buildroot.git
4 years agopackage/quickjs: disable on nios2
Fabrice Fontaine [Wed, 14 Apr 2021 21:26:08 +0000 (23:26 +0200)]
package/quickjs: disable on nios2

quickjs unconditionally uses FE_{DOWN,UP}WARD and so fails to build on
nios2 since its addition in commit
5d50793659acb95050c110d5fc05399df20ce30b

Fixes:
 - http://autobuild.buildroot.org/results/69e280a7f478d1b16be989c7bd559f766053134b
 - http://autobuild.buildroot.org/results/f2c3ef7e3bbe30ac24710288336adabebd8b83a6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/postgis: add POSTGIS_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 14 Apr 2021 21:00:47 +0000 (23:00 +0200)]
package/postgis: add POSTGIS_CPE_ID_VENDOR

cpe:2.3:a:postgis:postgis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apostgis%3Apostgis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/postgis: add optional pcre dependency
Peter Seiderer [Wed, 14 Apr 2021 20:10:42 +0000 (22:10 +0200)]
package/postgis: add optional pcre dependency

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/postgis: add optional json-c dependency
Peter Seiderer [Wed, 14 Apr 2021 20:10:41 +0000 (22:10 +0200)]
package/postgis: add optional json-c dependency

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/postgis: disable protobuf support
Peter Seiderer [Wed, 14 Apr 2021 20:10:40 +0000 (22:10 +0200)]
package/postgis: disable protobuf support

- needs protobuf-c (not protobuf)
- protobuf-c configure tests are not cross-compile capable, even with

  ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
  POSTGIS_DEPENDENCIES += protobuf-c
  POSTGIS_CONF_OPTS += --with-protobuf
  POSTGIS_CONF_ENV += \
   ac_cv_lib_protobuf_c_protobuf_c_message_init=yes \
   ac_cv_lib_protobuf_c_protobuf_c_version=yes
  else
  POSTGIS_CONF_OPTS += --without-protobuf
  endif

  configure aborts with:

  checking for PROTOBUFC... yes
  checking protobuf-c/protobuf-c.h usability... yes
  checking protobuf-c/protobuf-c.h presence... yes
  checking for protobuf-c/protobuf-c.h... yes
  checking for protobuf_c_message_init in -lprotobuf-c... (cached) yes
  checking for protobuf_c_version in -lprotobuf-c... (cached) yes
  checking protobuf-c version... configure: error: in `.../build/postgis-3.1.1':
  configure: error: cannot run test program while cross compiling

Fixes:

  - http://autobuild.buildroot.net/results/8b95086b5e0876d0a4e41330446e767e4abd3729

  checking for PROTOBUFC... no
  libprotobuf-c not found in pkg-config
  checking protobuf-c/protobuf-c.h usability... no
  checking protobuf-c/protobuf-c.h presence... no
  checking for protobuf-c/protobuf-c.h... no
  configure: error: unable to find protobuf-c/protobuf-c.h using CPPFLAGS. You can disable MVT and Geobuf support using --without-protobuf

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/zfs: new package
José Luis Salvador Rufo [Wed, 17 Mar 2021 09:52:30 +0000 (10:52 +0100)]
package/zfs: new package

OpenZFS is an advanced file system and volume manager which was originally
developed for Solaris and is now maintained by the OpenZFS community. This
repository contains the code for running OpenZFS on Linux and FreeBSD.

http://zfsonlinux.org/

Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
[me:
  - fix test case on how to use a pre-built toolchain
  - reorder the test case config
  - add test case with glibc
  - drop superflous test timeout override
  - only select libtirpc when C library lacks native RPC
  - drop unused ZFS_MODULES variable
  - drop ZFS_CPE_ID_PREFIX and ZFS_AUTORECONF_OPTS which are defaults
  - drop NLS options, already set in a generic manner
  - drop incomplete/improper sysvinit support
  - some cosmetics
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/freerdp: fix build with gcc 4.8
Fabrice Fontaine [Thu, 8 Apr 2021 16:54:45 +0000 (18:54 +0200)]
package/freerdp: fix build with gcc 4.8

Build is broken with gcc 4.8 since bump to version 2.3.1 in commit
01e78811db25c34d506138994efd981e4ab60caf due to
https://github.com/FreeRDP/FreeRDP/commit/5b2f35747bb37b09b1803b99ca2b1cb248b5bb16

Fixes:
 - http://autobuild.buildroot.org/results/e8e7d43d6183bb6de7bd2c2b300dbdb89f2052d8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/systemd: fix /etc/resolv.conf link on per-package build
Fabrice Fontaine [Sun, 11 Apr 2021 19:46:02 +0000 (21:46 +0200)]
package/systemd: fix /etc/resolv.conf link on per-package build

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13271

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/postgis: new package
Maxim Kochetkov [Thu, 8 Apr 2021 06:28:30 +0000 (09:28 +0300)]
package/postgis: new package

PostGIS is a spatial database extender for PostgreSQL object-relational
database. It adds support for geographic objects allowing location
queries to be run in SQL.

