Peter Seiderer [Tue, 1 Dec 2020 22:37:58 +0000 (23:37 +0100)]
package/ell: bump version to 0.35
- rebased (and renumbered) 001-ell-rtnl-fix-compile-with-older-toolchains.patch
- drop dynamic library dependency as no longer needed since
upstream commits [1] and [2]
- add two upstream patches to fix musl/uclibc compile
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=
e129cb4cd2270f308c1564e75859672643dd902b
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=
a4ac2cb0e14f564754f7e2067ac7dde0a9ab1914
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 3 Dec 2020 19:47:10 +0000 (20:47 +0100)]
package/fetchmail: bump version to 6.4.14
Changelog:
https://sourceforge.net/p/fetchmail/git/ci/legacy_64/tree/NEWS
Removed md5 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 3 Dec 2020 20:10:13 +0000 (21:10 +0100)]
package/x11vnc: fix CVE-2020-29074
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 21:11:02 +0000 (22:11 +0100)]
package/xerces: bump version to 3.2.3
- removed 0001-cmake-Allow-thread-checks-to-fail-and-fall-back-to-nothreads.patch
(upstream [1])
[1] https://github.com/apache/xerces-c/commit/
c9bfe786331647237b90f5f9e35b4d2cad7aaa69
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 21:00:58 +0000 (22:00 +0100)]
package/ethtool: bump version to 5.9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 20:55:18 +0000 (21:55 +0100)]
package/git: bump version to 2.29.2
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 20:48:34 +0000 (21:48 +0100)]
package/postgresql: bump version to 13.1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 20:24:23 +0000 (21:24 +0100)]
package/nmap: bump version to 7.91
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 20:07:31 +0000 (21:07 +0100)]
package/rsyslog: bump version to 8.2010.0
- disable new input module options imhttp and impcap
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 19:51:25 +0000 (20:51 +0100)]
package/mtools: bump version to 4.0.26
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 19:42:36 +0000 (20:42 +0100)]
package/meson: bump version to 0.56.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 19:42:35 +0000 (20:42 +0100)]
package/ninja: bump version to 1.10.2
- rebased 0001-set-minimum-cmake-version-to-3.10.patch
- removed 0002-remove-fdiagnostics-color-from-make-command.patch
(superseeded by upstream commit [1])
- rebased package/ninja/0003-CMake-fix-object-library-usage.patch
[1] https://github.com/ninja-build/ninja/commit/
418d59b8a6054ce9ef1a28c07c41d3a0bb386836
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 18:58:38 +0000 (19:58 +0100)]
package/libaio: bump version to 0.3.112
- remove 0001-src-Makefile-add-ENABLE_SHARED-boolean-to-allow-stat.patch
(upstream committed [1])
- remove 0002-Makefile-add-missing-DESTDIR-variable-use.patch
(upstream committed [2])
- remove 0003-Link-against-libgcc-to-avoid-unresolved-symbols.patch
(upstream committed [3])
Changelog (from libaio.spec):
- Add async poll support (Christoph Hellwig)
- Use canonical DESTDIR= environment variable (Thomas Petazzoni)
- Add ability to disable building the shared library (Thomas Petazzoni)
[1] https://pagure.io/libaio/c/
970196192771eeda39fabcc59a5dae9613e871a8.patch
[2] https://pagure.io/libaio/c/
4059161333a14a0c705efecc5765b6cb2a29ae02.patch
[3] https://pagure.io/libaio/c/
de5775ea1b42ea83e305db9c17372e3f0a8dd3a3.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 18:40:59 +0000 (19:40 +0100)]
package/less: bump version to 563
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 18:33:00 +0000 (19:33 +0100)]
package/iw: bump version to 5.9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 18:27:39 +0000 (19:27 +0100)]
package/hwdata: bump version to 0.342
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 2 Dec 2020 18:22:15 +0000 (19:22 +0100)]
package/hdparm: bump version to 9.60
Changes according to [1] and [2]:
- decode more bits from id[69], courtesy Adrián Kálazi.
- allow passing of custom LDFLAGS from the environment.
- add new "static" target.
- fix --dco-identify max sectors, courtesy of Paul Sultana.
