buildroot.git
3 years agopackage/quickjs: bump to version 2020-11-08
Francois Perrad [Sat, 5 Dec 2020 06:44:41 +0000 (07:44 +0100)]
package/quickjs: bump to version 2020-11-08

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/{mesa3d, mesa3d-headers}: bump version to 20.3.0
Bernd Kuhls [Thu, 3 Dec 2020 19:01:33 +0000 (20:01 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 20.3.0

Rebased patch 0002 & 0003.
Removed patch 0005 which was applied upstream.

Only Intel and Broadcom drivers depend on expat since upstream commit:
https://cgit.freedesktop.org/mesa/mesa/commit/?id=81a0f1eca24b8605b9f2506122ff90db7129c39e

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/samba4: bump version to 4.11.17
Bernd Kuhls [Thu, 3 Dec 2020 18:32:17 +0000 (19:32 +0100)]
package/samba4: bump version to 4.11.17

Release notes: https://www.samba.org/samba/history/samba-4.11.17.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/x11r7/xserver_xorg-server: bump version to 1.20.10
Bernd Kuhls [Thu, 3 Dec 2020 18:20:26 +0000 (19:20 +0100)]
package/x11r7/xserver_xorg-server: bump version to 1.20.10

Release notes:
https://lists.x.org/archives/xorg-announce/2020-December/003067.html

Remove patches which were applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/iwd: bump version to 1.10
Peter Seiderer [Tue, 1 Dec 2020 22:37:59 +0000 (23:37 +0100)]
package/iwd: bump version to 1.10

- remove 0001-src-ap.c-fix-build-with-uclibc.patch
  (upstream committed, see [1])

- drop dynamic library dependency as no longer enforced by ell
  and no longer needed since commit [2]

Changelog (since 1.9):
  - Add support for DHCP v6 configuration.
  - Add support for DHCP server operation with AP mode.
  - Add support for IP allocation during the 4-Way Handshake.
  - Add support for P2P Group-owner handling.

[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=0a6de7932a61ec82aca4f78f71dab7247c897860
[2] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=bbcfde8743c4dd58379d2017b7f0fabe8d65fffa

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/ell: bump version to 0.35
Peter Seiderer [Tue, 1 Dec 2020 22:37:58 +0000 (23:37 +0100)]
package/ell: bump version to 0.35

- rebased (and renumbered) 001-ell-rtnl-fix-compile-with-older-toolchains.patch

- drop dynamic library dependency as no longer needed since
  upstream commits [1] and [2]

- add two upstream patches to fix musl/uclibc compile

[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=e129cb4cd2270f308c1564e75859672643dd902b
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=a4ac2cb0e14f564754f7e2067ac7dde0a9ab1914

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/fetchmail: bump version to 6.4.14
Bernd Kuhls [Thu, 3 Dec 2020 19:47:10 +0000 (20:47 +0100)]
package/fetchmail: bump version to 6.4.14

Changelog:
https://sourceforge.net/p/fetchmail/git/ci/legacy_64/tree/NEWS

Removed md5 hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/x11vnc: fix CVE-2020-29074
Fabrice Fontaine [Thu, 3 Dec 2020 20:10:13 +0000 (21:10 +0100)]
package/x11vnc: fix CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/xerces: bump version to 3.2.3
Peter Seiderer [Wed, 2 Dec 2020 21:11:02 +0000 (22:11 +0100)]
package/xerces: bump version to 3.2.3

- removed 0001-cmake-Allow-thread-checks-to-fail-and-fall-back-to-nothreads.patch
  (upstream [1])

[1] https://github.com/apache/xerces-c/commit/c9bfe786331647237b90f5f9e35b4d2cad7aaa69

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/ethtool: bump version to 5.9
Peter Seiderer [Wed, 2 Dec 2020 21:00:58 +0000 (22:00 +0100)]
package/ethtool: bump version to 5.9

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/git: bump version to 2.29.2
Peter Seiderer [Wed, 2 Dec 2020 20:55:18 +0000 (21:55 +0100)]
package/git: bump version to 2.29.2

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/postgresql: bump version to 13.1
Peter Seiderer [Wed, 2 Dec 2020 20:48:34 +0000 (21:48 +0100)]
package/postgresql: bump version to 13.1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/nmap: bump version to 7.91
Peter Seiderer [Wed, 2 Dec 2020 20:24:23 +0000 (21:24 +0100)]
package/nmap: bump version to 7.91

