Commit Graph

62702 Commits

Author SHA1 Message Date
James Hilliard
4ce665083a package/python-charset-normalizer: bump to version 2.0.12
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-04-20 22:37:03 +02:00
James Hilliard
3f18f7f2d9 package/python-bidict: bump to version 0.22.0
License hash changed due to adding dates/author name:
b5c9f346ce

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-04-20 22:37:01 +02:00
Peter Korsgaard
bbc318be17 package/openjdk{-bin}: security bump 17.x to version 17.0.2+8
Fixes the following security issues:

  - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
  - JDK-8268488: More valuable DerValues
  - JDK-8268494: Better inlining of inlined interfaces
  - JDK-8268512: More content for ContentInfo
  - JDK-8268813, CVE-2022-21283: Better String matching
  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
  - JDK-8269944: Better HTTP transport redux
  - JDK-8270386, CVE-2022-21291: Better verification of scan methods
  - JDK-8270392, CVE-2022-21293: Improve String constructions
  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
  - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
  - JDK-8271962: Better TrueType font loading
  - JDK-8271968: Better canonical naming
  - JDK-8271987: Manifest improved manifest entries
  - JDK-8272014, CVE-2022-21305: Better array indexing
  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
  - JDK-8272272: Enhance jcmd communication
  - JDK-8272462: Enhance image handling
  - JDK-8273290: Enhance sound handling
  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
  - JDK-8274096, CVE-2022-21366: Improve decoding of image files

For more details, see the announcement:

https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011709.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:50:15 +02:00
Peter Korsgaard
30be047316 package/openjdk{-bin}: security bump 11.x to version 11.0.14.1+1
Fixes the following security issues:

  - JDK-8217375: jarsigner breaks old signature with long lines in manifest
  - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
  - JDK-8268488: More valuable DerValues
  - JDK-8268494: Better inlining of inlined interfaces
  - JDK-8268512: More content for ContentInfo
  - JDK-8268795: Enhance digests of Jar files
  - JDK-8268801: Improve PKCS attribute handling
  - JDK-8268813, CVE-2022-21283: Better String matching
  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
  - JDK-8269944: Better HTTP transport redux
  - JDK-8270386, CVE-2022-21291: Better verification of scan methods
  - JDK-8270392, CVE-2022-21293: Improve String constructions
  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
  - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
  - JDK-8271962: Better TrueType font loading
  - JDK-8271968: Better canonical naming
  - JDK-8271987: Manifest improved manifest entries
  - JDK-8272014, CVE-2022-21305: Better array indexing
  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
  - JDK-8272272: Enhance jcmd communication
  - JDK-8272462: Enhance image handling
  - JDK-8273290: Enhance sound handling
  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
  - JDK-8274096, CVE-2022-21366: Improve decoding of image files
  - JDK-8279541: Improve HarfBuzz

For more details, see the announcement:

https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html
https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-February/012348.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:48:45 +02:00
Fabrice Fontaine
3c66ac07a0 package/tbb: bump to version 2021.5.0
- Switch to cmake-package
- Drop DO_ITT_NOTIFY which is only used in example and test
- license file has been renamed to LICENSE.txt
- Add upstream patches to fix musl build

https://www.intel.com/content/www/us/en/developer/articles/release-notes/intel-oneapi-threading-building-blocks-release-notes.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:42:06 +02:00
Fabrice Fontaine
4bd5fc000b package/php-apcu: needs threads
php-apcu needs threads since its addition in commit
8ddeeffa18:

In file included from /home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.c:20:
/home/buildroot/autobuild/instance-3/output-1/build/php-apcu-5.1.20/apc_lock.h:41:11: fatal error: pthread.h: No such file or directory
   41 | # include "pthread.h"
      |           ^~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/314405423aeece5ee55d76ec5c4fa1919e7ee853

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:40:13 +02:00
TIAN Yuanhao
8b47feff2f package/network-manager: remove invalid dependencies
Dependency on libiw has been removed since 0.9.3.990 [1].
Dependency on libgcrypt has been removed since 1.2-beta1 [2].
Dependency on libuuid has been removed since 1.31.4-dev [3].