On microblazeel with the bootlin toolchain, the build fails with an ICE:

  during RTL pass: reload
  .../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
  .../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
  128 | }
      | ^

Since it's unlikely that postgis will ever be used on a microblaze,
simply disable it.

https://postgis.net/

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
 - Move postgresql dependency to package/Config.in, to satisfy
   alphabetical ordering in the menu while keeping it below postgresql.
 - Add dependency on !microblaze.
 - Add comment for dependencies.
 - Add positive version of --with-raster and --with-protobuf to
   _CONF_OPTS.
 - Expand BSD to BSD-2-Clause.
]

4 years agopackage/python-hiredis: fix build with gcc 4.8
Fabrice Fontaine [Tue, 6 Apr 2021 20:38:08 +0000 (22:38 +0200)]
package/python-hiredis: fix build with gcc 4.8

Build fails with gcc 4.8 since bump to version 2.0.0 in commit
69405d89596988b5b7d25886b7f9c07efad70741

Fixes:
 -  http://autobuild.buildroot.org/results/04cbcddf6d83ebad8c98400754f9445375e9e489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/docker-engine: add CPE variables
Peter Korsgaard [Fri, 9 Apr 2021 21:09:21 +0000 (23:09 +0200)]
package/docker-engine: add CPE variables

cpe:2.3:a:docker:docker is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/docker-cli: add CPE variables
Peter Korsgaard [Fri, 9 Apr 2021 21:09:20 +0000 (23:09 +0200)]
package/docker-cli: add CPE variables

cpe:2.3:a:docker:docker is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mpc: bump to version 1.2.1
Romain Naour [Sun, 11 Apr 2021 09:47:38 +0000 (11:47 +0200)]
package/mpc: bump to version 1.2.1

Since version 1.2.0, mpc requires mpfr 4.1.0.

See https://gitlab.inria.fr/mpc/mpc/-/commit/bc3541daa63fb6f53a5ca422766ef420e3663f6a

Update indentation in hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mpfr: bump to version 4.1.0
Romain Naour [Sun, 11 Apr 2021 09:47:37 +0000 (11:47 +0200)]
package/mpfr: bump to version 4.1.0

See: https://www.mpfr.org/mpfr-4.1.0/

Update indentation in hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/gcc: bump to version 10.3
Romain Naour [Sun, 11 Apr 2021 09:47:36 +0000 (11:47 +0200)]
package/gcc: bump to version 10.3

Remove upstream patch
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5aeabae7f0cdd8dd3a01103b68b2e7a66a71c685

Rebase the patch: Revert "re PR target/92095 (internal error with -O1 -mcpu=niagara2 -fPIE)"
Add the link to the bug report.

Tested with toolchain-builder:
https://gitlab.com/kubu93/toolchains-builder/-/pipelines/284176939

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-inputstream-adaptive: bump version to 2.6.13
Bernd Kuhls [Sun, 11 Apr 2021 18:21:07 +0000 (20:21 +0200)]
package/kodi-inputstream-adaptive: bump version to 2.6.13

Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-packaging: bump to version 20.9
Fabrice Fontaine [Sat, 10 Apr 2021 12:40:49 +0000 (14:40 +0200)]
package/python-packaging: bump to version 20.9

python-six is not a dependency since version 20.5 and
https://github.com/pypa/packaging/commit/39a70cce69d9b08cc4d02b225114d556d5b59ada

https://github.com/pypa/packaging/blob/20.9/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/igmpproxy: bump to version 0.3
Fabrice Fontaine [Sat, 10 Apr 2021 12:14:51 +0000 (14:14 +0200)]
package/igmpproxy: bump to version 0.3

- Update indention in hash file (two spaces)
- Use official tarball

https://github.com/pali/igmpproxy/releases/tag/0.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/cppzmq: bump to version 4.7.1
Fabrice Fontaine [Sat, 10 Apr 2021 12:03:55 +0000 (14:03 +0200)]
package/cppzmq: bump to version 4.7.1

https://github.com/zeromq/cppzmq/releases/tag/v4.7.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-aioconsole: bump to version 0.3.1
Fabrice Fontaine [Sat, 10 Apr 2021 11:53:57 +0000 (13:53 +0200)]
package/python-aioconsole: bump to version 0.3.1

https://github.com/vxgmichel/aioconsole/releases/tag/v0.3.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/snort: bump version to 2.9.17.1
Sergio Prado [Sat, 10 Apr 2021 18:44:44 +0000 (15:44 -0300)]
package/snort: bump version to 2.9.17.1

This is a bug fix release:

https://www.snort.org/downloads/snort/release_notes_2.9.17.1.txt

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libgdiplus: bump version to 6.0.5
Sergio Prado [Sat, 10 Apr 2021 18:22:19 +0000 (15:22 -0300)]
package/libgdiplus: bump version to 6.0.5

Remove patches applied upstream.

