Fabrice Fontaine [Wed, 11 Sep 2019 17:06:33 +0000 (19:06 +0200)]
package/zziplib: fixup the 'v' prefix in the version
In order for the zziplib version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ZZIPLIB_SITE and not ZZIPLIB_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 11 Sep 2019 17:01:50 +0000 (19:01 +0200)]
package/perl-class-std-fast: fixup the 'v' prefix in the version
In order for the perl-class-std-fast version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
PERL_CLASS_STD_FAST_SOURCE and not PERL_CLASS_STD_FAST_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 12 Sep 2019 19:43:54 +0000 (21:43 +0200)]
package/nodejs: security bump to version v10.16.3
Fixes the following security vulnerabilities:
- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
from a specified resource over multiple streams. They manipulate window
size and stream priority to force the server to queue the data in 1-byte
chunks. Depending on how efficiently this data is queued, this can
consume excess CPU, memory, or both, potentially leading to a denial of
service.
- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
HTTP/2 peer, causing the peer to build an internal queue of responses.
Depending on how efficiently this data is queued, this can consume excess
CPU, memory, or both, potentially leading to a denial of service.
- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
streams and continually shuffles the priority of the streams in a way that
causes substantial churn to the priority tree. This can consume excess
CPU, potentially leading to a denial of service.
- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
sends an invalid request over each stream that should solicit a stream of
RST_STREAM frames from the peer. Depending on how the peer queues the
RST_STREAM frames, this can consume excess memory, CPU, or both,
potentially leading to a denial of service.
- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
frames to the peer. Since the RFC requires that the peer reply with one
acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
equivalent in behavior to a ping. Depending on how efficiently this data
is queued, this can consume excess CPU, memory, or both, potentially
leading to a denial of service.
- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
headers with a 0-length header name and 0-length header value, optionally
Huffman encoded into 1-byte or greater headers. Some implementations
allocate memory for these headers and keep the allocation alive until the
session dies. This can consume excess memory, potentially leading to a
denial of service.
- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
window so the peer can send without constraint; however, they leave the
TCP window closed so the peer cannot actually write (many of) the bytes on
the wire. The attacker then sends a stream of requests for a large
response object. Depending on how the servers queue the responses, this
can consume excess memory, CPU, or both, potentially leading to a denial
of service.
- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
with an empty payload and without the end-of-stream flag. These frames
can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends
time processing each frame disproportionate to attack bandwidth. This can
consume excess CPU, potentially leading to a denial of service.
(Discovered by Piotr Sikora of Google)
Notice that this version bump requires nghttp2 1.39.2. It also includes an
(unconditional) embedded copy of brotli.
Update the license hash because of copyright year changes and the addition
of the MIT-style license text for large_pages and brotli.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 12 Sep 2019 19:43:53 +0000 (21:43 +0200)]
package/nghttp2: security bump to version 1.39.2
Fixes the following security issues:
CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop
For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 12 Sep 2019 19:56:05 +0000 (21:56 +0200)]
package/jo: bump to version 1.2
Drop the v prefix on the download URL as the 1.2 git tag is just '1.2' and
add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 13 Sep 2019 14:16:27 +0000 (17:16 +0300)]
package/ccache: bump to version 3.7.4
- Update CCACHE_SITE to github.
- The hash of the license file is updated. There were two changes:
* The reference to the credits.html file changed from
ccache.samba.org to ccache.dev
* The MIT license text for minitrace.[ch] was added, but it doesn't
change the fact that the whole is under GPL-3.0, and we anyway
already had "GPL-3.0, others" in CCACHE_LICENSE
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Thu, 12 Sep 2019 20:14:37 +0000 (22:14 +0200)]
package/luksmeta: bump to version v9
Bugfix release, fixing a potential infinite loop when handling the LUKS
header:
git shortlog v8..v9
Daniel Kopeček (2):
Use asciidoc as the manual page source format
Generate manual page from source during build time
Milan Broz (1):
Fix infinite loop when initializing trimmed LUKS header.
