.6.20

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/erlang: ignore Windows specific CVE-2021-29221
Peter Korsgaard [Sat, 18 Sep 2021 16:59:46 +0000 (18:59 +0200)]
package/erlang: ignore Windows specific CVE-2021-29221

CVE-2021-29221 is a Windows specific issue:

A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3.  By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System.  This can occur only under specific
conditions on Windows with unsafe filesystem permissions.

So ignore it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/botan: add upstream security fix for CVE-2021-40529
Peter Korsgaard [Sat, 18 Sep 2021 16:42:46 +0000 (18:42 +0200)]
package/botan: add upstream security fix for CVE-2021-40529

Fixes the following security issue:

- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
  used in Thunderbird and other products, allows plaintext recovery because,
  during interaction between two cryptographic libraries, a certain
  dangerous combination of the prime defined by the receiver's public key,
  the generator defined by the receiver's public key, and the sender's
  ephemeral exponents can lead to a cross-configuration attack against
  OpenPGP

For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nodejs: security bump to version 12.22.6
Peter Korsgaard [Sat, 18 Sep 2021 16:11:30 +0000 (18:11 +0200)]
package/nodejs: security bump to version 12.22.6

Fixes the following security issues:

- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
  protection due to directory cache poisoning using symbolic links

- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
  protection due to directory cache poisoning using symbolic links

- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
  insufficient relative path sanitization

- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-interpipe: bump version to 1.1.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:12 +0000 (23:04 +0200)]
package/gst1-interpipe: bump version to 1.1.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-python: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:11 +0000 (23:04 +0200)]
package/gst1-python: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst-omx: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:10 +0000 (23:04 +0200)]
package/gst-omx: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1-editing-services: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:09 +0000 (23:04 +0200)]
package/gstreamer1-editing-services: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-rtsp-server: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:08 +0000 (23:04 +0200)]
package/gst1-rtsp-server: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-vaapi: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:07 +0000 (23:04 +0200)]
package/gst1-vaapi: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-libav: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:06 +0000 (23:04 +0200)]
package/gst1-libav: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-devtools: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:05 +0000 (23:04 +0200)]
package/gst1-devtools: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-plugins-ugly: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:04 +0000 (23:04 +0200)]
package/gst1-plugins-ugly: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-plugins-bad: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:03 +0000 (23:04 +0200)]
package/gst1-plugins-bad: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-plugins-good: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:02 +0000 (23:04 +0200)]
package/gst1-plugins-good: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gst1-plugins-base: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:01 +0000 (23:04 +0200)]
package/gst1-plugins-base: bump version to 1.18.5

- delete 0002-gstgl-Fix-build-when-Meson-0.58.0rc1.patch
  (from upstream [1])

[1] https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/90903917a8185e0f9add7af8153ae2fc9875fdcb

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1: bump version to 1.18.5
Peter Seiderer [Mon, 13 Sep 2021 21:04:00 +0000 (23:04 +0200)]
package/gstreamer1: bump version to 1.18.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/glmark2: bumped to latest version
David Corbeil [Wed, 15 Sep 2021 00:10:28 +0000 (17:10 -0700)]
package/glmark2: bumped to latest version

Fixes a segfault happening on Raspberry Pi4 on the fourth test

Signed-off-by: David Corbeil <david.corbeil@dynonavionics.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/imlib2: bump version to 1.7.3
Petr Vorel [Wed, 15 Sep 2021 19:16:03 +0000 (21:16 +0200)]
package/imlib2: bump version to 1.7.3

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/links: bump version to 2.24
Petr Vorel [Wed, 15 Sep 2021 19:15:37 +0000 (21:15 +0200)]
package/links: bump version to 2.24

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libqmi: bump version to 1.30.2
Petr Vorel [Wed, 15 Sep 2021 19:15:13 +0000 (21:15 +0200)]
package/libqmi: bump version to 1.30.2

Drop patch from this release.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bind: bump version to 9.11.35
Petr Vorel [Wed, 15 Sep 2021 19:14:12 +0000 (21:14 +0200)]
package/bind: bump version to 9.11.35

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/wayland-protocols: bump version to 1.23
Peter Seiderer [Wed, 15 Sep 2021 21:34:35 +0000 (23:34 +0200)]
package/wayland-protocols: bump version to 1.23

- convert to meson (as no configure script is provided, alternative
  would be to enable autoreconf)
- disable tests

For details (since 1.21) see [1], [2].