- get rid of leftover "unknown" variables from identify.c
- fixed return values from get_log_page_data().
- support for ioSafe Solo with jMicron bridge.
[1] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-959-is-released
[2] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-960-is-released
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 5 Dec 2020 08:09:53 +0000 (09:09 +0100)]
package/dav1d: bump version to 0.8.0
Release notes:
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 5 Dec 2020 08:05:47 +0000 (09:05 +0100)]
package/pngquant: bump version to 2.13.1
Reformatted hashes.
Changelog:
https://raw.githubusercontent.com/kornelski/pngquant/master/CHANGELOG
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 5 Dec 2020 08:01:59 +0000 (09:01 +0100)]
package/utf8proc: bump version to 2.6.0
Reformatted hashes.
Release notes:
https://github.com/JuliaStrings/utf8proc/releases/tag/v2.6.0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 5 Dec 2020 07:56:53 +0000 (08:56 +0100)]
package/pulseaudio: bump version to 14.0
Reformatted hashes, switched _SITE to https.
Release notes:
https://lists.freedesktop.org/archives/pulseaudio-discuss/2020-November/031938.html
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:57 +0000 (07:44 +0100)]
package/perl-type-tiny: bump to version 1.012000
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:56 +0000 (07:44 +0100)]
package/perl-plack: bump to version 1.0048
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:55 +0000 (07:44 +0100)]
package/perl-package-stash: bump to version 0.39
diff LICENSE:
-This software is copyright (c) 2018 by Jesse Luehrs.
+This software is copyright (c) 2020 by Jesse Luehrs.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:54 +0000 (07:44 +0100)]
package/perl-net-dns: bump to version 1.29
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:53 +0000 (07:44 +0100)]
package/perl-moo: bump to version 2.004004
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:52 +0000 (07:44 +0100)]
package/perl-json-maybexs: bump to version 1.004003
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:51 +0000 (07:44 +0100)]
package/perl-http-entity-parser: bump to version 0.25
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:50 +0000 (07:44 +0100)]
package/perl-http-cookies: bump to version 6.09
diff LICENSE:
-This software is Copyright (c) 2002-2019 by Gisle Aas.
+This software is Copyright (c) 2002 by Gisle Aas.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:49 +0000 (07:44 +0100)]
package/perl-file-listing: bump to version 6.14
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 5 Dec 2020 06:44:48 +0000 (07:44 +0100)]
package/perl-date-manip: bump to version 6.83
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 3 Dec 2020 09:30:49 +0000 (10:30 +0100)]
Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 3 Dec 2020 07:43:41 +0000 (08:43 +0100)]
Kickoff 2021.02 cycle
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 2 Dec 2020 22:45:57 +0000 (23:45 +0100)]
docs/website/news.html: add 2020.11 announcement link
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 2 Dec 2020 22:21:32 +0000 (23:21 +0100)]
Update for 2020.11
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 2 Dec 2020 06:32:43 +0000 (07:32 +0100)]
package/gnuplot: security bump to version 5.4.1
- Fix CVE-2020-25412: com_line() in command.c in gnuplot 5.4 leads to an
out-of-bounds-write from strncpy() that may lead to arbitrary code
execution.
- Drop second patch (already in version)
- Update indentation in hash file (two spaces)
http://gnuplot.info/ReleaseNotes_5_4_1.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 1 Dec 2020 22:23:46 +0000 (23:23 +0100)]
package/docker-containerd: security bump to version 1.4.3
Fixes the following security issue:
- CVE-2020-15257: Access controls for the shim’s API socket verified that
the connecting process had an effective UID of 0, but did not otherwise
restrict access to the abstract Unix domain socket. This would allow
malicious containers running in the same network namespace as the shim,
with an effective UID of 0 but otherwise reduced privileges, to cause new
processes to be run with elevated privileges.
For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Waldemar Brodkorb [Mon, 23 Nov 2020 16:30:35 +0000 (17:30 +0100)]
package/mksh: update to 59c
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 23 Nov 2020 20:55:25 +0000 (21:55 +0100)]
package/libxkbcommon: bump version to 1.0.3
For details see [1], changelog:
- Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some
unclear situation (bug introduced in 1.0.2).
