Commit Graph

66204 Commits

Author SHA1 Message Date
Chris Dimich
fd96b942d9 configs/nitrogen*: bump u-boot to version 2022.04
- U-Boot branch boundary-v2022.04 from Boundary repo.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 23:06:43 +01:00
Chris Dimich
16e0a29a87 configs/nitrogen*: bump kernel revision
- Based on NXP 5.15.52-2.1.0 release.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 23:06:29 +01:00
Chris Dimich
b5dc9855d6 package/freescale-imx/imx-vpu-hantro-daemon: new package
- i.MX Hantro V4L2 Daemon. Provides the vsidaemon, which is needed for
V4L2 nodes to work.
- To match NXP 5.15.52-2.1.0 release.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:56:34 +01:00
Chris Dimich
4ef729d1cf package/freescale-imx/imx-vpu-hantro-vc: add INSTALL_STAGING_CMDS
Add an INSTALL_STAGING_CMDS define as libraries needed by
imx-vpu-hantro-daemon.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:54:11 +01:00
Chris Dimich
43f6ae0de3 package/freescale-imx/imx-vpu-hantro-vc: bump version to 1.9.0
- To match NXP 5.15.52-2.1.0 release.
- EULA/COPYING: update to LA_OPT_NXP_Software_License v39.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:52:02 +01:00
Chris Dimich
b84557b588 package/freescale-imx/imx-gpu-g2d: bump version to 6.4.3.p4.4
- To match NXP 5.15.52-2.1.0 release.
- EULA/COPYING: update to LA_OPT_NXP_Software_License v39.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:51:55 +01:00
Chris Dimich
e8df0f7392 package/freescale-imx/imx-gpu-viv: bump to version 6.4.3.p4.4
- To match NXP 5.15.52-2.1.0 release.
- EULA/COPYING: update to LA_OPT_NXP_Software_License v39.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:51:48 +01:00
Chris Dimich
76e1532734 package/freescale-imx/kernel-module-imx-gpu-viv: bump to version 6.4.3.p4.4
- To match NXP 5.15.52-2.1.0 release.

Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:51:27 +01:00
Joachim Wiberg
6bab22ca41 package/inadyn: bump to v2.10.0
Highligts include support for MbedTLS and a serious memory leak fix to
the GnuTLS backend.

Changes:
 - Add support for MbedTLS
 - Add support for per-provider interface to bind to
 - Use HTTP-only for api.ipify.org, default (fallback) checkip service

Fixes:
 - serious memory leak in GnuTLS backend
 - ca-trust-file has no effect for GnuTLS
 - handle easyDNS "no update required" as OK status
 - use configured server:port, don't force port 443 for HTTPS

(From https://github.com/troglobit/inadyn/releases/tag/v2.10.0)

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:50:32 +01:00
Dario Binacchi
ce2db7b986 package/uuu: bump to version 1.5.11
- Add nvme_all build-in command
- Add Write command to allow use mmc write to write image
- Fixed race conditions of g_last_error_str and g_last_err_id variables
- Add support for stm vendor fastboot

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:46:47 +01:00
James Hilliard
2e75ef9ce5 package/meson: bump to version 0.64.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:46:42 +01:00
Vincent Stehlé
2cda2584fb configs/qemu_aarch64_ebbr: add host-qemu
Add the host-qemu package to enable testing on gitlab.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:42:33 +01:00
Vincent Stehlé
40c05259d8 boot/edk2: refine license
The edk2 project is licensed under the BSD-2-Clause license with a patent
grant, as per commit 304bff7223a8 ("edk2: Change License.txt from 2-Clause
BSD to BSD+Patent").

There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2 package to use this more specific identifier.

[1]: https://spdx.org/licenses/BSD-2-Clause-Patent.html

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:38:33 +01:00
Vincent Stehlé
9bd1266983 package/edk2-platforms: refine license
The edk2-platforms project is licensed under the BSD-2-Clause license with
a patent grant, as per commit ae604e4ffe8f ("edk2-platforms: Change
License.txt from 2-Clause BSD to BSD+Patent").

There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2-platforms package to use this more specific
identifier.