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041972.html
[2] https://lists.freedesktop.org/archives/wayland-devel/2021-September/041979.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lxc: bump to version 4.0.10
Fabrice Fontaine [Thu, 16 Sep 2021 16:48:21 +0000 (18:48 +0200)]
package/lxc: bump to version 4.0.10

https://discuss.linuxcontainers.org/t/lxc-4-0-10-has-been-released/11618
https://discuss.linuxcontainers.org/t/lxc-4-0-9-lts-has-been-released/10999

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gerbera: bump to version 1.9.1
Fabrice Fontaine [Thu, 16 Sep 2021 16:49:25 +0000 (18:49 +0200)]
package/gerbera: bump to version 1.9.1

https://github.com/gerbera/gerbera/blob/v1.9.1/ChangeLog.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/runc: bump to version 1.0.2
Fabrice Fontaine [Thu, 16 Sep 2021 16:50:40 +0000 (18:50 +0200)]
package/runc: bump to version 1.0.2

https://github.com/opencontainers/runc/releases/tag/v1.0.2
https://github.com/opencontainers/runc/releases/tag/v1.0.1
https://github.com/opencontainers/runc/releases/tag/v1.0.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bison: bump version to 3.8.1
Peter Seiderer [Thu, 16 Sep 2021 20:46:06 +0000 (22:46 +0200)]
package/bison: bump version to 3.8.1

For details see [1] and [2].

[1] https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00006.html
[2] https://fossies.org/linux/bison/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libxcrypt: bump to version 4.4.26
Fabrice Fontaine [Fri, 17 Sep 2021 17:00:31 +0000 (19:00 +0200)]
package/libxcrypt: bump to version 4.4.26

This bump contains a single change to fix the following build failure
with Microblaze raised since bump to version 4.4.25 in commit
a071bec0a0cd928443223132d47564c90bc64713:

lib/crypt-gensalt-static.c:33:1: error: symver is only supported on ELF platforms
   33 | SYMVER_crypt_gensalt;
      | ^~~~~~~~~~~~~~~~~~~~

Update hash of LICENSING due to new file being added with
https://github.com/besser82/libxcrypt/commit/4ab5f672eb6fb43c9bd83060ef48f90decd4989c

https://github.com/besser82/libxcrypt/blob/v4.4.26/NEWS

Fixes:
 - http://autobuild.buildroot.org/results/4766bfce9813b7f321369ec45298d16cd6dc251a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/seatd: bump to version 0.6.2
Adrian Perez de Castro [Fri, 17 Sep 2021 18:31:32 +0000 (21:31 +0300)]
package/seatd: bump to version 0.6.2

Update seatd to version 0.6.2, which makes the patches unnecessary (they
have all been integrated in 0.6.0) and fixes a number of bugs. Some
Meson build options have been renamed, so the build recipe is updated
accordingly, too.

Release notes:

  https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.0
  https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.1
  https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.2

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/containerd: security bump to version 1.4.9
Fabrice Fontaine [Wed, 15 Sep 2021 21:01:26 +0000 (23:01 +0200)]
package/containerd: security bump to version 1.4.9

- Fix CVE-2021-32760:
  https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
- Update indentation in hash file (two spaces)

https://github.com/containerd/containerd/releases/tag/v1.4.9
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.4.7
https://github.com/containerd/containerd/releases/tag/v1.4.6
https://github.com/containerd/containerd/releases/tag/v1.4.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libiio: fix compile without thread support
Peter Seiderer [Thu, 16 Sep 2021 17:37:03 +0000 (19:37 +0200)]
package/libiio: fix compile without thread support

- fix compile without thread support (add configure option
  '-DNO_THREADS=ON' as requested)

Fixes:

  - http://autobuild.buildroot.net/results/2cca5952e7d677cd0d5fa97aa1a7bf3e722df3a2

  CMake Error at CMakeLists.txt:409 (message):
    Unable to find pthread dependency.

