Commit Graph

55980 Commits

Author SHA1 Message Date
Petr Vorel
84968aa495 package/ltp-testsuite: bump version to 20210121
Add --disable-metadata configure option. Buildroot by default disable
packages' doc generation.  Also generating LTP metadata documentation
would require have host package, which could be complicated since the
LTP build system is autoconf but not automake based.

Drop cacheflush01 patch (from this release) and rebase musl workaround
patch.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-22 20:07:03 +01:00
Petr Vorel
16f5b79130 package/ltp-testsuite: update patch status
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-22 20:06:43 +01:00
Baruch Siach
7e2d2b1bcb package/tcpdump: bump to version 4.99.0
Drop upstream security patch.

Rename --with-system-libpcap to --disable-local-libpcap following
upstream change.

The configure scripts uses pkg-config to find libpcap, add host-pkgconf
dependency.

pkg-config handles static build for us. Remove explicit static build
handling.

Use https for SITE to save redirect.

Update license file hash due to whitespace changes.

Format hashes with two space delimiters.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-22 20:05:52 +01:00
Baruch Siach
34708006e2 package/libpcap: bump to version 1.10.0
configure script now uses pkg-config. Add host-pkgconf dependency.

pkg-config should provide necessary info for libnl build/link. Don't
pass paths to configure.

Add --without-dpdk to make sure we don't link with host installed
libraries.

Format hashes with two space delimiters.

Use https for SITE to save redirect.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-22 20:05:02 +01:00
Jianhui Zhao
ac7a7c308c package/rtty: bump version to 7.2.1
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-22 20:04:42 +01:00
Fabrice Fontaine
90a82161b6 package/libgcrypt: bump to version 1.9.0
Drop first patch (already in version)

https://dev.gnupg.org/T4294

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-21 23:03:39 +01:00
Fabrice Fontaine
b251b57f08 package/libgcrypt: drop LIBGCRYPT_DISABLE_TESTS
Drop LIBGCRYPT_DISABLE_TESTS which is not needed since commit
ef79770dcd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-21 23:03:39 +01:00
Maxim Kochetkov
5cff0c8a2d package/timescaledb: bump to version 2.0.0
Add patches needed for compatibility with Postgresql 13, which are
still under review upstream.

Debug builds (BR2_ENABLE_DEBUG=y) fails because of warnings, so
disable WARNINGS_AS_ERRORS.

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:48:16 +01:00
Fabrice Fontaine
4b6202f721 Replace LIBFOO_CPE_ID_NAME by LIBFOO_CPE_ID_PRODUCT
Replace LIBFOO_CPE_ID_NAME by LIBFOO_CPE_ID_PRODUCT to better "comply"
with the official "Well-Formed CPE Name Data Model" parameters:
 - https://csrc.nist.gov/publications/detail/nistir/7695/final
 - https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:43:24 +01:00
Fabrice Fontaine
d90cee6d11 Revert "docs/manual: replace LIBFOO_CPE_ID_PRODUCT"
This reverts commit ff13cb9414.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:42:01 +01:00
Fabrice Fontaine
497f989d75 package/poppler: add boost optional dependency
boost is an optional dependency which is enabled by default since
version 0.80.0 and
355fd8d58c

There is no cmake option to enable or disable this dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:40:51 +01:00
Bernd Kuhls
de128d9ad6 package/vlc: security bump version to 3.0.12
Removed patch which was applied upstream, removed md5 hash.

Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664

Added CPE_ID, cpe:2.3🅰️videolan:vlc_media_player is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:40:36 +01:00
Fabrice Fontaine
586b11c490 package/jack2: add JACK2_CPE_ID_VENDOR
cpe:2.3🅰️jackaudio:jack2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajackaudio%3Ajack2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:39:46 +01:00
Fabrice Fontaine
e51e35f352 package/jack2: bump to version 1.9.17
- Add COPYING as a license files, available since version 1.9.15 and
  d75ddb8230
- Update indentation in hash file (two spaces)

https://github.com/jackaudio/jack2/releases/tag/v1.9.15
https://github.com/jackaudio/jack2/releases/tag/v1.9.16
https://github.com/jackaudio/jack2/releases/tag/v1.9.17

