Commit Graph

49410 Commits

Author SHA1 Message Date
Bernd Kuhls
30c05ff3fc {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.3.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 20:45:42 +01:00
Pierre-Jean Texier
44649f6ce4 gitlab-ci.yml: regenerate after new defconfig addition
Fixes b68022c7cb ("board: add Beelink GS1 support")

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 20:45:10 +01:00
Angelo Compagnucci
2ddaa31bef package/pkg-generic: fix space formatting
This patch fixes a formatting issues where spaces were used instead of tabs.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 18:19:59 +01:00
Jens Kleintje
c5a6c8e664 package/gcnano-binaries: create directory before copying files
The directory $(1)/usr/include may not exist before copy files.

Signed-off-by: Jens Kleintje <scooby22@web.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 18:17:47 +01:00
Jens Kleintje
ee546d87bb package/gcnano-binaries: install .pc files
Qt needs the package config files for building.

Signed-off-by: Jens Kleintje <scooby22@web.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 18:17:24 +01:00
Peter Seiderer
54bcc1b188 package/libdrm: disable nouveau test for static build
Fixes:

  [46/66] Compiling C object 'tests/nouveau/e47a46e@@threaded@exe/threaded.c.o'.
  FAILED: tests/nouveau/e47a46e@@threaded@exe/threaded.c.o
  ./tests/nouveau/threaded.c:24:10: fatal error: dlfcn.h: No such file or directory
  #include <dlfcn.h>

[1] http://autobuild.buildroot.net/results/3042637f54d2d232904ea009455cae82e159ea2e

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 18:16:26 +01:00
Pierre-Jean Texier
02dda8f29b package/stunnel: bump to version 5.56
Release notes of the bugfix release:
 - https://www.stunnel.org/NEWS.html

Also:
 - rename COPYRIGHT.GPL to COPYRIGHT.md
 - rename COPYING to COPYING.md

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 18:13:39 +01:00
Peter Korsgaard
ae43087e62 package/jpeg-turbo: security bump to version 2.0.3
Fixes the following security vulnerabilities:

- CVE-2019-2201: In generate_jsimd_ycc_rgb_convert_neon of
  jsimd_arm64_neon.S, there is a possible out of bounds write due to a
  missing bounds check.  This could lead to remote code execution in an
  unprivileged process with no additional execution privileges needed.

For more details, see the upstream bugtracker:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361

Additionally, it fixes a number of other issues.  From the release notes:

- Fixed a regression in the SIMD feature detection code, introduced by the
  AVX2 SIMD extensions (2.0 beta1[1]), that was known to cause an illegal
  instruction exception, in rare cases, on CPUs that lack support for CPUID
  leaf 07H (or on which the maximum CPUID leaf has been limited by way of a
  BIOS setting.)

- The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the
  decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1)
  fancy chroma upsampling algorithm, rounding up or down the upsampled
  result for alternate pixels rather than always rounding down.  This
  ensures that, regardless of whether a 4:2:2 JPEG image is rotated or
  transposed prior to decompression (in the frequency domain) or after
  decompression (in the spatial domain), the final image will be similar.

- Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
  generate a progressive JPEG image on an SSE2-capable CPU using a scan
  script containing one or more scans with lengths divisible by 16 would
  result in an error ("Missing Huffman code table entry") and an invalid
  JPEG image.

- Fixed an issue whereby tjDecodeYUV() and tjDecodeYUVPlanes() would throw
  an error ("Invalid progressive parameters") or a warning ("Inconsistent
  progression sequence") if passed a TurboJPEG instance that was previously
  used to decompress a progressive JPEG image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-25 15:15:01 +01:00
Peter Korsgaard
0432e5713a package/bind: security bump to version 9.11.13
Fixes the following security vulnerabilities:

- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

(9.11.11..12 were not released)

Upstream moved to a 2019-2020 signing key, so update comment in hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-25 15:14:55 +01:00
Giulio Benetti
f49de1c4d3 package/libnss: security bump to version 3.47.1
Fixes the following security issues:
CVE-2019-11745: EncryptUpdate should use maxout, not block size

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-25 15:14:23 +01:00
Pierre-Jean Texier
2a9523cd99 package/python-crontab: fix check-package warning
Fixes:

package/python-crontab/Config.in:5: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
26 lines processed
1 warnings generated

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-25 15:11:39 +01:00
Grzegorz Blach
dad797a453 package/python-crontab: new package
Crontab module for reading and writing crontab files and accessing
the system cron automatically and simply using a direct API.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 23:04:09 +01:00
Bartosz Bilas
59fdcd7180 boot/barebox: bump version to 2019.11.0
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:54:10 +01:00
Romain Naour
5e5bae220e package/terminology: bump to version 1.6.0
See:
https://www.enlightenment.org/news/2019-11-16-terminology-1.6.0