Nathaniel McCallum (3):
Fix invalid man page section reference
Fix typos in the man page
Release version 9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
André Hentschel [Thu, 12 Sep 2019 21:16:29 +0000 (23:16 +0200)]
package/wine: bump to version 4.0.2
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Petr Vorel [Thu, 29 Aug 2019 20:02:12 +0000 (22:02 +0200)]
package/links: bump to version 2.20
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Fri, 30 Aug 2019 18:44:12 +0000 (11:44 -0700)]
package/gawk: bump to version 5.0.1
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Wed, 11 Sep 2019 20:33:44 +0000 (17:33 -0300)]
package/nfs-utils: always use libtirpc and enable IPv6
nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.
As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 29 Aug 2019 07:22:33 +0000 (09:22 +0200)]
support/scripts/pkg-stats: extract current commit id, not master
pkg-stats extracts the Buildroot commit id from which the package
information was collected. However, when doing so, it always assumes
we're using the master branch, by running "git log master".
But in fact, pkg-stats can be run from any branch/tag, so it makes a
lot more sense to use "git log HEAD".
Cc: victor.huesca@bootlin.com
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Dahl [Thu, 12 Sep 2019 09:14:32 +0000 (11:14 +0200)]
package/zic: bump version to 2019c
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Dahl [Thu, 12 Sep 2019 09:14:31 +0000 (11:14 +0200)]
package/tzdata: bump version to 2019c
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 12 Sep 2019 07:27:15 +0000 (09:27 +0200)]
package/ascii-invaders: drop the SOURCE variable
There is no need to override the SOURCE variable when the github macro
is used, and in fact keeping the default SOURCE value gives a much
more sensible tarball name, so let's drop the SOURCE variable
entirely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 11 Sep 2019 17:17:29 +0000 (19:17 +0200)]
package/ascii-invaders: fixup the 'v' prefix in the version
In order for the ascii-invaders version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ASCII_INVADERS_SITE and not ASCII_INVADERS_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Kurz [Mon, 9 Sep 2019 18:23:45 +0000 (18:23 +0000)]
package/minimodem: new package
Minimodem is a command-line program which decodes (or generates)
audio modem tones at any specified baud rate, using various
framing protocols. It acts a general-purpose software FSK modem,
and includes support for various standard FSK protocols such as
Bell103, Bell202, RTTY, TTY/TDD NOAA SAME, and Caller-ID.
Signed-off-by: Alexander Kurz <akurz@blala.de>
[Thomas:
- switch from a depends on to a select for the libsndfile or
pulseaudio or alsa dependency
- re-order statements in Config.in
- add missing host-pkgconf dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pierre-Jean Texier [Tue, 10 Sep 2019 19:07:11 +0000 (21:07 +0200)]
DEVELOPERS: add Pierre-Jean Texier for haveged
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pierre-Jean Texier [Tue, 10 Sep 2019 19:07:10 +0000 (21:07 +0200)]
package/haveged: bump to version 1.9.6
This includes the following changes:
94079e6 Fixed invalid UTF-8 codes in ChangeLog
1470a82 Updated service.fedora
9596c53 Updated service.fedora
b50b59b New version 1.9.5
037e059 New version 1.9.5
2681d01 Added test for /dev/random symlink
0dac21b Update to automake 1.16
638e2f0 Fixed built issue on Cygwin
083f827 minimize diff
b38def1 minimize diff
e16369d take into account review by @nbraud
6dfce53 Remove support for CPUID on ia64
fc50dda [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test
be4e481 NEWS: Cleanup extraneous whitespace
0815b3c Fixup upstream changelog
6d52229 Fix type mismatch in get_poolsize
90d00f7 service.redhat: update PIDFile
16a9726 fix segv at start
ceab89a init.d/Makefile.am: add missing dependency
01e3154 Diagnostics capture mode now works correctly by referencing the right variable during rng warmup
f219358 Fix segfault on arm machines
Also add a 'v' prefix in _SITE variable.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 8 Sep 2019 08:03:22 +0000 (10:03 +0200)]
package/apitrace: bump to version 8.0
Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chris Packham [Mon, 9 Sep 2019 09:54:31 +0000 (21:54 +1200)]
package/syslog-ng: update version in config file
syslog-ng warns when using a configuration from an older version. Update
the version in the example config.