    If you want to disable multi-threading support, set NO_THREADS=ON.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libvirt: security bump to version 7.7.0
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:40 +0000 (22:56 +0200)]
package/libvirt: security bump to version 7.7.0

- storage: Unlock pool objects on ACL check failures in
  storagePoolLookupByTargetPath (CVE-2021-3667)

  A logic bug in storagePoolLookupByTargetPath where the storage pool
  object was left locked after a failure of the ACL check could
  potentially deprive legitimate users access to a storage pool object
  by users who don't have access.

- svirt: fix MCS label generation (CVE-2021-3631)

  A flaw in the way MCS labels were generated could result in a VM's
  resource not being fully protected from access by another VM were
  it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153

- Disable Cloud-Hypervisor driver added by
  https://gitlab.com/libvirt/libvirt/-/commit/56fbabf1a1e272c6cc50adcb603996cf8e94ad08

- Update indentation in hash file (two spaces)

https://gitlab.com/libvirt/libvirt/-/blob/v7.7.0/NEWS.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libvirt: add libnl optional dependency
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:39 +0000 (22:56 +0200)]
package/libvirt: add libnl optional dependency

libnl is an optional dependency (which is enabled by default) since the
addition of the package in commit
ccfc90e1010e42e6529afae3a5ea8bf7226dabc1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libvirt: disable docs and tests
Fabrice Fontaine [Wed, 15 Sep 2021 20:56:38 +0000 (22:56 +0200)]
package/libvirt: disable docs and tests

Disable docs and tests which are enabled since the addition of the
package in commit ccfc90e1010e42e6529afae3a5ea8bf7226dabc1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/openjdk{-bin}: bump versions to 11.0.12+7 and 16.0.2+7
Adam Duskett [Sat, 18 Sep 2021 00:50:27 +0000 (17:50 -0700)]
package/openjdk{-bin}: bump versions to 11.0.12+7 and 16.0.2+7

As the github repository has changed from github.com/AdoptOpenJDK/ to
github.com/adoptium, both versions are updated in the same patch.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qt5location: fix musl compile (pthread_getname_np)
Peter Seiderer [Wed, 15 Sep 2021 21:13:57 +0000 (23:13 +0200)]
package/qt5location: fix musl compile (pthread_getname_np)

- pthread_getname_np not available with musl libc, add patch to disable
  usage for musl (patch inspired/ported from [1])

Fixes:

  - http://autobuild.buildroot.net/results/ed372a4a8e50d9e20be589eeda40c92888d709bc

  platform/default/thread.cpp: In function ‘std::string mbgl::platform::getCurrentThreadName()’:
  platform/default/thread.cpp:14:5: error: ‘pthread_getname_np’ was not declared in this scope; did you mean ‘pthread_setname_np’?
     14 |     pthread_getname_np(pthread_self(), name, sizeof(name));
        |     ^~~~~~~~~~~~~~~~~~
        |     pthread_setname_np

    [1] https://github.com/void-linux/void-packages/blob/e64dd67f43c409d2b2db08214084e842d92ad620/srcpkgs/qt5/patches/0014-musl-set_thread_name_np.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add uClibc]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboard/freescale: add support for Image.gz to post-image
Hanspeter Portner [Fri, 17 Sep 2021 13:28:35 +0000 (15:28 +0200)]
board/freescale: add support for Image.gz to post-image

For the i.MX8 often an Image.gz is built. With these changes, if
BR2_LINUX_KERNEL_IMAGEGZ=y, the correct Image.gz file is now put into
the generated image instead of falling back to the non-existent zImage.