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/rsyslog: bump version to 8.2010.0
Peter Seiderer [Wed, 2 Dec 2020 20:07:31 +0000 (21:07 +0100)]
package/rsyslog: bump version to 8.2010.0

- disable new input module options imhttp and impcap

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/mtools: bump version to 4.0.26
Peter Seiderer [Wed, 2 Dec 2020 19:51:25 +0000 (20:51 +0100)]
package/mtools: bump version to 4.0.26

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/meson: bump version to 0.56.0
Peter Seiderer [Wed, 2 Dec 2020 19:42:36 +0000 (20:42 +0100)]
package/meson: bump version to 0.56.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/ninja: bump version to 1.10.2
Peter Seiderer [Wed, 2 Dec 2020 19:42:35 +0000 (20:42 +0100)]
package/ninja: bump version to 1.10.2

- rebased 0001-set-minimum-cmake-version-to-3.10.patch

- removed 0002-remove-fdiagnostics-color-from-make-command.patch
  (superseeded by upstream commit [1])

- rebased package/ninja/0003-CMake-fix-object-library-usage.patch

[1] https://github.com/ninja-build/ninja/commit/418d59b8a6054ce9ef1a28c07c41d3a0bb386836

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libaio: bump version to 0.3.112
Peter Seiderer [Wed, 2 Dec 2020 18:58:38 +0000 (19:58 +0100)]
package/libaio: bump version to 0.3.112

- remove 0001-src-Makefile-add-ENABLE_SHARED-boolean-to-allow-stat.patch
  (upstream committed [1])

- remove 0002-Makefile-add-missing-DESTDIR-variable-use.patch
  (upstream committed [2])

- remove 0003-Link-against-libgcc-to-avoid-unresolved-symbols.patch
  (upstream committed [3])

Changelog (from libaio.spec):
  - Add async poll support (Christoph Hellwig)
  - Use canonical DESTDIR= environment variable (Thomas Petazzoni)
  - Add ability to disable building the shared library (Thomas Petazzoni)

[1] https://pagure.io/libaio/c/970196192771eeda39fabcc59a5dae9613e871a8.patch
[2] https://pagure.io/libaio/c/4059161333a14a0c705efecc5765b6cb2a29ae02.patch
[3] https://pagure.io/libaio/c/de5775ea1b42ea83e305db9c17372e3f0a8dd3a3.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/less: bump version to 563
Peter Seiderer [Wed, 2 Dec 2020 18:40:59 +0000 (19:40 +0100)]
package/less: bump version to 563

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/iw: bump version to 5.9
Peter Seiderer [Wed, 2 Dec 2020 18:33:00 +0000 (19:33 +0100)]
package/iw: bump version to 5.9

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/hwdata: bump version to 0.342
Peter Seiderer [Wed, 2 Dec 2020 18:27:39 +0000 (19:27 +0100)]
package/hwdata: bump version to 0.342

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/hdparm: bump version to 9.60
Peter Seiderer [Wed, 2 Dec 2020 18:22:15 +0000 (19:22 +0100)]
package/hdparm: bump version to 9.60

Changes according to [1] and [2]:

- decode more bits from id[69], courtesy Adrián Kálazi.
- allow passing of custom LDFLAGS from the environment.
- add new "static" target.
- fix --dco-identify max sectors, courtesy of Paul Sultana.
- get rid of leftover "unknown" variables from identify.c
- fixed return values from get_log_page_data().
- support for ioSafe Solo with jMicron bridge.

[1] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-959-is-released
[2] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-960-is-released

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/dav1d: bump version to 0.8.0
Bernd Kuhls [Sat, 5 Dec 2020 08:09:53 +0000 (09:09 +0100)]
package/dav1d: bump version to 0.8.0

Release notes:
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/pngquant: bump version to 2.13.1
Bernd Kuhls [Sat, 5 Dec 2020 08:05:47 +0000 (09:05 +0100)]
package/pngquant: bump version to 2.13.1

Reformatted hashes.

Changelog:
https://raw.githubusercontent.com/kornelski/pngquant/master/CHANGELOG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/utf8proc: bump version to 2.6.0
Bernd Kuhls [Sat, 5 Dec 2020 08:01:59 +0000 (09:01 +0100)]
package/utf8proc: bump version to 2.6.0

Reformatted hashes.

