Commit Graph

70529 Commits

Author SHA1 Message Date
James Hilliard
1e7f0794bb package/python-contourpy: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:55:24 +01:00
James Hilliard
36db831321 package/python-meson-python: new host package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:55:04 +01:00
James Hilliard
aa5ee701b1 package/python-pyproject-metadata: new host package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:54:52 +01:00
James Hilliard
088dd5fd3f package/python-pudb: bump to version 2023.1
Add new python-urwid-readline runtime dependency.

Add new python-packaging runtime dependency.

Remove no longer required python-setuptools runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:46:15 +01:00
James Hilliard
713a71c730 package/python-urwid-readline: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:44:16 +01:00
Francois Perrad
898941a0d7 package/lua-compat53: install compat-5.3.h
this file could be required by some native modules

note: compat-5.3.c is included by compat-5.3.h
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:35:01 +01:00
Francois Perrad
259de5cff6 package/lua-compat53: bump to version 0.12
the project has moved to the organization “Lunar Modules”,
see https://github.com/lunarmodules/

diff LICENCE:
-Copyright (c) 2015 Kepler Project.
+Copyright (C) 1994-2020 Lua.org, PUC-Rio.
+Copyright (C) 2013-2023 The Lua-Compat-5.3 authors.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:32:49 +01:00
Yann E. MORIN
ceb678ca19 editorconfig: fix wildcard expansion
It turns out that wildcard expansion, * and ?, is not performed in
matching lists {...}, at least in the vim plugin. The spec is not clear
about that, but refer to "pattern matching through Unix shell-style
wildcards" [0].

So, let's consider that this is not supported. Expand the patterns into
one section each, rather than use a list.

[0] https://spec.editorconfig.org/

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:32:06 +01:00
Marcus Folkesson
08b6c78e6a package/criu: bump to version 3.19
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-20 21:25:22 +01:00
Giulio Benetti
7150660668 package/libnvme: bump to version 1.7
Drop local patches that have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:49:26 +01:00
Giulio Benetti
620a88f755 package/libnss: bump to version 3.96.1
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:49:21 +01:00
Peter Macleod Thompson
7951bb0686 package/sdl2_image: bump version to 2.8.1
Signed-off-by: Peter Macleod Thompson <peter.macleod.thompson@gmail.com>
[Peter: fix filename in .hash file]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:48:36 +01:00
Michael Nosthoff
85646943ec package/nmap: fix wording for nc symlink
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:42:27 +01:00
Christian Stewart
3c047ea463 package/openssh: security bump to version 9.6p1
OpenSSH 9.6 was released on 2023-12-18.

This release contains fixes for a newly-discovered weakness in the
SSH transport protocol (the "Terrapin" attack), a logic error relating
to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for
programs that invoke ssh(1) with user or hostnames containing invalid
characters.

https://www.openssh.com/txt/release-9.6

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:42:06 +01:00
Xiangyu Chen
8c4bb1abb9 package/gawk: bump to version 5.3.0
Changes:
https://git.savannah.gnu.org/cgit/gawk.git/tree/ChangeLog?h=gawk-5.3.0

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-20 11:41:44 +01:00
Fabrice Fontaine
96d0d67779 package/libldns: fix libressl build
Fix the following build failure raised since bump of libressl to version
3.8.2 in commit 21eca49ed5:

./keys.c:167:35: error: 'ENGINE_METHOD_ALL' undeclared (first use in this function)
  167 |         if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
      |                                   ^~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/37cc05b78a7004caa1b45d896121f059a4f8ca00

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 18:41:55 +01:00
Waldemar Brodkorb
3c207c40eb package/uclibc: update to 1.0.45
Git shortlog:

Ben Wolsieffer (3):
      fork: generate stub on no-MMU systems
      arm: elf-fdpic.h: avoid void pointer subtraction
      libpthread/nptl: make default stack size configurable

Greg Ungerer (1):
      elf: support ELF binaries in noMMU

Marcus Haehnel (3):
      fnmatch: fix possible access beyond of parameter string
      getaddrinfo.c: Avoid misleading indentation warning
      linuxthreads: Avoid unused variable warning

Marcus Hähnel (1):
      setjmp.h: Fix C++ build and avoid duplicate throw declaration