Fixes: 9695f3e069 ("package/syslog-ng: bump version to 3.22.1")
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mohana Datta Yelugoti [Mon, 9 Sep 2019 06:46:39 +0000 (12:16 +0530)]
package/python-sip: bump to version 4.19.13
Signed-off-by: Mohana Datta Yelugoti <ymdatta.work@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yegor Yefremov [Tue, 10 Sep 2019 09:30:26 +0000 (11:30 +0200)]
package/socketcand: bump version
Change download location as the project is now part of the linux-can
organization.
Also remove an upstreamed patch.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Refik TUZAKLI [Mon, 9 Sep 2019 10:09:45 +0000 (10:09 +0000)]
DEVELOPERS: adjust e-mail address for Refik Tuzakli
My email address will be deactivated in two weeks.
Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Raphaël Mélotte [Mon, 9 Sep 2019 11:58:07 +0000 (13:58 +0200)]
docs/manual/adding-packages-python.txt: fix outdated Python 3 explanation
Python packages should no longer depend on BR2_PACKAGE_PYTHON in their
config file, unless they are only compatible with Python 2.
Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 9 Sep 2019 19:56:47 +0000 (14:56 -0500)]
package/iperf3: bump to 3.7
- Dropped musl and profiling patches as they were incorporated upstream.
- Profiling is set as explicitly disabled as it can now be configured.
- License file hash is changed due to an update in the copyright year:
-"iperf, Copyright (c) 2014-2018, The Regents of the University of California,
+"iperf, Copyright (c) 2014-2019, The Regents of the University of California,
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Mon, 9 Sep 2019 17:27:43 +0000 (20:27 +0300)]
package/uhubctl: bump to version 2.1.0
Update license file hash: copyright year update.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 9 Sep 2019 16:58:42 +0000 (11:58 -0500)]
package/protobuf: bump to version 3.9.1
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 9 Sep 2019 16:31:40 +0000 (11:31 -0500)]
package/protobuf-c: bump to version 1.3.2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Joel Carlson [Mon, 9 Sep 2019 18:52:14 +0000 (12:52 -0600)]
package/capnproto: require GCC 5 for C++14
Adds dependency on at least GCC 5 to have C++14 language features that
are required starting in version 0.7.0 of capnproto.
Fixes:
http://autobuild.buildroot.org/results/
5c09e745cab822d830f73e33647f3b0e765c9181
(capnproto build failure)
Fixes:
http://autobuild.buildroot.org/results/
743c750e9932658c20965a25de89c3f21a1d43e9
(host-capnproto build failure)
This updated dependency is propagated to capnproto unique reverse
dependency, c-capnproto.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Tue, 10 Sep 2019 03:07:09 +0000 (22:07 -0500)]
package/libqmi: bump to 1.22.6
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Mon, 9 Sep 2019 17:06:05 +0000 (20:06 +0300)]
package/libuv: bump to version 1.32.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 9 Sep 2019 16:00:51 +0000 (11:00 -0500)]
package/smcroute: bump to 2.4.4
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 9 Sep 2019 15:51:27 +0000 (10:51 -0500)]
package/tclap: bump to 1.2.2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Oleksandr Zhadan [Mon, 26 Aug 2019 17:39:42 +0000 (13:39 -0400)]
configs/acturus_ucls1012a: bump kernel and u-boot version
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
289126214
Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Michael Durrant <mdurrant@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 11 Aug 2019 12:07:31 +0000 (14:07 +0200)]
DEVELOPERS: add Gerome Burlats as contact for Qemu defconfigs
Gerome Burlats recently took care of the Qemu defconfigs, so it makes
sense to list him as a contact for the maintenance of these
defconfigs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Acked-by: Gerome Burlats <gerome.burlats@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Mon, 9 Sep 2019 07:46:21 +0000 (09:46 +0200)]
DEVELOPERS: remove Pranit Sirsat, e-mail bounces
<Pranit.Sirsat@imgtec.com>: host mxa-
00376f01.gslb.pphosted.com[91.207.212.86]
said: 550 5.1.1 User Unknown (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:11:40 +0000 (09:11 -0700)]
package/openal: bump to version 1.19.1
Add hash for license file.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:11:33 +0000 (09:11 -0700)]
package/nmap: bump to version 7.80
The hash of the license file changed due to this single change of the
copyright year:
- * The Nmap Security Scanner is (C) 1996-2018 Insecure.Com LLC ("The Nmap *
+ * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap *
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:11:18 +0000 (09:11 -0700)]
package/libv4l: bump to version 1.16.6
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:11:12 +0000 (09:11 -0700)]
package/liblinear: bump to version 2.30
Update hash for license file (update in year).
