Fabrice Fontaine [Fri, 2 Apr 2021 19:54:07 +0000 (21:54 +0200)]
package/lldpd: add LLDPD_CPE_ID_VENDOR
cpe:2.3:a:lldpd_project:lldpd is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alldpd_project%3Alldpd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 2 Apr 2021 19:52:52 +0000 (21:52 +0200)]
package/lldpd: security bump to version 1.0.9
- Out-of-bound read access when parsing LLDP-MED civic address in
liblldpctl for malformed fields.
- Fix memory leak when receiving LLDPU with duplicate fields.
CVE-2020-27827.
- More memory leak fixes on duplicate TLVs in LLDP, CDP and EDP
(related to CVE-2020-27827).
https://github.com/lldpd/lldpd/blob/1.0.9/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 3 Apr 2021 06:35:59 +0000 (08:35 +0200)]
package/kodi-vfs-libarchive: bump version to 2.0.1-Matrix
Release notes:
https://github.com/xbmc/vfs.libarchive/releases/tag/2.0.1-Matrix
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Christian Stewart [Sat, 3 Apr 2021 06:45:38 +0000 (23:45 -0700)]
package/go: bump version to 1.16.3
go1.16.3 (released 2021/04/01) includes fixes to the compiler, linker, runtime,
the go command, and the testing and time packages.
https://golang.org/doc/go1.16
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:43 +0000 (18:33 +0200)]
package/qpid-proton: fix build without C++
Fixes:
- http://autobuild.buildroot.org/results/
05f344151100219c159ca4d466a453df96bf07fa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move code in thread condition, to avoid setting -DBUILD_CPP twice
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:41 +0000 (18:33 +0200)]
package/qpid-proton: fix build without threads
Build of qpid-proton is broken since bump to version 0.33.0 in commit
d4c0fde91da0d79204a21ed8de1bd410efa1c4d6 because epoll proactor
unconditonally uses pthread
Fixes:
- http://autobuild.buildroot.org/results/
ec34da16a11f0600ecfbbbc4039e8210aea0498c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: C++ precision in comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 2 Apr 2021 16:33:42 +0000 (18:33 +0200)]
package/pkg-cmake.mk: don't unconditionally set CMAKE_CXX_COMPILER
Don't unconditionally set CMAKE_CXX_COMPILER as it will raise a build
failure on qpid-proton because "if the toolchain specifies a value for
CMAKE_CXX_COMPILER, then CMake assumes the compiler works and goes
straight ahead trying to use it":
https://cmake.org/cmake/help/latest/module/CheckLanguage.html
https://issues.apache.org/jira/browse/PROTON-2365
Fixes:
- http://autobuild.buildroot.org/results/
05f344151100219c159ca4d466a453df96bf07fa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: rename placeholder]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Nicolas Cavallari [Wed, 31 Mar 2021 08:14:47 +0000 (10:14 +0200)]
package/netsnmp: fix script net-snmp-create-v3-user's usage of 'ps'.
net-snmp-create-v3-user uses ps to check if snmpd is running. To know
how to invoke 'ps', the build system use 'which ps' and does other
checks for the output format of 'ps', therefore inspecting 'ps' on the
build machine instead of the target.
If the build machine runs a OS like Debian, that uses a merged-usr and a
PATH of '/usr/bin:/bin', then 'which ps' returns /usr/bin/ps, which will
not work on the target if it does not also use a merged-usr.