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:39:39 +01:00
Fabrice Fontaine
e9e377dd80 package/atop: bump to version 2.6.0
wchar is needed since
fa101b4dc5

https://www.atoptool.nl/downloadatop.php

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:39:11 +01:00
Johan Oudinet
42bf38dca7 package/vuejs: bump version to 3.0.5
The vuejs developers have changed the way this package is distributed.
The tarball containing the dist files does not contain anymore the
LICENSE file. The license remains MIT but until it is reintroduced in
the tarball, we have to skip the license file hash verification.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:36:22 +01:00
Geoffrey Le Gourriérec
370e663593 configs/qemu_ppc_virtex_ml507: remove defconfig
Support for this board was removed in Linux upstream [1] since Xilinx
new design tools dropped these platforms in 2013, along with all
PPC405/PPC440 new designs. They are not maintained nor tested anymore.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7ade8495dcfd788a76e6877c9ea86f5207369ea4

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:36:12 +01:00
Geoffrey Le Gourriérec
742f37de8d configs/qemu_*: bump kernel version to 5.10.7
Bump most QEMU defconfigs (every one that was previously on 5.4.y)
to latest longterm kernel 5.10.7.

Please note the following exceptions/modifications:
- board/qemu/qemu_s390x_defconfig: ignored (already up to date)
- board/qemu/sh4*-r2d:
    - Remove the remaining kernel patch [1] provided by Alan Modra
      fixing rodata alignment, carried here by Romain Naour [2] to
      fix an issue preventing kernel from booting with binutils 2.23.
      Patch is present in upstream Linux now.
    - Fix compile-time error regarding 64-bit time data structures
      from kernel headers when building with uclibc. Previous fix [3]
      existed upstream; but see details below.
    - board/qemu/ppc-mpc8544ds: Updated kernel patch
- board/qemu/arm-versatile: Updated kernel patch
- board/qemu/mips*r6*: Updated kernel patch

Tested on all configs/qemu* configurations. [4]

[1] https://www.sourceware.org/ml/binutils/2019-12/msg00112.html
[2] https://git.busybox.net/buildroot/commit/?id=a2331c8a61bdd71c47492efc818fb0458a349219
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc94cf2092c7c1267fa2deb8388d624f50eba808
[4] https://gitlab.com/clumsyape/buildroot/-/pipelines/244024195

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:36:12 +01:00
Fabrice Fontaine
44f1f423f8 package/sysklogd: needs threads
threads is mandatory since version 2.0 and
f6e17bd6b3

Fixes:
 - http://autobuild.buildroot.org/results/33846ba0c6746c2befcd3c3ce0bbe0c5b32669ed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: reorder dependencies]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-21 22:27:42 +01:00
Fabrice Fontaine
e6b567941b package/sysklogd: set SYSKLOGD_CPE_ID_VALID
cpe:2.3🅰️sysklogd_project:sysklogd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysklogd_project%3Asysklogd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-21 22:24:41 +01:00
Fabrice Fontaine
db523a7842 package/sysklogd: drop unneeded hash
Commit 6a91580c11 added the hash of
0001-Define-_GNU_SOURCE_required_for_O_CLOEXEC_on_uClibc.patch but this
is not needed as this file is included in buildroot and not downloaded

While at it, update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-21 22:20:08 +01:00
Yann E. MORIN
f4a61d1ae2 package/pkg-meson.mk avoid host ccache detection
meson will by default try to detect the presence of ccache, and if
found, will use it unconditionally.

However, using a system-wide ccache, which would be using our own cache
directory, may very well conflict with our own ccache.

But there is no option to disable that meson behaviour. The only
workaround that is even the official documented way to do so, is to
actually pass environment variables that point to the compiler:

    https://mesonbuild.com/Feature-autodetection.html#ccache

For the host variants, we pass $(HOST_CONFIGURE_OPTS) in the environment,
and this contains correct settings for CC and CXX, so meson does not try
and detect ccache; it uses exactly what we tell it to use.