Add patch to not build unit tests by default (patch sent upstream):

https://github.com/mono/libgdiplus/pull/701

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-inputstream-ffmpegdirect: bump version to 1.21.0-Matrix
Bernd Kuhls [Sat, 10 Apr 2021 19:03:41 +0000 (21:03 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.21.0-Matrix

Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/bridge-utils: fix build on musl
Fabrice Fontaine [Sun, 11 Apr 2021 08:15:28 +0000 (10:15 +0200)]
package/bridge-utils: fix build on musl

Build on musl is broken since bump to version 1.7.1 in commit
5f2d38df4f85f7999cf6d00da089991cba93fee6

Fixes:
 - http://autobuild.buildroot.org/results/0f080ff6913595ee2732b93206e5001c837c1bcc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/readline: add Signed-off-by and renumber patch
Fabrice Fontaine [Sun, 11 Apr 2021 15:36:22 +0000 (17:36 +0200)]
package/readline: add Signed-off-by and renumber patch

Add Signed-off-by and while at it, renumber it

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13731

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-pvr-vuplus: bump version to 7.4.3-Matrix
Bernd Kuhls [Sun, 11 Apr 2021 16:20:52 +0000 (18:20 +0200)]
package/kodi-pvr-vuplus: bump version to 7.4.3-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/i2c-tools: add upstream post-4.2 i2ctransfer fix
Peter Korsgaard [Sat, 10 Apr 2021 08:12:52 +0000 (10:12 +0200)]
package/i2c-tools: add upstream post-4.2 i2ctransfer fix

i2c-tools 4.2 contained an invalid check, leading to verbose false-positive
warning messages when the variable length ({r,w}?) option is used:

https://www.spinics.net/lists/linux-i2c/msg50032.html
https://www.spinics.net/lists/linux-i2c/msg50253.html

Unfortunately upstream does not make bugfix releases, instead opting to list
such bugfixes on the wiki:

https://i2c.wiki.kernel.org/index.php/I2C_Tools

So add the patch here.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/clamav: security bump to version 0.103.2
Peter Korsgaard [Fri, 9 Apr 2021 20:41:06 +0000 (22:41 +0200)]
package/clamav: security bump to version 0.103.2

Fixes the following security issues:

- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

- CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

- CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
  Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
  parsing of malformed png files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/isl: bump to version 0.23
Fabrice Fontaine [Fri, 9 Apr 2021 22:22:21 +0000 (00:22 +0200)]
package/isl: bump to version 0.23

Update indentation in hash file (two spaces)

https://repo.or.cz/isl.git/blob/8cec80451ea4f2f225629527b99ee2dc54ac2cad:/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-httplib2: add CPE variables
Fabrice Fontaine [Fri, 9 Apr 2021 22:24:45 +0000 (00:24 +0200)]
package/python-httplib2: add CPE variables

cpe:2.3:a:httplib2_project:httplib2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahttplib2_project%3Ahttplib2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-httplib2: security bump to version 0.19.1
Fabrice Fontaine [Fri, 9 Apr 2021 22:24:44 +0000 (00:24 +0200)]
package/python-httplib2: security bump to version 0.19.1

- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
  for Python. In httplib2 before version 0.19.0, a malicious server
  which responds with long series of "\xa0" characters in the
  "www-authenticate" header may cause Denial of Service (CPU burn while
  parsing header) of the httplib2 client accessing said server. This is
  fixed in version 0.19.0 which contains a new implementation of auth
  headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
  controlling unescaped part of uri for `httplib2.Http.request()` could
  change request headers and body, send additional hidden requests to
  same server. This vulnerability impacts software that uses httplib2
  with uri constructed by string concatenation, as opposed to proper
  urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
  https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc

https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-zeroconf: bump to version 0.29.0
Fabrice Fontaine [Fri, 9 Apr 2021 22:43:56 +0000 (00:43 +0200)]
package/python-zeroconf: bump to version 0.29.0

Update indentation in hash file (two spaces)

https://github.com/jstasiak/python-zeroconf/tree/0.29.0#changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-pyelftools: bump to version 0.27
Fabrice Fontaine [Fri, 9 Apr 2021 22:36:40 +0000 (00:36 +0200)]
package/python-pyelftools: bump to version 0.27

Update indentation in hash file (two spaces)

https://github.com/eliben/pyelftools/blob/v0.27/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/sysdig: add SYSDIG_CPE_ID_VENDOR
Fabrice Fontaine [Fri, 9 Apr 2021 22:29:22 +0000 (00:29 +0200)]
package/sysdig: add SYSDIG_CPE_ID_VENDOR

cpe:2.3:a:sysdig:sysdig is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysdig%3Asysdig

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/network-manager: bump to version 1.22.16
Fabrice Fontaine [Fri, 9 Apr 2021 16:43:19 +0000 (18:43 +0200)]
package/network-manager: bump to version 1.22.16

Notice: This fixes a security issue, but in code not used in Buildroot:

ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).

