Commit Graph

55990 Commits

Author SHA1 Message Date
Romain Naour
4d16e6f532 package/gcc: fix gcc 8.4, 9.3 and 10.2 for sparcv8 (ss10)
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.

gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.

Reverting this patch allowed to produce a working rootfs.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 21:58:50 +01:00
Petr Vorel
d25818dfcc package/kmod: bump version to 28
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 21:40:50 +01:00
Peter Korsgaard
0e1b5aa572 packago/go: security bump to version 1.15.7
Fixes the following security issues:

- cmd/go: packages using cgo can cause arbitrary code execution at build time

  The go command may execute arbitrary code at build time when cgo is in use
  on Windows.  This may occur when running “go get”, or any other command
  that builds code.  Only users who build untrusted code (and don’t execute
  it) are affected.

  In addition to Windows users, this can also affect Unix users who have “.”
  listed explicitly in their PATH and are running “go get” or build commands
  outside of a module or with module mode disabled.

  Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

  This issue is CVE-2021-3115 and Go issue golang.org/issue/43783.

- crypto/elliptic: incorrect operations on the P-224 curve

  The P224() Curve implementation can in rare circumstances generate
  incorrect outputs, including returning invalid points from ScalarMult.

  The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages
  support P-224 ECDSA keys, but they are not supported by publicly trusted
  certificate authorities.  No other standard library or golang.org/x/crypto
  package supports or uses the P-224 curve.

  The incorrect output was found by the elliptic-curve-differential-fuzzer
  project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).

  This issue is CVE-2021-3114 and Go issue golang.org/issue/43786.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-21 17:02:19 +01:00
Peter Seiderer
cab81477dc package/libcamera: add optional lttng-libust dependency
Add optional lttng-libust support and enable tracing support
in case.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:57:51 +01:00
Peter Seiderer
7fe4599087 package/libcamera: bump version to de5d03673
- add new host-python3-jinja2 and host-python3-ply dependencies
- change android, documentation options from boolean to feature
- disable new tracing option (needs lttng-ust)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:56:59 +01:00
Peter Seiderer
2d7c614252 package/python3-ply: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:40:22 +01:00
Peter Seiderer
d3cbde6464 package/python3-jinja2: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:39:48 +01:00
Peter Seiderer
aa93ef1617 package/python3-markupsafe: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:39:13 +01:00
Andreas Hilse
6a91580c11 package/sysklogd: bump to version 2.1.2
- fixes: sysklogd 1.6 klogd with newer glibcs: kernel messages are
  logged to user facility
- sysklogd removed klogd, functionality has been moved to syslogd
- now supports config fragments in /etc/syslog.d
- disabled sysklogd logger to not interfere with other loggers
- license has changed from GPL-2.0+ to BSD-3-Clause

Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:21:25 +01:00
Fabrice Fontaine
f238791b6a package/unzip: switch to debian
https://sources.debian.org/data/main/u/unzip/6.0-25 is unreachable so
switch to the debian archive provided by snapshot.debian.org to retrieve
all debian patches at once.

While at it, also update indentation in hash file and add
UNZIP_IGNORE_CVES entries.

The Debian patch archive we refernce brings in a large set of patches,
some of them fixing CVEs. Since we only cary the Debian patch archive
as a single entity, just refer to it to identify all the CVEs the
individual patches there in are fixng.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - don't wrap _SITE line that is anyway too long even when wrapped
  - don't enumerate Debian patches one by one, just refere to them
    globally
  - as a consequence, reorder CVEs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 22:17:58 +01:00
Fabrice Fontaine
8a0d4e6a06 package/dcron: switch site, bump version
- Use github as a source site, to get a newer version than 4.5, which
  was released in May 2011
- Add upstream link to patch
- Use the new COPYING file
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:04:04 +01:00
Bernd Kuhls
5250e7c2e1 package/fetchmail: bump version to 6.4.15
Updated license hash due to copyright year bump:
87069e8872/tree/COPYING

Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/37189309/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 21:58:40 +01:00
Mark Corbin
37f24f5580 package/chrony: bump to version 4.0
Update chrony to version 4.0 and add/remove configuration of
features as necessary.