Hardcode 'ps' to be /bin/ps to fix this issue and to improve build
reproducibility.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Baruch Siach [Wed, 31 Mar 2021 17:15:52 +0000 (20:15 +0300)]
package/libcurl: security bump to version 7.76.0
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (since 7.63.0)
CVE-2021-22876: Automatic referer leaks credentials (since 7.1.1)
This version adds optional dependency on libgsasl.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 30 Mar 2021 21:43:31 +0000 (23:43 +0200)]
package/libvips: add poppler optional dependency
poppler is an optional dependency which is enabled by default since
version 8.3.0 and
https://github.com/libvips/libvips/commit/
8da4e706dd60aba1a69e49bd562d8de225d2404d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 30 Mar 2021 21:42:13 +0000 (23:42 +0200)]
package/libupnp: disable samples
Disable samples which are built (but not installed) by default since at
least version 1.6.0 and
https://github.com/pupnp/pupnp/commit/
89e7a40fcc5c51afacdc9d5f3d18f5338b2bc5e9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Sat, 20 Mar 2021 22:28:35 +0000 (15:28 -0700)]
package/mender: install dbus authentication file if dbus is selected
While not a requirement to run mender itself, the mender-connect package
requires this file to be installed to talk to mender.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 27 Mar 2021 12:59:47 +0000 (13:59 +0100)]
package/x11r7/xapp_xkbcomp: bump version to 1.4.5
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003075.html
Update license hash after upstream removed trailing whitespaces:
https://cgit.freedesktop.org/xorg/app/xkbcomp/commit/COPYING?id=
3b3d25dd32ba48fd6d15ca98baf7109af21e1d97
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sun, 21 Mar 2021 14:38:32 +0000 (15:38 +0100)]
package/xtables-addons: bump version to 3.17
Changelog ([1]):
v3.18 (2021-03-11)
==================
- xt_pknock: fix a build failure on ARM 32-bit
v3.17 (2021-02-28)
==================
- xt_pknock: cure a NULL deref
v3.16 (2021-02-24)
==================
- xt_pknock: build fix for ILP32 targets
v3.15 (2021-02-05)
==================
- xt_ECHO: support new function signature of security_skb_classify_flow
- xt_lscan: add --mirai option
- Support for Linux 5.11
v3.14 (2020-11-24)
==================
- DELUDE, ECHO, TARPIT: use actual tunnel socket (ip_route_me_harder).
- geoip: scripts for use with MaxMind DB have been brought back,
partly under new names.
- Gave xt_geoip_fetch a more fitting name, xt_geoip_query.
[1] https://fossies.org/linux/privat/xtables-addons-3.18.tar.xz/xtables-addons-3.18/doc/changelog.txt
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sun, 21 Mar 2021 10:31:20 +0000 (11:31 +0100)]
package/qwt: bump version to 6.1.6
Changelog ([1]):
1) Maintenance
- QwtPlotLayout::activate: avoid compiler issues with Qt 5.15
- QwtPointPolar: missing copy constructor added
[1] https://sourceforge.net/p/qwt/code/HEAD/tree/tags/qwt-6.1.6/CHANGES-6.1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Dahl [Wed, 17 Mar 2021 06:11:33 +0000 (07:11 +0100)]
package/siproxd: remove license file hash for internal libltdl
In a first draft of what ended up in commit
3efc5a250c1c
("package/siproxd: new package") libltdl was optionally built from an
internal copy of siproxd. Now external libltdl is selected
unconditionally, thus the license file of the internal copy of libtool
does not apply anymore.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Sat, 20 Mar 2021 22:28:34 +0000 (15:28 -0700)]
package/mender: bump version to 2.5.0
Other changes:
- Add host-pkgconf as a dependency. It's used to find OpenSSL.
- Set new license hashes.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Sat, 20 Mar 2021 22:28:33 +0000 (15:28 -0700)]
package/mender/mender.mk: fix linker version argument
The current linker flag "-X main.Version=$(MENDER_VERSION)" no longer points
to the correct location, which results in "version: unknown" when runnning
"mender -version." Update the linker flag to point to the correct location.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Sat, 20 Mar 2021 22:28:32 +0000 (15:28 -0700)]
package/mender/mender.mk: use MENDER_PKGDIR variable
Currently there is a mix of calls to package/mender and $(MENDER_PKGDIR) in the
mender.mk file. Standardize the calls to only $(MENDER_PKGDIR).
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 22 Mar 2021 07:00:47 +0000 (08:00 +0100)]
package/efivar: disable -Werror
Fix the following build failure with gcc 10:
/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-none-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -I/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/src/include/ -specs=/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/gcc.specs -L. -fPIC -Wl,-z,muldefs -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -o efivar efivar.c -lefivar -ldl
In file included from efivar.h:28,
from efivar.c:40:
In function 'text_to_guid',
inlined from 'parse_name.constprop' at efivar.c:157:8:
guid.h:106:2: error: 'strncpy' output may be truncated copying 8 bytes from a string of length 38 [-Werror=stringop-truncation]
106 | strncpy(eightbytes, text, 8);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/
fcba72d359f4128515560e9105384cd4deff5043
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sun, 21 Mar 2021 21:00:13 +0000 (22:00 +0100)]
package/start-stop-daemon: bump version to 1.20.7.1
- rebased 0001-add-uclibc-alias-and-musl.patch
- rebased 0002-just-warn-on-missing-arch.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sun, 21 Mar 2021 20:58:06 +0000 (21:58 +0100)]
package/tzdata: bump version to 2021a
For details see [1].
