Commit Graph

44436 Commits

Author SHA1 Message Date
Peter Korsgaard
b0f0f07c59 docs/website: update for 2018.11.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-30 17:34:24 +01:00
Fabrice Fontaine
fb22931bcf leveldb: disable parallel build
Commit abba4e7012 did not succeed in
fixing all parallel build failures because sometimes $(SHARED_OUTDIR) is
created but not $(SHARED_OUTDIR)/db so instead of fixing this mess,
revert the patch and disable parallel build as upstream switched to
cmake

Fixes:
 - http://autobuild.buildroot.org/results/9c33692aa130a20b0f8e868156e49990e862d6ee

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-30 08:38:47 +01:00
Fabrice Fontaine
64c62209f8 Revert "leveldb: fix parallel build"
This reverts commit abba4e7012.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-30 08:38:40 +01:00
Fabrice Fontaine
848221b47c mbedtls: security bump to version 2.7.9
CVE-2018-19608 is fixed by bumping mbdedtls to a version greater or
equal to 2.7.8, see
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 23:09:53 +01:00
Chris Packham
8cac823b00 package/syslog-ng: allow building with static libraries
Bring in an upstream patch to fix builds for targets which lack dlfcn.h
and revert "package/syslog-ng: depend on !BR2_STATIC_LIBS".

This reverts commit 44dbd2907c. Now that
upstream has different fix for the build issues with a static libc we
can re-enable syslog-ng on these systems.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-29 23:00:04 +01:00
Ricardo Martincoski
4d5d0124c7 support/testing/infra/basetest: support br2-external
Some upcoming test cases can use one or more br2-external trees as
fixtures that provide packages used only in runtime tests.

Add support for br2-external into the BRTest class. Any test case can
then provide a list of paths for being used as br2-external trees
during the build of the image to test.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: use named argument for make_extra_opts.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-29 22:16:33 +01:00
Ricardo Martincoski
07bbf1b4dd support/testing/infra/builder: configure and build with make target and environment
Make the builder able to call 'VAR1=1 make VAR2=2 target'.

Allow sending extra parameters to be added to the end of make command
line. Uses for these purposes:
 - to configure a br2-external, using the 'BR2_EXTERNAL="dir" variable.
 - to specify a make target, such as 'foo-source.'

Allow adding variables to the environment when calling make.
These added variables allow a user to override default values from BuildRoot,
such as 'BR2_DL_DIR="dl"'.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-29 22:14:55 +01:00
Vadim Kochan
f33c3090fe package/nut: Add support for openssl 1.1.x
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 16:42:24 +01:00
Vadim Kochan
93cd0fe748 package/libshout: Add support for openssl 1.1.x
Add patch from Debian:

https://sources.debian.org/data/main/libs/libshout/2.4.1-2/debian/patches/01-libshout-tls-compile-with-OpenSSL-1.1.0.patch

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 16:40:39 +01:00
Ricardo Martincoski
fe7a5d7120 utils/check-package: handle ifdef/ifndef in .mk files
Currently check-package only knows about ifeq/ifneq.
Add code to handle ifdef/ifndef as well.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 16:38:41 +01:00
Ricardo Martincoski
4a6c5ab2c3 utils/check-package: allow to disable warning for a line
Currently any exceptions for a check function need to be coded into the
check-package script itself.

Create a pattern that can be used in a comment to make check-package
ignore one or more warning types in the line immediately below:
 # check-package Indent, VariableWithBraces

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 16:37:47 +01:00
Yann E. MORIN
908a8b5a7f package/busybox: drop empty configure command
Since commit 50dc350c65 (package/busybox: update to 1.29.0), we no
longer define the BUSYBOX_NOCLOBBER_INSTALL macro, so it expands to an
empty string, so we end up with no action in BUSYBOX_CONFIGURE_CMDS.

Drop BUSYBOX_CONFIGURE_CMDS now that it serves no purpose.

Signed-off-by: Yann MORIN <yann.morin@orange.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 16:37:10 +01:00
Arnout Vandecappelle (Essensium/Mind)
fc9fd5a878 Revert "ffmpeg: fix static linking build failure when using libavutil"
This reverts commit 483db99089.