[1]: https://spdx.org/licenses/BSD-2-Clause-Patent.html

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 22:38:19 +01:00
Peter Korsgaard
39a2ff16f9 package/python3: add upstream security fix for CVE-2022-45061
Fixes the following security issue:

CVE-2022-45061: An issue was discovered in Python before 3.11.1.  An
unnecessary quadratic algorithm exists in one path when processing some
inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably
long name being presented to the decoder could lead to a CPU denial of
service.  Hostnames are often supplied by remote servers that could be
controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an
attacker-supplied supposed hostname.  For example, the attack payload could
be placed in the Location header of an HTTP response with status code 302.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:03:15 +01:00
Brandon Maier
13dc57c94f boot/uboot/uboot.mk: fix zynqmp without pmufw
Commit d07e6b70 (boot/uboot/uboot.mk: add pmufw.elf support) broke
configurations where the UBOOT_ZYNQMP_PMUFW was blank. Previously it
would set the U-Boot CONFIG_PMUFW_INIT_FILE to the blank string, but now
it will set it to ".bin" which causes U-Boot to fail to build.

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:01:58 +01:00
Peter Korsgaard
f157a11362 {linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.{4, 10, 15, 19}.x / 6.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:01:46 +01:00
Michael Fischer
73f04f7f0c package/gnupg2: bump version to 2.3.8
Brings a number of fixes: https://dev.gnupg.org/T6106

Add patch 0001 to fix undefined reference to `ks_ldap_free_state'
backported from commit 7011286ce6e1fb56c2989fdafbd11b931c489faa

Signed-off-by: Michael Fischer <mf@go-sys.de>
[Peter: add changelog info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-11-23 11:00:51 +01:00
Thomas Petazzoni
ccf1ee9789 package/sscep: fix empty line at end of Config.in
Fixes check-package warning:

package/sscep/Config.in:9: empty line at end of file

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-23 09:23:00 +01:00
Bernd Kuhls
a5ebfbdbdf package/unbound: install to staging
Needed for Monero:
https://github.com/monero-project/monero/blob/release-v0.18/cmake/FindUnbound.cmake

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 23:41:36 +01:00
Tim Gover
5589466769 package/rpi-firmware: add overlays/README
If a custom os_prefix directory is specified then the Raspberry Pi
firmware probes for the README file in overlays directory. If
this is not found then firmware will use the top-level overlays
directory which can be confusing if os_prefix is used in conjunction
with other filters to implement alternate boot behaviour.

In Raspberry Pi OS the README file is always included to ensure
that the relevant documentation is in sync with the overlays. Rather
that including the entire file let's just include an empty file so
that overlays directory is consistent with the Raspberry Pi OS
APT package.

From
https://www.raspberrypi.com/documentation/computers/config_txt.html#overlay_prefix

Unless ${os_prefix}${overlay_prefix}README exists, overlays are shared
with the main OS (i.e. os_prefix is ignored).

Signed-off-by: Tim Gover <tim.gover@raspberrypi.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 23:32:55 +01:00
Tim Gover
59adb53c4c package/rpi-userland: add support for aarch64
Enable aarch64 support for rpi-userland to provide
vcmailbox and vcgencmd in 64bit builds. The are useful
for programming OTP and system debug.

The ARM64=ON parameter restricts the make targets
to only include those supported on 64-bit i.e. it
excludes the legacy Broadcom EGL drivers.

Signed-off-by: Tim Gover <tim.gover@raspberrypi.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 23:29:41 +01:00
Francois Perrad
c4fa02ee63 package/lua-mqtt: new package
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 23:28:06 +01:00
Dario Binacchi
72fa60dc10 package/sscep: new package
SSCEP is a client-only implementation of the SCEP (Cisco System's Simple
Certificate Enrollment Protocol).

The goal of SCEP is to support the secure issuance of certificates to
network devices in a scalable manner, using existing technology whenever
possible. The protocol supports the following operations:

* CA and RA public key distribution
* Certificate enrollment
* Certificate and CRL query

Certificate and CRL access can be achieved by using the LDAP protocol,
or by using the query messages defined in SCEP.

CC: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 23:17:54 +01:00
Maxim Kochetkov
4187b38f27 package/timescaledb: bump version to 2.8.1
Release notes: https://github.com/timescale/timescaledb/releases/tag/2.8.1

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:50:29 +01:00
Marek Metelski
ef6c9da9d2 package/gitlab-runner: fix inconsistency of systemd and sysv daemons
Copy default $DAEMON_ARGS from systemd service to sysv init script.