[1] https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 21 Mar 2021 16:21:28 +0000 (17:21 +0100)]
package/sdl2: drop tslib
non existing tslib support has been dropped since version 2.0.14 and
https://github.com/libsdl-org/SDL/commit/
4c96faee578efcba3f2d6afe8e2122f26b1dfb0b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bert Outtier [Mon, 29 Mar 2021 10:55:54 +0000 (12:55 +0200)]
support/scripts: fix pycompile for short filenames
Signed-off-by: Bert Outtier <outtierbert@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Edgar Bonet [Mon, 22 Mar 2021 17:14:24 +0000 (18:14 +0100)]
configs/acmesystems_acqua_a5: new defconfigs
The Acqua A5 is a system on module based on the Microchip SAMA5D31 SoC:
https://www.acmesystems.it/acqua
It is available in both 256 MiB and 512 MiB versions, hence the two
defconfig files. These configs build microSD card images with:
- AT91Bootstrap 3
- Linux 5.4.107
- default buildroot packages (uClibc, Busybox)
The device tree blob comes from Acme Systems:
https://github.com/AcmeSystems/dts-archive
It is licensed under GPLv2 or later.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 22 Mar 2021 07:44:42 +0000 (08:44 +0100)]
package/s390-tools: fix zkey build
Build of zkey fails since bump to version 2.16.0 in commit
b82b58a8ddc3d079aa2976b3dafbc965b6107648
Fixes:
- http://autobuild.buildroot.org/results/
e7f229a98dab188ee9c40e4709fd26bfa67358d3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Tue, 30 Mar 2021 19:51:18 +0000 (22:51 +0300)]
package/wpebackend-fdo: bump to version 1.8.3
This minor release fixes an issue which would cause applications using
wpewebkit and webkitgtk freeze under certain conditions during normal
browsing. Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.8.3.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 22 Mar 2021 19:13:16 +0000 (20:13 +0100)]
package/wpa_supplicant: annotate CVE-2021-27803
Add a WPA_SUPPLICANT_IGNORE_CVES entry for CVE-2021-27803 which was
fixed by commit
9ada4eb2f1c3d67ee49f6f5466738bcd821fc647, which we
have backported as
0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Mon, 22 Mar 2021 15:56:55 +0000 (16:56 +0100)]
package/binutils: add patches to fix OpenRisc bug 27624
These patches fix OpenRisc linker bug 27624 that affects packages
libtheora, protobuf and zeromq.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Mon, 29 Mar 2021 22:41:54 +0000 (00:41 +0200)]
package/pkg-kconfig: fix error string
Current error string speaks only about "fragment" but here we also deal
with Kconfig files, so let's add "file or fragment" instead of "fragment".
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Francois Perrad [Tue, 30 Mar 2021 09:00:26 +0000 (11:00 +0200)]
package/perl-parse-yapp: remove useless dependencies
Parse-Yapp comes with a Makefile.PL,
so it is built with the perl core module ExtUtils-MakeMaker
regenerated with `utils/scancpan -force -host Parse-Yapp`
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Petr Vorel [Mon, 29 Mar 2021 18:49:34 +0000 (20:49 +0200)]
package/modem-manager: bump version to 1.16.2
It requires libqmi >= 1.28.0
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Vadym Kochan [Mon, 22 Mar 2021 13:12:28 +0000 (15:12 +0200)]
package/frr: bump to 7.5.1 version
This is a maintenance release of FRR 7.5 with lots of bug fixes:
https://github.com/FRRouting/frr/releases/tag/frr-7.5.1
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 29 Mar 2021 19:30:58 +0000 (21:30 +0200)]
package/gnutls: drop unrecognized option
crywrap has been dropped since version 3.6.12 and
https://github.com/gnutls/gnutls/commit/
c991b5223140e4ef311afac0f25272e602238826
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Aleksander Morgado [Mon, 29 Mar 2021 22:35:42 +0000 (00:35 +0200)]
package/libqmi: fix build when libc doesn't define ARPHRD_RAWIP
The ARPHRD_RAWIP symbol is used in the rmnet backend in the link
management support now included in libqmi.
If libc doesn't provide this symbol yet, define it ourselves. The
symbol will only be used if rmnet is enabled in the kernel anyway.