Max Filippov (1):
      daemon.c: make _fork_parent static inline again

Paul Iannetta (1):
      kvx: fix asm syntax

Pavel Kozlov (6):
      setrlimit/getrlimit: fix prlimit64 syscall use for 32-bit CPUs
      Fix -Warray-parameter warning for __sigsetjmp
      prlimit: add name redirection and fix incorrect parameters to syscall
      arc: add acq/rel variants for atomic cmpxchg/xchg
      arc: remove read ahead in asm strcmp code for ARCHS
      rlimit: fix 64-bit RLIM64_INFINITY macro

Waldemar Brodkorb (8):
      aarch64: add hwcap header file
      fcntl.h: declare f_owner_ex for all architectures
      arm: add hwcap header file
      lm32: disable ctor/dtor
      aarch64: disable lazy relocations
      riscv64: define __NR_riscv_flush_icache if not available
      depend on __UCLIBC_HAVE_STATX__
      bump version for 1.0.45 release

Yann Sionneau (9):
      fstatat64: define it as a wrapper of statx if the kernel does not support fstatat64 syscall
      fstat: add missing return value statement for the statx wrapping case
      add support for systems without legacy setrlimit/getrlimit syscalls
      fstatat: add wrapper that uses statx for non-legacy arch
      kvx: add support for kv3-2 (Coolidge v2 SoC)
      kvx: atomic: rework using compiler builtins
      kvx: align specification of user regs
      kvx: define that kvx port supports statx syscall
      kvx: use a custom stat.h header

lordrasmus (8):
      add vsdo support
      fix file permissions
      fix getauxval() on aarch64 gcc 11
      vdso support missing file
      c6x compile fix vdso support
      gettimeofday() only include ldso.h if vdso support is activated
      vdso support for x86_64
      gitignore

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:50:07 +01:00
Peter Korsgaard
6985955a69 package/jq: security bump to version 1.7.1
Fixes the following security issues:

CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc

CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:47:48 +01:00
Adam Duskett
df04f17976 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:43:14 +01:00
Adam Duskett
74253ffee5 package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: extend GIFLIB_IGNORE_CVES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:42:50 +01:00
Adam Duskett
4a93a83196 package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: add GIFLIB_IGNORE_CVES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:42:06 +01:00
Maxim Kochetkov
e779df7dc9 package/timescaledb: bump version to 2.13.0
Release notes: https://github.com/timescale/timescaledb/blob/2.13.0/CHANGELOG.md

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:20:15 +01:00
Bernd Kuhls
a91ad89fe3 package/gnutls: bump version to 3.8.2
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:18:58 +01:00
Bernd Kuhls
4221e10683 package/gettext-gnu: bump version to 0.22.4
Release notes:
https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=08f342937a09ce41977e8ceecc23509e4b330490

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:16:16 +01:00
Bernd Kuhls
5714126eda package/libheif: bump version to 1.17.5
Release notes:
https://github.com/strukturag/libheif/releases

Added configure support for new codec plugins introduced in version
1.17.0: https://github.com/strukturag/libheif/releases/tag/v1.17.0

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:15:18 +01:00
Bernd Kuhls
973b1eba5a package/libopenssl: bump version to 3.2.0
Release notes:
https://www.openssl.org/blog/blog/2023/11/23/OpenSSL32/

Removed patch 0001 and added no-docs configure option due to
956b4c75dc

Removed patch 0003 due to
78634e8ac2

Removed patch 0006 which is included in this release
e1b6ecbab4

Renumbered remaining patches.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:09:45 +01:00
Bernd Kuhls
faec3ca30e package/exim: bump version to 4.97
Removed patches which are included in this release:
https://git.exim.org/exim.git/commitdiff/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
https://git.exim.org/exim.git/commitdiff/d8ecc7bf97934a1e2244788c610c958cacd740bd
https://git.exim.org/exim.git/commitdiff/158dff9936e36a2d31d037d3988b9353458d6471
https://git.exim.org/exim.git/commitdiff/32da6327e434e986a18b75a84f2d8c687ba14619