Make GITLAB_RUNNER_USER home directory the same as default
--work-directory (-d) flag.

Run sysv daemon process using root user (remove -c option)
This is needed to correctly access config files as specified.
System access can still be limited with gitlab-runner `--user` flag.

Use same $DAEMON_ARGS variable name so it can be overwritten in
/etc/default/gitlab-runner environment file in both cases.

Signed-off-by: Marek Metelski <marek.metelski@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:49:01 +01:00
Joachim Wiberg
10dbfdec2d package/ssdp-responder: fix warnings from check-package and shellcheck
Summary of changes:

 - Fix use of $DAEMON, found by check-package
   - Expects DAEMON to be name of daemon controlled by script, this
     causes ripple efects in rest of script
   - Recommend `chmod a-x`, .mk file installs with `-m 0755`
 - Fix shellcheck warnings:
   - Use "$VAR" in case of spaces in filenames
   - recommend not using $? in if stmt, should use `if start-stop ...`
   - mismatch in indentation in case-esac

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:38:13 +01:00
James Hilliard
47659b4f34 package/iwd: add dbus compile time dependency
In 5b3b2d80f4 we dropped dbus as a build
dependency, however we still need it when building with systemd so
that the service directory is available via pkg-config.

In addition we can drop --with-dbus-datadir by unconditionally
requiring dbus as the datadir will then be fetched from pkg-config.

Fixes:
checking D-Bus bus services directory... configure: error: D-Bus bus services directory is required

  http://autobuild.buildroot.net/results/4a48676460e6ce588897598f0022ec840b4b4b8d/

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:34:22 +01:00
Vincent Stehlé
79591b7667 boot/edk2: fix the build for arm sgi575
The edk2 package can be configured for platform Arm Sgi575 but this
does not build correctly:

Usage: build.exe [options] [all|fds|genc|genmake|clean|cleanall|cleanlib|modules|libraries|run]

build.exe: error: option -a: invalid choice: '-b' (choose from 'IA32', 'X64', 'EBC', 'ARM', 'AARCH64', 'RISCV64')
make[1]: *** [package/pkg-generic.mk:293: /home/thomas/buildroot/buildroot/output/build/edk2-edk2-stable202102/.stamp_built] Error 2
make: *** [Makefile:84: _all] Error 2

Add the necessary definitions to fix the build.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 22:27:18 +01:00
Lang Daniel
ea76443a4b package/polkit: bump to version 122
As stated in [1] this and future release will only be hosted on
freedesktop's gitlab.
Archives hosted on gitlab are missing the gpg signature.

1: 49bb905131

Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 21:51:33 +01:00
Giulio Benetti
e803752a7f package/libnss: bump version to 3.85
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-22 21:50:17 +01:00
Giulio Benetti
08a013d25a package/rtl8189es: bump to latest version to fix build failure with Linux >= 6.0
Drop local patch that has been upstreamed[0] and drop the endianness
handling too since from this commit[1] on it's handled by using Linux
macro __LITTLE_ENDIAN.

[0]: 4a555ffb77
[1]: b3da33576d

Fixes:
http://autobuild.buildroot.net/results/6178fbfbe9fe762645b1907c4ceb032a00e75a89/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:51:34 +01:00
Miquel Raynal
124fc473dd package/mali-driver: remove Miquèl from the DEVELOPERS list
I am not really maintaining these packages, I don't follow closely
enough nor use them to take the time to make the necessary changes.
Giulio has been much more reactive than me to fix issues and he is
already listed for them anyway.

Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:48:28 +01:00
Peter Thompson
93d8b71371 package/sdl2_ttf: bump version to 2.20.1
Signed-off-by: Peter Thompson <peter.macleod.thompson@gmail.com>
[yann.morin.1998@free.fr: fix spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:42:18 +01:00
Francois Perrad
c3134c6abd package/nano: bump to version 7.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:38:08 +01:00
James Hilliard
40921efbca package/python-maturin: bump to version 0.14.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:34:04 +01:00
Giulio Benetti
354f9387f3 package/rtl8723ds: fix build failure due to endianness and Linux version 6.0
Add local patch pending upstream[0] to override CFLAGS to set endianness
according to BR2_ENDIAN. Let's also bump version to latest to support up to
Linux 6.1.

