Commit Graph

45008 Commits

Author SHA1 Message Date
Peter Korsgaard
82b1e76716 package/orc: bump version to 0.4.29
Contains a number of fixes. Release notes:

0.4.28: https://lists.freedesktop.org/archives/gstreamer-announce/2017-November/000449.html
0.4.29: https://lists.freedesktop.org/archives/gstreamer-announce/2019-April/000483.html

Also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 116811c264)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 12:15:02 +02:00
Arnout Vandecappelle (Essensium/Mind)
c5a0c6f7ca package/owfs: delay sysvinit start until after network and avahi
In its default configuration, owserver opens a TCP socket on the 'lo'
interface. However, in some situations, the 'lo' interface may not yet
be up until S40network is started. This causes owserver not to start its
TCP socket, which makes it impossible for the owfs client to connect to
it.

In addition, owserver may have avahi integration.

Therefore, delay the start of owserver and owfs until after S40network
and S50avahi-daemon.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit efc6ccbddc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 12:13:42 +02:00
Peter Korsgaard
948d9db61a package/coreutils: install base64 under /bin iso /usr/bin to match busybox
Fixes #11816

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 873fa4f01f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 12:12:10 +02:00
Peter Korsgaard
9f1b5a86f2 {linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a1fde4b3c)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 12:11:42 +02:00
Angelo Compagnucci
284cf7d39f package/nfs-utils: fix unnecessary files removal
The removal of unnecessary files is currently broken by the fact that
the rm command is executed from the buildroot directory and not the
target directory.

This patch fixes the problem changing to target directory before
removing files.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a64c3a847d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 11:56:19 +02:00
Fabrice Fontaine
c90b9d60c6 package/kf5-kcoreaddons: fix build with atomic
Fixes:
 - http://autobuild.buildroot.org/results/d17c2fb420e395b995b2c2eef387f0c66e89c96c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2b8a3cf5ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 11:51:01 +02:00
Grzegorz Blach
695d6fb864 package/libglib2: avoid printing null strings
GCC 9 is being stricter about passing null string pointers
to printf-like functions.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a5601a6416)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 11:40:44 +02:00
Petr Vorel
c540c9f31d package/libglib2: bump to version 2.56.4
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b08d4a9bfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 11:40:34 +02:00
Bernd Kuhls
815812e33e package/php: security bump version to 7.3.5
Release notes: https://www.php.net/archive/2019.php#id2019-05-02-1

Fixes 2019-11036:
* Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 934239eafb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-10 11:32:58 +02:00
Peter Korsgaard
e5b7a75b16 {linux, linux-headers}: bump 4.{9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a79bb4871)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:40:20 +02:00
Christian Stewart
5eaa6df8ba package/docker-engine: bump to version 18.09.5
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0e70d7c761)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:34:19 +02:00
Christian Stewart
7b946e547f package/docker-cli: bump to version 18.09.5
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee6973e48b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:34:10 +02:00
Christian Stewart
daa0e3a084 package/docker-containerd: bump to version 1.2.6
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bcf7f56f26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:33:54 +02:00
Christian Stewart
5dcb05d25b package/runc: bump to version 1.0.0-rc8
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 045df6a480)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:33:47 +02:00
Fabrice Fontaine
8af8887c33 package/rpm: drop unneeded third patch
After upstream review, I found that the third patch is not needed, just
doing an autoreconf fix the linking issue with -lintl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c6342736b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-08 23:32:56 +02:00
John Keeping
63b3643ed5 package/netcat-openbsd: switch to new upstream URL
anonscm.debian.org has been discontinued and now hosts a page pointing
to salsa.debian.org.  Switch to the new upstream URL, explicitly setting
the method to git now that we use an HTTPS URL.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14839eca9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:35:58 +02:00
Yann E. MORIN
53ac60ced6 configs/qemu_xtensa_lx60_*: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify LINUX_BUILD_CMDS"), the Linux
kernel build for these xtensa qemu builds an image format that needs
mkimage.

Reported-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7cf13b9b06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:35:42 +02:00
Bernd Kuhls
023741dcfd package/dovecot-pigeonhole: bump version to 0.5.6
Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000411.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03a78e3470)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:29:22 +02:00
Bernd Kuhls
c88173a243 package/dovecot: security bump to version 2.3.6
Fixes
* CVE-2019-11494: Submission-login crashed with signal 11 due to null
  pointer access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was
  started over TLS secured channel and invalid authentication message
  was sent.

Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000408.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70784619bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:29:15 +02:00
Jörg Krause
52baad93fa package/luajit: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 86a7f00919)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:27:38 +02:00
Jörg Krause
16d94c3bb6 package/popt: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6b8e3e7415)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-02 08:27:16 +02:00
Fabrice Fontaine
db1f62c7a3 package/python-ply: add host variant
Commit 89e70a7077 (package/bind: fix python build) added a dependency on
host-python-ply to bind, which doesn't exist. Add it.

Fixes:
 - http://autobuild.buildroot.org/results/a68251773f61c3463f4d18aa626c83df70126afc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: reword / add commit reference]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 3d8e1ad1f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 22:12:32 +02:00
Peter Korsgaard
3c38c9138e package/gst1-plugins-base: add upstream SA-2019-0001 security fix
Fixes the following security issue:

CVE-2019-9928: GStreamer before 1.16.0 has a heap-based buffer overflow in
the RTSP connection parser via a crafted response from a server

For more details, see the advisory:
https://gstreamer.freedesktop.org/security/sa-2019-0001.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 99890750e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 22:11:45 +02:00
Peter Korsgaard
acd3da78d5 package/go: bump version to 1.11.9
Fixes a number of issues discovered since 1.11.6.  From the release notes:

go1.11.7 (released 2019/04/05) includes fixes to the runtime and the net
packages.  See the Go 1.11.7 milestone on our issue tracker for details.

go1.11.8 (released 2019/04/08) was accidentally released without its
intended fix.  It is identical to go1.11.7, except for its version number.
The intended fix is in go1.11.9.

go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt
binary releases on older versions of GNU/Linux led to failures when linking
programs that used cgo.  Only Linux users who hit this issue need to update.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 22:10:31 +02:00
Peter Korsgaard
3079eee43c package/imagemagick: security bump to version 7.0.8-42
Fixes the following security issues:

- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
  overflow in the function PopHexPixel of coders/ps.c, which allows an
  attacker to cause a denial of service or code execution via a crafted
  image file.

- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
  over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
  attacker to cause a denial of service or information disclosure via a
  crafted image file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 43ff6b974c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 21:53:37 +02:00
Fabrice Fontaine
014787c420 package/imagemagick: disable locale with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/f7be30ffa28b7f367fb5343a7d69dc8bc7c3a170

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e1b691884b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 21:53:27 +02:00
Angelo Compagnucci
e689a9d78f package/imagemagick: bump to version 7.0.8-27
This patch bumps imagemagick to version 7.0.8-27
Hash for license file is changed becasue the updated the copyright year
for 2019:

252dd2c52b

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 109e5c83dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 21:53:20 +02:00
Fabrice Fontaine
bf90b0b417 package/subversion: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/098a05b397ba1b05df561b6872b39e17a2bf27df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5cad1fe1ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 21:52:22 +02:00
Peter Korsgaard
ffebec7141 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3fd23becd4)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 21:51:49 +02:00
Peter Korsgaard
3b4b3e7cd4 Update for 2019.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 10:37:21 +02:00
Fabrice Fontaine
b301c953c2 package/bind: fix python build
A check for python-ply has been added as this is a dependency of the
dnssec-keymgr script so install host-python-ply to avoid a build failure
if python-ply is not installed on host

Fixes:
 - http://autobuild.buildroot.org/results/96815b1300547c976443bf74b762febdfcc8d3ba

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89e70a7077)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 10:33:15 +02:00
Yann E. MORIN
0fbfbb5870 package/gst1-plugins-base: drop legacy remnant comment
In 7672234200 (gst1-plugins-base: bump version to 1.12.0), the unknown
options were removed, but the comment associated to --disable-gio_unix_2_0
was left out.

Drop it now.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80a5217476)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:06:39 +02:00
Fabrice Fontaine
a746f08d92 package/xapp_xload: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/a69b957d0f3251031b0c67e951ba8fb8d1043ce0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b017adcc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:06:25 +02:00
Peter Korsgaard
8f1be376db CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 19:18:33 +02:00
Fabrice Fontaine
1f0bf13351 package/xapp_xfd: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/e6009f0232eb60ed10eb46b39edf125369eb12e1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 73661a7550)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 18:27:15 +02:00
Peter Korsgaard
cc464da5cb package/wpa_supplicant: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c21edddec9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 18:26:26 +02:00
Peter Korsgaard
28e289fc71 package/hostapd: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3adfacdb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 18:26:17 +02:00
Peter Korsgaard
a26fe00782 package/libpng: security bump to version 1.6.37
Fixes the following security issue:

CVE-2019-7317: png_image_free in png.c in libpng 1.6.36 has a use-after-free
because png_image_free_function is called under png_safe_execute.

