Commit Graph

44994 Commits

Author SHA1 Message Date
Bernd Kuhls
4a6165aa4e package/php: bump version to 7.3.7
Changelog: https://www.php.net/ChangeLog-7.php#7.3.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7accdcb3a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:57:11 +02:00
Adrian Perez de Castro
b6a34aa99d package/webkitgtk: bump to version 2.24.3
Version 2.24.3 is a minor update which contains many bugfixes.
>From the announcement:

  - Fix previous/next gestures in RTL mode.
  - Fix rendering artifacts in popular sites (YouTube, GitHub, etc.)
  - Fix media playback annoyances (volume randomly changing, HLS streams
    starting too slowly, some audio streams would not play, etc.)
  - Fix build with audio and video disabled.

  https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3ff05d9094)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:56:03 +02:00
Peter Korsgaard
cd8ff25d7f {linux, linux-headers}: bump 4.{14, 19}.x / 5.1.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.1.x bump]
(cherry picked from commit 173ed657f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:54:55 +02:00
Fabrice Fontaine
656bd2d824 package/libsecret: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/1497d7c2485c4a107ab82c870d78744981efb6d3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3bd1574aef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:47:00 +02:00
Peter Korsgaard
920e467980 package/python-django: security bump to version 2.1.10
Fixes the following security vulnerabilities:

CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via
HTTPS

For more details, see the announcement:
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9f87b3785f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:45:30 +02:00
Baruch Siach
90c114911f package/faad2: add upstream security fixes
CVE-2018-20194: Stack buffer overflow on invalid input

CVE-2018-20362: Null pointer dereference when processing crafted AAC
input

Add two more crash fixes from upstream.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7f4dde3318)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:43:21 +02:00
Brandon Maier
036a9add4b utils/check-package: Add a quiet flag
When running in a CI system, stat messages become white noise. Introduce
an option to suppress non-error, non-warning, messages.

Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 44af8386f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:42:09 +02:00
Marcin Niestroj
769ce63723 boot/barebox: needs host-{flex,bison}
Barebox starting from 2019.02 no longer ships flex/bison generated
parser. Add conditional kconfig dependencies, same as we did for kernel
and uboot.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e7d8d9a765)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:41:15 +02:00
Peter Korsgaard
259d203f5a package/irssi: security bump to version 1.0.8
Fixes the following security vulnerability:

CVE-2019-13045: Use after free when sending SASL login to the server found
by ilbelkyr

For more details, see the advisory:
https://irssi.org/security/html/irssi_sa_2019_06/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0a1b957d4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:39:56 +02:00
Yann E. MORIN
721208a871 package/meson: fix empty arguments in cross-compilation.conf
When TARGET_CFLAGS (or _LDFLAGS or _CXXFLAGS) are empty, but were
constructed by appending other variables, like:

    TARGET_CFLAGS = $(SOMETHING) $(SOMETHING_ELSE)

and both variables are empty, then $(TARGET_CFLAGS) is _not_ the
null-string; it's value is a string made of a single space.

This means that the construct:

    $(if $(TARGET_CFLAGS),true,false)

will in fact return 'true'.

In our case, it means that we will call:

    `printf '"%s", ' `

which expands to just:

    "",

which we are then happy to insert as-is in the generated
cross-compilation.conf.

Then meson, will happily call the compiler with an empty argument.

The compiler is less happy, though:

    arm-none-linux-gnueabi-gcc: error: : No such file or directory

And this is not even trivial to debug either... The only clue being that
there seems to be something missing between ': :'

We fix that testing the $(strip)ed value. We can still pass the
non-$(strip) expansion, because the shell will just do it for us, and we
are then sure there is at least one non-blank word in there.

Thanks a lot to Adam for his invaluable help debugging this!

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e9de6d9e0a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:33:55 +02:00
Fabrice Fontaine
17ebddd571 package/dialog: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/9287ffbb86a7dc09cda5f99f87445fa884e77625

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0953377a9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:31:49 +02:00
Peter Korsgaard
55fd596e7d package/expat: security bump to version 2.2.7
Fixes the following security vulnerabilites:

CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 84fd08cf4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:30:55 +02:00
Peter Korsgaard
cac0c6fa2f package/docker-cli: security bump to version 18.09.7
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).

And includes additional post-18.09.6 fixes:

Builder
- Fixed a panic error when building dockerfiles that contain only comments.
  moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
  workaround.  moby/moby#39183

Runtime
- Added performance optimizations in aufs and layer store that helps in
  massively parallel container creation and removal.  moby/moby#39107,
  moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
  moby/moby#39288

Logging
- Added a fix that now allows large log lines for logger plugins.
  moby/moby#39038

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cdbb3ced00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:29:53 +02:00
Peter Korsgaard
3f1c6740ea package/docker-engine: security bump to version 18.09.7
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).