[1]: 7d0761588c
[2]: b6f5f03033
[3]: 73b9883c6f

Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:37:48 +02:00
Fabrice Fontaine
e77c6e9291 package/libkrb5: doesn't build with libressl
libkrb5 does not build with libressl since commit
b7a5b9d06d and upstream is not interested
in fixing this issue as a PR is opened for more than 4 years
(https://github.com/krb5/krb5/pull/607):

pkinit_crypto_openssl.c: In function 'cms_signeddata_verify':
pkinit_crypto_openssl.c:1700:22: error: implicit declaration of function 'OBJ_get0_data'; did you mean 'BIO_get_data'? [-Werror=implicit-function-declaration]
 1700 |         print_buffer(OBJ_get0_data(etype), OBJ_length(etype));
      |                      ^~~~~~~~~~~~~
      |                      BIO_get_data

Fixes:
 - http://autobuild.buildroot.org/results/e623f4e1d6b6004e98815b8b7da3938238890bd8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:35:46 +02:00
TIAN Yuanhao
f868f7ba93 package/rtl8188eu: bump to 903b6fc (v5.2.2.4 branch HEAD)
This allows to build against newer kernels (up to 5.18).
Tested on kernel v5.15.

Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:35:02 +02:00
Mika Joenpera
6ec4824aa4 package/wpa_supplicant: add overrides configuration option
Overrides configuration possibility enabled through
wpa_supplicant configuration file.

Signed-off-by: Mika Joenpera <mika.joenpera@unikie.com>
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:33:47 +02:00
Marcus Hoffmann
4bfe7edc4b package/gzip: security bump to 1.12
Fixes the following security issues:

CVE-2022-1271: arbitrary-file-write vulnerability

zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]

https://www.openwall.com/lists/oss-security/2022/04/07/8

Other changes:

** Changes in behavior

  'gzip -l' no longer misreports file lengths 4 GiB and larger.
  Previously, 'gzip -l' output the 32-bit value stored in the gzip
  header even though that is the uncompressed length modulo 2**32.
  Now, 'gzip -l' calculates the uncompressed length by decompressing
  the data and counting the resulting bytes.  Although this can take
  much more time, nowadays the correctness pros seem to outweigh the
  performance cons.

  'zless' is no longer installed on platforms lacking 'less'.

** Bug fixes

  zgrep now names input file on error instead of mislabeling it as
  "(standard input)", if grep supports the GNU -H and --label options.

  'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
  [bug present since the beginning]

  Configure-time options like --program-prefix now work.

Release Announcement:
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:30:30 +02:00
Peter Korsgaard
3c1324248d package/xz: add upstream security fix for CVE-2022-1271 / ZDI-CAN-16587
Fixes the following security issue:

- CVE-2022-1271: Malicious filenames can make xzgrep to write to arbitrary
  files or (with a GNU sed extension) lead to arbitrary code execution.

For more details, see the announcement and advisory:

https://www.mail-archive.com/xz-devel@tukaani.org/msg00551.html
https://www.zerodayinitiative.com/advisories/ZDI-22-619/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-19 22:29:37 +02:00
Fabrice Fontaine
2fd41e56e0 boot/shim: disable on mips64el
Fix the following build failure on mips64el raised since commit
11b347c03a:

In file included from shim.h:47,
                 from shim.c:14:
/nvmedata/autobuild/instance-17/output-1/build/shim-15.4/include/system/stdarg.h:72:2: error: #error what arch is this
   72 | #error what arch is this
      |  ^~~~~

Fixes:
 - http://autobuild.buildroot.org/results/74f4f1d010cfde6978fd614195ef0006f0acb45a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-19 21:47:45 +02:00
Christian Stewart
e7a3501750 boot/sun20i-d1-spl: update to mainline 4da9c5
Update to latest (as of April 14, 2022).

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-19 09:40:55 +02:00
Fabrice Fontaine
130cfc74d7 package/lvm2: update site
Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=14751

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:58:55 +02:00
Jan Havran
80c11958e6 package/rtl8189fs: bump revision to 73f826f0
Update out-of-tree driver to make it work with Linux kernel v5.17.

Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:57:45 +02:00
Jan Havran
c952070371 package/rtl8189es: bump revision to 39c17661
Update out-of-tree driver to make it work with Linux kernel v5.17
(and older kernels not compatible with previous driver version,
like v5.15 etc).

Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:57:28 +02:00
Petr Vorel
858c6a5b83 package/links: bump version to 2.26
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:54:47 +02:00
Petr Vorel
0263b3eb53 package/iproute2: bump version to 5.17.0
Remove patch from this release.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:54:24 +02:00
Fabrice Fontaine
e87e6fd085 package/pure-ftpd: doesn't build with libressl
pure-ftpd doesn't build with libressl 3.4.3 which doesn't include
f5674b4e23
resulting in the following build failure:

tls.c: In function 'tls_init_options':
tls.c:329:5: warning: implicit declaration of function 'SSL_CTX_set_num_tickets'; did you mean 'SSL_CTX_set_options'? [-Wimplicit-function-declaration]
     SSL_CTX_set_num_tickets(tls_ctx, 0);
     ^~~~~~~~~~~~~~~~~~~~~~~
     SSL_CTX_set_options

Fixes:
 - http://autobuild.buildroot.org/results/f5d36180949278510199aa499e253780558c6ffe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 21:36:50 +02:00
Jason A. Donenfeld
e65e9acb20 package/urandom-scripts: do not seed if initial seed doesn't exist
By returning a failure in the event that the initial seed doesn't exist,
we'd then skip creating a new seed, which means we'd never in fact have
an initial seed, and this script is therefore useless. Fix this by
checking for the existence of the seed file first, and just returning 0
if it's not there.

Reported-by: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Reported-by: Eugen Hristev <Eugen.Hristev@microchip.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:44:34 +02:00
Peter Korsgaard
87b8676fbf package/python-django: security bump to version 4.0.4
Fixes the following security issues:

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()

QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL

QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.

For more details, see the advisory:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:44:30 +02:00
Peter Korsgaard
607162a09c package/asterisk: security bump to version 16.25.2
Fixes the following security issues:

16.24.1:

CVE-2021-37706 / AST-2022-004: pjproject: integer underflow on STUN message

The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked.  This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote party.

https://seclists.org/fulldisclosure/2022/Mar/0

CVE-2022-23608 / AST-2022-005: pjproject: undefined behavior after freeing a
dialog set

When acting as a UAC, and when placing an outgoing call to a target that then
forks Asterisk may experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.

https://seclists.org/fulldisclosure/2022/Mar/1

CVE-2022-21723 / AST-2022-006: pjproject: unconstrained malformed multipart
SIP message

If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior.  Note,
it’s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of caution.

https://seclists.org/fulldisclosure/2022/Mar/2

16.25.2:

CVE-2022-26498 / AST-2022-001: res_stir_shaken: resource exhaustion with
large files

When using STIR/SHAKEN, it’s possible to download files that are not
certificates. These files could be much larger than what you would expect to
download.

https://seclists.org/fulldisclosure/2022/Apr/17

CVE-2022-26499 / AST-2022-002: res_stir_shaken: SSRF vulnerability with
Identity header

When using STIR/SHAKEN, it’s possible to send arbitrary requests like GET to
interfaces such as localhost using the Identity header.

https://seclists.org/fulldisclosure/2022/Apr/18

CVE-2022-26651 / AST-2022-003: func_odbc: Possible SQL Injection

Some databases can use backslashes to escape certain characters, such as
backticks.  If input is provided to func_odbc which includes backslashes it
is possible for func_odbc to construct a broken SQL query and the SQL query
to fail.

https://seclists.org/fulldisclosure/2022/Apr/19

Update hash of sha1.c after a doxygen comment update:
37c29b6a28

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:42:17 +02:00
Peter Korsgaard
9b9707d15e package/mutt: security bump to version 2.2.3
Fixes the following security issues:

CVE-2022-1328: mutt_decode_uuencoded() can read past the of the input line

Buffer Overflow in uudecoder in Mutt affecting all versions starting from
0.94.13 before 2.2.3 allows read past end of input line

For details, see the release notes:
https://marc.info/?l=mutt-users&m=164979464612885&w=2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:42:05 +02:00
Fabrice Fontaine
114487dfd2 package/avrdude: spi needs headers >= 4.8
SPI unconditionally uses GPIOHANDLE_SET_LINE_VALUES_IOCTL which is only
available since kernel 4.8 and
d7c51b47ac
resulting in the following build failure since switch to upstream in
commit 03fa36df7e:

linuxspi.c: In function 'linuxspi_reset_mcu':
linuxspi.c:102:28: error: storage size of 'data' isn't known
     struct gpiohandle_data data;
                            ^~~~
linuxspi.c:110:32: error: 'GPIOHANDLE_SET_LINE_VALUES_IOCTL' undeclared (first use in this function)
     ret = ioctl(fd_linehandle, GPIOHANDLE_SET_LINE_VALUES_IOCTL, &data);
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/769021040e5e9293584734e4f461baeaa6dd91cd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:25:06 +02:00
Arnout Vandecappelle (Essensium/Mind)
b7db306b4d package/zlib-ng: remove double empty line (check-package)
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:23:26 +02:00
Yegor Yefremov
4bd8bbe9fb package/wpa_supplicant: enable libnl for the WIRED driver
BR2_PACKAGE_WPA_SUPPLICANT_WIRED also enables the MACSEC_LINUX
driver. This driver requires libnl.

