Commit Graph

45271 Commits

Author SHA1 Message Date
Bernd Kuhls
69df3d8e16 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{2, 3}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17ec040ff5)
[Peter: drop 5.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-28 09:43:43 +01:00
Peter Korsgaard
a9b6cb7cca package/ruby: security bump to version 2.4.9
Fixes the following security vulnerability:

(Bundled jquery)
- CVE-2012-6708: jQuery before 1.9.0 is vulnerable to Cross-site Scripting
  (XSS) attacks.  The jQuery(strInput) function does not differentiate
  selectors from HTML in a reliable fashion.  In vulnerable versions, jQuery
  determined whether the input was HTML by looking for the '<' character
  anywhere in the string, giving attackers more flexibility when attempting
  to construct a malicious payload.  In fixed versions, jQuery only deems
  the input to be HTML if it explicitly starts with the '<' character,
  limiting exploitability only to attackers who can control the beginning of
  a string, which is far less common.

- CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting
  (XSS) attacks when a cross-domain Ajax request is performed without the
  dataType option, causing text/javascript responses to be executed.

https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

- CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test

https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/

- CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)

https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/

- CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?

https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/

- CVE-2019-16201: Regular Expression Denial of Service vulnerability of
  WEBrick's Digest access authentication

https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/

2.4.9 fixes a packaging bug in 2.4.8:

https://www.ruby-lang.org/en/news/2019/10/02/ruby-2-4-9-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit dc487302b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-25 23:46:46 +02:00
Ricardo Martincoski
bf01b685ce support/testing: provide entropy to lua tests
Newer versions of lua-http require entropy.
Switch to use armv5 builtin kernel that already provides entropy for all
lua tests.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/269139374
https://gitlab.com/buildroot.org/buildroot/-/jobs/269139376

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eb6b0fd87a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-16 14:09:58 +02:00
Ricardo Martincoski
e8335c0097 support/testing: provide entropy to perl tests
Newer versions of perl-io-socket-ssl require entropy.
Switch to use armv5 builtin kernel that already provides entropy for all
perl tests.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/269139402

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a565917046)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-16 14:07:04 +02:00
Ricardo Martincoski
f650b34ca4 support/testing: add builtin armv5 kernel 4.19 with entropy
More and more packages being tested by the test infra, e.g. syslog-ng,
need entropy at startup, usually reading from /dev/random.

Some test cases can also depend on a kernel version newer than the
builtin ones already provided by the test infra:
 - 3.11.0 for armv5;
 - 4.0.0 for armv7.

Add a new builtin kernel to be used by such test cases.
Add it for armv5 so most test cases that switch to use this kernel can
keep using BASIC_TOOLCHAIN_CONFIG.
Use the same kernel version and kernel config as qemu_arm_versatile plus
HW_RANDOM_VIRTIO for VirtIORNG to be usable.
Copy the actual binary file from the syslog-ng runtime test at current
master @ 29e1cb8884.

Since there is already a 'kernel-versatile' file on autobuild.buildroot.net
and we must keep it with this name for reproducibility purposes, create a
simple naming convention for newer builtin kernel images and dtb files:
kernel-<defconfig>-<kernel_series_version>
<dtb_name>-<kernel_series_version>.dtb
Pass '-device virtio-rng-pci' to qemu when this kernel is used.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: use this new kernel instead of the old builtin/armv5 kernel]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7acb32dabb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-16 14:03:12 +02:00
Peter Korsgaard
d371c87626 package/cups-filters: fix ln -r workaround for older patch versions
Fixes:
http://autobuild.buildroot.net/results/d06/d06f908cbe80340312bdfe1b75cb577b68cd46d8/

0001-install-support-old-ln-versions-without-the-r-option.patch adds a
ln-srf script for older distributions to emulate 'ln -r', but GNU patch <
2.7 does not handle the git patch permission extensions - So ensure it is
executable.

https://savannah.gnu.org/forum/forum.php?forum_id=7361

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-05 08:02:29 +02:00
Giulio Benetti
5ef39137f1 toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_68485
GCC hangs while building brotli for the Microblaze Arch:
http://autobuild.buildroot.net/results/d86/d86251974a0a348a64d9a1d1fd7d02dd4aff0792/

Originally reported for gpsd:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485

Still not fixed. Every Microblaze Gcc version up to and including 9.1
is affected.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 42fc571bca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-04 21:02:12 +02:00
Peter Korsgaard
4564d8f397 Update for 2019.02.6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-03 17:10:38 +02:00
Peter Korsgaard
9ae7501c92 package/mongodb: security bump to version 4.0.12
Fixes the following (low severity) security vulnerabilities:

4.0.9:

- CVE-2019-2386: After user deletion in MongoDB Server the improper
  invalidation of authorization sessions allows an authenticated user's
  session to persist and become conflated with new accounts, if those
  accounts reuse the names of deleted ones
  https://jira.mongodb.org/browse/SERVER-38984

4.0.11:

- CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's
  packaged SysV init scripts allow users with write access to the PID file
  to insert arbitrary PIDs to be killed when the root user stops the MongoDB
  process via SysV init
  https://jira.mongodb.org/browse/SERVER-40563

- CVE-2019-2390: An unprivileged user or program on Microsoft Windows which
  can create OpenSSL configuration files in a fixed location may cause
  utility programs shipped with MongoDB server versions less than 4.0.11
  https://jira.mongodb.org/browse/SERVER-42233

Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 165e9c163c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 21:32:01 +02:00
Bernd Kuhls
838637cc2c package/putty: security bump version to 0.73
Added upstream-provided sha1 hash.

Changelog:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 71d2911e26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 18:03:37 +02:00
Baruch Siach
4477836160 package/putty: bump to version 0.72
Drop upstream patches.

Remove autoreconf; we no longer patch configure.ac.

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2047dd9d22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 18:03:29 +02:00
Peter Korsgaard
4899b7526c {linux, linux-headers}: bump 4.19.x / 5.{2, 3}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04e9fdb1c6)
[Peter: drop 5.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 18:01:49 +02:00
André Hentschel
adf5f6c9af DEVELOPERS: remove myself from azure-iot-sdk-c
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fbc54866a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 17:50:21 +02:00
Peter Korsgaard
442fefbacf package/go: add Debian backport of upstream security fix
Fixes the following security vulnerability:

- CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP
  Request Smuggling.
  https://github.com/golang/go/issues/34540

Upstream has not provided a go 1.11.x release with a fix for this, so
instead include the Debian backport of the upstream security fix from:

https://sources.debian.org/src/golang-1.11/1.11.6-1+deb10u2/debian/patches/0007-Fix-CVE-2019-16276.patch/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 17:44:41 +02:00
Julien Béraud
90d8317a94 qt5base: Add patch to fix compile issue with gcc9
Fixes an issue when building Qt5 on a machine that has gcc9 as the
system compiler.

Original commit in qt5base:
a52d7861ed

Signed-off-by: Julien Beraud <julien.beraud@orolia.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop patch number]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 23:49:53 +02:00
Jagan Teki
097f80cdd7 package/swupdate: fix typo in BR2_PACKAGE_LIBCURL in the help text
Config.in documented BR2_LIBCURL for swupdate but the actual
package name is BR2_PACKAGE_LIBCURL

Fix by updating the same in Config.in

Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5abe6f2bf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 11:45:10 +02:00
Yegor Yefremov
58f9faa8ca configs/beaglebone_defconfig: use default console device
OMAP kernels use 8250 driver by default. Hence the name of
the console device is not /dev/ttyO0 but /dev/ttyS0.
Use /dev/console in order to handle the console independently
of the selected driver.

Tested in BeagleBone Black board.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68b5b79b2f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 11:44:43 +02:00
Bernd Kuhls
f1964cb01d {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 80d32c942a)
[Peter: drop 5.2.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 11:39:28 +02:00
Carlos Santos
93c147fab2 package/cups-filters: disable Braille embosing filters
Otherwise they are installed even though the Braille support is not
built because it requires liblouis, which is not available.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3da92264c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 11:29:51 +02:00
Julien Floret
2ea794ff4b DEVELOPERS: remove myself from lldpd developers
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 686f40c0b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 11:28:01 +02:00
Bernd Kuhls
d9afd4445b package/exim: add upstream security fix
Fixes CVE-2019-16928:
https://lists.exim.org/lurker/message/20190928.003428.2b4c81a7.en.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6c73ef37bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:25:37 +02:00
Bernd Kuhls
fdec45e1dd package/e2fsprogs: security bump version to 1.45.4
Fixes CVE-2019-5094:
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ff8106a08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:24:34 +02:00
Christopher McCrory
21d215e2ca package/e2fsprogs: bump to version 1.45.3
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 86f4a76a10)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:24:22 +02:00
Bernd Kuhls
10a6504eb7 package/e2fsprogs: bump version to 1.45.2
Release notes:
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.2

Disabled crond support for host build.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 92ebd24be9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:24:07 +02:00
Shyam Saini
127eff5c2f DEVELOPERS: Add Jagan Teki as maintainer for olimex A33 olinuxino
I no longer work at Amarula Solutions and neither do I have access to
olimex A33 olinuxino board. So, add Jagan as maintainer of this board.

Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31fb2ac781)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:15:31 +02:00
Max Filippov
de8d0e3992 package/gcc: backport fix for xtensa PR 91880
Xtensa hwloop_optimize segfaults when zero overhead loop is about to be
inserted as the first instruction of the function.
Insert zero overhead loop instruction into new basic block before the
loop when basic block that precedes the loop is empty.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a88e87eee0)
[Peter: drop 9.2.0 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:14:15 +02:00
Bernd Kuhls
006d632ef5 package/php: security bump version to 7.3.10
Release notes: https://www.php.net/archive/2019.php#2019-09-26-1

No CVE IDs can be found in the bug reports mentioned in the Changelog:
https://www.php.net/ChangeLog-7.php#7.3.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7169beb3fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:09:21 +02:00
Yegor Yefremov
2c78f14072 DEVELOPERS: add Yegor Yefremov as contact for BeagleBone defconfigs
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e34b323161)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:08:13 +02:00
Max Filippov
612d9cbb93 package/gcc: backport fix for xtensa PR 90922
Stack pointer adjustment code in xtensa call0 ABI prologue missed a case
of no callee-saved registers and a stack frame size bigger than 128 bytes.
Handle that case.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9fd7ad8e71)
[Peter: drop 9.2.0 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-01 08:06:52 +02:00
Carlos Santos
31a1dec1f5 toolchain: generate check-headers program under $(BUILD_DIR)
Some installations mount /tmp with the 'noexec' option, which prevents
running the program generated there to check the kernel headers.

Avoid the problem by generating the program under $(BUILD_DIR), passed
as the first argument to check-kernel-headers.sh.

We could globally export a TMPDIR environment variable with some path
under $(BUILD_DIR) but such solution would be too intrusive, depriving
the user from the freedom to set TMPDIR at his will (or needs).

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12241

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6136765b23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 18:02:07 +02:00
Fabrice Fontaine
2c4897b067 package/libgcrypt: security bump to version 1.8.5
- Drop second and third patches (alredy in version)
- Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627]

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 26daf383f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 17:22:26 +02:00
Fabrice Fontaine
53f0a77e15 package/libgcrypt: disable tests
Add a patch to disable tests as t-lock needs threads

Fixes:
 - http://autobuild.buildroot.org/results/50a8ba572e3fafd3c6a39bd54bcfcaf78b5ad325

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ef79770dcd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 17:22:18 +02:00
Jörg Krause
7bd9fc3946 package/libgcrypt: add upstream patch to add pkg-config file
libgrypt provides a config file `libgcrypt-config`. After the version
bump to 1.8.4 upstream added a pkg-config file as well [1].

Using the pkg-config file is preferred over using the package provided
config file. For example, the Meson build system requires that for every
special config file an entry is added to the `[binary]` section in the
cross-compilation.conf file, otherwise it will use the config file found
in `PATH`. This is bad when cross-compiling as `PATH` will include
pathes to the host and therefore Meson will wrongly use the host config
file.

To simplify using libgcrypt for packages using the meson infrastructure
lets add the pkg-config file.

Note, that the additional upstream patch 0003 fixes a typo in the pkg-config
file.

[1] 97194b422b

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 624eb111e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 17:22:07 +02:00
Jörg Krause
958d20cd1c package/libgcrypt: replace reconfigure patch with upstream patch
The `ac_cv_sys_symbol_underscore` reconfigure patch was added to
Buildroot back in 2007 [1], but was not reported to upstream back then.

Meanwhile, the issue has been fixed upstream [2] after the version bump to
version 1.8.4.

In order to add another upstream patch, which will add a pkg-config file
for libgrypt and therefore requires autoreconfiguration as well, replace the
current patch with the upstream patch.