Signed-off-by: Hanspeter Portner <dev@open-music-kontrollers.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libkrb5: fix CVE-2021-37750
Fabrice Fontaine [Wed, 15 Sep 2021 19:48:19 +0000 (21:48 +0200)]
package/libkrb5: fix CVE-2021-37750

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/apache: security bump to version 2.4.49
Fabrice Fontaine [Fri, 17 Sep 2021 22:19:34 +0000 (00:19 +0200)]
package/apache: security bump to version 2.4.49

Fix CVE-2021-33193: A crafted method sent through HTTP/2 will bypass
validation and be forwarded by mod_proxy, which can lead to request
splitting or cache poisoning. This issue affects Apache HTTP Server
2.4.17 to 2.4.48.

https://github.com/apache/httpd/blob/2.4.49/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboot/barebox: bump version to 2021.08.0
Bartosz Bilas [Fri, 17 Sep 2021 20:52:54 +0000 (22:52 +0200)]
boot/barebox: bump version to 2021.08.0

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/kodi: fix selection of dependencies
Yann E. MORIN [Sat, 11 Sep 2021 08:20:47 +0000 (10:20 +0200)]
package/kodi: fix selection of dependencies

Commit 148e695e3756 (package/kodi: bump version to 19.0-Matrix) extended
the set of required libraries for various "platform" backends, by
selecting those libraries from the blind options. For example, we have:

    config BR2_PACKAGE_KODI_PLATFORM_SUPPORTS_GBM
        bool
        default y
        depends on [...]
        select BR2_PACKAGE_LIBINPUT
        [...]

However, that option is true as soon as the requirements are met (the
depends on), even when Kodi itself is not enabled.

This means that extra libraries are pulled in to the build, even when
not required.

We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
libxbcommon, under two different conditions; we could make that a single
select, but the codition would need to be on two lines anyway, so meh...

This is not an ideal solution, because it is a bit ugly, but:
 1) adding three new blind options just for the select is kinda extreme
    and superfluous;
 2) our Kodi packaging is already a bit ugly anyway.

Fixes: #14206
Reported-by: Thomas Ruschival <t.ruschival@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
3 years agofs/iso9660: switch from cdrkit to xorriso to build ISO9660 images
Kory Maincent [Tue, 14 Sep 2021 09:34:52 +0000 (11:34 +0200)]
fs/iso9660: switch from cdrkit to xorriso to build ISO9660 images

In order to add support for EFI-compatible ISO9660 images in future
patches, this commit switch the ISO9660 logic to use xorriso instead of
cdrkit. Indeed the genimageiso tool from cdrkit doesn't have the
--efi-boot option needed to generate an image compatible with EFI BIOS.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr: drop superfluous tool name from variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/xorriso: build host variant with zlib support
Kory Maincent [Tue, 14 Sep 2021 09:34:51 +0000 (11:34 +0200)]
package/xorriso: build host variant with zlib support

We will soon use xorriso in the ISO9660 image generation support, and
this requires having zlib support in host-xorriso.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agodocs/website: update for 2021.02.5
Peter Korsgaard [Thu, 16 Sep 2021 20:36:38 +0000 (22:36 +0200)]
docs/website: update for 2021.02.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2021.02.5
Peter Korsgaard [Wed, 15 Sep 2021 15:20:06 +0000 (17:20 +0200)]
Update for 2021.02.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 767a2da72fc1690fde33b665851f20492ba5cd75)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agodocs/website: update for 2021.05.2
Peter Korsgaard [Thu, 16 Sep 2021 20:28:43 +0000 (22:28 +0200)]
docs/website: update for 2021.05.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2021.05.2
Peter Korsgaard [Wed, 15 Sep 2021 14:26:50 +0000 (16:26 +0200)]
Update for 2021.05.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3466797cedb15097924bf207774d11a79d03a9ac)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/m4: bump to version 1.4.19
Francois Perrad [Mon, 6 Sep 2021 15:26:14 +0000 (17:26 +0200)]
package/m4: bump to version 1.4.19

Remove upstream patches.

COPYING hash changed because the URLs were converted to https.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/libressl: bump to version 3.3.4
Francois Perrad [Mon, 6 Sep 2021 15:25:40 +0000 (17:25 +0200)]
package/libressl: bump to version 3.3.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/perl-type-tiny: bump to version 1.012004
Francois Perrad [Mon, 6 Sep 2021 15:25:25 +0000 (17:25 +0200)]
package/perl-type-tiny: bump to version 1.012004

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/perl-libwww-perl: bump to version 6.56
Francois Perrad [Mon, 6 Sep 2021 15:25:24 +0000 (17:25 +0200)]
package/perl-libwww-perl: bump to version 6.56