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:53:48 +01:00
Peter Korsgaard
56f6eb564d configs/orangepi_r1: bump kernel and u-boot versions
Bump Linux to 5.3.12 and U-Boot to 2019.10.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:51:05 +01:00
Bernd Kuhls
7b3895bca5 package/libkcapi: bump version to 1.1.5
Removed patch applied upstream:
52620ec798

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:48:31 +01:00
Bernd Kuhls
6274f41913 package/libndp: bump version to 1.7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:46:44 +01:00
Bernd Kuhls
a17db95253 package/libgudev: bump version to 233
Release notes:
http://ftp.gnome.org/pub/GNOME/sources/libgudev/233/libgudev-233.news

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:45:56 +01:00
Bernd Kuhls
75ea09dc56 package/libedit: bump version to 20190324-3.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:45:20 +01:00
Bernd Kuhls
00df4cdabf package/libcgi: bump version to 1.3.0
Removed patches applied upstream:
d7cf836905
58edd50890

Added upstream-provided md5 hash.

Upstream moved and renamed license file COPYING and added MIT license
file:
86e88b4b05

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 22:43:09 +01:00
Fabrice Fontaine
a8ef6a5b92 package/libftdi1: fix license
The GPL only applies to the C++ bindings and eeprom utility, which are
conditionally enabled with BR2_PACKAGE_LIBFTDI1_LIBFTDIPP1 and
BR2_PACKAGE_LIBFTDI1_FDTI_EEPROM, respectively.

The COPYING.LIB is indeed the LGPL-2.0, but the source file for
libftdi1 states LGPL-2.1-only, see src/ftdi.c

The src/ftdi_stream.c also bears a notice of the MIT license, so the
library itself is under both LGPL-2.1-only and MIT.

Note: the COPYING.GPL license file may get added twice to the list, but
that is not a problem in practice: it is just copied twice.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - GPL-2.0 also applies to the ftdi_eeprom utility
  - s/ftdipp1/libftdipp1/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 22:18:12 +01:00
Yann E. MORIN
4a8f06e0f2 package/libftdi: remove unused license
Commit 9b0b15e90b (package/libftdi: add license) was too hastily fixed,
with confusion between libftdi and libftdi1. The MIT-licensed file is
not present in libftdi; it is only in libftdi1.

Remove the unused MIT license from the list.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 22:17:57 +01:00
Fabrice Fontaine
274a4092ee package/systemd: fix license hash
Bump to 243.4 forgot to update hash of README file (update to the
requirements).

Fixes:
 - http://autobuild.buildroot.org/results/eae13046b90253cdb2bf260e10b316386dff4eb1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why README was changed]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 20:14:40 +01:00
Fabrice Fontaine
9b0b15e90b package/libftdi: add license
The COPYING.LIB license file contains the test of the LGPL-2.0, but the
source code itself explicitly refers to the GPL-2.1-only. Additionally,
parts of the library (src/ftdi_stream.c) are under the MIT license.

The C++ bindings are udner the GPL-2.0-only with an exception, which is
expressed in the LICENSE file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - the library is under both GPL-2.1-only and MIT
  - the GPL-2.0-only only applies to the C++ bindings
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 14:29:18 +01:00
Fabrice Fontaine
9d1b48a1e5 package/gob2: add license
gob2 itself is GPL-2.0+, but it is a code generator. The code generated
by gob2 id not covered by gob2's license, and this is made explicit in
an accompanying license file.

So we include both license files.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - add COPYING.generated-code
  - expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 12:15:40 +01:00
Peter Korsgaard
fc1c7e5961 Update for 2019.11-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 11:15:16 +01:00
Clément Péron
e26f5ad712 board/beelink_gs1: enable mdev and dhcp on eth0
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 09:47:24 +01:00
Clément Péron
b68022c7cb board: add Beelink GS1 support
Signed-off-by: Clément Péron <peron.clem@gmail.com>
[Peter: explicitly use kernel 5.3.12]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-24 09:47:24 +01:00
Fabrice Fontaine
964d31a99e package/tftpd: add license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-24 09:26:02 +01:00
Thomas Petazzoni
14c3e876d3 package/faifa: fix incorrect library symlink
As spotted in
http://autobuild.buildroot.net/results/a61/a612cb7a85927d8cfe55c95c34d2901e7694fab0//diffoscope-results.txt,
faifa installs a library symlink with an incorrect target, which was
detected by the reproducible build logic, but is in fact wrong in any
case:

-lrwxrwxrwx   0        0        0        0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-1/target/usr/lib/libfaifa.so.0
+lrwxrwxrwx   0        0        0        0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-2/target/usr/lib/libfaifa.so.0

In practice, this is not a problem at runtime, as the .so symlink is
not used: the library soname is libfaifa.so.0. However, it still makes
sense to fix.