This patch will be included in the next libqmi 1.28.4.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr:
- do an actual backport now it's been applied upstream
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Alexander Dahl [Mon, 29 Mar 2021 19:29:05 +0000 (21:29 +0200)]
package/fastd: add FASTD_CPE_ID_VERSION
With that FASTD_CPE_ID expands to:
cpe:2.3:a:fastd_project:fastd:21.0:*:*:*:*:*:*:*
That's the same as listed on
https://nvd.nist.gov/products/cpe/detail/826746
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 29 Mar 2021 21:19:56 +0000 (23:19 +0200)]
package/libqmi: switch to the new option to disable -Werror
--enable-more-warnings has been dropped since version 1.26.0 and
https://github.com/freedesktop/libqmi/commit/
9f31a45d5fc137431705d47b83669f35259932b4
Instead, a new --disable-Werror option has been added, through the use
of AX_COMPILER_FLAGS, so use that to explicitly request wrnings not be
treated as errors.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: use --disable-Werror instead of nothing]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Tue, 30 Mar 2021 06:10:03 +0000 (08:10 +0200)]
package/squid: security bump to version 4.14
Fixes the following security issues:
- CVE-2020-25097: HTTP Request Smuggling
Due to improper input validation Squid is vulnerable to an HTTP Request
Smuggling attack.
For more details, see the advisory:
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Tue, 30 Mar 2021 09:01:13 +0000 (11:01 +0200)]
package/lua: bump to version 5.4.3
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 30 Mar 2021 07:10:47 +0000 (09:10 +0200)]
package/stellarium: bump version to 0.21.0
Release notes:
http://stellarium.org/release/2021/03/28/stellarium-0.21.0.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:49:03 +0000 (22:49 +0200)]
package/sqlcipher: security bump to version 4.4.3
Fix CVE-2021-3119: Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer
dereferencing issue related to sqlcipher_export in crypto.c and
sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a
remote denial of service attack. For example, an SQL injection can be
used to execute the crafted SQL command sequence, which causes a
segmentation fault.
https://github.com/sqlcipher/sqlcipher/blob/v4.4.3/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:39:42 +0000 (22:39 +0200)]
package/python-urllib3: security bump to version 1.26.4
Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
omits SSL certificate validation in some cases involving HTTPS to HTTPS
proxies. The initial connection to the HTTPS proxy (if an SSLContext
isn't given via proxy_config) doesn't verify the hostname of the
certificate. This means certificates for different servers that still
validate properly with the default urllib3 SSLContext will be silently
accepted.
https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:33:41 +0000 (22:33 +0200)]
package/python-lxml: security bump to version 4.6.3
Fix CVE-2021-28957: lxml 4.6.2 allows XSS. It places the HTML action
attribute into defs.link_attrs (in html/defs.py) for later use in input
sanitization, but does not do the same for the HTML5 formaction
attribute.
https://github.com/lxml/lxml/blob/lxml-4.6.3/CHANGES.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:26:13 +0000 (22:26 +0200)]
package/mariadb: security bump to version 10.3.28
Fix CVE-2021-27928: A remote code execution issue was discovered in
MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18,
and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep
patch through 2021-03-03 for MySQL. An untrusted search path leads to
eval injection, in which a database SUPER user can execute OS commands
after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not
affect an Oracle product.
https://mariadb.com/kb/en/mariadb-10328-release-notes/
https://mariadb.com/kb/en/mariadb-10328-changelog/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:10:26 +0000 (22:10 +0200)]
package/haserl: security bump to version 0.9.36
2021-03-07 0.9.36
* Fix sf.net issue #5 - its possible to issue a PUT request
without a CONTENT-TYPE. Assume an octet-stream in that case.
* Change the Prefix for variables to be the REQUEST_METHOD
(PUT/DELETE/GET/POST)
**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
* Mitigations vs running haserl to get access to files not
available to the user.
- Fix CVE-2021-29133: Lack of verification in haserl, a component of
Alpine Linux Configuration Framework, before 0.9.36 allows local users
to read the contents of any file on the filesystem.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 20:10:25 +0000 (22:10 +0200)]
package/haserl: add HASERL_CPE_ID_VENDOR
cpe:2.3:a:haserl_project:hserl is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahaserl_project%3Ahaserl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 29 Mar 2021 19:54:07 +0000 (21:54 +0200)]
package/wireshark: security bump to version 3.4.4
Fix CVE-2021-22191: Improper URL handling in Wireshark 3.4.0 to 3.4.3
and 3.2.0 to 3.2.11 could allow remote code execution via via packet
injection or crafted capture file.