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:10:54 +0000 (09:10 -0700)]
package/libdvbsi: bump to version 0.3.8
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:10:39 +0000 (09:10 -0700)]
package/less: bump to version 551
updated _SITE
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 8 Sep 2019 22:38:30 +0000 (00:38 +0200)]
Revert "package/gperf: bump to version 3.1"
This reverts commit
3e29e1ed5bb5c9c6689ac9e78c46c2d458c00cfb, as it
breaks the build of host-libcap.
Fixes:
http://autobuild.buildroot.net/results/
4db6fcffd4f1432d2f2349ecb58992c6be568073/
Thanks to Ricardo Martincoski <ricardo.martincoski@gmail.com> for the
analysis of the problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:10:25 +0000 (09:10 -0700)]
package/haproxy: bump to version 2.0.5
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:10:03 +0000 (09:10 -0700)]
package/gperf: bump to version 3.1
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:09:53 +0000 (09:09 -0700)]
package/debianutils: bump to version 4.8.6.3
updated _SITE
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Sun, 8 Sep 2019 16:09:09 +0000 (09:09 -0700)]
package/cairo: bump to version 1.16.0
Changed _SITE to releases
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 5 Sep 2019 17:04:03 +0000 (19:04 +0200)]
package/lttng-tools: fix build with glibc 2.30
Fixes:
- http://autobuild.buildroot.org/results/
8680c5a355b226cf978397615cbe5df1c5f8c656
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Thu, 5 Sep 2019 08:00:52 +0000 (10:00 +0200)]
package/lua-messagepack: bump to version 0.5.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 7 Sep 2019 20:09:13 +0000 (22:09 +0200)]
package/augeas: bump to version 1.12.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 7 Sep 2019 20:09:12 +0000 (22:09 +0200)]
package/augeas: drop AUTORECONF
autoreconf is not needed since bump to version 1.10.1 in
commit
3cd6faa04cef1b1ebf5c5d47eeaf7e812ed02cb7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 7 Sep 2019 20:17:21 +0000 (22:17 +0200)]
package/json-for-modern-cpp: fixup the 'v' prefix in the version
In order for the json-for-modern-cpp version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
JSON_FOR_MODERN_CPP_SITE and not JSON_FOR_MODERN_CPP_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 28 Aug 2019 16:13:26 +0000 (18:13 +0200)]
package/libglfw: bump version to 3.3
License file was renamed and whitespace was removed:
https://github.com/glfw/glfw/commits/master/LICENSE.md
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 28 Aug 2019 14:25:54 +0000 (16:25 +0200)]
package/libdvdread: bump version to 6.0.1
Release notes:
https://code.videolan.org/videolan/libdvdread/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Wed, 28 Aug 2019 14:23:56 +0000 (16:23 +0200)]
package/libebur128: bump version to 1.2.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gergely Imreh [Tue, 27 Aug 2019 14:14:28 +0000 (15:14 +0100)]
{configs/raspberrypi,package/rpi-firmware}: bump kernel/firmware to
20190819 version
It's the latest original version. The defconfig and
package/rpi-firmware changes are done in a single patch, as they are
going together.