Update indentation in hash file (two spaces)

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/x11r7/xdriver_xf86-video-ati: add missing dependency
Fabrice Fontaine [Fri, 2 Apr 2021 06:09:39 +0000 (08:09 +0200)]
package/x11r7/xdriver_xf86-video-ati: add missing dependency

Fix the following build failure which is raised since commit
a3aac6d84713db7e6d2683eabf965eae21ce48bf:

WARNING: unmet direct dependencies detected for BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON
  Depends on [n]: BR2_PACKAGE_MESA3D [=y] && (BR2_i386 [=n] || BR2_x86_64 [=n])
  Selected by [y]:
  - BR2_PACKAGE_XDRIVER_XF86_VIDEO_ATI [=y] && BR2_PACKAGE_XORG7 [=y] && BR2_PACKAGE_XSERVER_XORG_SERVER_MODULAR [=y] && BR2_PACKAGE_MESA3D [=y]

Fixes:
 - http://autobuild.buildroot.org/results/36773085f933ab2ee558f53a6c0ae5365077ad5e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/fluidsynth: bump to version 2.2.0
Julien Olivain [Wed, 7 Apr 2021 12:21:18 +0000 (14:21 +0200)]
package/fluidsynth: bump to version 2.2.0

For change log since v2.1.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.6
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.7
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.8
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.0

./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libdrm: bump version to 2.4.105
Bernd Kuhls [Wed, 7 Apr 2021 14:48:30 +0000 (16:48 +0200)]
package/libdrm: bump version to 2.4.105

Removed patch 0001, committed upstream:
https://cgit.freedesktop.org/mesa/drm/commit/?id=52f05d3d896480ee5431dcd444f53bb2a8e41cce

Renumbered remaining patch.

Updated license hash due to upstream commits:
https://cgit.freedesktop.org/mesa/drm/log/xf86drm.c

Release notes:
https://lists.freedesktop.org/archives/dri-devel/2021-April/302515.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kexec: bump to version 2.0.21
John Keeping [Thu, 8 Apr 2021 15:01:57 +0000 (16:01 +0100)]
package/kexec: bump to version 2.0.21

https://lists.infradead.org/pipermail/kexec/2020-December/021835.html

Both patches were backports and are included in the 2.0.21 release so
they are deleted.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/ffmpeg: bump version to 4.4
Bernd Kuhls [Fri, 9 Apr 2021 20:20:22 +0000 (22:20 +0200)]
package/ffmpeg: bump version to 4.4

Remove wavpack-related patch and configure options due to upstream
removal of wavpack support:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=45070eec4c089b06947f07e25cdb1bc8b2102553

Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;;hb=refs/heads/release/4.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix
Bernd Kuhls [Fri, 9 Apr 2021 18:21:47 +0000 (20:21 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Upstream added a dependency to xz:
https://github.com/kodi-pvr/pvr.iptvsimple/commit/8f19dac9a5f394d44a16fcfa4235ea8c11e9cc96

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/kodi-inputstream-ffmpegdirect: bump version to 1.20.1-Matrix
Bernd Kuhls [Fri, 9 Apr 2021 14:32:05 +0000 (16:32 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.20.1-Matrix

Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoconfigs/mx6cubox: bump Linux and U-Boot versions
Francois Perrad [Wed, 7 Apr 2021 07:46:24 +0000 (09:46 +0200)]
configs/mx6cubox: bump Linux and U-Boot versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/attr: bump to version 2.5.1
Fabrice Fontaine [Tue, 6 Apr 2021 21:01:34 +0000 (23:01 +0200)]
package/attr: bump to version 2.5.1

Drop second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/acl: bump to version 2.3.1
Fabrice Fontaine [Tue, 6 Apr 2021 20:56:08 +0000 (22:56 +0200)]
package/acl: bump to version 2.3.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/acl: add ACL_CPE_ID_VENDOR
Fabrice Fontaine [Tue, 6 Apr 2021 20:45:01 +0000 (22:45 +0200)]
package/acl: add ACL_CPE_ID_VENDOR

cpe:2.3:a:acl_project:acl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aacl_project%3Aacl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/openldap: bump to version 2.4.58
Fabrice Fontaine [Tue, 6 Apr 2021 20:28:05 +0000 (22:28 +0200)]
package/openldap: bump to version 2.4.58

Drop fifth patch (already in version)