For the target variant, the settings for the cross-compiler are defined
in the cross-compilation file, and so meson just abides by our will. But
for the compiler-for-build, there is no way to specify the CC_FOR_BUILD
or CXX_FOR_BUILD via a cross-compilation file:

    https://mesonbuild.com/Machine-files.html
    https://mesonbuild.com/Cross-compilation.html

We could pass the full TARGET_CONFIGURE_OPTS in the environment, like we
do for the host variant, but this contains a lot more variables that are
supposed to be covered by the cross-compilation file.

So, we stay safe and just provide the exact two variables that meson
will use to avoid detecting ccache.

If the current configuration defines the use of ccache, then these two
variables will be properly setup to use our own ccache.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Norbert Lange <nolange79@gmail.com>
2021-01-21 22:11:46 +01:00
Fabrice Fontaine
37fe2998ef package/yaml-cpp: set YAML_CPP_CPE_ID_VALID
cpe:2.3🅰️yaml-cpp_project:yaml-cpp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ayaml-cpp_project%3Ayaml-cpp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:04:39 +01:00
Fabrice Fontaine
df2a0dd965 package/xscreensaver: set XSCREENSAVER_CPE_ID_VALID
cpe:2.3🅰️xscreensaver_project:xscreensaver is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Axscreensaver_project%3Axscreensaver

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:04:38 +01:00
Fabrice Fontaine
c362882cd4 package/znc: add ZNC_CPE_ID_VENDOR
cpe:2.3🅰️znc:znc is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aznc%3Aznc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:04:37 +01:00
Fabrice Fontaine
4af3af95a4 package/zsh: add ZSH_CPE_ID_VENDOR
cpe:2.3🅰️zsh:zsh is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Azsh%3Azsh

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:04:36 +01:00
Heiko Thiery
91a19ca891 package/libjpeg: add LIBJPEG_CPE_ID_VENDOR
cpe:2.3🅰️ijg:libjpeg is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aijg%3Alibjpeg

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:02:03 +01:00
Heiko Thiery
791b14a182 package/apparmor: add APPARMOR_CPE_ID_VENDOR
cpe:2.3🅰️canonical:apparmor is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acanonical%3Aapparmor

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:02:01 +01:00
Heiko Thiery
0c4e31219b package/aircrack-ng: add AIRCRACK_NG_CPE_ID_VENDOR
cpe:2.3🅰️aircrack-ng:aircrack-ng is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaircrack-ng%3Aaircrack-ng

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:02:00 +01:00
Heiko Thiery
db908ecfdf package/wireshark: add WIRESHARK_CPE_ID_VENDOR
cpe:2.3🅰️wireshark:wireshark is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awireshark%3Awireshark

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:59 +01:00
Heiko Thiery
1b9b24b381 package/jansson: add JANSSON_CPE_ID_VALID
cpe:2.3🅰️jansson_project:jansson is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajansson_project%3Ajansson

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:58 +01:00
Heiko Thiery
7edfc478ea package/cjson: set CJSON_CPE_ID_VALID
cpe:2.3🅰️cjson_project:cjson is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cjson

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:56 +01:00
Heiko Thiery
3a80cf7a8a package/samba4: add SAMBA4_CPE_ID_VENDOR and SAMBA4_CPE_ID_NAME
cpe:2.3🅰️samba:samba is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asamba%3Asamba

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:55 +01:00
Heiko Thiery
6863f00ab3 package/cifs-utils: add CIFS_UTILS_CPE_ID_VENDOR
cpe:2.3🅰️samba:cifs-utils is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asamba%3Acifs-utils

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:54 +01:00
Heiko Thiery
3bae85e443 package/libssh: add LIBSSH_CPE_ID_VENDOR
cpe:2.3🅰️libssh:libssh is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibssh%3Alibssh

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:53 +01:00
Heiko Thiery
3ee9d3ddf7 package/apache: add APACHE_CPE_ID_VENDOR and APACHE_CPE_ID_NAME
cpe:2.3🅰️apache:http_server is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Ahttp_server

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:52 +01:00
Heiko Thiery
546573d1b3 package/rauc: add RAUC_CPE_ID_VENDOR
cpe:2.3🅰️pengutronix:rauc is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/detail/850005?namingFormat=2.3&orderBy=CPEURI&keyword=rauc&status=FINAL