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Zoltan Gyarmati [Tue, 27 Aug 2019 10:46:23 +0000 (12:46 +0200)]
DEVELOPERS: add myself for libusb and libusb-compat
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 7 Sep 2019 20:18:37 +0000 (22:18 +0200)]
package/libgpg-error: fix build with gawk 5.0
Fixes:
http://autobuild.buildroot.net/results/
e815bed0e7b3d9cbf50ebf605666a50e7032e5a1/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Giulio Benetti [Tue, 3 Sep 2019 10:12:16 +0000 (12:12 +0200)]
package/libnss: security bump to version 3.46
Fixes the following security issues:
(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
Note:
This version requires nspr 4.22 or newer provided by the previous patch.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Tue, 3 Sep 2019 10:12:15 +0000 (12:12 +0200)]
package/libnspr: bump to version 4.22
Rework all 3 patches to make that applicable to 4.22 version.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
James Hilliard [Mon, 2 Sep 2019 19:03:04 +0000 (13:03 -0600)]
package/python-aioconsole: bump to version 0.1.15
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pierre-Jean Texier [Thu, 5 Sep 2019 19:11:40 +0000 (21:11 +0200)]
package/lighttpd: bump to version 1.4.54
See http://www.lighttpd.net/2019/5/27/1.4.54/
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 5 Sep 2019 21:50:52 +0000 (23:50 +0200)]
package/bitcoin: fixup the 'v' prefix in the version
In order for the bitcoin version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
BITCOIN_SITE and not BITCOIN_VERSION.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Fri, 6 Sep 2019 07:59:14 +0000 (09:59 +0200)]
DEVELOPERS: remove Kevin Joly, e-mail is bouncing
Kevin Joly (kevin.joly@sensefly.com)<mailto:kevin.joly@sensefly.com>
Your message couldn't be delivered to the recipient because you don't have permission to send to it.
Looking at his LinkedIn profile, he left SenseFly in January 2019,
which quite certainly explains why his @sensefly.com e-mail address is
no longer working.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lubomir Rintel [Fri, 6 Sep 2019 09:25:09 +0000 (11:25 +0200)]
system/skeleton: drop PAGER from /etc/profile
We couldn't track down the reason why the profile sets $PAGER other
than that it has always been there.
However, it defeats pager autodetection by various tool (systemctl,
nmcli, etc.) that would otherwise prefer less to more, in case both
were available.
Let's drop it. My desktop Linux distro (Fedora) doesn't seem to set it
either and the universe doesn't seem to have collapsed yet.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Romain Naour [Fri, 6 Sep 2019 10:12:03 +0000 (12:12 +0200)]
configs/aarch64_efi: fix typo AARCH64 -> ARM64
There is no option BR2_TARGET_GRUB2_AARCH64_EFI but
BR2_TARGET_GRUB2_ARM64_EFI in grub2 package.
BR2_TARGET_GRUB2_ARM64_EFI was introduced by the commit [1].
[1]
273a27804a18c5e232907d5ef6bd01957cf090d7
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Erico Nunes <nunes.erico@gmail.com>
Reviewed-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 7 Sep 2019 15:00:43 +0000 (17:00 +0200)]
package/agentpp: bump to version 4.1.2
Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 7 Sep 2019 15:00:42 +0000 (17:00 +0200)]
package/snmppp: bump to version 3.3.11a
Update hash of license file (source file has been updated)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Mukhin [Sat, 7 Sep 2019 18:35:17 +0000 (21:35 +0300)]
package/pppd: use uclibc libcrypt instead of openssl
glibc since 2.28 dropped DES encryption routines setkey() and encrypt(),
but uclibc still provides them. So, if building with uclibc, we can
avoid using huge openssl library.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lubomir Rintel [Fri, 6 Sep 2019 09:26:13 +0000 (11:26 +0200)]
package/network-manager: drop obsolete dependencies
Remove dependencies on libraries NetworkManager no longer uses.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lubomir Rintel [Fri, 6 Sep 2019 09:25:53 +0000 (11:25 +0200)]
package/network-manager: bump to version 1.20.2
A straightforward bump. Tested.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 7 Sep 2019 13:18:25 +0000 (15:18 +0200)]
package/network-manager: fix legal-info following the 1.20.0 bump
In commit
aee34c479a5f845ed84ca0fac60250843742bec6, network-manager
was bumped to 1.20.0. As part of this bump, the libnm-util/ subfolder
was removed, and therefore libnm-util/COPYING no longer exists,
breaking the legal-info of this package.
