Commit Graph

70033 Commits

Author SHA1 Message Date
Fabrice Fontaine
073b0fc9c1 package/flashrom: bump to version 1.3.0
https://www.flashrom.org/release_notes/v_1_3.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:33:31 +01:00
Bernd Kuhls
e110aad3ab package/kodi-pvr-iptvsimple: bump version to 20.11.1-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:33:24 +01:00
Stefan Agner
ae2dc6ae61 package/docker-cli: bump version to v24.0.7
Minor bugfix in docker ps status description.

https://github.com/moby/moby/releases/tag/v24.0.7

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:33:17 +01:00
Stefan Agner
d2290e6141 package/docker-engine: bump version to v24.0.7
The overlay2 layers metadata are now written atomically. Many other
bugfixes and hardening against security issues around the power capping
framework.

https://github.com/moby/moby/releases/tag/v24.0.7

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:33:11 +01:00
Bernd Kuhls
c76fc2cda1 package/onevpl-intel-gpu: bump version to 23.4.0
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:33:04 +01:00
Sergey Bobrenok
b02338f066 package/sdbus-cpp: bump to version 1.4.0
Changelog:
https://github.com/Kistler-Group/sdbus-cpp/releases/tag/v1.4.0

Signed-off-by: Sergey Bobrenok <bobrofon@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:32:58 +01:00
Bernd Kuhls
c4006bff7c package/libopenssl: security bump version to 3.1.4
Fixes CVE-2023-5363:
https://www.openssl.org/news/secadv/20231024.txt
https://www.openssl.org/news/vulnerabilities.html

Changelog: https://www.openssl.org/news/cl31.txt

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:32:52 +01:00
Bernd Kuhls
c1b3aac218 package/tvheadend: bump version
Fixes build with python 3.12.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:32:46 +01:00
Bernd Kuhls
96298d3b54 {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 5}.x series
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:32:40 +01:00
Bernd Kuhls
a40924107d package/php: bump version to 8.2.12
Changelog: https://www.php.net/ChangeLog-8.php#8.2.12
Release notes: https://www.php.net/releases/8_2_12.php

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 09:32:33 +01:00
Oleg Lyovin
3c6f3af24d package/python-pycryptodomex: fix package build with gcc 4.8
python-pycryptodomex uses C99 features like variable
declaration in for-loop statement, while old compilers
assumes C89 by default.

This patch explicitly specifies C99 standard.

Signed-off-by: Oleg Lyovin <ovlevin@salutedevices.com>
[yann.morin.1998@free.fr: use TARGET/HOST_CFLAGS]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 00:30:17 +02:00
Fabrice Fontaine
836a11aaa6 package/spirv-tools: needs C++17
Fix the following build failure raised since the addition of the package
in commit 0a01085abe:

CMake Error at CMakeLists.txt:17 (project):
  No CMAKE_CXX_COMPILER could be found.

Fixes:
 - http://autobuild.buildroot.org/results/aff5b968342bf05f036c8e1e557c404060345d30

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: needs C++ for itself, drop inherited comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-29 00:06:35 +02:00
Fabrice Fontaine
f1b14ea5a3 package/acsccid: bump to version 1.1.10
https://sourceforge.net/p/acsccid/news/2023/04/acsccid-119-released/
https://sourceforge.net/p/acsccid/news/2023/08/acsccid-1110-released/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 23:05:37 +02:00
Fabrice Fontaine
1f3319e0bb package/cppzmq: bump to version 4.10.0
https://github.com/zeromq/cppzmq/releases/tag/v4.10.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:50:22 +02:00
Fabrice Fontaine
e324475294 package/cli11: bump to version 2.3.2
Update hash of LICENSE file (update in year:
39a5f1981e)

https://github.com/CLIUtils/CLI11/releases/tag/v2.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:50:16 +02:00
Fabrice Fontaine
654f18c617 package/cjson: bump to version 1.7.16
https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:50:10 +02:00
Fabrice Fontaine
98d0a7b95f package/x11r7/xlib_libX11: security bump to version 1.8.7
Fix CVE-2023-43785, CVE-2023-43786 and CVE-2023-43787

https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://lists.x.org/archives/xorg-announce/2023-October/003426.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:50:04 +02:00
Fabrice Fontaine
c709ab6fff package/x11r7/xlib_libXpm: security bump to version 3.5.17
Fix CVE-2023-43788, CVE-2023-43789 and CVE-2023-43786