Release notes:
https://github.com/JuliaStrings/utf8proc/releases/tag/v2.6.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/pulseaudio: bump version to 14.0
Bernd Kuhls [Sat, 5 Dec 2020 07:56:53 +0000 (08:56 +0100)]
package/pulseaudio: bump version to 14.0

Reformatted hashes, switched _SITE to https.

Release notes:
https://lists.freedesktop.org/archives/pulseaudio-discuss/2020-November/031938.html
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-type-tiny: bump to version 1.012000
Francois Perrad [Sat, 5 Dec 2020 06:44:57 +0000 (07:44 +0100)]
package/perl-type-tiny: bump to version 1.012000

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-plack: bump to version 1.0048
Francois Perrad [Sat, 5 Dec 2020 06:44:56 +0000 (07:44 +0100)]
package/perl-plack: bump to version 1.0048

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-package-stash: bump to version 0.39
Francois Perrad [Sat, 5 Dec 2020 06:44:55 +0000 (07:44 +0100)]
package/perl-package-stash: bump to version 0.39

diff LICENSE:
-This software is copyright (c) 2018 by Jesse Luehrs.
+This software is copyright (c) 2020 by Jesse Luehrs.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-net-dns: bump to version 1.29
Francois Perrad [Sat, 5 Dec 2020 06:44:54 +0000 (07:44 +0100)]
package/perl-net-dns: bump to version 1.29

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-moo: bump to version 2.004004
Francois Perrad [Sat, 5 Dec 2020 06:44:53 +0000 (07:44 +0100)]
package/perl-moo: bump to version 2.004004

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-json-maybexs: bump to version 1.004003
Francois Perrad [Sat, 5 Dec 2020 06:44:52 +0000 (07:44 +0100)]
package/perl-json-maybexs: bump to version 1.004003

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-http-entity-parser: bump to version 0.25
Francois Perrad [Sat, 5 Dec 2020 06:44:51 +0000 (07:44 +0100)]
package/perl-http-entity-parser: bump to version 0.25

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-http-cookies: bump to version 6.09
Francois Perrad [Sat, 5 Dec 2020 06:44:50 +0000 (07:44 +0100)]
package/perl-http-cookies: bump to version 6.09

diff LICENSE:
-This software is Copyright (c) 2002-2019 by Gisle Aas.
+This software is Copyright (c) 2002 by Gisle Aas.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-file-listing: bump to version 6.14
Francois Perrad [Sat, 5 Dec 2020 06:44:49 +0000 (07:44 +0100)]
package/perl-file-listing: bump to version 6.14

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/perl-date-manip: bump to version 6.83
Francois Perrad [Sat, 5 Dec 2020 06:44:48 +0000 (07:44 +0100)]
package/perl-date-manip: bump to version 6.83

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoMerge branch 'next'
Peter Korsgaard [Thu, 3 Dec 2020 09:30:49 +0000 (10:30 +0100)]
Merge branch 'next'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoKickoff 2021.02 cycle
Peter Korsgaard [Thu, 3 Dec 2020 07:43:41 +0000 (08:43 +0100)]
Kickoff 2021.02 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agodocs/website/news.html: add 2020.11 announcement link
Peter Korsgaard [Wed, 2 Dec 2020 22:45:57 +0000 (23:45 +0100)]
docs/website/news.html: add 2020.11 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2020.11
Peter Korsgaard [Wed, 2 Dec 2020 22:21:32 +0000 (23:21 +0100)]
Update for 2020.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gnuplot: security bump to version 5.4.1
Fabrice Fontaine [Wed, 2 Dec 2020 06:32:43 +0000 (07:32 +0100)]
package/gnuplot: security bump to version 5.4.1

- Fix CVE-2020-25412: com_line() in command.c in gnuplot 5.4 leads to an
  out-of-bounds-write from strncpy() that may lead to arbitrary code
  execution.
- Drop second patch (already in version)
- Update indentation in hash file (two spaces)

http://gnuplot.info/ReleaseNotes_5_4_1.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/docker-containerd: security bump to version 1.4.3
Peter Korsgaard [Tue, 1 Dec 2020 22:23:46 +0000 (23:23 +0100)]
package/docker-containerd: security bump to version 1.4.3

Fixes the following security issue:

- CVE-2020-15257: Access controls for the shim’s API socket verified that
  the connecting process had an effective UID of 0, but did not otherwise
  restrict access to the abstract Unix domain socket.  This would allow
  malicious containers running in the same network namespace as the shim,
  with an effective UID of 0 but otherwise reduced privileges, to cause new
  processes to be run with elevated privileges.