https://www.wireshark.org/security/wnpa-sec-2021-03.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 25 Mar 2021 07:34:34 +0000 (08:34 +0100)]
package/pulseview: fix patch
Commit
4b7db318262a023a4a5396b06adafd9fd19d40a3 forgot to restore
upstream patch
Fixes:
- http://autobuild.buildroot.org/results/
589cfc6ea43dc5e714751f05be488f5c469641b9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Henri Roosen [Mon, 29 Mar 2021 08:28:55 +0000 (10:28 +0200)]
package/qt5webkit: add SoB line to 'Fix ICU related compile failures from capital bool' patch
Fixes: 0f6c209a1d76 ("package/qt5webkit: fix ICU related compile failures from capital bool defines")
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Nosthoff [Mon, 22 Mar 2021 15:29:17 +0000 (16:29 +0100)]
board/beaglebone: remove genimage_linux41.cfg
Commit
5502a889dd9f065ec4694a993cfa509377da2cce
("configs/beaglebone_qt5: don't use custom post-image script") removed the use
of genimage_linux41.cfg but didn't remove the file.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Petr Vorel [Thu, 25 Mar 2021 18:00:23 +0000 (19:00 +0100)]
package/libmbim: bump version to 1.24.6
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
John Keeping [Thu, 25 Mar 2021 14:39:46 +0000 (14:39 +0000)]
package/ca-certificates: bump to version
20210119
Upstream has switched to requiring python3, so change the dependency to
always use host-python3.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Francois Perrad [Mon, 22 Mar 2021 19:42:21 +0000 (20:42 +0100)]
package/janet: bump to version 1.15.4
remove 2 patches merged upstream
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 27 Mar 2021 12:56:29 +0000 (13:56 +0100)]
package/x11r7/xorgproto: reformat license hashes
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 27 Mar 2021 12:56:28 +0000 (13:56 +0100)]
package/x11r7/xorgproto: bump version to 2021.3
Release notes:
https://lists.x.org/archives/xorg-announce/2021-February/003072.html
https://lists.x.org/archives/xorg-announce/2021-February/003073.html
Update license hash after upstream typo fix:
https://cgit.freedesktop.org/xorg/proto/xorgproto/commit/COPYING-x11proto?id=
09602b2130b3710bcca4d2707132bd47d4a832ef
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Jörg Krause [Tue, 23 Mar 2021 16:30:51 +0000 (17:30 +0100)]
Revert "package/mpd: fix build of GenParseName"
This reverts commit
9783c04aaf5e4fc94099772f1dc699a974ee6538.
This commit is actually a workaround to get Meson passing `-libstdc++`
to the C linker. The correct fix is to pass the host C++ compiler to
Meson instead of the host C compiler using the `CXX_FOR_BUILD` variable.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 23 Mar 2021 16:30:50 +0000 (17:30 +0100)]
package/pkg-meson.mk: fix setting host C++ compiler
Commit
f4a61d1ae23ec7729af3a8a165bbee45b6b9ef75 introduced CC_FOR_BUILD and
CXX_FOR_BUILD to avoid detecting ccache.
Both values are set to `HOSTCC`. This causes issues where C++ files are
compiled with the C compiler without passing the `stdc++` flag to the
linker, too.
Therefore, switch to pass the C++ compiler to CXX_FOR_BUILD.
Correctly fixes:
http://autobuild.buildroot.org/results/
871e1362c44e5b68a149e6a5dd3caf99ea0d904a
Commit
9783c04aaf5e4fc94099772f1dc699a974ee6538 proposed a fix which in
fact is a workaround to get Meson to pass the `stdc++` flag to the C
linker.
A fellow-up commit will revert this commit, as it is no longer
needed.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 23 Mar 2021 08:33:12 +0000 (09:33 +0100)]
package/upmpdcli: bump to version 1.5.11
From https://www.lesbonscomptes.com/upmpdcli/pages/releases.html:
2021-03-13 upmpdcli 1.5.11
* Fix rare possible issue with Kazoo volume control
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 23 Mar 2021 08:31:04 +0000 (09:31 +0100)]
package/libnpupnp: bump to version 4.1.1
From https://www.lesbonscomptes.com/upmpdcli/pages/releases.html:
2021-03-13 libnpupnp 4.1.1
* Fix HEAD requests. Samsung TVs now work with Gerbera + libnpupnp
2021-03-13 libnpupnp 4.1.0
* Send SERVER and USER-AGENT headers in misc places where mandated or useful.
* Add API for the client code to set the user-agent and server string values
* Fix building and running with --disable-ipv6
* Misc portability fixes.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 23 Mar 2021 08:30:06 +0000 (09:30 +0100)]
package/libupnpp: bump to version 0.21.0
From https://www.lesbonscomptes.com/upmpdcli/pages/releases.html:
2021-03-13 libupnpp 0.21.0
* Allow configuring the subscription timeout (init option)
* Add interface for the lib to report a subscription autorenewal failure, and
to renew all subscriptions.