Added upstream patch to fix build error.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:09:03 +01:00
Bernd Kuhls
7d8585605e {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 6}.x series
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-18 08:42:57 +01:00
Bernd Kuhls
fffb245f66 package/linux-headers: drop 6.5.x option
The 6.5.x series is now EOL upstream, so drop the linux-headers option
and add legacy handling for it.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: drop option from linux-headers/Config.host.in]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-18 08:42:31 +01:00
Bernd Kuhls
9f8d62c955 package/tor: security bump version to 0.4.8.10
Release notes:
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
https://forum.torproject.org/t/security-release-0-4-8-10/10536

Fixes TROVE-2023-007.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-18 08:40:47 +01:00
Marcus Folkesson
25564f5e77 package/libostree: bump to version 2023.8
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-18 08:40:35 +01:00
Francois Perrad
41e2828c41 package/perl: bump to version 5.38.2
The README file has seen some cosmetic changes that do not affect the
licensing terms.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-17 23:15:12 +01:00
Ralf Dragon
3ef6884e6d python-sip: fix compile error
Since the update of Python to version 3.11 in commit
738500c296 ("package/python3: bump to
version 3.11.0"), python-sip fails to compile with:

siplib.c: In function ‘sip_api_get_frame’:
siplib.c:13750:22: error: invalid use of undefined type ‘struct _frame’
13750 |         frame = frame->f_back;

This is due to a change in the Python C API, which is fixed by a new
patch. The patch can't be upstreamed, as SIP 4.x is no longer
maintained upstream.

Fixes:

  http://autobuild.buildroot.net/results/7b01739e7514e48c06182bc1804b32497ce2e414/

Signed-off-by: Ralf Dragon <hypnotoad@lindra.de>
[Thomas: improved commit log, reformatted patch using Git]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-17 22:59:31 +01:00
Adam Duskett
afa5c2da33 package/firewalld: bump version to 2.0.2
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-17 22:48:10 +01:00
Thomas Devoogdt
7b71ce5018 package/mesa3d: add compile patch for linux < 3.5
The kcmp() system call first appeared in linux 3.5,
and was also not there before linux 5.12 if
CONFIG_CHECKPOINT_RESTORE was not set.

See: https://man7.org/linux/man-pages/man2/kcmp.2.html

Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-17 22:39:13 +01:00
Sébastien Szymanski
16fc737251 package/tree: update _SITE URL
The current TREE_SITE URL doesn't work anymore.
Moreover the README states:
"
The main distribution site for tree is here:
http://oldmanprogrammer.net/source.php?dir=projects/tree

Backup GIT sites are:
https://gitlab.com/OldManProgrammer/unix-tree
https://github.com/Old-Man-Programmer/tree

Old site for as long as it lasts:
http://mama.indstate.edu/users/ice/tree/
ftp://mama.indstate.edu/linux/tree/
"

Use http://oldmanprogrammer.net/tar/tree/ for TREE_SITE

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-17 22:35:44 +01:00
Xiangyu Chen
ea59fd8827 package/crun: bump to version 1.12
Changes:
https://github.com/containers/crun/releases/tag/1.12

Also add a patch to fix crun compile without libseccomp libcap issue

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-16 10:57:46 +01:00
Giulio Benetti
e6ae677128 DEVELOPERS: fix indentation on 2 entries
Substitute spaces with tab on 2 entries for consistency.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-16 10:56:06 +01:00
Julien Olivain
3b0e7680cf package/z3: bump to version 4.12.4
For change log since 4.12.2, see:
https://github.com/Z3Prover/z3/blob/z3-4.12.4/RELEASE_NOTES.md#version-4124

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-16 10:49:21 +01:00
Neal Frager
6f9431c3ad configs/zynqmp_kria_kd240_defconfig: new defconfig
This patch adds support for Xilinx Kria KD240 starter kit.

KD240 features can be found here:
https://www.xilinx.com/products/som/kria/kd240-drives-starter-kit.html

While the Kria SOM is based on a ZynqMP SoC, there are some key
boot config differences from the other ZynqMP evaluation boards.

1. There are no boot switches on Kria SOMs. The boot mode is thus
hard configured for QSPI flash. A pre-programmed boot.bin comes
with every Starter Kit. U-Boot can then find the Linux kernel and
file system on the SD card.

Optional instructions for updating the boot.bin in the QSPI flash
can be found in the readme.txt file and the link below.

https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/1641152513/Kria+K26+SOM

2. Kria SOMs use UART1 for the console instead of UART0. For this
reason, Kria Starter Kits will use a separate extlinux.conf file
from other ZynqMP evaluation boards.