- Fix keymaps created with xkb_x11_keymap_new_from_device() don't have level
names (bug introduced in 0.8.0).
[1] https://lists.freedesktop.org/archives/wayland-devel/2020-November/041660.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Vincent Stehlé [Fri, 27 Nov 2020 14:40:24 +0000 (15:40 +0100)]
configs/arm_foundationv8: bump to Linux 5.9.11
- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
Foundation Platform 11.12 build 38, and to start 4 cores in SMP.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Tue, 24 Nov 2020 02:12:59 +0000 (19:12 -0700)]
package/python-serial: bump to version 3.5
License hash changed due to year update.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Tue, 24 Nov 2020 02:07:37 +0000 (19:07 -0700)]
package/python-serial-asyncio: bump to version 0.5
License hash changed due to year update.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Tue, 24 Nov 2020 01:59:27 +0000 (18:59 -0700)]
package/python-aiohttp-jinja2: bump to version 1.4.2
License hash changed due to formatting change.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 1 Dec 2020 20:23:00 +0000 (21:23 +0100)]
package/libuhttpd: fix static build with mbedtls and zlib
Fixes:
- http://autobuild.buildroot.org/results/
5891d12e90182460cde1ddfa0ca75e9fd55e3dff
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Alexander Egorenkov [Sat, 28 Nov 2020 09:50:50 +0000 (10:50 +0100)]
package/makedumpfile: bump to version 1.6.8
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 28 Nov 2020 22:11:53 +0000 (23:11 +0100)]
package/rust: bump to version 1.48.0
Update indentation in hash file (two spaces)
https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 1 Dec 2020 22:13:00 +0000 (23:13 +0100)]
package/netsurf: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
e81568c2b4f5ef5d055c9b94e624ba2d23f50d16
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 1 Dec 2020 22:12:59 +0000 (23:12 +0100)]
package/netsurf: renumber patches
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Johan Oudinet [Thu, 26 Nov 2020 17:43:01 +0000 (18:43 +0100)]
package/ejabberd: bump version to 20.07
- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:43:00 +0000 (18:43 +0100)]
package/erlang-p1-xmpp: bump version to 1.4.10
upstream uses include_lib. Adapt the corresponding patch accordingly.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:59 +0000 (18:42 +0100)]
package/erlang-p1-yaml: bump version to 1.0.28
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:58 +0000 (18:42 +0100)]
package/erlang-p1-sip: bump version to 1.0.38
upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.
The hash of the license file has changed, due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:57 +0000 (18:42 +0100)]
package/erlang-p1-stun: bump version to 1.0.39
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:56 +0000 (18:42 +0100)]
package/erlang-p1-stringprep: bump version to 1.0.23
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:55 +0000 (18:42 +0100)]
package/erlang-p1-pkix: bump version to 1.0.6
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:54 +0000 (18:42 +0100)]
package/erlang-p1-oauth2: bump version to 0.6.7
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:53 +0000 (18:42 +0100)]
package/erlang-p1-acme: bump version to 1.0.9
The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:52 +0000 (18:42 +0100)]
package/erlang-p1-yconf: bump version to 1.0.8
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:51 +0000 (18:42 +0100)]
package/erlang-p1-mqtree: bump version to 1.0.10
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:50 +0000 (18:42 +0100)]
package/erlang-jiffy: bump version to 1.0.6
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:49 +0000 (18:42 +0100)]
package/erlang-p1-xml: bump version to 1.1.44
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:48 +0000 (18:42 +0100)]
package/erlang-p1-tls: bump version to 1.1.9
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:47 +0000 (18:42 +0100)]
package/erlang-p1-zlib: bump version to 1.0.9
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 1 Dec 2020 19:27:03 +0000 (20:27 +0100)]
package/libcap: fix libcap.pc
libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:
ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif
Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13276
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 1 Dec 2020 17:49:03 +0000 (18:49 +0100)]
package/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360 / 25712
Fixes the following security issues:
* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.
* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
buffer overflow on the head in the X server.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Nov 2020 11:00:41 +0000 (12:00 +0100)]
toolchain: add upstream fix for arc gcc
Fixes:
http://autobuild.buildroot.net/results/792/
792e69eefc87d28b92972c452d5e230d86d9e114/
Upstream issue:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/310
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Nov 2020 11:00:40 +0000 (12:00 +0100)]
toolchain: update option descriptions for ARC tools arc-2020.09-release
https://git.buildroot.net/buildroot/commit/?id=
0791abfba0227803b19895ea22326f4e17ac93dc
bumped
* Binutils 2.34.50 with additional ARC patches
* GCC 10.0.2 with additional ARC patches
* GDB 10.0.50 with additional ARC patches
but forgot to update the version numbers stored in option descriptions.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:46 +0000 (18:42 +0100)]
package/erlang-eimp: bump version to 1.0.17
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:45 +0000 (18:42 +0100)]
package/erlang-p1-cache-tab: bump version to 1.0.25
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Johan Oudinet [Thu, 26 Nov 2020 17:42:44 +0000 (18:42 +0100)]
package/erlang-p1-utils: bump version to 1.0.20
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 28 Nov 2020 10:04:03 +0000 (11:04 +0100)]
package/s390-tools: also set HAVE_LIBCURL
Set HAVE_LIBCURL when libcurl is available to enable genprotimg and
libekmfweb:
https://github.com/ibm-s390-tools/s390-tools/blob/master/README.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 28 Nov 2020 09:57:25 +0000 (10:57 +0100)]
package/setserial: add license hash
Also reformatted hash file.
Fixes:
http://autobuild.buildroot.net/results/d1c/
d1ccecc74755155664cd17c8d33721c804a37b25/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 29 Nov 2020 17:56:33 +0000 (18:56 +0100)]
package/kmsxx: bump version to
5489056 and convert to meson build
- remove 0001-fix-compiler-errors-with-gcc-10.patch
(upstream)
- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
(upstream)
- convert to meson
- add patch to use system fmt instead of git submodule (fixes
configure 'ERROR: Include dir ext/fmt/include does not exist.')
- add patch to use system pybind11 instead of git submodule (fixes
configure 'ERROR: Include dir ext/pybind11/include does not exist.')
- add patch to use python only if pykms is enabled (fixes
configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')
- add optional libevdev dependency (needed for utils/kmstouch)
- update LICENSE file hash (replaced short copyright notice and
link to http://mozilla.org/MPL/2.0/ with complete license text)
- lift toolchain headers requirement to at least 4.11 (include
linux/dma-buf.h)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 18 Nov 2020 17:18:27 +0000 (18:18 +0100)]
package/kmsxx: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
59f70fb725c2f07e27dc818839e02f2788ee490c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sun, 29 Nov 2020 20:58:42 +0000 (21:58 +0100)]
package/fmt: bump version to 7.1.3
For details see [1], [2], [3] and [4].
[1] https://github.com/fmtlib/fmt/releases/tag/7.1.0
[2] https://github.com/fmtlib/fmt/releases/tag/7.1.1
[3] https://github.com/fmtlib/fmt/releases/tag/7.1.2
[4] https://github.com/fmtlib/fmt/releases/tag/7.1.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Angelo Compagnucci [Tue, 1 Dec 2020 21:30:53 +0000 (22:30 +0100)]
package/cups-filters: bump to version 1.28.4
While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sat, 28 Nov 2020 09:51:08 +0000 (10:51 +0100)]
package/s390-tools: fix build with netsnmp
Fix the following build failure:
/bin/sh: net-snmp-config: command not found
/home/buildroot/autobuild/run/instance-2/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/9.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: osasnmpd.o: in function `main':
osasnmpd.c:(.text.startup+0xcc): undefined reference to `snmp_log_perror'
Moreover, replace perl-net-snmp dependency by netsnmp as osasnmpd is an
SNMP subagent for the net-snmp package:
https://github.com/ibm-s390-tools/s390-tools/blob/master/osasnmpd/osasnmpd.8
Fixes:
- http://autobuild.buildroot.org/results/
00796f2ebd5fb0e08ac7a05a9ee566f2bc4bd1c3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Julien Olivain [Tue, 17 Nov 2020 21:21:45 +0000 (22:21 +0100)]
package/linux-firmware: install Ath10k QCA9377 sdio firmware
linux-firmware version
20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Julien Olivain [Tue, 17 Nov 2020 21:21:44 +0000 (22:21 +0100)]
package/linux-firmware: bump version to
20201022
This update is motivated by the inclusion SDIO firmware for QCA9377 WiFi
cards in this new version. See [1].