For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mksh: update to 59c
Waldemar Brodkorb [Mon, 23 Nov 2020 16:30:35 +0000 (17:30 +0100)]
package/mksh: update to 59c

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libxkbcommon: bump version to 1.0.3
Peter Seiderer [Mon, 23 Nov 2020 20:55:25 +0000 (21:55 +0100)]
package/libxkbcommon: bump version to 1.0.3

For details see [1], changelog:

- Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some
  unclear situation (bug introduced in 1.0.2).

- Fix keymaps created with xkb_x11_keymap_new_from_device() don't have level
  names (bug introduced in 0.8.0).

[1] https://lists.freedesktop.org/archives/wayland-devel/2020-November/041660.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agoconfigs/arm_foundationv8: bump to Linux 5.9.11
Vincent Stehlé [Fri, 27 Nov 2020 14:40:24 +0000 (15:40 +0100)]
configs/arm_foundationv8: bump to Linux 5.9.11

- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
  Foundation Platform 11.12 build 38, and to start 4 cores in SMP.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-serial: bump to version 3.5
James Hilliard [Tue, 24 Nov 2020 02:12:59 +0000 (19:12 -0700)]
package/python-serial: bump to version 3.5

License hash changed due to year update.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-serial-asyncio: bump to version 0.5
James Hilliard [Tue, 24 Nov 2020 02:07:37 +0000 (19:07 -0700)]
package/python-serial-asyncio: bump to version 0.5

License hash changed due to year update.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-aiohttp-jinja2: bump to version 1.4.2
James Hilliard [Tue, 24 Nov 2020 01:59:27 +0000 (18:59 -0700)]
package/python-aiohttp-jinja2: bump to version 1.4.2

License hash changed due to formatting change.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libuhttpd: fix static build with mbedtls and zlib
Fabrice Fontaine [Tue, 1 Dec 2020 20:23:00 +0000 (21:23 +0100)]
package/libuhttpd: fix static build with mbedtls and zlib

Fixes:
 - http://autobuild.buildroot.org/results/5891d12e90182460cde1ddfa0ca75e9fd55e3dff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/makedumpfile: bump to version 1.6.8
Alexander Egorenkov [Sat, 28 Nov 2020 09:50:50 +0000 (10:50 +0100)]
package/makedumpfile: bump to version 1.6.8

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/rust: bump to version 1.48.0
Fabrice Fontaine [Sat, 28 Nov 2020 22:11:53 +0000 (23:11 +0100)]
package/rust: bump to version 1.48.0

Update indentation in hash file (two spaces)

https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/netsurf: fix build with gcc 10
Fabrice Fontaine [Tue, 1 Dec 2020 22:13:00 +0000 (23:13 +0100)]
package/netsurf: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/e81568c2b4f5ef5d055c9b94e624ba2d23f50d16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/netsurf: renumber patches
Fabrice Fontaine [Tue, 1 Dec 2020 22:12:59 +0000 (23:12 +0100)]
package/netsurf: renumber patches

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/ejabberd: bump version to 20.07
Johan Oudinet [Thu, 26 Nov 2020 17:43:01 +0000 (18:43 +0100)]
package/ejabberd: bump version to 20.07

- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-xmpp: bump version to 1.4.10
Johan Oudinet [Thu, 26 Nov 2020 17:43:00 +0000 (18:43 +0100)]
package/erlang-p1-xmpp: bump version to 1.4.10

upstream uses include_lib. Adapt the corresponding patch accordingly.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-yaml: bump version to 1.0.28
Johan Oudinet [Thu, 26 Nov 2020 17:42:59 +0000 (18:42 +0100)]
package/erlang-p1-yaml: bump version to 1.0.28

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-sip: bump version to 1.0.38
Johan Oudinet [Thu, 26 Nov 2020 17:42:58 +0000 (18:42 +0100)]
package/erlang-p1-sip: bump version to 1.0.38

upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.