3. The KD240 has a USB to SD card bridge, so the Linux kernel
and file system are found on /dev/sda1 and /dev/sda2.

4. The following patches have been submitted upstream to u-boot.
Without these patches, the usb, sd card and ethernet peripherals
do not work correctly.

https://patchwork.ozlabs.org/project/uboot/patch/20231213134007.2818069-1-neal.frager@amd.com/
https://patchwork.ozlabs.org/project/uboot/patch/20231213134052.2818879-1-neal.frager@amd.com/

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Peter: add upstream tag, drop patch numbering from patches]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-16 10:48:23 +01:00
Flávio Tapajós
564b00d581 package/rsyslog: bump version to 8.2312.0
Signed-off-by: Flávio Tapajós <flavio.tapajos@newtesc.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-16 10:34:17 +01:00
Francois Perrad
5a1e20f37c package/quickjs: bump to version 2023-12-09
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:57:46 +01:00
Michael Nosthoff
47e01f7e70 package/json-for-modern-cpp: bump to version 3.11.3
This release fixes some bugs found in the 3.11.2 release.
https://github.com/nlohmann/json/releases/tag/v3.11.3

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:56:34 +01:00
Peter Korsgaard
797de283c7 package/xwayland: libdrm is required, not optional
Fixes:
http://autobuild.buildroot.net/results/476/47665d417dbae76bf27e805a5bcb1d8d6ab1f445/

xwayland unconditionally includes xf86drm.h, so libdrm is required and not
optional:

grep -rs xf86drm.h
glamor/glamor_egl.c:#include <xf86drm.h>
hw/xwayland/xwayland-glamor.h:#include <xf86drm.h>
hw/xwayland/xwayland-glamor-eglstream.c:#include <xf86drm.h>
hw/xwayland/xwayland-window.h:#include <xf86drm.h>
hw/xwayland/xwayland-drm-lease.c:#include <xf86drm.h>
hw/xwayland/xwayland-glamor-gbm.c:#include <xf86drm.h>

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:55:58 +01:00
Peter Korsgaard
d6f0a8735e package/xwayland: security bump to version 23.2.2
Fixes the following security issues:

- CVE-2023-5367 X.Org server: OOB write in
  XIChangeDeviceProperty/RRChangeOutputProperty

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:55:03 +01:00
Peter Korsgaard
36a9ec8921 package/xserver_xorg-server: security bump to version 21.1.9
Fixes the following security issues:

- CVE-2023-5367 X.Org server: OOB write in
  XIChangeDeviceProperty/RRChangeOutputProperty

- CVE-2023-5380: Use-after-free bug in DestroyWindow

- CVE-2023-5574: Use-after-free bug in DamageDestroy

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:54:53 +01:00
Francois Perrad
d8e1aca0de package/open62541: bump to version 1.3.9
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-12 22:54:37 +01:00
Yann E. MORIN
b79fb3c224 doc/manual: rsync is not optional
rsync is used in the infrastructure, mostly for the per-package infra,
and for the override-srcdir mechanism, but also to build the manual.
As such, it is not optional but mandatory, and already listed so.

Drop the reference to rsync from the list of optional packages.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-11 09:21:52 +01:00
Peter Korsgaard
aaa9438b96 package/libcurl: security bump to version 8.5.0
Fixes the following security issues:

- CVE-2023-46218: cookie mixed case PSL bypass

  This flaw allows a malicious HTTP server to set "super cookies" in curl
  that are then passed back to more origins than what is otherwise allowed
  or possible.  This allows a site to set cookies that then would get sent
  to different and unrelated sites and domains.

  https://curl.se/docs/CVE-2023-46218.html

- CVE-2023-46219: HSTS long file name clears contents

  When saving HSTS data to an excessively long file name, curl could end up
  removing all contents, making subsequent requests using that file unaware
  of the HSTS status they should otherwise use.

  https://curl.se/docs/CVE-2023-46219.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-09 21:56:32 +01:00
Romain Naour
0c0cd720c5 support/testing: TestDtbocfg: bump kernel to 5.10.202
The prebuilt kernel has been updated to 5.10.202, sync the kernel
built by TestDtbocfg.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-09 21:35:37 +01:00