Commit Graph

53653 Commits

Author SHA1 Message Date
Peter Korsgaard
1861514be3 docs/website/news.html: correct left/right ordering of 2020.08-rc2 entry
And drop the confusing class="timeline" tag from the 2020.08-rc1 entry.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-24 16:58:59 +02:00
Peter Korsgaard
30ccc0e3f0 Update for 2020.08-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-24 16:19:07 +02:00
Fabrice Fontaine
d0ad2496cd package/openfpgaloader: drop ftdipp
ftdipp is not needed since version 0.1 and
3df577b706

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-24 14:00:17 +02:00
Fabrice Fontaine
15ec88c387 package/openfpgaloader: drop udev from comment
Commit 5714f3f81f forgot to remove udev
from comment

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-24 14:00:08 +02:00
Peter Korsgaard
7a3711132a {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 7}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-24 11:28:20 +02:00
Fabrice Fontaine
d67ff44850 package/ripgrep: fix debug build
There is no --debug mode for cargo resulting in the following build
failure since the addition of this package with commit
4b0d1ef6ac:

error: Unknown flag: '--debug'

Fixes:
 - http://autobuild.buildroot.org/results/58e74bb056ec65680ecebaa559aa14bdebbf5c85
 - http://autobuild.buildroot.org/results/28c6364a89a6044d5a036614f7a6e59815efb770

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: keep the default 'dev' mode when in debug]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-24 11:02:08 +02:00
Gwenhael Goavec-Merou
5714f3f81f package/openfpgaloader: bump to current master
- argp is no more used;
- UDEV dependency is now optional

Fix:
- http://autobuild.buildroot.org/results/f3f3cc216ae42bb8a8925b0df7c1a3cc79b027d7

/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:
In member function 'void SPIFlash::jtag_write_read(uint8_t, uint8_t*, uint8_t*, uint16_t)':
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:92:43:
error: variable-sized object 'jtx' may not be initialized
  uint8_t jtx[xfer_len] = {reverseByte(cmd)};
                           ^
and

src/gowin.cpp:73:11: error: 'runtime_error' is not a member of 'std'
 throw std::runtime_error("both write-flash and write-sram can't be set");
       ^
src/gowin.cpp:81:10: error: 'runtime_error' is not a member of 'std'
  throw std::runtime_error("incompatible file format");

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
  - don't add a sub-option for udev; directly rely on udev being avail
  - fix conflict after 1ca0077d91
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-24 10:55:11 +02:00
Fabrice Fontaine
ec5b470710 docs/manual/adding-packages-cargo.txt: drop debug profile
There is no debug profile on cargo. The available profiles are: dev
(enabled by default), release, test and bench.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-24 10:47:40 +02:00
Peter Korsgaard
b541b68067 package/xen: add upstream security fix for XSA-327
Fixes the following security issue:

CVE-2020-15564: Missing alignment check in VCPUOP_register_vcpu_info

For further details, see the advisory:

https://xenbits.xenproject.org/xsa/advisory-327.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 23:35:09 +02:00
Yann E. MORIN
071dbfeb4d support/tests: add runtime test for python-rpi-gpio
Modeled after similar python packages.

However, this one is picky, and throws an exception when it
detects that it is not running on a Raspberry Pi. So we just
catch that exception and check this is what we expect.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@paral.in>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 23:29:55 +02:00
Yann E. MORIN
ae6bd1eb44 package/python-rpi-gpio: fix gcc-10 compatibility patch
Although the patch makes the package build OK, it fails at runtime
when the module is imported, because of missing symbols:

    ImportError: /usr/lib/python3.8/site-packages/RPi/_GPIO.cpython-38-aarch64-linux-gnu.so: undefined symbol: high

Fix that by making sure the symbols are declared once, but only once.

Fixes: #13166

Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 23:29:52 +02:00
Yann E. MORIN
47349e4561 package/qt5: needs host gcc >= 5.0 for full C++11
Building qmake requires full C++11, which boils down to gcc >= 5.0,
which is what upstream advertises as a requirement anyway:

    https://doc.qt.io/qt-5.15/supported-platforms.html

    Distribution   | Architecture     | Compiler
    Generic Linux  | x86 and x86_64   | GCC (5 or later), ICC 18.x

Fixes:
    http://autobuild.buildroot.org/results/c3e/c3ee971a72f268e72b69a647e8fd00a8cee7dc91/
    http://autobuild.buildroot.org/results/89c/89c9a88b4e1195e952528574263201d4fbc27570/
    [...]