The hash of the license file has changed, due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-stun: bump version to 1.0.39
Johan Oudinet [Thu, 26 Nov 2020 17:42:57 +0000 (18:42 +0100)]
package/erlang-p1-stun: bump version to 1.0.39

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-stringprep: bump version to 1.0.23
Johan Oudinet [Thu, 26 Nov 2020 17:42:56 +0000 (18:42 +0100)]
package/erlang-p1-stringprep: bump version to 1.0.23

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-pkix: bump version to 1.0.6
Johan Oudinet [Thu, 26 Nov 2020 17:42:55 +0000 (18:42 +0100)]
package/erlang-p1-pkix: bump version to 1.0.6

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-oauth2: bump version to 0.6.7
Johan Oudinet [Thu, 26 Nov 2020 17:42:54 +0000 (18:42 +0100)]
package/erlang-p1-oauth2: bump version to 0.6.7

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-acme: bump version to 1.0.9
Johan Oudinet [Thu, 26 Nov 2020 17:42:53 +0000 (18:42 +0100)]
package/erlang-p1-acme: bump version to 1.0.9

The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-yconf: bump version to 1.0.8
Johan Oudinet [Thu, 26 Nov 2020 17:42:52 +0000 (18:42 +0100)]
package/erlang-p1-yconf: bump version to 1.0.8

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-mqtree: bump version to 1.0.10
Johan Oudinet [Thu, 26 Nov 2020 17:42:51 +0000 (18:42 +0100)]
package/erlang-p1-mqtree: bump version to 1.0.10

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-jiffy: bump version to 1.0.6
Johan Oudinet [Thu, 26 Nov 2020 17:42:50 +0000 (18:42 +0100)]
package/erlang-jiffy: bump version to 1.0.6

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-xml: bump version to 1.1.44
Johan Oudinet [Thu, 26 Nov 2020 17:42:49 +0000 (18:42 +0100)]
package/erlang-p1-xml: bump version to 1.1.44

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-tls: bump version to 1.1.9
Johan Oudinet [Thu, 26 Nov 2020 17:42:48 +0000 (18:42 +0100)]
package/erlang-p1-tls: bump version to 1.1.9

The license file hash has changed due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-zlib: bump version to 1.0.9
Johan Oudinet [Thu, 26 Nov 2020 17:42:47 +0000 (18:42 +0100)]
package/erlang-p1-zlib: bump version to 1.0.9

The license file hash has changed due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libcap: fix libcap.pc
Fabrice Fontaine [Tue, 1 Dec 2020 19:27:03 +0000 (20:27 +0100)]
package/libcap: fix libcap.pc

libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:

ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif

Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13276

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360...
Peter Korsgaard [Tue, 1 Dec 2020 17:49:03 +0000 (18:49 +0100)]
package/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360 / 25712

Fixes the following security issues:

* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access

  Insufficient checks on the lengths of the XkbSetMap request can lead to
  out of bounds memory accesses in the X server.

* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow

  Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
  buffer overflow on the head in the X server.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agotoolchain: add upstream fix for arc gcc
Bernd Kuhls [Sat, 28 Nov 2020 11:00:41 +0000 (12:00 +0100)]
toolchain: add upstream fix for arc gcc

Fixes:
http://autobuild.buildroot.net/results/792/792e69eefc87d28b92972c452d5e230d86d9e114/

Upstream issue:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/310

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agotoolchain: update option descriptions for ARC tools arc-2020.09-release
Bernd Kuhls [Sat, 28 Nov 2020 11:00:40 +0000 (12:00 +0100)]
toolchain: update option descriptions for ARC tools arc-2020.09-release

https://git.buildroot.net/buildroot/commit/?id=0791abfba0227803b19895ea22326f4e17ac93dc

bumped
* Binutils 2.34.50 with additional ARC patches
* GCC 10.0.2 with additional ARC patches
* GDB 10.0.50 with additional ARC patches

but forgot to update the version numbers stored in option descriptions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/erlang-eimp: bump version to 1.0.17
Johan Oudinet [Thu, 26 Nov 2020 17:42:46 +0000 (18:42 +0100)]
package/erlang-eimp: bump version to 1.0.17

