Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: drop Makefile changes]
(cherry picked from commit 3e8b918b87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8.3 is around and 8.2 is the default version, so drop
8.0. Keep 7.12 which is the latest version that doesn't
requires C++11 support.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8.3 is around, 8.2 has already seen a point release, so it's time to
make 8.2 the default version for gdb.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Peter: also update BR2_GDB_VERSION logic]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release mostly affects the testing framework but also contains fixes
for C++ bindings.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-12308: AdminURLFieldWidget XSS¶
The clickable "Current URL" link generated by AdminURLFieldWidget displayed
the provided value without validating it as a safe URL. Thus, an
unvalidated value stored in the database, or a value provided as a URL query
parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator
before displaying the clickable link. You may customize the validator by
passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g.
when using formfield_overrides.
Patched bundled jQuery for CVE-2019-11358: Prototype pollution¶
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of
Object.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
The bundled version of jQuery used by the Django admin has been patched to
allow for the select2 library’s use of jQuery.extend().
For more details, see the release notes:
https://docs.djangoproject.com/en/dev/releases/2.1.9/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper
validation of recipient address in deliver_message() function in
src/deliver.c may lead to remote command execution.
For more details, see the advisory:
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 1.4g most notably addresses a bug that could see an alarm signal
occur without a handler, causing autossh to exit inappropriately.
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream removed (using git force-push) and recreated version 1.29.1-1
and re-uploaded the source tarball. Therefore, the hash has changed and
needs to be updated.
See:
https://github.com/luvit/luv/issues/330
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dosfstools and busybox may each install mkfs.vfat, so dosfstools must
be installed before busybox.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For the version bump, the makefile had to be rewritten for CMake, as
the project moved from autotools to CMake.
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
[Thomas:
- update again to the lastest poppler version, 0.77.0
- drop license related changes, since the licensing terms haven't
changed, and they are not completely clear
- keep the openjpeg, jpeg and lcms2 dependencies optionals
- explicitly enable/disable more dependencies
- bump gcc version dependency to gcc 5.x, and update the Config.in
comment accordingly
- don't introduce many sub-options, simply rely on the availability
of dependencies, or on BR2_SOFT_FLOAT
- drop libx11/libxext dependencies, no longer used]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bump is necessary to be compatible with poppler 0.77.0.
Patch 0002-Poppler-removed-memCheck-and-gMemReport-functions.patch is
removed, because it was merged upstream in commit
6b0747c1630dd973acd138f927dbded4ea45e360.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove second patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch 0001 which is included in the new release.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ifnet has been drop since version 1.12.0 and
0474441e22
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch 0002 which is included in the new version.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Having both:
depends on !BR2_PACKAGE_PYTHON
depends on BR2_PACKAGE_PYTHON3
is kind of useless, and we don't do that for any other Python package
that needs Python 3. So, this commit just drops the depends on
!BR2_PACKAGE_PYTHON.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The wrapping looked somewhat arbitrary, and not optimized to fill in
the 72 characters we allow.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_PACKAGE_PYTHON_MATPLOTLIB selects BR2_PACKAGE_PYTHON_NUMPY, so it
should inherit its dependencies, which includes
BR2_PACKAGE_PYTHON_NUMPY_ARCH_SUPPORTS.
Fixes:
- http://autobuild.buildroot.org/results/038d50784ec80b35e3daff1966df07a1b52780b3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc target abi options for powerpc were added by [1] and renamed by [2]
to BR2_PPC_ABI_* but never used. Since always BR2_GCC_TARGET_ABI is empty
when using a powerpc toolchain.
Buildroot currently support SPE and Classic target ABI, nothing seems
to require a specific gcc target abi option.
This patch is a cleanup like commit [3].
[1] 7d8a59b40e
[2] 98175bd43d
[3] fd08153b9d
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Cyril Bur <cyrilbur@gmail.com>
Cc: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes a kernel 5.1.x compatibility issue. The only changes
between 0.12.1 and 0.12.2 are:
d3b198ef6f57ca512fb25147c9d85b922fd4651a Released v0.12.2
376c2c28bd7d4470cd92ff646d6087ca70cd9d2e fixed typo
6edc4b164b1f05bee74cb507a4f50776a65ceb73 mentioned support for 5.0.0
0b8feb80fdef9a415d8250bca1790b3ff23e8391 Replace v4l2_get_timestamp with ktime_get_ts(64)
541e3bc7aaf46dc9a21f92c7f527397fce03dfd8 Update README.md
So the only functional change is the actual ktime_get_ts() fix, which
is needed for Linux 5.1 compatibility. Therefore, bumping is pretty
much the same as backporting just this commit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas: extend the commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Two license files are changed, with just a copyright year update.
A new license file is added, as it is listed in
LIC_FILES_CHKSUM.sha256.
Signed-off-by: Raul Hidalgo Caballero <deinok@deinok.com>
[Thomas: fix license file hashes, add a missing license file]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As discussed in https://patchwork.ozlabs.org/patch/1104071/, this
commit adds a new option that allows the user to provide a file that
contains custom definitions to tweak the Dropbear configuration. It
will be appended to Dropbear's localoptions.h file before the build.
The patch was tested successfully with the DO_MOTD option.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
[Thomas: tweak commit log, rename config option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force the build system to use python2 interpreter.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Thomas: add docs/COPYING.MPL docs/copying.htm to the license files.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The following vulnerabilities have been fixed:
- wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
Update patches to use the ones merged upstream
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
no-dso option has been removed with
31b6ed76df
To fix this error, use "gcc" target in static builds. This target is
very minimalistic, we need to manually pass -lpthread and
-DOPENSSL_THREADS however we can also remove libdl workarounds
Fixes:
- http://autobuild.buildroot.org/results/96d6b89d20980e8f7fa450b832474a81d492b315
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>