The license file "WHENCE" content/checksum has changed, since it's an
index of firmware provenance and their licenses, and many new firmware
files were added.
For the full linux-firmware change log, see tag
20201022 log [2].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=
d7904d5b07a9e2c4cdd9f8b2c5a5faa9c6e665cf
[2] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?h=
20201022
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Julien Olivain [Tue, 17 Nov 2020 21:21:43 +0000 (22:21 +0100)]
package/linux-firmware: reformat hash file using the 2 spaces convention
For readability, this reformatting is done in a separate commit, as this
package contains many license files.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Thu, 19 Nov 2020 22:11:40 +0000 (23:11 +0100)]
package/bind: fix license hash
Commit
9679d3f0218519ea7a01f3b5fefb7f6dd23b138e forgot to update hash of
COPYRIGHT which was updated to replace http by https:
https://gitlab.isc.org/isc-projects/bind9/-/commit/
400171aee8db87c3973987980327051a58a20a80
Fixes:
- http://autobuild.buildroot.org/results/
db614a6fa1e17af2fa5c1d4a0d51cdf770893ca9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Angelo Compagnucci [Mon, 9 Nov 2020 16:58:03 +0000 (17:58 +0100)]
package/environment-setup: add better kernel handling
Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bernd Kuhls [Mon, 30 Nov 2020 17:40:06 +0000 (18:40 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 20.2.3
Release notes of this bugfix release:
https://lists.freedesktop.org/archives/mesa-announce/2020-November/000607.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Marcus Folkesson [Tue, 1 Dec 2020 07:00:05 +0000 (08:00 +0100)]
package/libostree: bump to version 2020.8
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Angelo Compagnucci [Sun, 8 Nov 2020 17:07:18 +0000 (18:07 +0100)]
package/python-pydal: bump to version
20200910.1
While bumping updating the sha256 computation method.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Angelo Compagnucci [Sun, 8 Nov 2020 16:57:55 +0000 (17:57 +0100)]
package/python-can: bump to verison 3.3.4
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Mon, 30 Nov 2020 07:12:43 +0000 (08:12 +0100)]
package/privoxy: security bump to version 3.0.29
From the release notes:
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits
bbd53f1010b and
4490d451f9b. OVE-
20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit
c62254a686.
OVE-
20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit
1b1370f7a8a.
OVE-
20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit
245e1cf32. OVE-
20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit
5cfb7bc8fe. OVE-
20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit
7530132349. CID 267165. OVE-
20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit
cf5640eb2a. CID 267168. OVE-
20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit
064eac5fd0 and commit
fdee85c0bf3.
CID 305233. OVE-
20201118-0008.
For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 30 Nov 2020 06:56:31 +0000 (07:56 +0100)]
package/libplist: drop duplicated COPYING hash
Commit
762119b4c5489352a889c2627eb37906647c375d resulted in a duplicated
line for COPYING hash so drop it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 29 Nov 2020 09:38:23 +0000 (10:38 +0100)]
package/kmsxx: fix gcc-10.x compile
Backport upstream commit ([1]) adding missing string include.
Fixes:
- http://autobuild.buildroot.net/results/
53a5f023ae40db18f45ebe7578962914c2d22a44
In file included from .../build/kmsxx-
cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/omap/omapcard.h:3,
from .../build/kmsxx-
cb0786049f960f2bd383617151b01318e02e9ff9/kms++/src/omap/omapcard.cpp:2:
.../build/kmsxx-
cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/card.h:17:18: error: 'string' in namespace 'std' does not name a type
17 | Card(const std::string& device);
| ^~~~~~
[1] https://github.com/tomba/kmsxx/commit/
b53f9d383c9189a897c44cd88a8fc1b871fdc8a2.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 29 Nov 2020 09:35:13 +0000 (10:35 +0100)]
package/lynx: fix reproducible build issues
Fixes (part of) http://autobuild.buildroot.net/results/
23fe4365ca65f37eace8265a70fbfb9723b8ee9d/
Lynx by default contains logic to generate a "configuration info" HTML page,
which leaks build paths, and adds the build timestamp to the version output.