Also fix CONFIG_DRIVER_MACSEC option to enable only the generic
Linux driver and not QCA extensions.

Fixes:
http://autobuild.buildroot.net/results/2dea7dee521794b306cc610601fda322987e6cd0

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
[Arnout: add Config.in comment, simplify CONFIG_ENABLE]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:22:10 +02:00
Fabrice Fontaine
e2df7d28c2 package/kompexsqlite: security bump to version 1.12.15
- Update site to get latest version
- Switch to generic-package and drop patches as upstream doesn't provide
  autotools support
- License is MIT since version 1.12.15
- This bump will fix the following build failure with BR2_OPTIMIZE_FAST:

src/sqlite3.c: In function 'sqlite3IsNaN':
src/sqlite3.c:21797:3: error: #error SQLite will not work correctly with the -ffast-math option of GCC.
21797 | # error SQLite will not work correctly with the -ffast-math option of GCC.
      |   ^~~~~

- This bump will also fix security issues by bumping sqlite to 3.36.0
- Update indentation in hash file (two spaces)

http://sqlitewrapper.kompex-online.com/index.php?content=changelog

Fixes:
 - http://autobuild.buildroot.org/results/63e07345b97faa6d6239933f1790c6f2e02da77f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:18:24 +02:00
Fabrice Fontaine
2087051d37 package/dhcp: fix install of internal bind libraries
Internal bind libraries are not installed to target since commit
0c8dd6ebd6 resulting in the following
runtime failure:

Starting DHCP server: /usr/sbin/dhcpd: error while loading shared libraries: libirs.so.161: cannot open shared object file: No such file or directory

RANLIB must also be set to avoid the following build failure at install
step:

libtool: install: arceb-buildroot-linux-uclibc-ranlib /home/fabrice/buildroot/output/per-package/dhcp/target/usr/lib/libisccfg.a
/home/fabrice/buildroot/output/build/dhcp-4.4.3/bind/bind-9.11.36/libtool: line 1719: arceb-buildroot-linux-uclibc-ranlib: command not found

Fixes:
 - No autobuilder failures (reported by Eugen.Hristev@microchip.com)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00
Christian Stewart
6ca50cb925 package/docker-proxy: bump to 20220404 version 339b97
docker-proxy (libnetwork) has not added a release tag for a long time.  Use
the latest master commit hash from 04 Apr 2022 instead.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00
Peter Korsgaard
89e51bc625 package/subversion: security bump to version 1.14.2
Fixes the following security issues:

- CVE-2021-28544: SVN authz protected copyfrom paths regression

  Subversion servers reveal 'copyfrom' paths that should be hidden according
  to configured path-based authorization (authz) rules.  When a node has
  been copied from a protected location, users with access to the copy can
  see the `copyfrom' path of the original.  This also reveals the fact that
  the node was copied.  Only the 'copyfrom' path is revealed; not its
  contents.  Both httpd and svnserve servers are vulnerable.

  https://subversion.apache.org/security/CVE-2021-28544-advisory.txt

- CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption

  While looking up path-based authorization rules, mod_dav_svn servers may
  attempt to use memory which has already been freed.

  https://subversion.apache.org/security/CVE-2022-24070-advisory.txt

Drop no longer needed patch and autoreconf, as this is now fixed upstream:

https://svn.apache.org/viewvc?view=revision&revision=1881534

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00
Peter Korsgaard
832107c6dc package/git: security bump to version 2.31.2
Fixes the following security issue:

 CVE-2022-24765:
  On multi-user machines, Git users might find themselves unexpectedly in
  a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended
  for all users and another user created a repository in `/scratch/.git`.
  Merely having a Git-aware prompt that runs `git status` (or `git diff`)
  and navigating to a directory which is supposedly not a Git worktree, or
  opening such a directory in an editor or IDE such as VS Code or Atom, will
  potentially run commands defined by that other user via
  `/scratch/.git/config`.