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/bridge-utils: bump to version 1.7.1
Fabrice Fontaine [Tue, 6 Apr 2021 17:05:08 +0000 (19:05 +0200)]
package/bridge-utils: bump to version 1.7.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/x11r7/xlib_libXaw: bump version to 1.0.14
Bernd Kuhls [Tue, 6 Apr 2021 16:03:43 +0000 (18:03 +0200)]
package/x11r7/xlib_libXaw: bump version to 1.0.14

Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003077.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/x11r7/xlib_libXres: bump version to 1.2.1
Bernd Kuhls [Tue, 6 Apr 2021 16:03:42 +0000 (18:03 +0200)]
package/x11r7/xlib_libXres: bump version to 1.2.1

Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003078.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0
Bernd Kuhls [Tue, 6 Apr 2021 16:03:41 +0000 (18:03 +0200)]
package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0

Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003079.html

Updated license hash due to upstream commit:
https://cgit.freedesktop.org/xorg/driver/xf86-input-libinput/commit/?id=2bbc4727a12471e3699e2803404a013656066a94

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 5 Apr 2021 10:25:50 +0000 (12:25 +0200)]
package/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR

cpe:2.3:a:python-markdown2_project:python-markdown2 is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-markdown2_project%3Apython-markdown2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/quickjs: bump to version 2021-03-27
Francois Perrad [Mon, 5 Apr 2021 10:26:14 +0000 (12:26 +0200)]
package/quickjs: bump to version 2021-03-27

- remove patch (merged upstream)
- file LICENSE added

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/network-manager-openvpn: bump to version 1.8.14
Fabrice Fontaine [Fri, 9 Apr 2021 16:56:42 +0000 (18:56 +0200)]
package/network-manager-openvpn: bump to version 1.8.14

Update indentation in hash file (two spaces)

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/1.8.14/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 21.0.2
Bernd Kuhls [Wed, 7 Apr 2021 17:31:25 +0000 (19:31 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.0.2

Release notes:
21.0.0: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000622.html
21.0.1: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000624.html
21.0.2: https://lists.freedesktop.org/archives/mesa-announce/2021-April/000625.html

DRI swrast driver was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=435de835cd639d1b9bb96f81fc224771dc90af6d

OSMesa classic support was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=ee802372180a2b4460cc7abb53438e45c6b6f1e4

To avoid any conflict, and to show that the new OSMesa is Gallium-based,
we name the new option with a _GALLIUM suffix, even though this is now
the only OSMesa implementation left.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
  - rename the new option s/$/_GALLIUM/
  - don't drop the the old (pre-classic) legacy option
  - slightly reword the OSMesa help entry
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/tor: do not install systemd service file
Bernd Kuhls [Tue, 6 Apr 2021 15:42:35 +0000 (17:42 +0200)]
package/tor: do not install systemd service file

Upstream removed the sample service file for use with systemd:
https://gitweb.torproject.org/tor.git/commit/contrib?h=maint-0.4.5&id=915af1a65bc217fa33490876199bb69f760bea23

Fixes:
http://autobuild.buildroot.net/results/b80/b807f19283528b9f0d0c46250b660ea84695679c/
http://autobuild.buildroot.net/results/de4/de4f1a99b1c524b81579ee804156e26d3f8babe7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/iwd: bump to version 1.13
Fabrice Fontaine [Tue, 6 Apr 2021 16:40:52 +0000 (18:40 +0200)]
package/iwd: bump to version 1.13

iwd fails to build since bump of ell to version 0.39 in commit
9988ca9eadb90cbf10d150b420f4d1f5eb38482c:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/9.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: src/ie.o: in function `ie_parse_data_rates':
ie.c:(.text+0x23ac): undefined reference to `minsize'

This is fixed by
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=17cf4da72613e80d08d51401399d02683ba8664b

Use official iwd tarball which will contain ell/useful.h header

https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=1.13

Fixes:
 - http://autobuild.buildroot.org/results/44e243530cbcec1c88511bb22f5e8e4655c43824

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6-rc: bump to version 0.5.2.1
Dick Olsson [Tue, 6 Apr 2021 23:40:47 +0000 (23:40 +0000)]
package/s6-rc: bump to version 0.5.2.1

Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6-networking: bump to version 2.4.1.0
Dick Olsson [Tue, 6 Apr 2021 23:40:40 +0000 (23:40 +0000)]
package/s6-networking: bump to version 2.4.1.0

Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6-dns: bump to version 2.3.5.0
Dick Olsson [Tue, 6 Apr 2021 23:40:33 +0000 (23:40 +0000)]
package/s6-dns: bump to version 2.3.5.0

Update license hash due to year change.