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 23:20:56 +02:00
Peter Korsgaard
b557b2e812 package/tpm2-abrmd: bump to version 2.3.3
Bugfix release with a single fix:

Fixed:
  - Fixed handle resource leak exhausting TPM resources.

https://github.com/tpm2-software/tpm2-abrmd/releases/tag/2.3.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-23 22:47:47 +02:00
Titouan Christophe
4a55c2743b package/libcurl: security bump to 7.72.0
This new version fixes, amongst many other things, CVE-2020-8231
(https://curl.haxx.se/docs/CVE-2020-8231.html). See the full changelog
on https://curl.haxx.se/changes.html#7_72_0 .

Also drop the 4 patches, that have all been released upstream.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-23 22:36:10 +02:00
Yann E. MORIN
1ca0077d91 package/openfpgaloader: C++ dependency is not inherited
openfpgaloader is written in C++, so the dependency on C++ is not
inherited from libftdipp1.

Drop the confusing comment.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 21:51:27 +02:00
Fabrice Fontaine
de9e0f1f00 package/php: drop BR2_PACKAGE_PHP_EXT_HASH
hash extension can't be disabled since version 7.4.0 and
bf34442581

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 19:03:20 +02:00
Fabrice Fontaine
6f3e269737 package/php: drop --with-libxml-dir
--with-libxml-dir has been dropped since version 7.4.0 and
29d1b7fd52

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 19:02:20 +02:00
Fabrice Fontaine
3004d54034 package/php: ffi needs dynamic library
FFI support in php has been added with commit
e16f05c0f0, it depends on dynamic library
otherwise the build will fail on:

/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/5.5.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ext/ffi/ffi.o: in function `zim_FFI_cdef':
ffi.c:(.text+0xe78): undefined reference to `DL_LOAD'

Fixes:
 - http://autobuild.buildroot.org/results/3380b7b6777d1c5fcb53c855b003466fa3bf2079

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 19:00:58 +02:00
Peter Korsgaard
4b126afd27 package/bind: security bump to version 9.11.22
Fixes the following security issues:

CVE-2020-8622: A truncated TSIG response can lead to an assertion failure
https://kb.isc.org/docs/cve-2020-8622

CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely
triggerable assertion failure in pk11.c
https://kb.isc.org/docs/cve-2020-8623

CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly
https://kb.isc.org/docs/cve-2020-8624

For more details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:30:56 +02:00
Peter Korsgaard
15484553f3 package/chrony: security bump to version 3.5.1
Fixes the following security issues:

CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------

When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.

This issue was reported by Matthias Gerstner of SUSE.

For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:30:55 +02:00
Fabrice Fontaine
1a0fc70454 package/qt5/qt5imageformats: fix build with jasper
Fixes:
 - http://autobuild.buildroot.org/results/ea3bc0d3110cb54421ecf433317ca79ca0ff834a
 - http://autobuild.buildroot.org/results/6831dfdd1ecaaa3812de481882040c1742a72aec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:28:33 +02:00
Fabrice Fontaine
531e96e98c docs/manual: fix typo
depednencies -> dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:12:46 +02:00
Fabrice Fontaine
8d57f13b7a package/owfs: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/7e9c33d7a1613826f85716403a00dce03dd8daf2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:03:18 +02:00
Fabrice Fontaine
3c1174ddd0 package/mjpg-streamer: disable opencv python and cpp example
python-numpy is an optional dependency since
545c1a1d3a

This dependency will raise the following build failure if python-numpy
is found on the host:

aarch64_be-linux-gnu-g++: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/lib/python3/dist-packages/numpy/core/include'

because mjpg-streamer uses the python executable to retrieve the include
directory:

-- Found PythonLibs: /home/peko/autobuild/instance-0/output-1/host/aarch64_be-buildroot-linux-gnu/sysroot/usr/lib/libpython3.8.so (found version "3.8.5")
-- Found PythonInterp: /usr/bin/python3.5 (found version "3.5.3")
-- Found NUMPY: /usr/lib/python3/dist-packages/numpy/core/include