[0]: https://github.com/lwfinger/rtl8723ds/pull/29

Fixes:
http://autobuild.buildroot.net/results/2646ec0512f867e20c25c1d0a6417826218942d6/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:33:57 +01:00
James Hilliard
48d0e09024 package/python-orjson: bump to version 3.8.2
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 22:33:18 +01:00
Bernd Kuhls
6ebfe647b6 package/mesa3d: fix uClibc build
Moved the util/compiler.h include to util/macros.h due to upstream
commit which added static_assert() to src/util/macros.h
https://cgit.freedesktop.org/mesa/mesa/commit/src/util/macros.h?h=22.2&id=f1023571e8ce7ccb6ec7bc115240cb76aef3e5e5

Please note that this patch can be removed when buildroot toolchains
are updated to uClibc 1.0.42:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?h=v1.0.42&id=03fbd941e943976bb92cb392882c2ff7ec218704

Fixes:
http://autobuild.buildroot.net/results/a55/a55d6980faad8b5063f8f4f8b89467061d44a2ae/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:21:09 +01:00
Thomas Petazzoni
75cb8a4902 utils/genrandconfig: don't build igh-ethercat drivers
igh-ethercat comes with a small number of patched Linux kernel network
drivers, which aim at replacing the ones available in upstream Linux
kernel. All those drivers are provided only for specific kernel
releases. For example:

r8169-2.6.24-ethercat.c
r8169-2.6.24-orig.c
r8169-2.6.27-ethercat.c
r8169-2.6.27-orig.c
r8169-2.6.28-ethercat.c
r8169-2.6.28-orig.c
r8169-2.6.29-ethercat.c
r8169-2.6.29-orig.c
r8169-2.6.31-ethercat.c
r8169-2.6.31-orig.c
r8169-2.6.32-ethercat.c
r8169-2.6.32-orig.c
r8169-2.6.33-ethercat.c
r8169-2.6.33-orig.c
r8169-2.6.35-ethercat.c
r8169-2.6.35-orig.c
r8169-2.6.36-ethercat.c
r8169-2.6.36-orig.c
r8169-2.6.37-ethercat.c
r8169-2.6.37-orig.c
r8169-3.10-ethercat.c
r8169-3.10-orig.c
r8169-3.12-ethercat.c
r8169-3.12-orig.c
r8169-3.14-ethercat.c
r8169-3.14-orig.c
r8169-3.16-ethercat.c
r8169-3.16-orig.c
r8169-3.2-ethercat.c
r8169-3.2-orig.c
r8169-3.4-ethercat.c
r8169-3.4-orig.c
r8169-3.6-ethercat.c
r8169-3.6-orig.c
r8169-3.8-ethercat.c
r8169-3.8-orig.c
r8169-4.4-ethercat.c
r8169-4.4-orig.c

Obviously, this doesn't play well with the random configuration
testing done by utils/genrandconfig. This commit avoids this issue by
making sure we never build any of those drivers as part of the
genrandconfig generated configurations.

Fixes:

  http://autobuild.buildroot.net/results/07b7475d780c067d99ee5618a5fd2bb024a5b4e7/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:20:43 +01:00
Thomas Petazzoni
ea3e169677 package/igh-ethercat: bump to latest Git commit
The current version 1.5.2 dates back from 2013, so it is extremely
old. The latest master branch of igh-ethercat contains numerous fixes,
including fixes to ensure that it builds with recent Linux kernel
releases. Backporting the individual patches fixing those issues on a
9 year old release would be too much effort, so we propose to simply
bump the version to the latest available in the Git master branch.

Fixes:

  http://autobuild.buildroot.net/results/4dc9b71c805a8156bcf8f398edd3a30f2b6ac6da/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 22:20:38 +01:00
Giulio Benetti
5852fee868 package/libnss: fix build failure with make 4.3.91
Make 4.3.91 doesn't allow to safely override Simple Expanded Variables, so
let's add a patch pending upstream[0] to make those variable Conditional
Expanded.