It is fixed by backporting an upstream commit. We considered bumping
to a newer version, but the latest version requires a new dependency
(libevent), so we preferred the backporting approach.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 22:29:10 +01:00
Jérémy Rosen
d3af5d7040 package/systemd: bump to v243.4
Upstream systemd-stable has started tagging point releses.

The commit we currently used has now been tagged as v243.3, and this
brings us to v243.4.

Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
  - expand commit log to explain previous version
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 22:23:12 +01:00
Baruch Siach
ecaede1d82 package/cpuburn-arm: new package
cpuburn-arm burns CPU cycles to generate as much heat as possible.
Useful for stress testing.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr:
  - fix title  (Thomas)
  - simplify and rename _ARCH_SUPPORTS  (Thomas)
]
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 22:19:34 +01:00
Fabrice Fontaine
d66e515ea9 package/librsync: bump to version 2.2.1
librsync can be built statically through the standard cmake
BUILD_SHARED_LIBS option since version 2.2.0 and
1ad3c7c600

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:40:29 +01:00
Fabrice Fontaine
293bed3977 package/whois: bump to version 5.5.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:39:46 +01:00
Fabrice Fontaine
5645107c39 package/libxslt: bump to version 1.1.34
Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:39:12 +01:00
Fabrice Fontaine
a25e67fe87 package/libidn2: bump to version 2.3.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:38:57 +01:00
Fabrice Fontaine
9318345c9a package/tinycbor: bump to version 0.5.3
Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:38:12 +01:00
Fabrice Fontaine
4fd660c2f4 package/libffi: bump to version 3.3
Update hash for license file (update in year:
058aa41304)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:37:51 +01:00
Peter Korsgaard
8e5c2ec556 package/fatcat: bump version to 1.1.0
The tag now has a 'v' prefix, so handle that in the github macro.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:37:44 +01:00
Titouan Christophe
dfcb5fc9c9 package/redis: bump to version 5.0.7
Changes announced upstream:

Upgrade urgency HIGH: many issues fixed, some may have an impact.
Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 21:35:42 +01:00
Peter Korsgaard
b3aaa725f1 package/asterisk: security bump to version 16.6.2
Fixes the following security vulnerabilities:

AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address.  A REGISTER does not need to occur, and calls can be hijacked as a
result.  The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known.  This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.

https://downloads.asterisk.org/pub/security/AST-2019-006.pdf

AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.

https://downloads.asterisk.org/pub/security/AST-2019-007.pdf

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.

https://downloads.asterisk.org/pub/security/AST-2019-008.pdf

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 19:27:39 +01:00
Adam Duskett
d6d3d66d93 package/zip: add license hash
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 19:23:37 +01:00
Adam Duskett
9465182eb8 package/perl: add license hash
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 19:23:35 +01:00
Fabrice Fontaine
808a54aa3b package/spice: security bump to version 0.14.2
- Fix CVE-2019-3813: fix off-by-one error in group/slot boundary check
- Add license hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 14:27:09 +01:00
Fabrice Fontaine
371e6adc15 package/spice-protocol: bump to version 0.14.0
- This bump is needed for spice 0.14.2
- Add license hash

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 14:26:41 +01:00
Matt Weber
483b43899c package/rsyslog: bump to 8.1911.0
https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 14:18:02 +01:00
Peter Korsgaard
e487649e2e package/glibc: install utilities into their standard locations
As pointed out by Carlos, ldconfig normally goes into /sbin, and getconf +
ldd into /usr/bin, so do that here as well instead of installing everything
to /bin.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 13:42:20 +01:00
Francois Perrad
01134ca99a package/perl: bump to version 5.30.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 13:37:05 +01:00
Bernd Kuhls
a7ba9c54b4 package/php: bump version to 7.3.12
Release notes of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.3.12

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 11:58:22 +01:00
Adrian Perez de Castro
3b8c95a08d package/webkitgtk: security bump to version 2.26.2
This is a minor release which includes fixes for CVE-2019-8812 and
CVE-2019-8814.

This release also fixes the build with WebDriver disabled and without
X11, so "0001-GTK-ANGLE-s-eglplatform.h-is-build-broken-with-DENAB.patch"
and "0002-WPE-GTK-Build-fails-with-ENABLE_WEBDRIVER-OFF.patch" are not
needed anymore (and therefore removed). There is also a performance
improvement for a regression related to fallback font selection, and a
couple of small fixes. The full release notes are available at:

  https://webkitgtk.org/2019/11/06/webkitgtk2.26.2-released.html

The detailed security advisory can be found at:

  https://webkitgtk.org/security/WSA-2019-0006.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-23 11:56:41 +01:00