https://www.openwall.com/lists/oss-security/2022/04/12/7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00
Peter Korsgaard
2b2d97780d package/go: security bump to version 1.17.9
go1.17.9 (released 2022-04-12) includes security fixes to the
crypto/elliptic and encoding/pem packages, as well as bug fixes to the
linker and runtime.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00
Fabrice Fontaine
83aeec71fd package/libkcapi: fix build with BR2_OPTIMIZE_0
Override CPPFLAGS to fix the following build failure with BR2_OPTIMIZE_0
raised since bump to version 0.14.0 in commit
cd707a9112 and
0e7b2b0300:

/home/autobuild/autobuild/instance-15/output-1/host/i686-buildroot-linux-gnu/sysroot/usr/include/features.h:412:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]

configure adds -D_FORTIFY_SOURCE to CPPFLAGS if it is not already
defined. However, we don't want _FORTIFY_SOURCE to be enabled unless
it's enabled by Buildroot (for exactly the above reason). Therefore,
override CPPFLAGS in th build step to remove _FORTIFY_SOURCE again.

It should be noted that upstream already rejected a PR to remove
-Werror: https://github.com/smuellerDD/libkcapi/pull/132

Fixes:
 - http://autobuild.buildroot.org/results/35141ea3046f5a4593e0b27ef92e4ace6bc0be66

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:09:09 +02:00
Danilo
4e5c1dbb22 package/janus-gateway: Add systemd service file
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:04:23 +02:00
James Hilliard
f94ba5c31c package/wayland: bump to version 1.20.0
Drop patches that are now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 22:02:00 +02:00
Fabrice Fontaine
1c79d64ca9 package/systemd: doesn't build with libressl
systemd doesn't plan to fix the following build failure with libressl
(https://github.com/systemd/systemd/issues/14928) and ED25519 support
is still not available in libressl
(https://github.com/libressl-portable/portable/issues/393 opened for
more than 3 years):

../src/home/homed-manager.c: In function ‘manager_generate_key_pair’:
../src/home/homed-manager.c:1393:35: error: ‘EVP_PKEY_ED25519’ undeclared (first use in this function); did you mean ‘EVP_PKEY_DSA1’?
 1393 |         ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
      |                                   ^~~~~~~~~~~~~~~~
      |                                   EVP_PKEY_DSA1

Fixes:
 - http://autobuild.buildroot.org/results/47f31b36f123c4be4661f4fde2d1f7385c5d0ed5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:46:19 +02:00
Joel Stanley
41d22ae1ab package/flac: Configure powerpc vector extensions
Remove the hard coded disabling of altivec and vsx, and instead use the
BR2_POWERPC_CPU_HAS_VSX and BR2_POWERPC_CPU_HAS_ALTIVEC variables to
control the flags.

Signed-off-by: Joel Stanley <joel@jms.id.au>
[Arnout: rewrite with $(if ...) and --enable]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:45:08 +02:00
Fabrice Fontaine
f3c9d992cf package/libnss: fix build on powerpc
Set NSS_DISABLE_CRYPTO_VSX which is available since version 3.64 and
9dab43371d
to avoid the following build failure on powerpc:

cc1: warning: '-mvsx' requires hardware floating point
cc1: error: '-mno-vsx' turns off '-mcrypto'

Passing this option on non-powerpc is harmless.

Fixes:
 - http://autobuild.buildroot.org/results/6bedb5b658f6c9c16c26c73a524a995e5e84fcc8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:38:53 +02:00
Joel Stanley
2448ad2687 arch/Config.in.powerpc: Add BR2_POWERPC_CPU_HAS_VSX
Introduced to allow VSX to be selectively enabled for packages that
support it. Initially used by libnss.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:37:23 +02:00
Joel Stanley
f909dce3b0 package/zlib-ng: Conditionally enable Power8 option
zlib-ng's build system does not correctly detect if it supports the
Power8 feature. Force it off to fix building for configurations that
don't support the vector builtin functions.

For example, building for BR2_powerpc_601:

  warning: implicit declaration of function ‘vec_xl’; did you mean
 ‘vec_rl’? [-Wimplicit-function-declaration]
   93 |             vbuf = vec_xl(0, (unsigned char *) buf);

This logic was incorrectly removed in commit 04e26cb7fe.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:35:46 +02:00
Dario Binacchi
213629f2d3 package/qemu: fix host-qemu compilation with Ubuntu GCC 11
Fixes:
cc1: error: ‘-fcf-protection’ is not compatible with this target

The new Ubuntu GCC packages (e.g. Ubuntu 11.2.0-7ubuntu2, 11.2.0) turn
on ‘-fcf-protection’ globally, which causes a build failure in the x86
realmode code. Turn it off explicitly on compilers that understand this
option.