License hash changed due to removal of EOL whitespace and spelling
fixes.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/perl-io-socket-ssl: bump to version 2.072
Francois Perrad [Mon, 6 Sep 2021 15:25:23 +0000 (17:25 +0200)]
package/perl-io-socket-ssl: bump to version 2.072

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/polkit: drop dbus build dependency
Fabrice Fontaine [Mon, 13 Sep 2021 20:34:06 +0000 (22:34 +0200)]
package/polkit: drop dbus build dependency

Drop dbus build dependency to avoid the following build failure since
commit 1db13226394ff7e6f5e7ca643e275f35d6c633bb if systemd-polkit is
enabled:

package/dbus/dbus.mk:124: *** Recursive variable 'DBUS_FINAL_RECURSIVE_DEPENDENCIES' references itself (eventually).  Stop.

Fixes:
 - http://autobuild.buildroot.org/results/0e038fae0f5fc2db3e85be05db4612e4f2395e35

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libexif: fix build with gcc 4.8
Fabrice Fontaine [Wed, 15 Sep 2021 06:03:18 +0000 (08:03 +0200)]
package/libexif: fix build with gcc 4.8

Fix the following build failure with gcc 4.8 raised since bump to
version 0.6.23 in commit e2f805097611b4828d2cba6168472aac6dedeafe:

exif-gps-ifd.c: In function 'exif_get_gps_tag_info':
exif-gps-ifd.c:62:3: error: 'for' loop initial declarations are only allowed in C99 mode
   for (int i = 0; i < sizeof(exif_gps_ifd_tags) / sizeof(ExifGPSIfdTagInfo); ++i) {
   ^
exif-gps-ifd.c:62:3: note: use option -std=c99 or -std=gnu99 to compile your code

Fixes:
 - http://autobuild.buildroot.org/results/7dd222e06d1e6611449fb8fe7516817c9ad43d65

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xapp_xeyes: add xlib_libXi mandatory dependency
Fabrice Fontaine [Tue, 14 Sep 2021 16:17:31 +0000 (18:17 +0200)]
package/x11r7/xapp_xeyes: add xlib_libXi mandatory dependency

Build fails since commit c47ebe7aeb70015614ff1d477dc1a71e8c161425
because xlib_libXi is a mandatory dependency since version 1.2.0 and
https://gitlab.freedesktop.org/xorg/app/xeyes/-/commit/420c2d8517246c9e422739cadb7acb29e35a3bed:

configure: error: Package requirements (xi >= 1.7 x11 xt xext xmu xproto >= 7.0.17) were not met:

Package 'xi', required by 'virtual:world', not found

Fixes:
 - http://autobuild.buildroot.org/results/896f45fb9eadcd235aeab096db479ee0aa5d0860

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: split multi-line dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xapp_xeyes: xrender is optional, not mandatory
Fabrice Fontaine [Tue, 14 Sep 2021 16:17:30 +0000 (18:17 +0200)]
package/x11r7/xapp_xeyes: xrender is optional, not mandatory

xrender is optional, not mandatory since its addition in version 1.0.99:
https://gitlab.freedesktop.org/xorg/app/xeyes/-/commit/5e825a140f4022b88dd7a1a20a9a01b653f1a95c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboot/uboot: fix hook to copy imx firmware files
Heiko Thiery [Tue, 14 Sep 2021 19:27:42 +0000 (21:27 +0200)]
boot/uboot: fix hook to copy imx firmware files

Simplification has broken it. Fix it again.

Fixes: af99e7a5f3863049 ("boot/uboot: copy IMX firmware files to uboot package dir")
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libmaxminddb: bump to version 1.6.0
Fabrice Fontaine [Mon, 13 Sep 2021 21:09:28 +0000 (23:09 +0200)]
package/libmaxminddb: bump to version 1.6.0

https://github.com/maxmind/libmaxminddb/releases/tag/1.6.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/pcre: fix license hash
Fabrice Fontaine [Tue, 14 Sep 2021 05:40:37 +0000 (07:40 +0200)]
package/pcre: fix license hash

Commit 0e5a901d3141a3d7e477f0fb79e8f6a748f06449 forgot to update license
hash (updates in year and email)