Remove support for readline. Add support for nettle and
gnutls (required for NTS support). Add pkg-config support (for
nss, nettle and gnutls).

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 21:56:41 +01:00
Raphaël Mélotte
b7546c7ca4 package/python-jmespath: bump to version 0.10.0
Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 21:50:40 +01:00
Grzegorz Blach
63cc2577c1 package/python-bluezero: Bump to version 0.4.0
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 21:48:07 +01:00
Fabrice Fontaine
3d6ecb322e package/libebml: add LIBEBML_CPE_ID_VENDOR
cpe:2.3🅰️matroska:libebml is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amatroska%3Alibebml

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 21:23:00 +01:00
Fabrice Fontaine
902b3f5342 package/zziplib: set ZZIPLIB_CPE_ID_VALID
cpe:2.3🅰️zziplib_project:zziplib is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Azziplib_project%3Azziplib

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 21:22:59 +01:00
Fabrice Fontaine
6387b2730d package/ncmpc: set NCMPC_CPE_ID_VALID
cpe:2.3🅰️ncmpc_project:ncmpc is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ancmpc_project%3Ancmpc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 21:22:58 +01:00
Fabrice Fontaine
9bde558f64 package/libbluray: add LIBBLURAY_CPE_ID_VENDOR
cpe:2.3🅰️videolan:libbluray is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Alibbluray

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 21:22:57 +01:00
Fabrice Fontaine
ad92bc0e73 package/rhash: set RHASH_CPE_ID_VALID
cpe:2.3🅰️rhash_project:rhash is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arhash_project%3Arhash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 20:37:12 +01:00
Fabrice Fontaine
7d767cc848 package/rhash: bump to version 1.4.1
https://github.com/rhash/RHash/releases/tag/v1.4.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 20:36:46 +01:00
Fabrice Fontaine
2585de4100 package/xenomai: drop unrecognized option
--disable-doc-install is not available since version 3.0.6 and
6076f0951c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 20:26:33 +01:00
Fabrice Fontaine
ea2a14d541 package/xenomai: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/551228bcc7152d5e835f3cced6329269b6bad651

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: move to 3.0.10 subdir so it is only used for that version]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 20:22:46 +01:00
Nicolas Cavallari
5cd5d85cda package/dnsmasq: security bump to 2.83
From the annoucement:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html

"There are broadly two sets of problems. The first is subtle errors in
dnsmasq's protections against the chronic weakness of the DNS protocol
to cache-poisoning attacks; the Birthday attack, Kaminsky, etc. [...]

[...] the second set of errors is a good old fashioned buffer overflow
in dnsmasq's DNSSEC code."

Fixes CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684,
      CVE-2020-25685, CVE-2020-25686 and CVE-2020-25687

Details: https://www.jsof-tech.com/disclosures/dnspooq

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 20:18:25 +01:00
Joeri Barbarien
a20a86d7f6 package/chartjs: security bump to 2.9.4
CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)

    The options parameter is not properly sanitized when it is processed.
    When the options are processed, the existing options (or the defaults
    options) are deeply merged with provided options. However, during this
    operation, the keys of the object being set are not checked, leading to
    a prototype pollution.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:56:51 +01:00
Thomas De Schampheleire
0244b11597 package/chartjs: move 'v' version prefix out of CHARTJS_VERSION
chartjs 2.9.3 has a security vulnerability (CVE-2020-7746) which is not
detected by the CVE scripts, presumably because our version variable starts
with a 'v'.

Move that 'v' prefix out of the version variable to fix that.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:56:37 +01:00
Fabrice Fontaine
dbe6870a4c package/i7z: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/1a433611ba8676cf1ca276fccaf3633971bd562e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:56:16 +01:00
Fabrice Fontaine
8d80614420 package/screenfetch: make version compliant with release-monitoring
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:52:13 +01:00
Francois Perrad
e5cbf04e7c package/lua-curl: bump to version 0.3.12
diff LICENSE:
- Copyright (c) 2014-2019 Alexey Melnichuk
+ Copyright (c) 2014-2021 Alexey Melnichuk

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:51:10 +01:00
Francois Perrad
cb299e91b3 package/lua-bit32: bump to version 5.3.5.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:50:59 +01:00
Bernd Kuhls
0d92549320 package/xscreensaver: bump version to 5.45
Changelog: https://www.jwz.org/xscreensaver/changelog.html

Remove dependency to libglade in favour of gdk-pixbuf.
Add dependency to libxml2 which is needed for gtk support.