Signed-off-by: Dario Binacchi <dariobin@libero.it>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:33:11 +02:00
Fabrice Fontaine
ec3ed4da3a package/boost: drop versioned layout
boost.m4 embedded by cc-tool is not able to find boost libraries when
they are versionned (e.g. libboost_program_options-gcc9-mt-sd-1_78.a):

configure: error: cannot find the flags to link with Boost program_options

azmq and i2pd also have the same issue:

CMake Error at /nvmedata/autobuild/instance-8/output-1/host/share/cmake-3.18/Modules/FindPackageHandleStandardArgs.cmake:165 (message):
  Could NOT find Boost (missing: Boost_INCLUDE_DIR system date_time thread
  chrono random) (Required is at least version "1.48")

So drop versioned layout option

Fixes:
 - http://autobuild.buildroot.org/results/4ae98aed925fbb1d54023075deda9a864f52cee6
 - http://autobuild.buildroot.org/results/de35ca0156d4b6f465e440ed9a3effd471f657fa
 - http://autobuild.buildroot.org/results/c3d2a066429d5f2889c2232d62e5950eb6a89311

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:25:55 +02:00
Fabrice Fontaine
5b14969409 package/util-linux: fix build on kernel < 4.11
lsns unconditionally uses NS_GET_NSTYPE since version 2.38 and
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=de72df79d72fa906e71e2ac922d8745ff22deee5
which is only available since kernel 4.11 and
e5ff5ce6e2
resulting in the following build failure:

sys-utils/lsns.c: In function 'add_namespace_for_nsfd':
sys-utils/lsns.c:719:25: error: 'NS_GET_NSTYPE' undeclared (first use in this function)
  719 |  clone_type = ioctl(fd, NS_GET_NSTYPE);
      |                         ^~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/572ecf8e37ac733a4e4265f4f78f35230337278e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:24:24 +02:00
Fabrice Fontaine
2a92509f50 package/polkit: fix build without C++
Fix the following build failure raised since switch to meson-package in
commit 1db1322639 and
957a015157:

The following exception(s) were encountered:
Running "/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++ --version" gave "[Errno 2] No such file or directory: '/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++'"

Fixes:
 - http://autobuild.buildroot.org/results/1d52c8100414aa384572b23006a13f9b806d2d5a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-14 21:23:45 +02:00
Théo Lebrun
2699eb5631 package/wireplumber: fix package by making the dbus dependency optional
The wireplumber currently as "dbus" in its DEPENDENCIES, but it does
not select/depend on it at the Kconfig level. A simple configuration
such as:

BR2_PACKAGE_LUA=y
BR2_PACKAGE_PIPEWIRE=y
BR2_PACKAGE_WIREPLUMBER=y

Therefore fails to build with:

Makefile:576: *** dbus is in the dependency chain of wireplumber that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.  Stop.

Since dbus is actually an optional dependency of wireplumber, this
commit fixes the issue by really handling it as an optional
dependency.

Fixes: c9a3c10417 ("package/wireplumber: new package")
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-04-13 22:27:06 +02:00
Thomas Petazzoni
4a9157705a DEVELOPERS: drop Mylène Josserand
Her e-mail address at Collabora is bouncing:

host bhuna.collabora.co.uk[/private/dovecot-lmtp] said: 550 5.1.1
<mylene.josserand@collabora.com> User doesn't exist: mylene.josserand@collabora.com

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-04-13 14:09:07 +02:00
Peter Korsgaard
1b718adee4 docs/website: update for 2022.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-13 00:13:08 +02:00
Peter Korsgaard
11b6b65d50 Update for 2022.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9da87c5293)
[Peter: skip Makefile bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-13 00:09:28 +02:00
Giulio Benetti
3872457e50 package/mali-driver: only available for arm or AArch64
Currentlym this kernel module can be built by any architecture and this
leads to many failures. Since it's very unlikely that Mali will be part
of architectures other than AArch64 and arm let's depend on BR2_aarch64
and BR2_arm only.

Fixes:
http://autobuild.buildroot.net/results/f94885ef76865c3888d6cc52b35c93a742f92f3a

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-04-12 22:01:12 +02:00