Commit Graph

46471 Commits

Author SHA1 Message Date
Victor Huesca
ed91789711 package/ding-libs: adjust version variable
This package uses dashes as the version separator while
release-monitoring uses dots. As the <pkg>_VERSION is used to match
against release-monitoring, this patch changes the version variable to
use dots instead.

Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:54:40 +02:00
Asaf Kahlon
45e5cd5a2b package/zeromq: bump to version 4.3.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:46:22 +02:00
Pierre-Jean Texier
87168927fa package/uboot-tools: bump to version 2019.07
- Bump to version 2019.07.
- remove the patches that have been upstreamed.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:46:17 +02:00
Pierre-Jean Texier
3039498995 boot/uboot: bump to version 2019.07
See https://lists.denx.de/pipermail/u-boot/2019-July/375451.html

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:45:58 +02:00
Petr Vorel
f2dab90a0a package/iputils: bump to version s20190709
Remove all patches (accepted in this release).

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:43:09 +02:00
Pierre-Jean Texier
c2ea296355 configs/atmel_sama5d27_som1: add rng-tools package
More entropy is required at boot time for the ssh
daemon to start.

So, enable rngd which feeds the entropy to the kernel
entropy tool.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:13:36 +02:00
Pierre-Jean Texier
df7005975e configs/atmel_sama5d27_som1: bump to linux4sam_6.1
This commit :
	- bumps Linux & U-Boot to linux4sam_6.1.
	- bumps at91bootstrap to v3.8.13

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:12:41 +02:00
Adam Duskett
4d87f5a74c package/meson: bump version to 0.51.1
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:07:32 +02:00
Adam Duskett
87798871b2 package/libglib2: bump to version 2.60.5
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:07:26 +02:00
Giulio Benetti
b5942dcdc5 package/x11r7/xlib_libXfont2: work around gcc bug 85180
On Microblaze, with gcc versions < 8.x the build of xlib_libXfont2
hangs due to gcc bug 85180:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180.

The bug shows up when building xlib_libXfont2 with optimization but
not when building with -O0. To work around this, if
BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we force using -O0.

Fixes:

  http://autobuild.buildroot.net/results/21099d27c03948daaca2d1c149eeba084427e3af/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:05:47 +02:00
Sébastien Szymanski
009c59a261 package/unzip: update security and bug fix patches from Debian
Fix the URL and add three new patches. Quoting changelog [1]:

unzip (6.0-24) unstable; urgency=medium

  * Apply two patches by Mark Adler:
  - Fix bug in undefer_input() that misplaced the input state.
  - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
    Bug discovered by David Fifield. For reference, this is CVE-2019-13232.

 -- Santiago Vila <sanvila@debian.org>  Thu, 11 Jul 2019 18:03:34 +0200

unzip (6.0-23) unstable; urgency=medium

  * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
    Thanks to David Fifield for the report. Closes: #929502.

 -- Santiago Vila <sanvila@debian.org>  Wed, 29 May 2019 00:24:08 +0200

[1] https://sources.debian.org/data/main/u/unzip/6.0-24/debian/changelog

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:04:08 +02:00
Fabrice Fontaine
dd9ff142ac package/vte: add gnutls optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 14:54:26 +02:00
Peter Korsgaard
6cc7f3de53 package/redis: bump version to 5.0.5
>From the release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

================================================================================
Redis 5.0.5     Released Wed May 15 17:57:41 CEST 2019
================================================================================

Upgrade urgency CRITICAL: This release fixes an important AOF fysnc bug
                          and other less critical issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 13:37:46 +02:00
Fabrice Fontaine
726dcc6eee package/libvncserver: needs dynamic library
Disable libvncserver for static builds and drop second patch following
upstream feedback on patch fixing openssl issue:
https://github.com/LibVNC/libvncserver/pull/319

This will also fix build failure when building statically with libgcrypt

Don't update x11vnc, the reverse dependency of libvncserver, because
BR2_PACKAGE_XORG7 already depends on !BR2_STATIC_LIBS