Add various optional dependencies.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-19 18:49:34 +01:00
Fabrice Fontaine
9d1d4818c3 package/poppler: add gobject-introspection support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:58:22 +01:00
Fabrice Fontaine
635c59ef72 package/xerces: renumber patch
Commit 7f115d2de4 forgot to renumber the
remaining patch

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:56:17 +01:00
Grzegorz Blach
a537390206 package/python-pyjwt: bump to version 2.0.0
Since 2.0.0, pyjwt has dropped Python 2.x support, so Python 3.x is
mandatory.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:49:47 +01:00
Michael Walle
05e6d35fe7 boot/uboot: bump to version 2021.01
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:48:45 +01:00
Yann E. MORIN
7bbf17f359 boot/barebox, package/linux-headers: carry site-method archive format version when overriding _SOURCE
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.

Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.

However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:

  - linux-headers and linux
  - barebox-aux and barebox

When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.

Fix that by manually propagating the per-site-method format-version.

Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:39:14 +01:00
Heiko Thiery
adeadcd527 package/netsniff-ng: bump version to 0.6.8
Also drop upstream patches that are already in version.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:37:54 +01:00
Gwenhael Goavec-Merou
b253123090 package/gr-osmosdr: bump to 0.2.3
Bump to 0.2.3 and fix hash space.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:37:00 +01:00
Peter Seiderer
93daabcfbd docs/manual/pkg-cmake.txt: add _INSTALL_OPTS description
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:33:07 +01:00
Peter Seiderer
0c80a0da9a docs/manual/pkg-cmake.txt: fix _INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS description
Since commit dfcc18f84b cmake-package
_INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS use 'install/fast'
instead of 'install', adjust documentation accordingly.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:33:03 +01:00
Peter Seiderer
281f07b71b package/pkg-cmake.mk: fix indent
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:32:40 +01:00
Fabrice Fontaine
3a8e039a0e package/unzip: set UNZIP_CPE_ID_VALID
cpe:2.3🅰️unzip_project:unzip is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aunzip_project%3Aunzip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:30:16 +01:00
Fabrice Fontaine
d6da9d1d29 package/unzip: make version compliant with release-monitoring
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:26:28 +01:00
Fabrice Fontaine
9ddc1b5c93 package/atop: set ATOP_CPE_ID_VALID
cpe:2.3🅰️atop_project:atop is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aatop_project%3Aatop

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:25:42 +01:00
Thomas Claveirole
baa09c60a5 package/openlayers: bump to version 6.5.0
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:25:04 +01:00
Fabrice Fontaine
906a466869 package/boa: drop package
Drop boa package as it is affected by multiple CVEs (CVE-2017-9833,
CVE-2018-21027 and CVE-2018-21028) and is not maintained anymore (no
release since 2005):

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3🅰️boa:boa:0.94.14.21:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:24:45 +01:00
Fabrice Fontaine
af6cbe07e4 Config.in.legacy: fix typo
oriq-rcw -> qoriq-rcw

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:23:25 +01:00
Michael Nosthoff
32dc218c82 package/grpc: drop host gcc 4.8 workaround
Due to libabseil dependencies the host gcc is at least 4.9.
So the fix for host gcc 4.8 is no longer needed.

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:22:44 +01:00
Laurent Hartanerot
44b490fc44 package/qoriq-rcw: bump to version LSDK-20.12
Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:16:22 +01:00
Angelo Compagnucci
711a742c13 package/htpdate: bump to version 1.2.6
Thi patch bumps htpdate to version 1.2.6.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 22:15:38 +01:00