* Add API to set the product/version values in User-Agent and Server headers.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 22 Mar 2021 19:54:16 +0000 (20:54 +0100)]
package/libvips: drop unrecogized options
--without-zip has been dropped since version 8.4.2 and
https://github.com/libvips/libvips/commit/
5ab0001ec68a5f61396aecd8d2d7a619b1dbe1fa
--without-python has been dropped since version 8.6.0 and
https://github.com/libvips/libvips/commit/
fddd277995cf8ffb434eeaf2ee27fe22d921bc59
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Egorenkov [Wed, 24 Mar 2021 11:45:22 +0000 (12:45 +0100)]
linux: support uncompressed kernel on S390
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Wed, 24 Mar 2021 12:34:10 +0000 (13:34 +0100)]
package/netopeer2: bump version to 1.1.70
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Wed, 24 Mar 2021 12:34:08 +0000 (13:34 +0100)]
package/sysrepo: bump version to 1.4.122
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Wed, 24 Mar 2021 12:34:06 +0000 (13:34 +0100)]
package/libnetconf2: bump version to 1.1.43
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Wed, 24 Mar 2021 12:34:04 +0000 (13:34 +0100)]
package/libyang: bump version to 1.0.225
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:54 +0000 (21:13 +0200)]
package/libsoundtouch: use gitlab macro
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:53 +0000 (21:13 +0200)]
package/ipcalc: use gitlab macro
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:52 +0000 (21:13 +0200)]
package/frotz: use gitlab macro
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:51 +0000 (21:13 +0200)]
package/eigen: use gitlab macro
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:50 +0000 (21:13 +0200)]
docs/manual: add documentation for the gitlab macro
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:49 +0000 (21:13 +0200)]
package/pkg-download.mk: add gitlab macro
Just like we have a "github" macro to calculate the URL of the tarball
to download source from Github, let's introduce a similar macro for
Gitlab.
This should be used to download the auto-generated tarballs from
Gitlab. If there is a specific release tarball uploaded by the
upstream developers, the <pkg>_SITE variable should not use this new
gitlab macro.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 28 Mar 2021 19:13:48 +0000 (21:13 +0200)]
docs/manual: improve details about the Github macro
The Github macro example shows something that is now considered
incorrect: using v1.0 as the VERSION. This is not longer recommended
as it prevents from matching with release-monitoring.org details.
Let's update the example, and add a note to explain this in more
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 27 Mar 2021 12:50:49 +0000 (13:50 +0100)]
package/php: bump version to 7.4.16
Changelog: https://www.php.net/ChangeLog-7.php#7.4.16
Update license hash due to copyright year bump:
http://git.php.net/?p=php-src.git;a=commitdiff;h=
8c04944b66fd4a4fa88e54b65a2391397998c51d
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 26 Mar 2021 19:08:56 +0000 (20:08 +0100)]
package/freeswitch: bump version to 1.10.6
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 26 Mar 2021 19:08:55 +0000 (20:08 +0100)]
package/sofia-sip: bump version to 1.13.3
Removed patches which were applied upstream:
https://github.com/freeswitch/sofia-sip/commit/
f6f29b483e9c31ce8d3e87419ec3deea8679312d
https://github.com/freeswitch/sofia-sip/commit/
d568475eb7291bc72f585a116319b05d80b818e1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Petr Vorel [Thu, 25 Mar 2021 17:58:32 +0000 (18:58 +0100)]
package/libqmi: bump version to 1.28.2
libqrtr-glib is now optional dependency (since libqmi >= 1.28.0)
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Petr Vorel [Thu, 25 Mar 2021 17:58:31 +0000 (18:58 +0100)]
package/libqrtr-glib: new package
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Sat, 27 Mar 2021 13:27:28 +0000 (14:27 +0100)]
package/git: bump version to 2.31.1
For details see [1].
[1] http://lkml.iu.edu/hypermail/linux/kernel/2103.3/04320.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 27 Mar 2021 13:06:54 +0000 (14:06 +0100)]
package/openvpn: bump version to 2.5.1
Release notes:
https://sourceforge.net/p/openvpn/mailman/message/
37226597/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 28 Mar 2021 08:14:01 +0000 (10:14 +0200)]
package/fetchmail: bump version to 6.4.18
Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/
37249830/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 28 Mar 2021 09:45:54 +0000 (11:45 +0200)]
package/samba4: bump version to 4.14.2
Added patch to fix build error.
Removed patch which was applied upstream.