Fixes:
 - http://autobuild.buildroot.org/results/8d7b109d085e3931a874c4fb99f465789485565a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 13:35:26 +02:00
Serhii Sakhno
48491aa0a4 {linux, linux-headers}: bump to version 5.2
Signed-off-by: Serhii Sakhno <sergei.sakhno@gmail.com>
[Peter: default to 5.2.x kernel headers]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:38:55 +02:00
Gilles Talis
c072ec18c0 package/xapian: bump to version 1.4.11
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:35:36 +02:00
Gilles Talis
28122f7867 package/webp: bump to version 1.0.2
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:35:28 +02:00
Gilles Talis
d766a61c78 package/iozone: bump to version 3_487
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:35:10 +02:00
Gilles Talis
a2be01d786 package/tesseract-ocr: bump to version 4.1.0
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:34:06 +02:00
Gilles Talis
10c18e740f package/leptonica: bump to version 1.78.0
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:33:57 +02:00
Bernd Kuhls
cc2a566f71 package/libcdio: bump version to 2.1.0
Upstream does not provide the .gz tarball anymore, switch to bz2.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:30:34 +02:00
Bernd Kuhls
655e9f0699 package/libxslt: bump version to 1.1.33
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:27:51 +02:00
Bernd Kuhls
c4fa336c69 DEVELOPERS: add Bernd Kuhls for freetype
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:26:52 +02:00
Bernd Kuhls
7bf175b7b9 package/freetype: bump version to 2.10.1
Upstream does not provide bz2 tarball anymore, switch to xz.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:24:22 +02:00
Bernd Kuhls
f2f52044d5 package/libva: bump version to 2.5.0
Removed patch which was applied upstream:
6724011e8b

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:22:24 +02:00
Atharva Lele
9c449f9dd8 fs/tar: explicitly set extended header values to ensure binary reproducibility
Since we use --xattrs-include='*' to include all extended attributes,
tar creates a PAX formatted archive. The archive metadata captures atime
and ctime of files. To fix this, GNU recommends that we pass this added
argument to tar to create binary reproducible packages. Setting of mtime
is handled in fs/common.mk using touch on all files.

Diffoscope output pre-change: https://gitlab.com/snippets/1871111
Diffoscope output after change is blank i.e. binary reproducibile rootfs
is created.

GNU Recommendation: https://www.gnu.org/software/tar/manual/tar.html#SEC147

Signed-off-by: Atharva Lele <itsatharva@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:21:11 +02:00
Fabrice Fontaine
3a8b7f75ac package/libiscsi: bump to version 1.19.0
- Remove patches (already in version)
- Use new configure options to disable examples, test-tool and tests
- Drop cunit optional dependency now that test-tool is always disabled

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:20:25 +02:00
Bernd Kuhls
0287136ff7 package/imagemagick: add upstream security fix for CVE-2019-13454
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:19:24 +02:00
Bernd Kuhls
7f7820c535 package/imagemagick: security bump to version 7.0.8-53
Fixes various CVE IDs:

CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13136,
CVE-2019-13137, CVE-2019-13295, CVE-2019-13296, CVE-2019-13297,
CVE-2019-13298, CVE-2019-13299, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13302, CVE-2019-13303, CVE-2019-13304, CVE-2019-13305,
CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309,
CVE-2019-13310, CVE-2019-13311, CVE-2019-13391

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:18:44 +02:00
Fabrice Fontaine
1052b1afb6 package/xkeyboard-config: bump to version 2.27
Drop host-intltool dependency, not needed since
e8026f673e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:18:12 +02:00
Bernd Kuhls
af252509d3 package/x11r7/xapp_xauth: bump version to 1.1
Added all hashes provided by upstream, added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:17:16 +02:00
Bernd Kuhls
815edff5d6 package/libpciaccess: bummp version to 0.15
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:16:47 +02:00
Bernd Kuhls
29367651e0 package/dovecot-pigeonhole: bump version to 0.5.7
Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-July/000413.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:16:05 +02:00
Bernd Kuhls
f24cb3414f package/dovecot: bump version to 2.3.7
Switched _SITE to dovecot.org according to release notes:
https://dovecot.org/pipermail/dovecot-news/2019-July/000412.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:15:03 +02:00
Fabrice Fontaine
645a4e962d package/acpica: bump to version 20190703
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:14:14 +02:00
Arnout Vandecappelle (Essensium/Mind)
e875c2ffd2 docs/manual: 'Fixes' tag needs a colon
Apparently, patchwork only recognizes the 'Fixes' tag if it is followed
by a colon. So make sure the manual documents it as such.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:13:56 +02:00
Pierre-Jean Texier
26053dfbee DEVELOPERS: add Pierre-Jean Texier for stunnel
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:12:44 +02:00
Pierre-Jean Texier
3b4f242e67 package/stunnel: bump version to 5.55
See https://www.stunnel.org/ChangeLog.md.html

