Commit Graph

48913 Commits

Author SHA1 Message Date
Pierre-Jean Texier
337bdb2b44 package/alsa-utils: bump to version 1.2.1
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-03 08:17:05 +01:00
Viktar Palstsiuk
b376b91a36 configs/nanopi_neo: update kernel to 5.3 and u-boot to 2019.10
Signed-off-by: Viktar Palstsiuk <viktar.palstsiuk@promwad.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-03 08:14:24 +01:00
Viktar Palstsiuk
e3e31ad84b configs/nanopi_neo: remove custom post-build/post-image script
Instead use the generic infrastructure for u-boot scripts and genimage.

Signed-off-by: Viktar Palstsiuk <viktar.palstsiuk@promwad.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-03 08:13:36 +01:00
Fabrice Fontaine
5e321ccf07 package/cmocka: fix build on riscv64
Fixes:
 - http://autobuild.buildroot.org/results/30922c18150ea62aefe123d1b7cd1444efab963f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-03 08:11:09 +01:00
Fabrice Fontaine
a94e62aa6e package/nss-mdns: disable tests
Disable tests that depend on check and have been added in version 0.11
with
7b649a3283

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:25:38 +01:00
Fabrice Fontaine
a1776d0ea5 package/nss-mdns: bump to version 0.14.1
Switch site to https://github.com/lathiat/nss-mdns to retrieve latest
version

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:25:17 +01:00
Fabrice Fontaine
059dc6887d package/kyua: bump to version 0.13
COPYING was renamed into LICENSE since version 0.12 and
db509f9d9e

So update KYUA_LICENSE_FILES and add hash for LICENSE file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:24:26 +01:00
Pierre-Jean Texier
e0e65f83e1 configs/warp7: Bump the kernel version
Bump the kernel to version 5.4.1

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:23:58 +01:00
Francois Perrad
af4d9d761a package/moarvm: bump to version 2019.11
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:23:04 +01:00
Fabrice Fontaine
93013e9b85 package/gr-osmosdr: bump to version 0.1.5
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:22:44 +01:00
Fabrice Fontaine
63d0762ab7 package/rabbitmq-c: security bump to version 0.10.0
Add additional input validation to prevent integer overflow when parsing
a frame header. This addresses CVE-2019-18609.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:22:29 +01:00
Peter Korsgaard
6340272e88 package/python-django: security bump to version 2.2.8
Fixes the following security vulnerabilities:

- CVE-2019-19118: Privilege escalation in the Django admin

Additionally, 2.2.8 (and 2.2.7) fixes a number of bugs and adds python 3.8
support.

For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.2.8/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 22:22:19 +01:00
Adrian Perez de Castro
0f4bdc8fd1 package/bubblewrap: new package
Bubblewrap is a sandboxing tool based on kernel namespaces, typically
used as lower-level infastructure by other end-user tools e.g. Flatpak.

https://github.com/containers/bubblewrap

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Peter: needs mmu and !musl toolchain]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 17:27:30 +01:00
Romain Naour
a4d38f029f package/binutils: remove version 2.30
Now that binutils 2.33.1 has been introduced, and we have moved to
2.32 as the default version, it is time to drop support for binutils
2.30.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:57:11 +01:00
Romain Naour
cac5d01ce6 package/binutils: switch to use 2.32 as the default version
Now that binutils 2.33.1 has been released, it is time to move to
binutils 2.32 as the default binutils version, instead of 2.31.1.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:50:10 +01:00
Romain Naour
7eee918ba3 package/binutils: add binutils 2.33.1
Keep sh-conf and poison-system-directories patches.
Remove xtensa patches already in this version [1] [2] [3].

Revert an upstream patch since it prevent booting a sh4 system under
Qemu as reported on the Binutils mailing list [5] [6].
This commit is not related to sh4, it's weird that it is the
only affected architecture.

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=2487ef07c28b961c6e2b8c51161f88f93b181d07
[2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=403b0b61f6d4358aee8493cb1d11814e368942c9
[3] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=548791769dc737f05cb12e5ee4190b7e853beac9
[4] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=ebd2263ba9a9124d93bbc0ece63d7e0fae89b40e
[5] https://sourceware.org/ml/binutils/2019-10/msg00105.html
[6] https://sourceware.org/ml/binutils/2019-11/msg00407.html

See:
https://www.sourceware.org/ml/binutils/2019-10/msg00103.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:45:19 +01:00
Michael Vetter
332a851a08 package/jasper: Apply fix for CVE-2018-19540
Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:40:00 +01:00
Michael Vetter
61703b82cd package/jasper: Apply fix for CVE-2018-19542
Add 0002-check-null-in-jp2_decode.patch:

Patch was proposed upstream[1] but upstream is very inactive.
Linux distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/200
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:39:42 +01:00
Michael Vetter
fddee3cf74 package/jasper: Apply fix for CVE-2018-19541
Add 0001-verify-data-range-CVE-2018-19541.patch:
We need to verify the data is in the expected range. Otherwise we get
problems later.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/211
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:39:33 +01:00
Carlos Santos
3b1d9f74c7 board/pc/post-image-efi.sh: fail on any error
As already done in post-build.sh, to prevent hiding errors.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:47:47 +01:00
Michael Vetter
cf36b7c3ac DEVELOPERS: add Michael Vetter for libstrophe
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:47:18 +01:00
Alexander Lukichev
a191ae4b90 DEVELOPERS: change email address for Alexander Lukichev
Signed-off-by: Alexander Lukichev <alexander.lukichev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:43:11 +01:00
Alexander Lukichev
071166c558 package/openpgm: drop release- prefix to match release-monitoring.org
Autobuild has a "version bump" checker that sends message to a package
maintainer if its declared version does not match the latest one on
release-monitoring.org.  In case of openpgm the version _is_ the latest one,
but a mismatch is caused by including a "release-" prefix into tags on
upstream and excluding them on other websites when referring to the
package's version.