So disable python filter as well as cpp example while at it

Fixes:
 - http://autobuild.buildroot.org/results/e6795fa8ed5d8514b3e10ea1135afb31eab22b7e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 13:23:28 +02:00
Fabrice Fontaine
ba5a463add package/libubox: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/aef10cc43f6c34f106624588ae2a1131520ee066

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 13:22:36 +02:00
Fabrice Fontaine
1c979b57ef package/ncftp: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/78822bc0e0039e8f8949011a256cac022863276f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-23 13:20:40 +02:00
Fabrice Fontaine
a4bd80de75 package/gstreamer1/gst1-plugins-bad: fix deactivation of opencv
Build can fail if opencv3 is built before gst1-plugins-bad because
-Dopencv=disabled does not work in meson (i.e. since commit
5d6c408e95)

Fixes:
 - http://autobuild.buildroot.org/results/19605057c4956d97e9e65068680485db637282db

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 11:27:33 +02:00
Fabrice Fontaine
094351c723 package/collectd: fix build with luajit
Build with luajit has been enabled with commit
911a9bf573 however the build fails because
collectd does not find liblua

Fixes:
 - http://autobuild.buildroot.org/results/31302b47fb70eb442cd000f4b9f27a9e12432cc3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-22 17:52:37 +02:00
Fabrice Fontaine
09e5e3dbdd package/igd2-for-linux: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/f296984c3851fc28341210e36ef1b55b2edac209

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-21 00:20:34 +02:00
Bernd Kuhls
bbb4e21046 package/dovecot-pigeonhole: bump version to 0.5.11
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000439.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-21 00:11:21 +02:00
Fabrice Fontaine
344af15d01 package/efl: fix build without NLS
nls is enabled by default in meson_options.txt (which is available since
version 1.22.0). NLS was explicitly disabled for host-efl in commit
6deaa3d50d but nothing was done for the
target resulting in the following build failure:

../src/lib/elementary/elm_priv.h:189:25: warning: implicit declaration of function '_elm_dgettext'; did you mean 'dgettext'? [-Wimplicit-function-declaration]
 #  define E_(string)    _elm_dgettext(string)
                         ^~~~~~~~~~~~~

/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: src/lib/elementary/libelementary.so.1.24.3.p/elc_hoversel.c.o: in function `_access_state_cb':
elc_hoversel.c:(.text+0x1210): undefined reference to `_elm_dgettext'

So enable nls dependening on BR2_SYSTEM_ENABLE_NLS and add
TARGET_NLS_DEPENDENCIES to EFL_DEPENDENCIES

Fixes:
 - http://autobuild.buildroot.org/results/5985b39b87c5c392b4f9b65c12008ec7b3a143fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-21 00:10:22 +02:00
Fabrice Fontaine
cc88590b49 package/gstreamer1/gstreamer1-editing-services: disable introspection
Disable introspection as it raises a build failure with autotools.
It could be enabled after bumping to upcoming 1.18.x and switching to
messon. We can't switch now as version 1.16.2 don't allow to disable
examples/tools through meson

Fixes:
 - http://autobuild.buildroot.org/results/36eb875fba2847b32df05f31d8f8ca9f0ecde36f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-21 00:01:20 +02:00
Fabrice Fontaine
cda136d820 package/c-periphery: fix build with kernel 4.6 and 4.7
Fixes:
 - http://autobuild.buildroot.org/results/c3b868c12baac9438b792ada105c0b0de0106311

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-20 23:57:42 +02:00
Frank Vanbever
d059946df0 package/elixir: fix host-erlang dependency
There is no target elixir package, so setting a value to
ELIXIR_DEPENDENCIES has no effect, HOST_ELIXIR_DEPENDENCIES must be
used instead.

Fixes:

  http://autobuild.buildroot.net/results/a3a37eb724ca5689f8e83c9b2af04d07afa80315/

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-20 23:55:27 +02:00
Fabrice Fontaine
cbcab766dc package/dieharder: fix build with gcc 10
Disable -fno-common with dieharder, there is more than 100 variables to
fix and upstream seems dead.