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:12:09 +02:00
Pierre-Jean Texier
d00f9680ef boot/at91bootstrap3: bump to version 3.8.13
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:09:26 +02:00
Bernd Kuhls
856dd2f874 package/ffmpeg: bump version to 4.1.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:08:55 +02:00
Bartosz Bilas
ce74d82517 boot/barebox: bump version to 2019.07.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:06:39 +02:00
Adam Duskett
906ed044aa package/python3: security bump to version 3.7.4
Fixes the following security issues:

- bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with
  additional text after the address and only quad-dotted notation without
  trailing whitespaces.  Some inet_aton() implementations ignore whitespace
  and all data after whitespace, e.g.  ‘127.0.0.1 whatever’.

- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file://
  and local_file:// URL schemes in URLopener().open() and
  URLopener().retrieve() of urllib.request.

- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded
  whitespace or control characters through into the underlying http client
  request.  Such potentially malicious header injection URLs now cause an
  http.client.InvalidURL exception to be raised.

- bpo-33529: Prevent fold function used in email header encoding from
  entering infinite loop when there are too many non-ASCII characters in a
  header.

- bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and
  if the PATH environment variable is not set.  Remove also the current
  directory from posixpath.defpath.  On Unix, shutil.which() and the
  subprocess module no longer search the executable in the current directory
  if the PATH environment variable is not set.

Also remove the following upstreamed patches:
  - 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
  - 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:03:05 +02:00
Pierre-Jean Texier
340df670fa configs/warp7: Bump kernel and U-Boot versions
Bump U-Boot to 2019.07 and kernel to version 5.1.16.

Also
 - adjust the U-Boot binary name after DM conversion.
 - add missing notes about DFU

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Tested-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 11:57:39 +02:00
Pierre-Jean Texier
0ef236c726 package/python-django: bump to version 2.2.3
See https://docs.djangoproject.com/en/2.2/releases/2.2.3/

Also, 2.2.x is the new LTS series.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 11:57:22 +02:00
Baruch Siach
410e8a5977 package/gnupg2: security bump to version 2.2.17
This release mitigates the effects of the denial-of-service attacks on
the keyserver network (CVE-2019-13050).

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
https://access.redhat.com/articles/4264021

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 11:56:58 +02:00
Bernd Kuhls
d5225c5f6d package/{mesa3d, mesa3d-headers}: bump version to 19.0.8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-14 00:36:51 +02:00
Jerzy Grzegorek
e36a63cf6b checkpackagelib/lib_config.py: check packages alphabetical order in {Config.in, Config.in.host}
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
[Arnout:
 - calculate level by counting - instead of with a static array;
 - new_package is only used locally, so don't make it a class member;
 - do indentation according to length of prefix;
 - don't split string in the middle of a line;
 - report first wrong package per menu;
 - do replace() only once;
 - add comment why we do replace().
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-14 00:21:26 +02:00
Jerzy Grzegorek
4e655134cd package/Config.in: fix alphabetical order
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-13 23:26:40 +02:00
Romain Naour
da70a55a19 package/gcc: enable gcc 9.1 for ork1 (openrisc)
openrisc support has been added with gcc 9.1.
Keep for now the old gcc 5 fork for ork1.

https://gcc.gnu.org/gcc-9/changes.html

Tested using qemu_or1k_defconfig.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-13 23:09:03 +02:00
Yann E. MORIN
0b630b5bf3 arch/arm: add two new non-cortex-based armv8.2a cores
The Neoverse N1 CPU was supported in GCC earlier through the codename Ares [1].

[1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=37cf0ddecfd1eb5c6852a44135af5a92e5103931

Build tested:
https://gitlab.com/kubu93/buildroot/pipelines/60318953

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Romain: rename BR2_ares to BR2_neoverse_n1]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Arnout: 'aka' instead of 'alias']
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-13 23:06:23 +02:00