https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://lists.x.org/archives/xorg-announce/2023-October/003425.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:58 +02:00
Fabrice Fontaine
e0e96336ab package/python-urllib3: security bump to version 2.0.7
Fix CVE-2023-43804 and CVE-2023-45803

https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
https://github.com/urllib3/urllib3/blob/2.0.7/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:52 +02:00
Fabrice Fontaine
7217661e3a package/cryptopp: bump to version 8.9.0
- Drop patch (already in version)
- Update hash of License.txt (minor updates with:
  bc2c8423a1
  b418f93483
  2bce06d5db)

https://www.cryptopp.com/release890.html
https://www.cryptopp.com/release880.html
https://www.cryptopp.com/release870.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:46 +02:00
Fabrice Fontaine
c3fcaeaaa7 package/rabbitmq-c: fix CVE-2023-35789
An issue was discovered in the C AMQP client library (aka rabbitmq-c)
through 0.13.0 for RabbitMQ. Credentials can only be entered on the
command line (e.g., for amqp-publish or amqp-consume) and are thus
visible to local attackers by listing a process and its arguments.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:40 +02:00
Fabrice Fontaine
afe32537d1 package/avrdude: bump to version 7.2
https://github.com/avrdudes/avrdude/blob/v7.2/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:34 +02:00
Fabrice Fontaine
cf746901dd package/powerpc-utils: bump to version 1.3.11
https://github.com/ibm-power-utilities/powerpc-utils/blob/v1.3.11/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:27 +02:00
Fabrice Fontaine
145f01ded5 package/dracut: bump to version 059
https://github.com/dracutdevs/dracut/blob/059/NEWS.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:20 +02:00
Fabrice Fontaine
e96b1c4b0b package/tiff: security bump to version 4.6.0
- Drop --without-x (now unrecognized)
- Fix CVE-2023-40745: LibTIFF is vulnerable to an integer overflow. This
  flaw allows remote attackers to cause a denial of service (application
  crash) or possibly execute an arbitrary code via a crafted tiff image,
  which triggers a heap-based buffer overflow.
- Fix CVE-2023-41175: A vulnerability was found in libtiff due to
  multiple potential integer overflows in raw2tiff.c. This flaw allows
  remote attackers to cause a denial of service or possibly execute an
  arbitrary code via a crafted tiff image, which triggers a heap-based
  buffer overflow.

https://libtiff.gitlab.io/libtiff/releases/v4.6.0.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:14 +02:00
Fabrice Fontaine
8c70374c4f package/atop: bump to version 2.9.0
https://www.atoptool.nl/downloadatop.php

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:08 +02:00
Fabrice Fontaine
8716942ca6 package/zchunk: security bump to version 1.3.2
- Drop patches (already in version)
- tests can be disabled since version 1.2.3 and
  e2e3d6b14e
- docs can be disabled since version 1.2.3 and
  af6c10e8be
- Fix CVE-2023-46228: zchunk before 1.3.2 has multiple integer overflows
  via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c,
  lib/dl/multipart.c, or lib/header.c.

https://github.com/zchunk/zchunk/compare/1.2.2...1.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:02 +02:00
Fabrice Fontaine
3499c75ccf package/zchunk: add ZCHUNK_CPE_ID_VENDOR
cpe:2.3🅰️zchunk:zchunk is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/480C0B83-3109-49EE-9E06-7866A54878CA

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:48:55 +02:00
Fabrice Fontaine
3155bd54eb package/spirv-headers: needs C++
Fix the following build failure raised since the addition of the package
in commit 0a01085abe:

CMake Error at /home/buildroot/autobuild/instance-3/output-1/host/share/cmake-3.27/Modules/CMakeTestCXXCompiler.cmake:60 (message):
  The C++ compiler

    "/usr/bin/c++"

  is not able to compile a simple test program.