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-cache-tab: bump version to 1.0.25
Johan Oudinet [Thu, 26 Nov 2020 17:42:45 +0000 (18:42 +0100)]
package/erlang-p1-cache-tab: bump version to 1.0.25

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/erlang-p1-utils: bump version to 1.0.20
Johan Oudinet [Thu, 26 Nov 2020 17:42:44 +0000 (18:42 +0100)]
package/erlang-p1-utils: bump version to 1.0.20

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/s390-tools: also set HAVE_LIBCURL
Fabrice Fontaine [Sat, 28 Nov 2020 10:04:03 +0000 (11:04 +0100)]
package/s390-tools: also set HAVE_LIBCURL

Set HAVE_LIBCURL when libcurl is available to enable genprotimg and
libekmfweb:
https://github.com/ibm-s390-tools/s390-tools/blob/master/README.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/setserial: add license hash
Bernd Kuhls [Sat, 28 Nov 2020 09:57:25 +0000 (10:57 +0100)]
package/setserial: add license hash

Also reformatted hash file.

Fixes:
http://autobuild.buildroot.net/results/d1c/d1ccecc74755155664cd17c8d33721c804a37b25/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kmsxx: bump version to 5489056 and convert to meson build
Peter Seiderer [Sun, 29 Nov 2020 17:56:33 +0000 (18:56 +0100)]
package/kmsxx: bump version to 5489056 and convert to meson build

- remove 0001-fix-compiler-errors-with-gcc-10.patch
  (upstream)

- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
  (upstream)

- convert to meson

- add patch to use system fmt instead of git submodule (fixes
  configure 'ERROR: Include dir ext/fmt/include does not exist.')

- add patch to use system pybind11 instead of git submodule (fixes
  configure 'ERROR: Include dir ext/pybind11/include does not exist.')

- add patch to use python only if pykms is enabled (fixes
  configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')

- add optional libevdev dependency (needed for utils/kmstouch)

- update LICENSE file hash (replaced short copyright notice and
  link to  http://mozilla.org/MPL/2.0/ with complete license text)

- lift toolchain headers requirement to at least 4.11 (include
  linux/dma-buf.h)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/kmsxx: fix build with gcc 10
Fabrice Fontaine [Wed, 18 Nov 2020 17:18:27 +0000 (18:18 +0100)]
package/kmsxx: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/59f70fb725c2f07e27dc818839e02f2788ee490c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/fmt: bump version to 7.1.3
Peter Seiderer [Sun, 29 Nov 2020 20:58:42 +0000 (21:58 +0100)]
package/fmt: bump version to 7.1.3

For details see [1], [2], [3] and [4].

[1] https://github.com/fmtlib/fmt/releases/tag/7.1.0
[2] https://github.com/fmtlib/fmt/releases/tag/7.1.1
[3] https://github.com/fmtlib/fmt/releases/tag/7.1.2
[4] https://github.com/fmtlib/fmt/releases/tag/7.1.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/cups-filters: bump to version 1.28.4
Angelo Compagnucci [Tue, 1 Dec 2020 21:30:53 +0000 (22:30 +0100)]
package/cups-filters: bump to version 1.28.4

While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/s390-tools: fix build with netsnmp
Fabrice Fontaine [Sat, 28 Nov 2020 09:51:08 +0000 (10:51 +0100)]
package/s390-tools: fix build with netsnmp

Fix the following build failure:

/bin/sh: net-snmp-config: command not found
/home/buildroot/autobuild/run/instance-2/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/9.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: osasnmpd.o: in function `main':
osasnmpd.c:(.text.startup+0xcc): undefined reference to `snmp_log_perror'

Moreover, replace perl-net-snmp dependency by netsnmp as osasnmpd is an
SNMP subagent for the net-snmp package:
https://github.com/ibm-s390-tools/s390-tools/blob/master/osasnmpd/osasnmpd.8

Fixes:
 - http://autobuild.buildroot.org/results/00796f2ebd5fb0e08ac7a05a9ee566f2bc4bd1c3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/linux-firmware: install Ath10k QCA9377 sdio firmware
Julien Olivain [Tue, 17 Nov 2020 21:21:45 +0000 (22:21 +0100)]
package/linux-firmware: install Ath10k QCA9377 sdio firmware

linux-firmware version 20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/linux-firmware: bump version to 20201022
Julien Olivain [Tue, 17 Nov 2020 21:21:44 +0000 (22:21 +0100)]
package/linux-firmware: bump version to 20201022

This update is motivated by the inclusion SDIO firmware for QCA9377 WiFi
cards in this new version. See [1].