Refer to the change set described for s6-networking in the announcement:
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6-linux-utils: bump to version 2.5.1.4
Dick Olsson [Tue, 6 Apr 2021 23:40:19 +0000 (23:40 +0000)]
package/s6-linux-utils: bump to version 2.5.1.4

Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6-portable-utils: bump to version 2.2.3.1
Dick Olsson [Tue, 6 Apr 2021 23:40:13 +0000 (23:40 +0000)]
package/s6-portable-utils: bump to version 2.2.3.1

Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/s6: bump to version 2.10.0.2
Dick Olsson [Tue, 6 Apr 2021 23:40:06 +0000 (23:40 +0000)]
package/s6: bump to version 2.10.0.2

Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/execline: Fix license hash after bump to version 2.8.0.0
Dick Olsson [Tue, 6 Apr 2021 23:39:52 +0000 (23:39 +0000)]
package/execline: Fix license hash after bump to version 2.8.0.0

Updated license hash due to year change.

Commit bf66772c9b089dfcd67e1abbe04d7db52562310a was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/skalibs: Fix license hash after bump to version 2.10.0.2
Dick Olsson [Tue, 6 Apr 2021 23:39:52 +0000 (23:39 +0000)]
package/skalibs: Fix license hash after bump to version 2.10.0.2

Updated license hash due to year change.

Commit 4d5587cb56224b2b28f53b0202fb14b2ab32d5fb was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/valgrind: fix musl compile
Peter Seiderer [Tue, 6 Apr 2021 21:48:40 +0000 (23:48 +0200)]
package/valgrind: fix musl compile

The file musl.supp is missing from the download source package, add a
patch deviated from reduced upstream commit ([1]) re-adding the missing file.

Fixes:

  - http://autobuild.buildroot.net/results/b106be44d6e7d82a4e3ad16c995366a46d39ee3c

  make[1]: *** No rule to make target 'musl.supp', needed by 'default.supp'.  Stop.

[1] https://sourceware.org/git/?p=valgrind.git;a=patch;h=f4d98ff79d5a79102b777ea7e23002d9f7326489

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agoDEVELOPERS: Add Dick Olsson for all skarnet and s6 packages
Dick Olsson [Tue, 6 Apr 2021 22:47:28 +0000 (22:47 +0000)]
DEVELOPERS: Add Dick Olsson for all skarnet and s6 packages

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix
Bernd Kuhls [Wed, 7 Apr 2021 06:44:28 +0000 (08:44 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix

Release notes:
https://github.com/kodi-pvr/pvr.iptvsimple/releases/tag/7.6.0-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/avahi: ignore CVE-2021-26720
Peter Korsgaard [Wed, 7 Apr 2021 13:54:23 +0000 (15:54 +0200)]
package/avahi: ignore CVE-2021-26720

CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.

https://security-tracker.debian.org/tracker/CVE-2021-26720

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/execline: bump to version 2.8.0.0
Dick Olsson [Tue, 6 Apr 2021 17:57:20 +0000 (17:57 +0000)]
package/execline: bump to version 2.8.0.0

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/skalibs: bump to version 2.10.0.2
Dick Olsson [Tue, 6 Apr 2021 17:57:13 +0000 (17:57 +0000)]
package/skalibs: bump to version 2.10.0.2

- Drop patch that has been included upstream

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agodocs/website: update for 2021.02.1
Peter Korsgaard [Wed, 7 Apr 2021 11:37:12 +0000 (13:37 +0200)]
docs/website: update for 2021.02.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoUpdate for 2021.02.1
Peter Korsgaard [Wed, 7 Apr 2021 10:18:44 +0000 (12:18 +0200)]
Update for 2021.02.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb10b0dfe690a77e137395ad91290d799bf018c5)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/nodejs: security bump to version 12.22.1
Peter Korsgaard [Wed, 7 Apr 2021 07:12:20 +0000 (09:12 +0200)]
package/nodejs: security bump to version 12.22.1

Fixes the following security issues:

CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)

This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.

https://github.com/advisories/GHSA-c4w7-xm78-47vh

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-django: security bump to version 3.0.14
Peter Korsgaard [Tue, 6 Apr 2021 20:48:31 +0000 (22:48 +0200)]
package/python-django: security bump to version 3.0.14

Fixes the following security issue:

CVE-2021-28658: Potential directory-traversal via uploaded files

MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

Built-in upload handlers were not affected by this vulnerability.