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:50 +01:00
Heiko Thiery
faa58c3834 package/angularjs: add ANGULARJS_CPE_ID_VENDOR and ANGULARJS_CPE_ID_NAME
cpe:2.3🅰️angularjs:angular.js is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=angularjs

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:49 +01:00
Heiko Thiery
c206942098 package/alsa-lib: add ALSA_LIB_CPE_ID_VENDOR
cpe:2.3🅰️alsa-project:alsa-lib is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alsa-lib

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:48 +01:00
Heiko Thiery
32f17574de package/iwd: add IWD_CPE_ID_VENDOR and IWD_CPE_ID_NAME
cpe:2.3🅰️intel:inet_wireless_daemon is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=iwd

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:01:47 +01:00
Romain Naour
4d16e6f532 package/gcc: fix gcc 8.4, 9.3 and 10.2 for sparcv8 (ss10)
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.

gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.

Reverting this patch allowed to produce a working rootfs.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 21:58:50 +01:00
Petr Vorel
d25818dfcc package/kmod: bump version to 28
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 21:40:50 +01:00
Peter Korsgaard
0e1b5aa572 packago/go: security bump to version 1.15.7
Fixes the following security issues:

- cmd/go: packages using cgo can cause arbitrary code execution at build time

  The go command may execute arbitrary code at build time when cgo is in use
  on Windows.  This may occur when running “go get”, or any other command
  that builds code.  Only users who build untrusted code (and don’t execute
  it) are affected.

  In addition to Windows users, this can also affect Unix users who have “.”
  listed explicitly in their PATH and are running “go get” or build commands
  outside of a module or with module mode disabled.

  Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

  This issue is CVE-2021-3115 and Go issue golang.org/issue/43783.

- crypto/elliptic: incorrect operations on the P-224 curve

  The P224() Curve implementation can in rare circumstances generate
  incorrect outputs, including returning invalid points from ScalarMult.

  The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages
  support P-224 ECDSA keys, but they are not supported by publicly trusted
  certificate authorities.  No other standard library or golang.org/x/crypto
  package supports or uses the P-224 curve.

  The incorrect output was found by the elliptic-curve-differential-fuzzer
  project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).

  This issue is CVE-2021-3114 and Go issue golang.org/issue/43786.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-21 17:02:19 +01:00
Peter Seiderer
cab81477dc package/libcamera: add optional lttng-libust dependency
Add optional lttng-libust support and enable tracing support
in case.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:57:51 +01:00
Peter Seiderer
7fe4599087 package/libcamera: bump version to de5d03673
- add new host-python3-jinja2 and host-python3-ply dependencies
- change android, documentation options from boolean to feature
- disable new tracing option (needs lttng-ust)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:56:59 +01:00
Peter Seiderer
2d7c614252 package/python3-ply: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:40:22 +01:00
Peter Seiderer
d3cbde6464 package/python3-jinja2: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:39:48 +01:00
Peter Seiderer
aa93ef1617 package/python3-markupsafe: add special host variant
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:39:13 +01:00
Andreas Hilse
6a91580c11 package/sysklogd: bump to version 2.1.2
- fixes: sysklogd 1.6 klogd with newer glibcs: kernel messages are
  logged to user facility
- sysklogd removed klogd, functionality has been moved to syslogd
- now supports config fragments in /etc/syslog.d
- disabled sysklogd logger to not interfere with other loggers
- license has changed from GPL-2.0+ to BSD-3-Clause

Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-19 22:21:25 +01:00
Fabrice Fontaine
f238791b6a package/unzip: switch to debian
https://sources.debian.org/data/main/u/unzip/6.0-25 is unreachable so
switch to the debian archive provided by snapshot.debian.org to retrieve
all debian patches at once.

While at it, also update indentation in hash file and add
UNZIP_IGNORE_CVES entries.

The Debian patch archive we refernce brings in a large set of patches,
some of them fixing CVEs. Since we only cary the Debian patch archive
as a single entity, just refer to it to identify all the CVEs the
individual patches there in are fixng.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - don't wrap _SITE line that is anyway too long even when wrapped
  - don't enumerate Debian patches one by one, just refere to them
    globally
  - as a consequence, reorder CVEs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-19 22:17:58 +01:00