It was a test commit that was not supposed to be pushed. The patch
doesn't apply to ffmpeg 3.4.5.

Fixes:
  http://autobuild.buildroot.net/results/f3e/f3eaaff9e55ca7c75fe7094547dc2394b1288849

and many more.
2019-01-29 10:00:45 +01:00
Thomas Petazzoni
9ef15934fe docs/manual: update package-make-target.txt with more targets
This commit updates package-make-target.txt with a few additional
useful per-package targets that have been added in recent times.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-01-29 00:32:11 +01:00
Giulio Benetti
483db99089 ffmpeg: fix static linking build failure when using libavutil
If a package tries to static link with libavutil it fails due to the
lack of libavutil private dependencies in libavutil.pc (-ldrm in this
case).

Add patch to:
- Check if libdrm is present.
- Add it to Libs.private: in libavutil.pc if present.

Fixes:
http://autobuild.buildroot.net/results/766/766de487f394490df8c712652ac364ebb4a3ab14/
http://autobuild.buildroot.net/results/041/041e29dfddb2da3309ac7d34a576c60c5a75fe4d/
http://autobuild.buildroot.net/results/780/78061b61cfe3f42554a475c048d54dacacfe11d5/
http://autobuild.buildroot.net/results/275/275e4e0030d26c029085b408cfb272d5633969c6/
http://autobuild.buildroot.net/results/515/5152dcca58944cf732d09fba6e6c9af8a9243c75/
http://autobuild.buildroot.net/results/395/395be1a9cab824b82ef34c2ebd84d54243029b33/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-01-29 00:16:10 +01:00
Carlos Santos
01aacbf942 skeleton-init-common: improve /etc/hosts generation
If BR2_TARGET_GENERIC_HOSTNAME contains a FQDN, strip the host part and
add it as an alias, e.g.

    127.0.1.1	hostname.example.com hostname

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-01-29 00:12:00 +01:00
Thomas De Schampheleire
a7d07b5852 jemalloc: allow on MIPS64
jemalloc uses architecture #ifdefs to determine LG_QUANTUM and gives an
error when an unsupported architecture is used.
For this reason, Buildroot commit 3baf996c6a
introduced BR2_PACKAGE_JEMALLOC_ARCH_SUPPORTS.

In the jemalloc sources, 'mips' is checked via '__mips__' which is set both
for 32-bit as 64-bit MIPS (including MIPS64 n32).
However, the Buildroot arch selection only includes 32-bit MIPS via BR2_mips
and BR2_mipsel.

Update the arch selection to support MIPS64.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-01-28 23:01:09 +01:00
Peter Korsgaard
7b8feba51d tpm2-tools: drop dependency on tpm2-abrmd
tpm2-tools is commonly used with the resource manager, tpm2-abrmd - But it
CAN be used without, E.G. by setting the TPM2TOOLS_TCTI_NAME environment
variable to communicate directly with the kernel driver:

export TPM2TOOLS_TCTI_NAME=device

Either directly with the TPM device (/dev/tpmN) or through the in-kernel
resource manager provided by Linux kernel since 4.12 (/dev/tpmrmN)

For some use cases (E.G. initramfs) it makes sense to use tpm2-tools
without abrmd, so remove the tpm2-abrmd select, and instead a note in the
help text that it may be needed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:19:51 +01:00
Fabrice Fontaine
cb3397e633 libxml2: security bump to version 2.9.9
- Fixes CVE-2018-9251 and CVE-2018-14567:
  2240fbf591
- Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5
- Remove patch: CVE-2017-8872 was fixed by
  https://gitlab.gnome.org/GNOME/libxml2/issues/26

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:19:06 +01:00
Fabrice Fontaine
fc166894b3 minizip: disable compatibility headers
minizip enables zip.h and unzip.h compatibility headers since version
2.7.2 and
1b2b32c8b8

This is an issue as php fails to build if minizip is built after libzip
because minizip installs a zip.h header without zip_stat, ZIP_CREATE,
ZIP_FL_NOCASE, zip_fopen, etc ...