[1] https://git.buildroot.net/buildroot/commit/package/libgcrypt?id=f1bcdf518fa7868b7819b0248f4b8da02a954dde
[2] 0f4545b441

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0da00ddc8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 17:22:01 +02:00
Thomas Huth
3cf8d7503b package/ncurses: use COPYING as license file instead of README
The recent versions of ncurses now have the license information in a
separate file called COPYING.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40de427a63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:59:28 +02:00
Bernd Kuhls
68812b78e6 package/ncurses: add license hash
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d3ac2a8836)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:59:23 +02:00
Asaf Kahlon
80b5918791 DEVELOPERS: add Asaf Kahlon for collectd
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ec00c88d5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:53:33 +02:00
Peter Korsgaard
b0ec3eb6ee package/joe: license is GPL-2.0+
Joe changed the COPYING file from GPL-1.0 to GPL-2.0 in the development
leading up to 3.8:

d731f9b379/

So change the license to GPL-2.0+

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0d26068b38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:50:41 +02:00
Nicolas Carrier
cac21d0a85 package/kf5: fix _LICENSE_FILE -> _LICENSE_FILES typos
This fixes WARNINGs in make legal-info of the kind:
    WARNING: kf5-extra-cmake-modules-5.47.0: cannot save license
    (KF5_EXTRA_CMAKE_MODULES_LICENSE_FILES not defined)

Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a6c594b8dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:49:43 +02:00
Peter Korsgaard
15a4ff20db package/bwm-ng: license is GPL-2.0+
The source files contain the "(at your option) any later version" text, so
change the licese to GPL-2.0+.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f58ea370da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:47:54 +02:00
Peter Korsgaard
65f57f9787 package/ifplugd: license is GPL-2.0+
The source files contain the "(at your option) any later version" text and
the website states:

License

This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.

http://0pointer.de/lennart/projects/ifplugd/

So change the license to GPL-2.0+

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d8c2d82d7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:47:41 +02:00
Peter Korsgaard
ccccf5a466 package/docker-proxy: bump version to 55685ba49593
Which is the version used by docker 18.09.9:

0a3767c7e9

Also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 02e2fe2eca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:45:11 +02:00
Peter Korsgaard
99d1b78254 package/docker-cli: bump version to 18.09.9
Includes a number of post-18.09.7 bugfixes and to keep in sync with the
docker-engine version.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c5568f9985)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:45:04 +02:00
Peter Korsgaard
9cd92ee83a package/docker-engine: security bump to version 18.09.9
Fixes the following security vulnerability:

CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
debug log.  This applies to a scenario where docker stack deploy is run to
redeploy a stack that includes (non external) secrets.  It potentially
applies to other API users of the stack API if they resend the secret.

And a number of other non-security issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 1d1fb619f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:44:55 +02:00
Peter Korsgaard
82d08cdc73 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 893b9b662c)
[Peter: drop 5.2.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:33:32 +02:00
Carlos Santos
993cafd594 package/cups-filters: fix broken symlink in installation
The patch used previously to support versions of ln lacking the '-r'
option generated broken links:

    $ file target/usr/lib/cups/backend/driverless
    target/usr/lib/cups/backend/driverless: broken symbolic link to ../../usr/lib/cups/driver/driverless

Add a squashing of two patches already applied upstream that provide a
better solution:

    https://github.com/OpenPrinting/cups-filters/pull/154
    https://github.com/OpenPrinting/cups-filters/pull/157

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f80ec7963a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:26:47 +02:00
Carlos Santos
b7a1645dea package/cups-filters: fix build without NLS
texttotext must be linked to libiconv if !BR2_ENABLE_LOCALE so pull a
patch applied upstream that adds libiconv discovery via autoconf.

With this change, autoreconf requires the config.rpath and ABOUT-NLS
files which are not in v1.25.4. Add a pre-configure hook to fake them.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12031

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5376b4b4e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 15:10:22 +02:00
Giulio Benetti
a0f7409f02 package/protobuf: work around gcc bug 85180
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. The bug
shows up when building protobuf with optimization but not when building
with -O0. To work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we
force using -O0.

Fixes:
http://autobuild.buildroot.net/results/73dc9610a13d6e14eec58d529617210d93d5dec4/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Arnout: fix variable name]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e975f1cbef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:25:37 +02:00
Ryan Coe
d08a4ffa00 package/mariadb: security bump to version 10.3.17
Release notes:
https://mariadb.com/kb/en/library/mariadb-10317-release-notes/

Changelog:
https://mariadb.com/kb/en/mariadb-10317-changelog/

Fixes the following security vulnerabilities:
CVE-2019-2805
CVE-2019-2740
CVE-2019-2739
CVE-2019-2737
CVE-2019-2758

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 899c6397a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:19:37 +02:00
Ryan Coe
b2904f6cad package/mariadb: bump to version 10.3.16
The license file COPYING has been updated with a new address.

Release notes:
https://mariadb.com/kb/en/library/mariadb-10316-release-notes/

Changelog:
https://mariadb.com/kb/en/mariadb-10316-changelog/

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ea7c21473)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-30 14:19:27 +02:00