Added two options to samba4-cache.txt to fix cross build, values were
taken from GnuTLS source:
https://gitlab.com/gnutls/gnutls/-/blob/3.6.15/lib/includes/gnutls/gnutls.h.in#L180
https://gitlab.com/gnutls/gnutls/-/blob/3.6.15/lib/includes/gnutls/gnutls.h.in#L341
host-perl is now mandatory, also host-perl-parse-yapp is needed.
Added option to fix build without dbus, this change needed a rework of
the shared-modules configure option, due to this upstream commit:
https://gitlab.com/samba-team/devel/samba/-/commit/
b6805d5e0bcf1716f87e84bcbb2fd8f93c38a8a3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 28 Mar 2021 08:22:11 +0000 (10:22 +0200)]
package/tvheadend: bump version
Upstream removed x11 dependency from vaapi support:
https://github.com/tvheadend/tvheadend/commit/
ecd05a21de3075466476df97cf37ffd42c787e58
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sat, 27 Mar 2021 22:42:20 +0000 (23:42 +0100)]
package/perl: fix configure when BR2_VERSION_FULL contains a '/'
When BR2_VERSION_FULL contains one or more '/', injection our version
in the perl patch-level fails:
/usr/bin/sed: -e expression #1, char 27: unknown option to `s'
When the build is done in a git tree, and HEAD is a tag, BR2_VERSION_FULL
will contain that tag name. Even if not widely common, it is not unusual
for a tag to contain a '/', and this is perfectly legit in git.
So, mangle BR2_VERSION_FULL to escape all '/' with a backslash '\', so
that the sed expression is correct, and so that we eventually have a
correct pathclevel string in perl's --version output.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Thu, 25 Mar 2021 12:54:42 +0000 (13:54 +0100)]
package/network-manager: add CPE variables
cpe:2.3:a:gnome:networkmanager is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Anetworkmanager
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Henri Roosen [Thu, 25 Mar 2021 17:39:47 +0000 (18:39 +0100)]
package/qt5webkit: fix ICU related compile failures from capital bool defines
This patch fixes the following compile failures:
In file included from platform/text/TextAllInOne.cpp:30:
platform/text/TextBreakIteratorICU.cpp: In function ‘bool
WebCore::textInChunkOrOutOfRange(UText*, int64_t, int64_t, UBool,
UBool&)’:
platform/text/TextBreakIteratorICU.cpp:217:28: error: ‘TRUE’ was not
declared in this scope
217 | isAccessible = TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp:222:28: error: ‘FALSE’ was not
declared in this scope
222 | isAccessible = FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:231:28: error: ‘TRUE’ was not
declared in this scope
231 | isAccessible = TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp:236:28: error: ‘FALSE’ was not
declared in this scope
236 | isAccessible = FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textLatin1Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:246:16: error: ‘FALSE’ was not
declared in this scope
246 | return FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:266:12: error: ‘TRUE’ was not
declared in this scope
266 | return TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textUTF16Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:367:16: error: ‘FALSE’ was not
declared in this scope
367 | return FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:387:12: error: ‘TRUE’ was not
declared in this scope
387 | return TRUE;
| ^~~~
...
In file included from platform/text/TextAllInOne.cpp:32:
platform/text/TextCodecICU.cpp: In member function ‘void
WebCore::TextCodecICU::createICUConverter() const’:
platform/text/TextCodecICU.cpp:272:42: error: ‘TRUE’ was not declared in
this scope
272 | ucnv_setFallback(m_converterICU, TRUE);
| ^~~~
The compile failures are fixed by replacing the use of FALSE/TRUE with
false/true as suggested by [1] and/or [2].
A better description is directly from the patch/pull-request ([3]):
Traditionally, ICU4C has defined its own `FALSE`=0 / `TRUE`=1 macros for use with `UBool`.
Starting with ICU 68 (2020q4), we no longer define these in public header files
(unless `U_DEFINE_FALSE_AND_TRUE`=1),
in order to avoid name collisions with code outside ICU defining enum constants and similar
with these names.
and explains why it occurred just recently/since the icu bump to version
68-1 ([4])...
[1] https://unicode-org.atlassian.net/browse/ICU-21267
[2] https://unicode-org.atlassian.net/browse/ICU-21148
[3] https://github.com/unicode-org/icu/pull/1282/commits/
5d77f7084dbfad50c7ccc17bccb85aa24bae8937
[4] https://git.buildroot.net/buildroot/commit/?id=
88f2d1c4e52607d2c2a1fa8d934152c47167a168
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 21 Mar 2021 13:15:08 +0000 (14:15 +0100)]
package/libglib2: security bump to version 2.66.8
Fix a security issue when using g_file_replace() with
G_FILE_CREATE_REPLACE_DESTINATION
https://gitlab.gnome.org/GNOME/glib/-/tags/2.66.8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 22 Mar 2021 19:00:34 +0000 (20:00 +0100)]
package/openssh: security bump to version 8.5p1
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
On modern operating systems where the OS can provide information
about the user identity connected to a socket, OpenSSH ssh-agent
and sshd limit agent socket access only to the originating user
and root. Additional mitigation may be afforded by the system's
malloc(3)/free(3) implementation, if it detects double-free
conditions.