And includes additional post-18.09.6 fixes:

Builder
- Fixed a panic error when building dockerfiles that contain only comments.
  moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
  workaround.  moby/moby#39183

Runtime
- Added performance optimizations in aufs and layer store that helps in
  massively parallel container creation and removal.  moby/moby#39107,
  moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
  moby/moby#39288

Logging
- Added a fix that now allows large log lines for logger plugins.
  moby/moby#39038

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 13cf6f0c0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:29:30 +02:00
Jared Bents
3fdb256bf9 package/bzip2: add upstream security fix for CVE-2019-12900
Patch to resolve cve-2019-12900 which affects bzip2 versions 1.0.6 and older

More information can be found at
https://nvd.nist.gov/vuln/detail/CVE-2019-12900

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6581c441df)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:19:13 +02:00
Adam Duskett
ceafdfb7d4 package/bzip2: add hash for license file
Also add a standard sha256 hash for the package itself.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc7581a850)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 08:19:04 +02:00
Peter Korsgaard
5a74214681 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.1.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop 5.1.x bump]
(cherry picked from commit abc782c0b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 00:11:10 +02:00
Yann E. MORIN
ef3b031a81 board/qemu: ensure root is available before mounting it
On my machine, it happens once in a while that the virtualised machine
boots too fast for the rootfs to be available at the time the kernel
tries to mount it.

For example, board/qemu/arm-vexpress/readme.txt suggested changing
"-smp 1" up to "-smp 4". But doing so here causes a kernel panic:

    VFS: Cannot open root device "mmcblk0" or unknown-block(0,0): error -6
    Please append a correct "root=" boot option; here are the available partitions:
    1f00          131072 mtdblock0
     (driver?)
    1f01           32768 mtdblock1
     (driver?)
    Kernel panic - not syncing: VFS: Unable to mount root fs on
    unknown-block(0,0)

So, add the oh-so-useful 'rootwait' option to all kernel command lines
for qemu defconfigs.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Joel Stanley <joel@jms.id.au>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 626c9705d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-07 00:09:02 +02:00
Peter Korsgaard
fab4d559d1 package/libglib2: backport upstream security fix for CVE-2019-12450
Fixes CVE-2019-12450: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0
through 2.61.1 does not properly restrict file permissions while a copy
operation is in progress.  Instead, default permissions are used.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-27 18:02:08 +02:00
Peter Korsgaard
04c951e21e package/ffmpeg: bump version to 3.4.6
Fixes a number of bugs discovered after the 3.4.5 release:
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.4.6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-25 22:51:39 +02:00
Peter Seiderer
4fe00cba02 package/libcdaudio: fix build with toolchains lacking C++ support
When the target toolchain does not support C++, the provided
libcdaudio configure script tries to run a check with the C++
pre-processor provided by the host (/lib/cpp) which may not exist on
some systems.

This issue is fixed by autoreconfiguring the package, as newly
generated configure scripts do not have this issue.

Fixes:

  http://autobuild.buildroot.net/results/f725a41ef992c42ceef7514d1a8dcac99e6b9114/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8307fd0132)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-25 11:04:56 +02:00
Thomas De Schampheleire
6c0b001891 utils/test-pkg: clean output dir for successful builds
test-pkg will use gigabytes of space when testing all toolchains.
Nevertheless, you are normally only interested in the actual build / host
tree when there is a build failure.

Do a 'make clean' for successful builds to save disk space, unless the new
option '-k/--keep' is set.
Note that the logfile and configuration is always retained for inspection.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 72bf48606c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-25 11:02:44 +02:00
Thomas De Schampheleire
d8583e3657 utils/test-pkg: fix long option parsing
The long option parsing of test-pkg is broken because:
- some long options are not declared
- there should be a comma between long options, the colon does not replace
it.

This change also revealed that the declaration of 'toolchains-dir' should
have been 'toolchains-csv', originally introduced in commit ed59f81a3c.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 989cda12ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-25 11:02:40 +02:00
Fabrice Fontaine
a76845e21e package/monit: bump to version 5.25.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 015b714cde)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 22:16:22 +02:00
Romain Naour
0132d55636 linux: disable Werror for powerpc kernels
>From patch [1] included in kernel >= 5.0:
"The upcoming GCC 9 release extends the -Wmissing-attributes warnings
(enabled by -Wall) to C and aliases: it warns when particular function
attributes are missing in the aliases but not in their target.