Fixes:
 - http://autobuild.buildroot.org/results/4b94edf6dee03e74ff53939aa228069cc6ba4292

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: propagate to spirv-tools]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:41:23 +02:00
Peter Korsgaard
ecce7bf95a package/dfu-programmer: bump version to 1.1.0
The update-bash-completion.sh issue is now fixed, so remove the workaround:

https://github.com/dfu-programmer/dfu-programmer/pull/91

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 21:30:36 +02:00
Peter Korsgaard
99d525028f package/aufs-util: use HTTPS for git.code.sf.net
git.code.sf.net is available over HTTPS, so use that for security and
consistency with the other packages.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 21:30:30 +02:00
Peter Korsgaard
f2a590750f package/aufs: use HTTPS for git.code.sf.net
git.code.sf.net is available over HTTPS, so use that for security and
consistency with the other packages.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 21:30:24 +02:00
Peter Korsgaard
05296ced36 Config.in: default to HTTPS for s.b.n backup site
Now that we have HTTPS support for sources.buildroot.net (through Lets
encrypt / Cloudflare), it makes sense to default to it for our backup site.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 21:30:18 +02:00
Peter Korsgaard
cf2dcaa1ec package/riscv64-elf-toolchain: add .hash file
The host-riscv64-elf-toolchain package was missing a hash file, add it now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 21:30:12 +02:00
Adrian Perez de Castro
d4fc46f751 package/xdg-dbus-proxy: fix tarball name in hash file
Fixes: 487761a5b2 ("package/xdg-dbus-proxy: bump to version 0.1.5")
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-26 18:58:11 +02:00
Alistair Francis
91381143e8 package/libspdm: bump version to 3.1.0
Drop now upstreamed patches.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:22:07 +02:00
Giulio Benetti
ed573043b5 package/libblockdev: bump to version 3.0.4
Update local patch to add missing strerror_l() to other files.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:17:15 +02:00
Giulio Benetti
359abca84c package/harfbuzz: bump to version 8.2.2
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:17:06 +02:00
Francois Perrad
33065ef61e package/moarvm: bump to version 2023.10
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:07:24 +02:00
Francois Perrad
c87abf01a9 package/janet: bump to version 1.32.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:07:03 +02:00
Fabrice Fontaine
97d6a77d1e package/paho-mqtt-c: bump to version 1.3.13
https://github.com/eclipse/paho.mqtt.c/releases/tag/v1.3.13

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:06:09 +02:00
Fabrice Fontaine
f6890c1c4e package/dhcpcd: bump to version 10.0.4
https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.0.2
https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.0.3
https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.0.4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:05:57 +02:00
Bernd Kuhls
871f611e5a package/intel-mediadriver: bump version to 23.3.5
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:04:44 +02:00
Christian Stewart
0629895dbf package/docker-compose: bump version to v2.23.0
Significant update with new features & fixes.

Full release notes:

https://github.com/docker/compose/releases/tag/v2.23.0

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 22:04:31 +02:00
Julien Olivain
68689a6cbc package/rdma-core: bump to version v48.0
For change log, see:
https://github.com/linux-rdma/rdma-core/releases/tag/v48.0

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-25 21:54:26 +02:00
Peter Korsgaard
fefcfddc5e package/mxsldr: add .hash file
The host-mxsldr package was missing a hash file, add it now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-25 21:52:00 +02:00
Fabrice Fontaine
de7bc4ada2 package/minizip-zlib: fix CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant
heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long
filename, comment, or extra field. NOTE: MiniZip is not a supported part
of the zlib product.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 21:16:46 +02:00
Fabrice Fontaine
17ffb91551 package/libtommath: add LIBTOMMATH_CPE_ID_VENDOR
cpe:2.3🅰️libtom:libtommath is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/F0D99614-AA27-4713-ADD2-103647C8838B

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 21:16:22 +02:00
Fabrice Fontaine
07c44afc8d package/nghttp2: security bump to version 1.57.0
Fix CVE-2023-44487: The HTTP/2 protocol allows a denial of service
(server resource consumption) because request cancellation can reset
many streams quickly, as exploited in the wild in August through October
2023.

Fix CVE-2023-35945: nghttp2 fails to release memory when PUSH_PROMISE or
HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback fails
with a fatal error. For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6pcr-v3hg-752p
https://github.com/nghttp2/nghttp2/compare/v1.41.0...v1.57.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 21:15:52 +02:00
Fabrice Fontaine
7385c7f8b3 package/wireshark: security bump to version 4.0.10
https://www.wireshark.org/news/20231004.html
https://www.wireshark.org/news/20231004a.html

Fix CVE-2023-5371:
https://www.wireshark.org/security/wnpa-sec-2023-27.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-25 21:14:46 +02:00