So until the compatibility headers are enhanced/fixed in minizip, disable them

Fixes:
 - http://autobuild.buildroot.org/results/7b41f4e4a521b1e17aa885aac4419b26e0dd8700

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:09:00 +01:00
Fabrice Fontaine
0f5e916f31 haproxy: disable on sh4 with gcc < 7
Build fails on sh4:
src/dns.c:290:1: error: unable to find a register to spill in class 'R0_REGS'
 }

This build failure seems related to a known gcc bug that has been fixed
only in gcc 7:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60040

Fixes:
 - http://autobuild.buildroot.org/results/2e181cc874d5389f10ecddb0d11253c3aa5e7fc4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:06:51 +01:00
Fabrice Fontaine
55e04fbb4d libkcapi: bump to version 1.1.4
Update hash of COPYING (year has been updated):
3c56934f44

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:06:07 +01:00
Fabrice Fontaine
cd2a5f7966 jansson: bump to version 2.12
Update hash of license file (update in year):
3e13f514ce

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:05:52 +01:00
Fabrice Fontaine
4d85d5038e clamav: needs C++
clamav needs C++ since bump to version 0.101.1 and
d39cb6581f

Fixes:
 - http://autobuild.buildroot.org/results/be14aa571309cda32a5963feed9fd7f220e87fe6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:05:15 +01:00
Gwenhael Goavec-Merou
15320d0060 qemu_riscv64_virt_defconfig: fix linux header selection
When the kernel is built by Buildroot BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_YY
must be used and not BR2_KERNEL_HEADERS_X_YY.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:04:33 +01:00
Peter Korsgaard
da17aef2e0 package/gnutls: bump to version 3.6.6
Drop now upstreamed 0001-configure.ac-check-if-libatomic-is-needed.patch and
autoreconf.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:04:17 +01:00
Fabrice Fontaine
d2f606a646 gnutls: fix build on sparc
gnutls source code uses the C++11 <atomic> functionality since
7978a73346,
which internally is implemented using the __atomic_*() gcc built-ins

On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:

../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'

on an architecture like SPARC.

To solve this, a configure.ac check is added to know if we need to
link against libatomic or not. The library is also added to gnutls.pc.

Fixes:
 - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
 - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 16:54:59 +01:00
Ricardo Martincoski
e2b98dfede support/testing: add atop test
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 10:00:45 +01:00
Ricardo Martincoski
780ea788b6 package/atop: bump to version 2.4.0
Drop patch 0001 as it was applied upstream [1].
This new version uses PERF_FLAG_FD_CLOEXEC therefore it needs a
toolchain with headers >= 3.14.

[1] 414127c036

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 10:00:22 +01:00
Fabrice Fontaine
dd08ca7aa9 zbar: needs kernel headers >= 3.17
v4l2_query_ext_ctrl has been added in kernel 3.17:
5082c24178

Fixes:
 - http://autobuild.buildroot.org/results/d7b244cf9488eafb59ba8575f17884f4f8512db1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 09:58:59 +01:00
Fabrice Fontaine
efe201d8ad libva-utils: fix build with gcc 4.8
Fixes:
 - http://autobuild.buildroot.org/results/64d9b79de5d31eb5a0c219081479bebb1f2527ed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 09:58:01 +01:00
Gerome Burlats
0203df36ac qemu/aarch64-virt: Emulate cortex-a53 in qemu to match Buildroot config
qemu_aarch64_virt_defconfig (implicitly) specifies cortex-a53, so adjust the
QEMU command line to also emulate a a53 instead of a57.

Also adjust the defconfig to explicitly specify a53 for consistency/clarity.

Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:38:45 +01:00
Ricardo Martincoski
e25040d31a package/usb_modeswitch: avoid overriding variables
Overriding variables in packages recipes is an error-prone practice.

Current behavior of installing either only as a script or only as a
binary is intended, as describe in the commit log of "d3e4db4e34
usb_modeswitch: bump to version 1.2.6" from 2013.