In particular, it triggers for all the init/cleanup_module
aliases in the kernel (defined by the module_init/exit macros),
ending up being very noisy.

These aliases point to the __init/__exit functions of a module,
which are defined as __cold (among other attributes). However,
the aliases themselves do not have the __cold attribute.

Since the compiler behaves differently when compiling a __cold
function as well as when compiling paths leading to calls
to __cold functions, the warning is trying to point out
the possibly-forgotten attribute in the alias."

Werror is set by default while building ppc kernel [2], but
some warning can be introduced while building current kernel with
newer compiler (for example building kernel 4.19 with gcc 9.1).

For the same reason why we remove Werror in packages's compiler
flags. Building with Werror is not bulletproof when we start
using a newer compiler that introduce new warnings.
This is the case here.

Also this option is a bit strange since it's specific to ppc kernels:
"The intention is to make it harder for people to inadvertantly
introduce warnings in the arch/powerpc code."
Other kernel developers on other arch may be interested by a
similar/more generic option.

So, It's clearly intended for kernel developers.

Instead of backporting this patch [1] to kernel 4.19, select
unconditionally the Kconfig option CONFIG_PPC_DISABLE_WERROR
that allow to disable Werror.

Fixes:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/205435741

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=a6e60d84989fa0e91db7f236eda40453b0e44afa
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=ba55bd74360ea4b8b95e73ed79474d37ff482b36
[3] https://gitlab.com/bootlin/toolchains-builder

Fix-suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1713c3c344)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 22:14:38 +02:00
Giulio Benetti
f5872268e9 package/qt5/qt5base: disable predefined -Og optimization
Starting from Qt5 5.9.0, -optimize-debug is enabled by default for
debug builds causing -Og flag to be appended to CFLAGS and
consequently override TARGET_CFLAGS. We don't want this so let's pass
-no-optimize-debug to QT5BASE_CONFIGURE_OPTS if QT5_VERSION_LATEST=y.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5857ab6a96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 22:13:28 +02:00
Bernd Kuhls
ebd55b155a DEVELOPERS: Remove Markos Chandras
Email bounces:

<markos.chandras@imgtec.com>: host
    mxa-00376f01.gslb.pphosted.com[185.132.180.163] said: 550 5.1.1 User
    Unknown (in reply to RCPT TO command)

Last mailing list postings date back to 2015.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e46a905eea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 22:07:36 +02:00
Bernd Kuhls
3cc5f4aa95 package/postgresql: security bump version to 11.4
Release notes: https://www.postgresql.org/docs/11/release-11-4.html

Fixes CVE-2019-10164.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b262c7d578)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 22:01:13 +02:00
Bernd Kuhls
96820cf10f package/znc: security bump version to 1.7.4
Changelog: https://wiki.znc.in/ChangeLog/1.7.4

Fixes CVE-2019-12816:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3269f2a761)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:59:53 +02:00
Thomas Petazzoni
a941668946 support/testing/infra/emulator: increase memory size used by Qemu
By default, Qemu emulates a system with 128 MB of RAM. This is not
sufficient for some test cases we have, such as TestPerlDBDmysql,
where the initramfs is quite large. Therefore, this commit extends the
RAM size emulated by Qemu to 256 MB.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/237108668

Thanks to Arnout for the analysis of the issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 345c29a4b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:56:13 +02:00
Fabrice Fontaine
bbf2d8e900 package/libvncserver: fix homepage
libvncserver homepage is https://libvnc.github.io/, last version on
sourceforge is 0.9.9 (seven years ago)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5324d7e07a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:55:28 +02:00
Markus Mayer
77c2189b97 package/lmbench: install the lmbench script on the target
We want to install the lmbench script along with the other executables,
so we add it to the appropriate list.

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1956fbe5a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:51:44 +02:00
Markus Mayer
ededb6cf77 package/lmbench: mark scripts/build as bash script
scripts/build makes use of the "+=" operator which is not supported by
a pure POSIX shell. We switch to /bin/bash in order to avoid errors of
the form:

    ../scripts/build: 21: ../scripts/build: LDLIBS+= -lm: not found

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 037d5ffcb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:51:37 +02:00
Thomas Petazzoni
68fab715ef package/lmbench: use UPDATE_CONFIG_HOOK instead of CONFIG_UPDATE
jimtcl, perl, usb_modeswitch and x264 are registering
UPDATE_CONFIG_HOOK as a post patch hook to get their gnuconfig files
updated. lmbench is the only package calling CONFIG_UPDATE directly,
so for consistency, let's make it use the same logic as jimtcl, perl,
usb_modeswitch and x264.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b8b6767ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:51:19 +02:00
Fabrice Fontaine
5bd18c13d4 package/davfs2: bump to version 1.5.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a724e8e051)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:25:09 +02:00
Bernd Kuhls
233399011d package/x11r7/xserver_xorg-server: bump version to 1.20.5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1872915bd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:15:14 +02:00
John Keeping
3ebf356935 support/download/git: fix formatting of error message
'.' should be at the end of the sentence, not the beginning of a new
line.