The license file "WHENCE" content/checksum has changed, since it's an
index of firmware provenance and their licenses, and many new firmware
files were added.

For the full linux-firmware change log, see tag 20201022 log [2].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=d7904d5b07a9e2c4cdd9f8b2c5a5faa9c6e665cf
[2] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?h=20201022

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/linux-firmware: reformat hash file using the 2 spaces convention
Julien Olivain [Tue, 17 Nov 2020 21:21:43 +0000 (22:21 +0100)]
package/linux-firmware: reformat hash file using the 2 spaces convention

For readability, this reformatting is done in a separate commit, as this
package contains many license files.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/bind: fix license hash
Fabrice Fontaine [Thu, 19 Nov 2020 22:11:40 +0000 (23:11 +0100)]
package/bind: fix license hash

Commit 9679d3f0218519ea7a01f3b5fefb7f6dd23b138e forgot to update hash of
COPYRIGHT which was updated to replace http by https:
https://gitlab.isc.org/isc-projects/bind9/-/commit/400171aee8db87c3973987980327051a58a20a80

Fixes:
 - http://autobuild.buildroot.org/results/db614a6fa1e17af2fa5c1d4a0d51cdf770893ca9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/environment-setup: add better kernel handling
Angelo Compagnucci [Mon, 9 Nov 2020 16:58:03 +0000 (17:58 +0100)]
package/environment-setup: add better kernel handling

Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/{mesa3d, mesa3d-headers}: bump version to 20.2.3
Bernd Kuhls [Mon, 30 Nov 2020 17:40:06 +0000 (18:40 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 20.2.3

Release notes of this bugfix release:
https://lists.freedesktop.org/archives/mesa-announce/2020-November/000607.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/libostree: bump to version 2020.8
Marcus Folkesson [Tue, 1 Dec 2020 07:00:05 +0000 (08:00 +0100)]
package/libostree: bump to version 2020.8

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3 years agopackage/python-pydal: bump to version 20200910.1
Angelo Compagnucci [Sun, 8 Nov 2020 17:07:18 +0000 (18:07 +0100)]
package/python-pydal: bump to version 20200910.1

While bumping updating the sha256 computation method.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/python-can: bump to verison 3.3.4
Angelo Compagnucci [Sun, 8 Nov 2020 16:57:55 +0000 (17:57 +0100)]
package/python-can: bump to verison 3.3.4

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/privoxy: security bump to version 3.0.29
Peter Korsgaard [Mon, 30 Nov 2020 07:12:43 +0000 (08:12 +0100)]
package/privoxy: security bump to version 3.0.29

From the release notes:

- Security/Reliability:
  - Fixed memory leaks when a response is buffered and the buffer
    limit is reached or Privoxy is running out of memory.
    Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no action files are configured. Commit c62254a686.
    OVE-20201118-0002.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no filter files are configured. Commit 1b1370f7a8a.
    OVE-20201118-0003.
    Sponsored by: Robert Klemme
  - Fixes a memory leak when client tags are active.
    Commit 245e1cf32. OVE-20201118-0004.
    Sponsored by: Robert Klemme
  - Fixed a memory leak if multiple filters are executed
    and the last one is skipped due to a pcre error.
    Commit 5cfb7bc8fe. OVE-20201118-0005.
  - Prevent an unlikely dereference of a NULL-pointer that
    could result in a crash if accept-intercepted-requests
    was enabled, Privoxy failed to get the request destination
    from the Host header and a memory allocation failed.
    Commit 7530132349. CID 267165. OVE-20201118-0006.
  - Fixed memory leaks in the client-tags CGI handler when
    client tags are configured and memory allocations fail.
    Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
  - Fixed memory leaks in the show-status CGI handler when memory
    allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
    CID 305233. OVE-20201118-0008.