The only remaining COPYING file is at the top-level. However, it
documents only the GPL-2.0 license, while in fact many parts of
network-manager, especially libraries, are under LGPL-2.0. This is
well explained in the CONTRIBUTING file, which states:
"""
Legal
-----
NetworkManager is partly licensed under terms of GNU Lesser General Public License
version 2 or later (LGPL-2.0+). That is for example the case for libnm.
For historical reasons, the daemon itself is licensed under terms of GNU General
Public License, version 2 or later (GPL-2.0+). See the license comment in the source
files.
Note that all new contributions to NetworkManager MUST be made under terms of
LGPL-2.0+, that is also the case for parts that are currently licensed GPL-2.0+.
The reason for that is that we might eventually relicense everything as LGPL and
new contributions already must agree with that future change.
"""
So, we keep GPL-2.0 and LGPL-2.0 as license, drop libnm-util/COPYING
from the LICENSE_FILES variable, and instead add the CONTRIBUTING
file. We also add a comment above the LICENSE variable.
Fixes:
http://autobuild.buildroot.net/results/
44ce11d110a508821f76aae7ce996c1814c6a453/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gwenhael Goavec-Merou [Thu, 5 Sep 2019 13:40:40 +0000 (15:40 +0200)]
package/gmp: enable C++ support when BR2_INSTALL_LIBSTDCPP=y
gmp has optional C++ support, which is disabled by default. Let's
enabled it conditionally depending on the BR2_INSTALL_LIBSTDCPP
option.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 5 Sep 2019 17:10:20 +0000 (19:10 +0200)]
package/lttng-babeltrace: bump to version 1.5.7
- Remove second patch (already in version)
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Mukhin [Fri, 6 Sep 2019 10:21:01 +0000 (13:21 +0300)]
DEVELOPERS: remove myself from hostapd developers
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Mukhin [Fri, 6 Sep 2019 10:21:00 +0000 (13:21 +0300)]
package/hostapd: remove support for Realtek drivers
After hostapd update to 2.9, the patch provided no longer works,
although applies. Moreover, AP support for Realtek chips is broken
anyway in kernels > 4.9.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
[Thomas: add Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Fri, 6 Sep 2019 18:03:13 +0000 (11:03 -0700)]
package/libglib2: bump to version 2.60.7
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 6 Sep 2019 15:46:55 +0000 (17:46 +0200)]
package/asterisk: security bump to version 16.5.1
Fixes the following security issues:
AST-2019-004: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
responds with a declined media stream a crash will then occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
AST-2019-005: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the
number of samples are examined and as part of this a message is output to
indicate that no samples are present. A change was done to suppress this
message for a particular scenario in which the message was not relevant. This
change assumed that information about the origin of a frame will always exist
when in reality it may not.
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 6 Sep 2019 12:05:00 +0000 (15:05 +0300)]
package/python-enum: bump to version 0.4.7
Also add hash for license file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 6 Sep 2019 12:04:30 +0000 (15:04 +0300)]
package/monit: bump to version 5.26.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 6 Sep 2019 11:34:46 +0000 (13:34 +0200)]
package/exim: security bump to version 4.92.2
Fixes CVE-2019-15846: Local or remote attacker can execute programs with
root privileges
For details, see the advisory:
https://exim.org/static/doc/security/CVE-2019-15846.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Fri, 30 Aug 2019 18:44:13 +0000 (11:44 -0700)]
package/e2fsprogs: bump to version 1.45.3
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 31 Aug 2019 10:49:30 +0000 (12:49 +0200)]
package/libdmtx: bump version to 0.7.5
According to https://sourceforge.net/projects/libdmtx the project was
moved to https://github.com/dmtx so update project URL in Config.in.