For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/busybox: add upstream gunzip security fix
Peter Korsgaard [Tue, 6 Apr 2021 13:11:59 +0000 (15:11 +0200)]
package/busybox: add upstream gunzip security fix

Fixes the following security issue:

- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
  the error bit on the huft_build result pointer, with a resultant invalid
  free or segmentation fault, via malformed gzip data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/check: bump to version 0.15.2
Fabrice Fontaine [Tue, 6 Apr 2021 20:10:58 +0000 (22:10 +0200)]
package/check: bump to version 0.15.2

https://github.com/libcheck/check/releases/tag/0.15.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/rabbitmq-c: bump to version 0.11.0
Fabrice Fontaine [Tue, 6 Apr 2021 18:29:11 +0000 (20:29 +0200)]
package/rabbitmq-c: bump to version 0.11.0

Update indentation in hash file (two spaces)

https://github.com/alanxz/rabbitmq-c/releases/tag/v0.11.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/libupnp: security bump to version 1.14.5
Fabrice Fontaine [Tue, 6 Apr 2021 18:39:27 +0000 (20:39 +0200)]
package/libupnp: security bump to version 1.14.5

Non-recursive version of ixmlNode_free() avoids stack overflow
attack. Fixes CVE-2021-28302.

Also a number of other bugfixes:
https://github.com/pupnp/pupnp/blob/release-1.14.5/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/python-iptables: bump to version 1.0.0
Fabrice Fontaine [Tue, 6 Apr 2021 18:47:59 +0000 (20:47 +0200)]
package/python-iptables: bump to version 1.0.0

- Drop patches (already in version)
- Update indentation in hash file (two spaces)

https://github.com/ldx/python-iptables/compare/v0.14.0...v1.0.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/python-zope-interface: bump to version 5.3.0
Fabrice Fontaine [Tue, 6 Apr 2021 19:55:49 +0000 (21:55 +0200)]
package/python-zope-interface: bump to version 5.3.0

- Update indentation in hash file (two spaces)
- Update URL in Config.in as current URL returns 404 Not Found

https://github.com/zopefoundation/zope.interface/blob/5.3.0/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/python-websocket-client: bump to version 0.58
Fabrice Fontaine [Tue, 6 Apr 2021 20:04:31 +0000 (22:04 +0200)]
package/python-websocket-client: bump to version 0.58

- Update hash of LICENSE (license switched back to LGPL-2.1+:
  https://github.com/websocket-client/websocket-client/commit/6eaed48d49ea6a1a792b152a477bf9026f0c29b4)
- Update indentation in hash file (two spaces)

https://github.com/websocket-client/websocket-client/blob/v0.58.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/fail2ban: bump to version 0.11.2
Fabrice Fontaine [Tue, 6 Apr 2021 20:09:10 +0000 (22:09 +0200)]
package/fail2ban: bump to version 0.11.2

https://github.com/fail2ban/fail2ban/blob/0.11.2/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agopackage/wpa_supplicant: handle CONFIG_CTRL_IFACE carefully
Tian Yuanhao [Sat, 3 Apr 2021 02:23:16 +0000 (19:23 -0700)]
package/wpa_supplicant: handle CONFIG_CTRL_IFACE carefully

When BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE is not set and
BR2_PACKAGE_WPA_SUPPLICANT_DBUS=y, CONFIG_CTRL_IFACE_DBUS_NEW will be
enabled by 's/^#\(CONFIG_CTRL_IFACE_DBUS_NEW\)/\1/' first, and then
disabled by 's/^\(CONFIG_CTRL_IFACE\)/#\1/'.

CONFIG_CTRL_IFACE_DBUS_NEW does not depend on CONFIG_CTRL_IFACE, except
for using it as a prefix. Fix this wrong behavior by adding '\>' after
CONFIG_CTRL_IFACE.

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Tested-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
4 years agoconfigs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions
Francois Perrad [Tue, 6 Apr 2021 10:38:17 +0000 (12:38 +0200)]
configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/mosquitto: security bump to v2.0.10
Titouan Christophe [Tue, 6 Apr 2021 11:16:13 +0000 (13:16 +0200)]
package/mosquitto: security bump to v2.0.10

Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.

CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred, most likely
resulting in a segfault. This will be updated with the CVE number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.

See the announcement: https://mosquitto.org/blog/2021/04/version-2-0-10-released/

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/shim: re-enable on ARM32
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:55 +0000 (22:21 +0200)]
boot/shim: re-enable on ARM32

shim 15.4 builds just fine on ARM32.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/shim: bump to version 15.4
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:54 +0000 (22:21 +0200)]
boot/shim: bump to version 15.4

- Use the tarball provided by upstream developers instead of the one
  generated by Github. Indeed
  https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
  usual, please use the shim-15.4.tar.bz2 tarball, rather than the
  other two archives github automatically produces."

- The tarball now includes the gnu-efi code, so we no longer need to
  select gnu-efi and have it as a build dependency. We continue to use
  BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
  architectures that have gnu-efi support. We also drop the
  EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
  needs to be searched in STAGING_DIR.