The most likely scenario for exploitation is a user forwarding an
agent either to an account shared with a malicious user or to a
host with an attacker holding root access.
* Portable sshd(8): Prevent excessively long username going to PAM.
This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations. This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some
other PAM application. GHPR#212
Also license has been updated to add some openbsd-compat licenses:
https://github.com/openssh/openssh-portable/commit/
922cfac5ed5ead9f796f7d39f012dd653dc5c173
https://www.openssh.com/txt/release-8.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adrian Perez de Castro [Mon, 22 Mar 2021 22:28:37 +0000 (00:28 +0200)]
package/wpebackend-fdo: bump to version 1.8.2
This minor release fixes an issue with its public API headers which
can cause third party packages (mainly wpewebkit) to show build errors.
Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.8.2.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adrian Perez de Castro [Mon, 22 Mar 2021 22:28:36 +0000 (00:28 +0200)]
package/wpewebkit: security bump to 2.30.6
This is a minor release which provides fixes for CVE-2020-27918,
CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, and CVE-2021-1870.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.30.6.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2021-0002.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adrian Perez de Castro [Mon, 22 Mar 2021 22:19:48 +0000 (00:19 +0200)]
package/webkitgtk: security bump to 2.30.6
This is a minor release which provides fixes for CVE-2020-27918,
CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, and CVE-2021-1870.
Full release notes can be found at:
https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html
An accompanying security advisory has been published at:
https://webkitgtk.org/security/WSA-2021-0002.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Mon, 22 Mar 2021 19:10:34 +0000 (20:10 +0100)]
package/kodi: honour the libusb option even when disabled
Make sure libusb support is properly disabled even if the libusb
package is enabled, and in case it gets built before Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 27 Mar 2021 07:16:37 +0000 (08:16 +0100)]
package/kodi-inputstream-adaptive: bump version to 2.6.8-Matrix
Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Fri, 26 Mar 2021 08:02:14 +0000 (09:02 +0100)]
package/kodi-pvr-vuplus: bump version to 7.4.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Wed, 24 Mar 2021 21:24:40 +0000 (22:24 +0100)]
package/kodi-pvr-hts: bump version to 8.3.0-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.hts/blob/Matrix/pvr.hts/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Waldemar Brodkorb [Sat, 27 Mar 2021 15:48:33 +0000 (16:48 +0100)]
package/uclibc: update to 1.0.38
- fixes renameat2 issues on riscv64
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 27 Mar 2021 17:13:35 +0000 (18:13 +0100)]
perl-parse-yapp: new package
Host version is needed for samba 4.14.x.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Asaf Kahlon [Sat, 27 Mar 2021 20:35:52 +0000 (23:35 +0300)]
package/python-dialog3: switch to setuptools
The package switched to setuptools (see commit:
https://github.com/frougon/pythondialog/commit/
88a3f0b45e81aaecf3a85bcf8b8d8ce907fbe29d)
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stephane Viau [Thu, 25 Mar 2021 06:21:41 +0000 (07:21 +0100)]
configs/freescale_imx8mpevk: new defconfig
This patch adds support for the NXP i.MX 8M Plus EVK board [1].
The final boot image is created from uboot and firmware binaries in post
image script board/freescale/common/imx/imx8-bootloader-prepare.sh.
This first support is based on NXP's 5.4.70_2.3.0 BSP.
[1] https://www.nxp.com/design/development-boards/i-mx-evaluation-and-development-boards/evaluation-kit-for-the-i-mx-8m-plus-applications-processor:8MPLUSLPD4-EVK
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Thu, 25 Mar 2021 06:21:40 +0000 (07:21 +0100)]
board/freescale/common/imx: add support for i.MX 8M Plus
Almost identical as i.MX 8M Nano, with a couple of differences:
- different ATF load address [1]
- different entry point [2]
[1] https://source.denx.de/u-boot/u-boot/-/commit/
e8e2703a3050feb8d2e6473d806c5277d5e3236f
[2] https://source.denx.de/u-boot/u-boot/-/blob/v2021.04-rc4/configs/imx8mp_evk_defconfig#L14
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>