Updated license hash due to upstream commit
https://github.com/dmtx/libdmtx/commit/
b65ff367ad90ab29568a5719b2ec07a2c2a6d8e8
Added AUTORECONF because the github tarball does not include a
configure script.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sat, 31 Aug 2019 10:45:10 +0000 (12:45 +0200)]
package/aubio: bump to version 0.4.9
Remove upstream patch.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 30 Aug 2019 13:50:04 +0000 (15:50 +0200)]
package/wireguard: bump version to 0.0.
20190702
For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-July/004271.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 4 Sep 2019 18:40:43 +0000 (20:40 +0200)]
package/libogg: bump version to 1.3.4
Added all hashes provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 4 Sep 2019 18:12:21 +0000 (20:12 +0200)]
package/dav1d: disable tests and tools
Some tools need SDL2 which will break the build if SDL2 is found on host
Fixes:
- http://autobuild.buildroot.org/results/
4cea773805e62911019d0627dcdf5d17b71032b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Tue, 3 Sep 2019 11:53:58 +0000 (13:53 +0200)]
package/less: bump to version 530
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Tue, 3 Sep 2019 11:38:37 +0000 (13:38 +0200)]
package/nano: bump to version 4.4
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sat, 31 Aug 2019 20:03:59 +0000 (23:03 +0300)]
package/iw: bump to version 5.3
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 4 Sep 2019 17:47:47 +0000 (19:47 +0200)]
package/cups-filters: bump to version 1.25.4
Update hash of license file (year, authors, files have been updated)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pierre-Jean Texier [Wed, 4 Sep 2019 17:10:55 +0000 (19:10 +0200)]
DEVELOPERS: add Pierre-Jean Texier for tree
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pierre-Jean Texier [Wed, 4 Sep 2019 17:10:54 +0000 (19:10 +0200)]
package/tree: bump to version 1.8.0
See http://mama.indstate.edu/users/ice/tree/changes.html
Also add a hash for license file.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 4 Sep 2019 17:02:02 +0000 (19:02 +0200)]
package/cups: security bump to version 2.2.12
- Remove fifth patch (already in version)
- Fix CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows
(rdar://
51685251)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Wed, 4 Sep 2019 01:22:03 +0000 (22:22 -0300)]
package/wolfssl: bump to version 4.1.0
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Wed, 4 Sep 2019 00:51:28 +0000 (21:51 -0300)]
package/snort: bump to version 2.9.14.1
Since configure is using PKG_CHECK_MODULES macro, we need to
unconditionally depends on host-pkgconf.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 4 Sep 2019 17:58:48 +0000 (19:58 +0200)]
package/samba4: security bump version to 4.10.8
Release notes: https://www.samba.org/samba/history/samba-4.10.8.html
Fixes CVE-2019-10197
Combination of parameters and permissions can allow user
to escape from the share path definition.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jörg Krause [Mon, 2 Sep 2019 19:34:59 +0000 (21:34 +0200)]
package/mpd: bump to version 0.21.14
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sébastien Szymanski [Tue, 3 Sep 2019 09:20:24 +0000 (11:20 +0200)]
package/unzip: add security patch from Debian
Fix the URL and add a new patch. Quoting changelog [1]:
unzip (6.0-25) unstable; urgency=medium
* Apply one more patch by Mark Adler:
- Do not raise a zip bomb alert for a misplaced central directory.
This should allow Firefox to build again. Closes: #932404.
Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.
-- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200
[1] https://sources.debian.org/data/main/u/unzip/6.0-25/debian/changelog
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / buildroot.git / log