For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libplist: drop duplicated COPYING hash
Fabrice Fontaine [Mon, 30 Nov 2020 06:56:31 +0000 (07:56 +0100)]
package/libplist: drop duplicated COPYING hash

Commit 762119b4c5489352a889c2627eb37906647c375d resulted in a duplicated
line for COPYING hash so drop it

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kmsxx: fix gcc-10.x compile
Peter Seiderer [Sun, 29 Nov 2020 09:38:23 +0000 (10:38 +0100)]
package/kmsxx: fix gcc-10.x compile

Backport upstream commit ([1]) adding missing string include.

Fixes:
  - http://autobuild.buildroot.net/results/53a5f023ae40db18f45ebe7578962914c2d22a44

  In file included from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/omap/omapcard.h:3,
                   from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/src/omap/omapcard.cpp:2:
  .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/card.h:17:18: error: 'string' in namespace 'std' does not name a type
     17 |  Card(const std::string& device);
        |                  ^~~~~~

[1] https://github.com/tomba/kmsxx/commit/b53f9d383c9189a897c44cd88a8fc1b871fdc8a2.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/lynx: fix reproducible build issues
Peter Korsgaard [Sun, 29 Nov 2020 09:35:13 +0000 (10:35 +0100)]
package/lynx: fix reproducible build issues

Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

Lynx by default contains logic to generate a "configuration info" HTML page,
which leaks build paths, and adds the build timestamp to the version output.
Disable both when building in reproducible mode.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/jemalloc: add jemalloc-config to _CONFIG_SCRIPTS handling
Peter Korsgaard [Sun, 29 Nov 2020 07:57:04 +0000 (08:57 +0100)]
package/jemalloc: add jemalloc-config to _CONFIG_SCRIPTS handling

Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

jemalloc installs a jemalloc-config script, leaking build paths and breaking
reproducible builds (and per-package builds).

Add it to _CONFIG_SCRIPTS so the paths get fixed up for staging and the
script removed from target.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mariadb: security bump to version 10.3.27
Peter Korsgaard [Sat, 28 Nov 2020 22:41:46 +0000 (23:41 +0100)]
package/mariadb: security bump to version 10.3.27

Fixes the following security issues:

- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
  Donor then appends it to the "wsrep_sst_" string to get the name of the
  sst script to use, e.g.  wsrep_sst_rsync.  There is no validation or
  filtering here, so if the malicious joiner sends, for example, "rsync `rm
  -rf /`" the donor will execute that too.

- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: Locking).  Supported versions that are affected are
  5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily
  exploitable vulnerability allows high privileged attacker with network
  access via multiple protocols to compromise MySQL Server.  Successful
  attacks of this vulnerability can result in unauthorized ability to cause
  a hang or frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.6.49
  and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily exploitable
  vulnerability allows low privileged attacker with network access via
  multiple protocols to compromise MySQL Server.  Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: InnoDB).  Supported versions that are affected are 5.7.31 and
  prior and 8.0.21 and prior.  Easily exploitable vulnerability allows high
  privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.7.31
  and prior and 8.0.21 and prior.  Easily exploitable vulnerability allows
  high privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-28912:
  https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
  describes a named pipe privilege vulnerability, specifically for MySQL,
  where an unprivileged user, located on the same machine as the server, can
  act as man-in-the-middle between server and client.

Additionally, 10.3.27 fixes a regression added in 10.3.26.

Drop weak md5/sha1 checksums.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gstreamer1/gst1-plugins-good: qmlgl needs gstreamer-gl-1.0
Fabrice Fontaine [Sat, 28 Nov 2020 15:54:09 +0000 (16:54 +0100)]
package/gstreamer1/gst1-plugins-good: qmlgl needs gstreamer-gl-1.0

Build of qmlql fails without gstreamer-gl-1.0 since version 1.17.1 and
https://github.com/GStreamer/gst-plugins-good/commit/2ecba800bfbf177bc56999dc59ecdff00cbc353c

Fixes:
 - http://autobuild.buildroot.org/results/e1537ebac7cd70b6d868a8b7f0205ce3d8593508

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/bustle: fix license
Fabrice Fontaine [Sat, 28 Nov 2020 15:00:36 +0000 (16:00 +0100)]
package/bustle: fix license

bustle binaries are licensed under GPL-3.0:
https://gitlab.freedesktop.org/bustle/bustle/-/blob/bustle-0.7.5/LICENSE

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2020.11-rc3
Peter Korsgaard [Sat, 28 Nov 2020 10:10:01 +0000 (11:10 +0100)]
Update for 2020.11-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>