Fixes:
 - http://autobuild.buildroot.org/results/045cd98a4067f1314deb66f52240d2db2000ec4d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/fdk-aac: bump to version 2.0.2
Fabrice Fontaine [Mon, 13 Sep 2021 20:58:19 +0000 (22:58 +0200)]
package/fdk-aac: bump to version 2.0.2

Update indentation in hash file (two spaces)

https://github.com/mstorsjo/fdk-aac/releases/tag/v2.0.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-pillow: security bump to version 8.3.2
Fabrice Fontaine [Mon, 13 Sep 2021 20:51:31 +0000 (22:51 +0200)]
package/python-pillow: security bump to version 8.3.2

- Fix CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Update indentation in hash file (two spaces)

https://github.com/python-pillow/Pillow/releases/tag/8.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gd: security bump to version 2.3.3
Fabrice Fontaine [Mon, 13 Sep 2021 20:44:24 +0000 (22:44 +0200)]
package/gd: security bump to version 2.3.3

- Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
  Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
  the vendor's position is "The GD2 image format is a proprietary image
  format of libgd. It has to be regarded as being obsolete, and should
  only be used for development and testing purposes."
- Drop patch (already in version)
- Update hash of COPYING (duplicate merged and title added with
  https://github.com/libgd/libgd/commit/82d260950589563a1af9c56f4ce5fde843a695ae
  https://github.com/libgd/libgd/commit/6013c7bcf6eb795dba584f92d3824ebd3ae60202)

https://github.com/libgd/libgd/releases/tag/gd-2.3.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/pcre: bump to version 8.45
Francois Perrad [Thu, 9 Sep 2021 08:35:36 +0000 (10:35 +0200)]
package/pcre: bump to version 8.45

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/luaposix: bump to version 35.1
Francois Perrad [Fri, 10 Sep 2021 06:22:54 +0000 (08:22 +0200)]
package/luaposix: bump to version 35.1

diff LICENSE:
-Copyright (C) 2006-2020 luaposix authors
+Copyright (C) 2006-2021 luaposix authors

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/{mesa3d, mesa3d-headers}: bump version to 21.1.8
Bernd Kuhls [Fri, 10 Sep 2021 06:49:11 +0000 (08:49 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.1.8

Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-September/000644.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/fluidsynth: bump to version 2.2.3
Julien Olivain [Mon, 13 Sep 2021 18:44:17 +0000 (20:44 +0200)]
package/fluidsynth: bump to version 2.2.3

For change log since v2.2.2, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.3

./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libxcrypt: security bump to version 4.4.25
Fabrice Fontaine [Sun, 12 Sep 2021 20:32:56 +0000 (22:32 +0200)]
package/libxcrypt: security bump to version 4.4.25

- Fix several issues found by Covscan in the testsuite. These include:
  - CWE-170: String not null terminated (STRING_NULL)
  - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
  - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
  - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
  - CWE-573: Missing varargs init or cleanup (VARARGS)
  - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
- Update hash of LICENSING due to files being updated with:
  https://github.com/besser82/libxcrypt/commit/44e9eb57b462cfbaeb085cea0e308511565f4a12
  https://github.com/besser82/libxcrypt/commit/578271c3776a442fa55ac5f5ea83c7dc83ede979

https://github.com/besser82/libxcrypt/blob/v4.4.25/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/stress-ng: bump to version 0.13.1
Fabrice Fontaine [Sun, 12 Sep 2021 20:20:56 +0000 (22:20 +0200)]
package/stress-ng: bump to version 0.13.1

This will fix the following build failure with glibc >= 2.34 thanks to
https://github.com/ColinIanKing/stress-ng/commit/7c4f74761089177127c2cfe6685b7886aa231885

core-helper.c: In function 'stress_sighandler':
core-helper.c:1340:31: error: storage size of 'stack' isn't constant
 1340 |   static uint8_t MLOCKED_DATA stack[SIGSTKSZ + STACK_ALIGNMENT];
      |                               ^~~~~

https://github.com/ColinIanKing/stress-ng/blob/V0.13.01/debian/changelog

Fixes:
 - http://autobuild.buildroot.org/results/3c2d624d1af776162978a6a72343bc04448d2885

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>