Update license hash for a change in copyright year and typo fixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bc4ac7da33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 18:25:45 +02:00
Peter Korsgaard
757f764547 package/bind: security bump to version 9.11.6-P1
Fixes the following security issues:

 - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
   https://kb.isc.org/docs/cve-2018-5743

 - CVE-2019-6467: An error in the nxdomain redirect feature can cause
   BIND to exit with an INSIST assertion failure in query.c
   https://kb.isc.org/docs/cve-2019-6467

 - CVE-2019-6468: BIND Supported Preview Edition can exit with an
   assertion failure if nxdomain-redirect is used
   https://kb.isc.org/docs/cve-2019-6468

Add an upstream patch to fix building on architectures where bind does not
implement isc_atomic_*.

Upstream moved to a 2019 signing key, so update comment in .hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc8ace0938)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 18:25:04 +02:00
Peter Korsgaard
5fcaff911d package/dovecot: security bump to version 2.3.5.2
Fixes the following security issue:

* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.

https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89c7e417ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:06:22 +02:00
Peter Korsgaard
39dc2c601f package/python-urllib3: security bump to version 1.24.2
Fixes the following security issue:

- CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles
  certain cases where the desired set of CA certificates is different from
  the OS store of CA certificates, which results in SSL connections
  succeeding in situations where a verification failure is the correct
  outcome.  This is related to use of the ssl_context, ca_certs, or
  ca_certs_dir argument.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5bc45c5e77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:05:51 +02:00
Fabrice Fontaine
5eab48cb8a package/rpm: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/26e20e19d878811d90fce52eb0951ee4d8b59068

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ba73d551e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:05:20 +02:00
Fabrice Fontaine
ededfea4c8 package/rpm: fix nss build on musl
Fixes:
 - http://autobuild.buildroot.org/results/395fd44a930dfc2ad380bc735c26d9ce62344295

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4200087e96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:05:11 +02:00
Thomas Petazzoni
dc38b98f60 configs/qemu_ppc_virtex_ml507: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_ppc_virtex_ml507_defconfig builds an image format that needs
mkimage.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339544

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7cbf9c63e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:02:02 +02:00
Thomas Petazzoni
e614dac5eb configs/qemu_ppc_mpc8544ds: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_ppc_mpc8544ds_defconfig builds an image format that needs
mkimage.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339543

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b78c8a3b17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:01:52 +02:00
Thomas Petazzoni
c63064b03f configs/qemu_nios2_10m50: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for
qemu_nios2_10m50_defconfig builds an image format that needs mkimage.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339537

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7c2e5f0ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:01:43 +02:00
Thomas Petazzoni
982999598d configs/beaglebone: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), the Linux kernel build for beaglebone_defconfig
builds more things, including some .itb files, which require mkimage
with FIT support.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339433

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 80029da692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:01:20 +02:00
Thomas Petazzoni
3dc7deaba3 linux: split calling "all" and "$(LINUX_TARGET_NAME)" targets
In commit ffbe46a529 ("linux: simplify
LINUX_BUILD_CMDS"), we changed LINUX_BUILD_CMDS to essentially do:

  make all $(LINUX_TARGET_NAME)

Unfortunately, it turns out that it breaks the build of a number of
defconfigs, with errors such as:

  fixdep: error opening file: arch/xtensa/boot/lib/.inftrees.o.d: No such file or directory

Calling "all" and "$(LINUX_TARGET_NAME)" as separate make invocations
avoids this problem, and fixes the build of several defconfigs.

Fixes:

  ts7680_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339583

  qemu_xtensa_lx60_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339553

  roseapplepi_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339564

  qemu_xtensa_lx60_nommu_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339554

  qemu_ppc64_e5500_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339539

  freescale_t2080_qds_rdb_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339455

  arcturus_ucp1020_defconfig
  https://gitlab.com/buildroot.org/buildroot/-/jobs/199339399

Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add comment in the code to explain why we call the two make
targets separately, as suggested by Yann E. Morin]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 2a7cf511f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:00:48 +02:00
Fabrice Fontaine
637c1341fa package/mongodb: needs PCRE with UTF support
mongodb needs PCRE with UTF-8 support, see:
https://docs.mongodb.com/manual/reference/operator/query/regex/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2f23f70454)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 15:00:16 +02:00
Peter Korsgaard
6d3c671ef8 package/libxslt: add upstream security fix for CVE-2019-11068
Fixes the following security issue:

- CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection
  mechanism because callers of xsltCheckRead and xsltCheckWrite permit
  access even upon receiving a -1 error code.  xsltCheckRead can return -1
  for a crafted URL that is not actually invalid and is subsequently loaded.

Upstream bugtracker issue not yet public:
https://gitlab.gnome.org/GNOME/libxslt/issues/12

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 73edd3c21c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 14:57:51 +02:00