This also fixes sha256 value for the downloaded archive.

Signed-off-by: Alexander Lukichev <alexander.lukichev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:42:28 +01:00
Romain Naour
c0719217e1 package/gcc: bump to version 7.5.0
Remove upstream patch [1]
1002-xtensa-backport-fix-for-PR-target-90922.patch

[1] 0110ab63c0

See:
https://gcc.gnu.org/ml/gcc/2019-11/msg00099.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:16:11 +01:00
Peter Korsgaard
b5fd68a454 {linux, linux-headers}: bump 5.4 series to 5.4.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 12:14:10 +01:00
Marcus Folkesson
9e000606c3 {linux, linux-headers}: add version 5.4
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 11:47:43 +01:00
Peter Korsgaard
7b24bd59c8 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 09:39:41 +01:00
Peter Korsgaard
14ec220df3 Kickoff 2020.02 cycle
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 08:57:02 +01:00
Peter Korsgaard
a4ff0817c5 docs/website/news.html: add 2019.11 announcement link
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 23:05:50 +01:00
Peter Korsgaard
836b84a774 Update for 2019.11
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 22:39:47 +01:00
Peter Korsgaard
0f5ac40374 package/{pkg-generic, python, python3}: rename .py file exclusion variable to not conflict
Fixes:
http://autobuild.buildroot.net/results/3b6/3b6280b0b7a9634b747db2865b21c6266007c725/

The PYTHON_KEEP_PY_FILES global variable conflicts with the per-package
<pkg>_KEEP_PY_FILES variable for the python package, causing make to
complain:

package/zlib/zlib.mk:7: *** Recursive variable 'PYTHON_KEEP_PY_FILES' references itself (eventually).  Stop.

As a workaround, rename the global variable to KEEP_PYTHON_PY_FILES so it
cannot conflict with the per-package variable.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 21:55:37 +01:00
Mark Corbin
ca440a773b package/musl-fts: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:16:08 +01:00
Mark Corbin
abd4976515 package/mp4v2: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:15:46 +01:00
Mark Corbin
56fff9ef97 package/matchbox-startup-monitor: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:15:12 +01:00
Mark Corbin
484b687f79 package/matchbox-panel: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:15:05 +01:00
Mark Corbin
45f5c12c4b package/matchbox-lib: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:14:56 +01:00
Mark Corbin
381fb14bbd package/matchbox-keyboard: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:14:49 +01:00
Mark Corbin
680d20cd47 package/matchbox-fakekey: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:14:43 +01:00
Mark Corbin
5fb87bbd35 package/matchbox-desktop: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:14:35 +01:00
Mark Corbin
99eb6cfb24 package/matchbox-common: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:14:06 +01:00
Mark Corbin
dcc2a29f41 package/linux-fusion: add an upstream URL to Config.in
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:13:55 +01:00
Mark Corbin
b27c5c1c0b package/luasql-sqlite3: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(406)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:13:36 +01:00
Mark Corbin
0d9c7347f0 package/luasyslog: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:13:20 +01:00
Michael Vetter
154bbfd53f package/jasper: bump to 2.0.16
Changes:
  * Fix assertion failure JPC_NOMINALGAIN (CVE-2016-9396) (#50)
  * Fix build on Windows 10 (#162)
  * Improve README
  * Fix build with CMake 2.x
  * Add missing dereference operators (#178, #157)
  * Check data in jas_image (CVE-2018-19539) (#196)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:11:45 +01:00
Pascal de Bruijn
89ebe8b4a1 package/openvmtools: only try to start vmtoolsd on vmware
adds ConditionVirtualization=vmware to vmtoolsd.service

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:10:25 +01:00
Pascal de Bruijn
164963b808 package/openvmtools: use correct variable in udev rule RUN+=
DEVPATH is not a valid substitution in a RUN+=, devpath is:
https://mirrors.edge.kernel.org/pub/linux/utils/kernel/hotplug/udev/udev.html

So use that to get rid of the following warning:

Invalid value "/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'" for RUN
(char 27: invalid substitution type), ignoring, but please fix

Source: https://github.com/vmware/open-vm-tools/pull/376

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Acked-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[Peter: extend description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:06:25 +01:00
Pascal de Bruijn
7ad22f41b5 package/openvmtools: udev rules files should not be executable
/usr/lib/udev/rules.d/99-vmware-scsi-udev.rules is marked executable,
causing systemd to complain.

Source: https://github.com/vmware/open-vm-tools/pull/376

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 19:01:14 +01:00
Michael Vetter
3a508f8564 package/prosody: bump to bugfix version 0.11.3
This is a bugfix release for the stable 0.11 branch. It is recommended
for all users of 0.11.x to upgrade.

Important note for those upgrading: Previous releases did not
automatically expire messages from group chat (MUC) archives, so if
mod_muc_mam was loaded and enabled for a MUC, archives would grow
indefinitely. This is not what most deployments want, therefore
automatic expiry is now implemented and enabled with a default 7 day
retention. You can configure this with the muc_log_expires_after
configuration option, which can be set to "never" to restore the old
behaviour and preserve any existing logs older than 7 days.

For details see:
https://prosody.im/doc/release/0.11.3

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 18:58:34 +01:00
Mark Corbin
3fa37a41d8 package/mxsldr: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 18:58:15 +01:00
Mark Corbin
f06ae71f64 package/opentyrian-data: update the upstream URL in Config.in
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(405)' URL status in the package stats
web page output.

Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-01 18:57:47 +01:00