[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=1801182

Fixes:
http://autobuild.buildroot.net/results/1074143dbea60567cd83be0a23f7c0214d470de9/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Tested-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-11-21 21:59:54 +01:00
Peter Korsgaard
b7368099ae package/sdl: add upstream security fix for CVE-2022-34568
SDL v1.2 was discovered to contain a use-after-free via the XFree function
at /src/video/x11/SDL_x11yuv.c.

https://github.com/advisories/GHSA-wr7h-5wm3-p3h4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 21:44:04 +01:00
Michael Fischer
7928c51bf6 package/sdl2: fix sdl_init() error with kernel 5.15
Fixes #6421
Backport from: da9ba3a2a1536017e4ce1ee0f4276578d1ce6e29

Signed-off-by: Michael Fischer <mf@go-sys.de>
[yann.morin.1998@free.fr: make it an actual backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 21:04:59 +01:00
Fabrice Fontaine
b91eb32120 package/gptfdisk: fix runtime failure with popt 1.19
Fix the following runtime failure raised since bump of popt to version
1.19 in commit 895bfba93f:

Problem opening  for reading! Error is 2.
The specified file does not exist!

Fixes:
 - No autobuilder failure

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reported-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-21 19:08:08 +01:00
Peter Korsgaard
81a02457b0 package/samba4: security bump to version 4.15.12
Fixes the following security issue:

- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems
  https://www.samba.org/samba/security/CVE-2022-42898.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 19:35:41 +01:00
Peter Korsgaard
bd42aa1d0a package/asterisk: security bump to version 16.28.0
Asterisk 16.26.0 fixed the following security issues:

- [ASTERISK-29476] – res_stir_shaken: Blind SSRF vulnerabilities
  https://issues.asterisk.org/jira/browse/ASTERISK-29476

- [ASTERISK-29838] – ${SQL_ESC()} not correctly escaping a terminating \
  https://issues.asterisk.org/jira/browse/ASTERISK-29838

- [ASTERISK-29872] – res_stir_shaken: Resource exhaustion with large files
  https://issues.asterisk.org/jira/browse/ASTERISK-29872

https://www.asterisk.org/asterisk-news/asterisk-16-26-0-now-available/

It unfortunately also introduced a change to chan_iax2, breaking builds
without OpenSSL:
59a8cdaca2

Which was again fixed in 16.28.0:
f812dfb68c

So bump to 16.28.0:
https://www.asterisk.org/asterisk-news/asterisk-16-28-0-now-available/

The libxml2 support now uses pkg-config, so drop the libxml2-config handling:
bf9dafa7c2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
  - add host-pkgconf dep, don't rely on implicit dep from host-asterisk
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 17:41:25 +01:00
Peter Korsgaard
e24033f76a package/systemd: security bump to version v250.8
Fixes the following security issue:

- CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in
  format_timespan() function of time-util.c.  An attacker could supply
  specific values for time and accuracy that leads to buffer overrun in
  format_timespan(), leading to a Denial of Service.
  https://github.com/systemd/systemd/issues/23928

Drop now upstream 0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 17:38:46 +01:00
Julien Olivain
2ad68ff8df package/z3: new package
Z3, also known as the Z3 Theorem Prover, is a cross-platform
satisfiability modulo theories (SMT) solver.

https://github.com/Z3Prover/z3

Signed-off-by: Julien Olivain <ju.o@free.fr>
[yann.morin.1998@free.fr:
  - python bindings 'depends on' python, not 'select' it
  - fix check-package in test_z3.py
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 14:54:58 +01:00
Fabrice Fontaine
e4ef408e8f package/sysstat: security bump to version 12.6.1
Fix CVE-2022-39377: sysstat is a set of system performance tools for the
Linux operating system. On 32 bit systems, in versions 9.1.16 and newer
but prior to 12.7.1, allocate_structures contains a size_t overflow in
sa_common.c. The allocate_structures function insufficiently checks
bounds before arithmetic multiplication, allowing for an overflow in the
size allocated for the buffer representing system activities. This issue
may lead to Remote Code Execution (RCE).

Despite what is written above in the CVE announcement, and as written in
the Changelog, the fix is also included in version 12.6.1 (12.7.1 is a
development version):
    c1e631eddc

As a consequence, 12.6.1 is still reported as being affected. Until the
NVD is updated appropriately, we mark the CVE as ignored with a comment
that explains why.

Note: that commit is not reachable from any branch in the sysstat
repository, and Github warns about that, but the commit does belong to
the upstream repository and is reachable from the 12.6.1 tag (it looks
like sysstat only pushes tags-with-history for fix releases).

https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
https://github.com/sysstat/sysstat/blob/v12.6.1/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - ignore the CVE, explain why
  - explain why github warns about the fix commit
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 12:05:13 +01:00