Signed-off-by: John Keeping <john@metanate.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8dd1a41630)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:11:26 +02:00
Giulio Benetti
0224c93210 package/tvheadend: fix PIE build failures
Package tvheadend builds using '-pie' linker flag in any case. This
leads to linking failure if toolchain doesn't support 'pie'.

Add patch to fix tvheadend's Makefile bug where '-pie' flag is hardcoded
making it depend on '--disable-pie' as compiler's flags already are
treated.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dd0907d465)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:09:54 +02:00
Pierre-Jean Texier
473ac73c41 package/psplash: add license file details
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 32a0d3a8e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:06:54 +02:00
Pierre-Jean Texier
eac3149323 package/haveged: fix legal-info
Add hash for COPYING file

Fixes:

$: make haveged-legal-info
 >>> haveged 1.9.4 Collecting legal info
 ERROR: No hash found for COPYING

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ae29b98d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:05:26 +02:00
Peter Korsgaard
3c254130b1 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.1.x series
Includes fixes for the "TCP SACK PANIC" vulnerability:

https://access.redhat.com/security/vulnerabilities/tcpsack

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19f6b3281c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 21:03:22 +02:00
Pierre-Jean Texier
cbbabb1cb3 package/logrotate: fix legal-info
Add hash for COPYING file

Fixes:

$: make logrotate-legal-info
 >>> logrotate 3.15.0 Collecting legal info
 ERROR: No hash found for COPYING

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 38626b4b63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 20:45:01 +02:00
Pierre-Jean Texier
9ea24ca83b package/mongoose: bump to version 6.15
See https://github.com/cesanta/mongoose/releases/tag/6.15

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da7fdfe6a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-24 20:39:50 +02:00
Peter Korsgaard
c284f1fe38 package/python3: add upstream security fix for CVE-2019-10160
Fixes CVE-2019-10160: urlsplit does not handle NFKC normalization (2nd fix)

While the fix for CVE-2019-9936 is included in 3.7.3, the followup
regression fixes unfortunatly aren't.

https://bugs.python.org/issue36742

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b57490563c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:30:21 +02:00
Peter Korsgaard
a2ed4387b8 package/python: add upstream security fix for CVE-2019-9636
Fixes CVE-2019-9636: urlsplit does not handle NFKC normalization

https://bugs.python.org/issue36216

The fix unfortunately introduced regressions, so also apply the followup
fixes.

https://bugs.python.org/issue36742

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 58d0bc2f29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:27:10 +02:00
Peter Korsgaard
f977487ef4 package/python: add upstream security fix for CVE-2019-9948
Fixes CVE-2019-9948: Unnecessary URL scheme exists to allow file:// reading
file in urllib.

https://bugs.python.org/issue35907

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6522aad76a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:27:02 +02:00
Peter Korsgaard
5a103c8e52 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{0, 1}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2676d4fb2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:14:57 +02:00
Peter Korsgaard
841c274200 package/dbus: security bump to version 1.12.16
Fixes the following security issues:

- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer.  Previously, a local attacker could manipulate symbolic links
  in their own home directory to bypass authentication and connect to a
  DBusServer with elevated privileges.  The standard system and session
  dbus-daemons in their default configuration were immune to this attack
  because they did not allow DBUS_COOKIE_SHA1, but third-party users of
  DBusServer such as Upstart could be vulnerable.  Thanks to Joe Vennix of
  Apple Information Security.

  For details, see the advisory:
  https://www.openwall.com/lists/oss-security/2019/06/11/2

Also contains a number of other smaller fixes, including fixes for memory
leaks.  For details, see NEWS:

https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992b106d1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:10:29 +02:00
Esben Haabendal
87f3439e30 package/openblas: Handle new westmere target architecture
Nehalem, the predecessor to westmere, is best match for westmere
architecture in current openblas.

Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b04f1deab3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:09:09 +02:00
Esben Haabendal
b2a4e994b5 arch: Add support for Westmere targets
The westmere line of x86_64 targets lies between nehalem (corei7) and
sandybridge (corei7-avx).  Allowing use of -march=westmere enables use of
AES instruction set on these targets.

Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 97651ce275)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-23 23:09:07 +02:00