Rewrite the code to keep the same behavior while replacing variable
override [1] by conditional assignments [2].

[1]
VAR = ...
if ...
VAR = ...

[2]
if ...
VAR = ...
else
VAR = ...

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:19:05 +01:00
Ricardo Martincoski
8be8c72c2b package/usb_modeswitch: drop unicode space in comment
Commit "a554109af8 package/usb_modeswitch: disable parallel build" added
a unicode space in a comment. Replace it with a normal ASCII space for
consistency with elsewhere.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:18:50 +01:00
Ricardo Martincoski
d6bce837ec Revert "avrdude: add license information"
This reverts commit d1f545004b from 2014
because the added variables already existed. The real problem at the
time was that one of the pre-existent variables had a typo, fixed in a
later commit.

Currently AVRDUDE_LICENSE and AVRDUDE_LICENSE_FILES are declared twice
with the same values for each one. So remove one of them.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:17:07 +01:00
Ricardo Martincoski
df0d7d1371 package/sdl_sound: actually use the optional CONF_OPTS
Since "57ace26b6c package/sdl_sound: add optional support for
libmodplug" from 2016, optional CONF_OPTS are added but they do not
really take effect because there is an unconditional override below the
conditional append.

Currently this does not cause build failures, but it can lead to wrong
detection of dependencies because many explicit --enable/--disable are
not passed to configure.

Fix this by moving the unconditional code to the top.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:15:55 +01:00
Ricardo Martincoski
30ff614a03 package/s6-networking: fix dependency when libressl is enabled
Commit "c5b85231fb s6-networking: enable SSL if libressl is selected"
actually dropped the dependency on s6-dns and s6 when libressl is
enabled.
Fix this by using += inside the conditional code.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:14:48 +01:00
Peter Korsgaard
68ec36d9fa package/lighttpd: bump to version 1.4.53
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:14:08 +01:00
Vadim Kochan
618b2117e2 package/vboot-utils: Add support for openssl 1.1.x
Backported changes from commit bce7904376beee2912932433a4634c1c25afe2f5,
there was some conflicts in few places which includes openssl_compat.h and
1 place in vb2_rsa_sig_alg function.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 22:11:30 +01:00
Jörg Krause
bb06035e6a package/upmpdcli: fix static build issue
The spotify plugin requires shared library support and needs <dlfcn.h>.
Explicitly disable the spotify plugin when building upmpdcli in a static
context.

Fixes:
http://autobuild.buildroot.net/results/cb942d3c5f68959d6cbc85535ccff4a275369f91/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-27 21:46:03 +01:00
Thomas De Schampheleire
17ba24bac1 package/libarchive: add four security patches
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.

- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."

- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."

- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)

"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."

- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)

"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 21:26:20 +01:00
Asaf Kahlon
afffba5cd7 python-pyasn1-modules: bump to version 0.2.4
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 21:24:17 +01:00
Peter Seiderer
0d176bf678 package/rpi-userland: bump version to e5803f2c98
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:38:30 +01:00
Peter Seiderer
567355742f configs/raspberrypi*: bump kernel version to 83b36f98e1
Now based on 4.14.95 (from 4.14.91).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:38:04 +01:00
Bernd Kuhls
e94a4b50c1 package/freeswitch: bump version to 1.8.5
Removed patch 0002, not needed anymore after upstream commit
13f6890f41

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:36:52 +01:00
Bernd Kuhls
e6a67cc410 package/libpng: bump version to 1.6.36
License[1] was bumped to v2, for details see
http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/003791.html

[1] http://www.libpng.org/pub/png/src/libpng-LICENSE.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: use Libpng-2.0 as license tag]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:34:38 +01:00
Bernd Kuhls
0abeee374a package/pngquant: bump version to 2.12.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:13:40 +01:00
Bernd Kuhls
77dacbb0d8 package/znc: bump version to 1.7.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:13:20 +01:00
Francois Perrad
1ad4cc9979 prosody: bump to version 0.11.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:11:49 +01:00
Francois Perrad
df9b13e674 perl-uri: bump to version 1.76
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:23:16 +01:00