Disable both when building in reproducible mode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 29 Nov 2020 07:57:04 +0000 (08:57 +0100)]
package/jemalloc: add jemalloc-config to _CONFIG_SCRIPTS handling
Fixes (part of) http://autobuild.buildroot.net/results/
23fe4365ca65f37eace8265a70fbfb9723b8ee9d/
jemalloc installs a jemalloc-config script, leaking build paths and breaking
reproducible builds (and per-package builds).
Add it to _CONFIG_SCRIPTS so the paths get fixed up for staging and the
script removed from target.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 28 Nov 2020 22:41:46 +0000 (23:41 +0100)]
package/mariadb: security bump to version 10.3.27
Fixes the following security issues:
- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
Donor then appends it to the "wsrep_sst_" string to get the name of the
sst script to use, e.g. wsrep_sst_rsync. There is no validation or
filtering here, so if the malicious joiner sends, for example, "rsync `rm
-rf /`" the donor will execute that too.
- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Locking). Supported versions that are affected are
5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.6.49
and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.31 and
prior and 8.0.21 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.7.31
and prior and 8.0.21 and prior. Easily exploitable vulnerability allows
high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-28912:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
describes a named pipe privilege vulnerability, specifically for MySQL,
where an unprivileged user, located on the same machine as the server, can
act as man-in-the-middle between server and client.
Additionally, 10.3.27 fixes a regression added in 10.3.26.
Drop weak md5/sha1 checksums.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 28 Nov 2020 15:54:09 +0000 (16:54 +0100)]
package/gstreamer1/gst1-plugins-good: qmlgl needs gstreamer-gl-1.0
Build of qmlql fails without gstreamer-gl-1.0 since version 1.17.1 and
https://github.com/GStreamer/gst-plugins-good/commit/
2ecba800bfbf177bc56999dc59ecdff00cbc353c
Fixes:
- http://autobuild.buildroot.org/results/
e1537ebac7cd70b6d868a8b7f0205ce3d8593508
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 28 Nov 2020 15:00:36 +0000 (16:00 +0100)]
package/bustle: fix license
bustle binaries are licensed under GPL-3.0:
https://gitlab.freedesktop.org/bustle/bustle/-/blob/bustle-0.7.5/LICENSE
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 28 Nov 2020 10:10:01 +0000 (11:10 +0100)]
Update for 2020.11-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vincent Stehlé [Thu, 26 Nov 2020 21:59:24 +0000 (22:59 +0100)]
configs/bananapi_m2_zero: bump Linux and U-Boot versions
Bump Linux kernel to 5.9.11 and U-Boot to 2020.10.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vincent Stehlé [Fri, 27 Nov 2020 13:12:12 +0000 (14:12 +0100)]
configs/aarch64_efi: bump kernel version
Bump Linux kernel version to 5.9.11.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 28 Nov 2020 07:45:55 +0000 (08:45 +0100)]
package/lua-lyaml: bump to version 6.2.7
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 27 Nov 2020 20:11:28 +0000 (21:11 +0100)]
package/proftpd: security bump to version 1.3.6e
1.3.6e
---------
+ Fixed null pointer deference in mod_sftp when using SCP incorrectly
(Issue #1043).
1.3.6d
---------
+ Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
1.3.6c
---------
+ Fixed regression in directory listing latency (Issue #863).
+ Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
+ Fixed use-after-free vulnerability during data transfers (Issue #903)
[CVE-2020-9273]
+ Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902) [CVE-2020-9272]
http://proftpd.org/docs/RELEASE_NOTES-1.3.6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mark as security bump, add CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 27 Nov 2020 17:25:15 +0000 (18:25 +0100)]
package/slirp: add upstream security fix for CVE-2020-29129 / CVE-2020-29130
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>