- Drop all four patches, which were backports from upstream.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/shim: fix build issues with gcc 9.x
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:53 +0000 (22:21 +0200)]
boot/shim: fix build issues with gcc 9.x

Backport a set of upstream patches to fix:

MokManager.c: In function ‘write_back_mok_list’:
MokManager.c:1081:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1081 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
      |                   ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1103 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~
MokManager.c: In function ‘delete_cert’:
MokManager.c:1144:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1144 |   if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
      |                   ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_hash_in_list’:
MokManager.c:1195:20: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1195 |   if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
      |                    ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_keys’:
MokManager.c:1359:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1359 |   if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/shim: fix build issue due to gnu-efi
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:52 +0000 (22:21 +0200)]
boot/shim: fix build issue due to gnu-efi

shim fails to build with:

console.c:448:5: error: ‘EFI_WARN_UNKOWN_GLYPH’ undeclared here (not in a function); did you mean ‘EFI_WARN_UNKNOWN_GLYPH’?
  448 |  {  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
      |     ^~~~~~~~~~~~~~~~~~~~~
      |     EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....

Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-colorlog: bump to version 4.8.0
Fabrice Fontaine [Mon, 5 Apr 2021 20:36:31 +0000 (22:36 +0200)]
package/python-colorlog: bump to version 4.8.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-simplelogging: bump to version 0.11.0
Fabrice Fontaine [Mon, 5 Apr 2021 20:37:03 +0000 (22:37 +0200)]
package/python-simplelogging: bump to version 0.11.0

Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-toml: bump to version 0.10.2
Fabrice Fontaine [Mon, 5 Apr 2021 19:52:57 +0000 (21:52 +0200)]
package/python-toml: bump to version 0.10.2

- Update hash of LICENSE (update in year and author added:
  https://github.com/uiri/toml/commit/a86fc1fbd650a19eba313c3f642c9e2c679dc8d6)
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/hidapi: bump to version 0.10.1
Fabrice Fontaine [Mon, 5 Apr 2021 19:43:36 +0000 (21:43 +0200)]
package/hidapi: bump to version 0.10.1

- Drop patch (already in version)
- Update indentation in hash file (two spaces)

https://github.com/libusb/hidapi/releases/tag/hidapi-0.10.0
https://github.com/libusb/hidapi/releases/tag/hidapi-0.10.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/xen: add upstream xsa-36{0, 4, 8} security fixes
Peter Korsgaard [Mon, 5 Apr 2021 19:17:53 +0000 (21:17 +0200)]
package/xen: add upstream xsa-36{0, 4, 8} security fixes

Fixes the following security issues:

- CVE-2021-3308: IRQ vector leak on x86
  https://xenbits.xenproject.org/xsa/advisory-360.html

- CVE-2021-26933: arm: The cache may not be cleaned for newly allocated
  scrubbed pages
  https://xenbits.xenproject.org/xsa/advisory-364.html

- CVE-2021-28687: HVM soft-reset crashes toolstack
  https://xenbits.xenproject.org/xsa/advisory-368.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/janus-gateway: bump to version 0.10.10
Fabrice Fontaine [Mon, 5 Apr 2021 19:32:18 +0000 (21:32 +0200)]
package/janus-gateway: bump to version 0.10.10

https://github.com/meetecho/janus-gateway/blob/v0.10.10/CHANGELOG.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-iso8601: bump to version 0.1.14
Fabrice Fontaine [Mon, 5 Apr 2021 19:14:18 +0000 (21:14 +0200)]
package/python-iso8601: bump to version 0.1.14

https://github.com/micktwomey/pyiso8601/releases/tag/0.1.14

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agoboot/grub2: ignore the last 3 remaining CVEs
Thomas Petazzoni [Mon, 5 Apr 2021 18:52:30 +0000 (20:52 +0200)]
boot/grub2: ignore the last 3 remaining CVEs

An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:

 * CVE-2020-14372 is already fixed by a patch we have in our patch
   stack for grub2

 * CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
   not affect grub2 upstream, nor grub2 with the stack of patches we
   have in Buildroot

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/libfreeglut: fix build with gcc 10
Fabrice Fontaine [Mon, 5 Apr 2021 18:32:44 +0000 (20:32 +0200)]
package/libfreeglut: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/48c11cfc19784cc9c3ba5c6ba3d91ddae192734e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/python-py: security bump to version 1.10.0
Fabrice Fontaine [Mon, 5 Apr 2021 17:30:27 +0000 (19:30 +0200)]
package/python-py: security bump to version 1.10.0

Fix CVE-2020-29651: A denial of service via regular expression in the
py.path.svnwc component of py (aka python-py) through 1.9.0 could be
used by attackers to cause a compute-time denial of service attack by
supplying malicious input to the blame functionality.

Add py/_vendored_packages/iniconfig-1.1.1.dist-info/LICENSE (MIT) which
has been added with
https://github.com/pytest-dev/py/commit/94cf44fd41d957eb50773d3e4fb54e931836779e

https://github.com/pytest-dev/py/blob/1.10.0/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>