Fixes:
 - http://autobuild.buildroot.org/results/ba70d111cd1f2029a193a88af3b44daf6ef27786

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-19 23:28:34 +02:00
Fabrice Fontaine
99ab724a3a package/dump1090: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/88dc97fcaa649014edb3b54a5dd4bd8ec4715bbd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-19 22:59:40 +02:00
Fabrice Fontaine
b0112af04e package/gdbm: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/39c405096908e1d15f2462b990717215bea0750f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-19 22:47:44 +02:00
Romain Naour
243d500f8d support/testing: add openssh runtime test
This new runtime test is based on test_dropbear.py. The only required change
is to use "-oStrictHostKeyChecking=no" instead of "-y" to accept the new key.

Since the base test infra only provide a uClibc-ng toolchain, add a second
test using a glibc based internal toolchain.

For example, this allow to trigger the openssh 8.1p bug with glibc 2.31 [1].

[1] https://bugs.archlinux.org/task/65386

Signed-off-by: Romain Naour <romain.naour@smile.fr>
yann.morin.1998@free.fr:
  - deduplicate the whole test
  - don't provide any NIC, we only need and use lo
  - simplify post-build script (append with cat, don't munge with sed)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-19 22:13:43 +02:00
Fabrice Fontaine
486d2d5ee0 package/mpd: add libid3tag optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:49:23 +02:00
Fabrice Fontaine
fdb80f0a89 package/mpd: add zziplib optional dependency
zziplib is an optional dependency since version 0.15.0 and
e216e01ab3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:49:17 +02:00
Fabrice Fontaine
a597a2020f package/mpd: add libmodplug optional dependency
libmodplug is an optional dependency since version 0.15.0 and
d838a1ad24

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:49:08 +02:00
Fabrice Fontaine
db61a89648 package/mpd: add libsidplay2 optional dependency
libsidplay2 is an optional dependency since version 0.15.0 and
1136f6fb7a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:49:04 +02:00
Fabrice Fontaine
668530f1e3 package/collectd: fix build with dpdk_telemetry
Fix typo added by 44e0b6014f

Fixes:
 - http://autobuild.buildroot.org/results/770293a007d683cb6f82f1fd3bcc20967e2b4bed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:44:18 +02:00
Bernd Kuhls
6db0ea91ef package/dovecot: security bump version to 2.3.11.3
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html

Fixes the following CVEs:

* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:44:18 +02:00
Bernd Kuhls
042656980b package/dovecot-pigeonhole: bump version to 0.5.11
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000439.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:43:34 +02:00
Petr Vorel
409528c996 package/musl: bump to version 1.2.1
The license file has seen a few changes, but the overall license
remains MIT. Details of the changes:

--- output/build/musl-1.2.0/COPYRIGHT	2020-02-21 01:37:02.000000000 +0100
+++ output/build/musl-1.2.1/COPYRIGHT	2020-08-04 06:21:09.000000000 +0200
@@ -127,10 +127,13 @@
 and labelled as such in comments in the individual source files. All
 have been licensed under extremely permissive terms.

-The ARM memcpy code (src/string/arm/memcpy_el.S) is Copyright © 2008
+The ARM memcpy code (src/string/arm/memcpy.S) is Copyright © 2008
 The Android Open Source Project and is licensed under a two-clause BSD
 license. It was taken from Bionic libc, used on Android.

+The AArch64 memcpy and memset code (src/string/aarch64/*) are
+Copyright © 1999-2019, Arm Limited.
+
 The implementation of DES for crypt (src/crypt/crypt_des.c) is
 Copyright © 1994 David Burren. It is licensed under a BSD license.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:42:20 +02:00
Jugurtha BELKALEM
a01bf684ea package/python-requests : bump to version 2.24.0
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:31:03 +02:00
Jugurtha BELKALEM
f737aaac1e package/python-urllib3: bump to version 1.25.10
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:30:40 +02:00
Luca Ceresoli
cb13451d5c package/snmppp: bump to version 3.4.2
The src/v3.cpp source file, used as a license file, has seen a few
modifications (hence the change of hash) but none of these changes are
related to licensing.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 23:29:31 +02:00
Thomas Claveirole
bc5f24c070 package/openlayers: bump to version 6.4.3
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-18 22:25:01 +02:00