Commit Graph

55072 Commits

Author SHA1 Message Date
Sergio Prado
cbb0483f98 package/snort: bump to version 2.9.17
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-20 09:51:13 +01:00
Peter Seiderer
9e67e9e51d configs/chromebook_elm_defconfig: use linux headers same as kernel (5.9 series)
Use linux headers same as kernel (5.9 series).

Fixes:

  - https://gitlab.com/buildroot.org/buildroot/-/jobs/917539050

  Incorrect selection of kernel headers: expected 5.10.x, got 5.9.x

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-20 09:51:03 +01:00
Thomas Petazzoni
fd5eeabac0 DEVELOPERS: remove Thomas Davis
His e-mail has been bouncing for quite a while:

<sunsetbrew@sunsetbrew.com>: connect to
    sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
    unreachable

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-12-19 14:20:24 +01:00
Thomas Petazzoni
d98e906dfc DEVELOPERS: remove Owen Walpole
His e-mail has been bouncing for quite a while:

<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
    timed out

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-12-19 14:19:56 +01:00
Tian Yuanhao
8d595c0d92 package/pkg-golang.mk: postpone evaluation of TARGET_DIR and HOST_DIR
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-19 12:25:08 +01:00
Michael Baudino
c59409afd9 package/go: enable ARMv7 optimizations for 32-bit ARMv8
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.

Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
  - move the comment to its own line, expand and reword it a bit
  - reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-19 12:17:12 +01:00
Michael Baudino
4e81152078 package/go: fix a typo in CC and CXX env values
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.

Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-19 12:02:52 +01:00
Bernd Kuhls
797afda837 package/{mesa3d, mesa3d-headers}: bump version to 20.3.1
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2020-December/000612.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:34:18 +01:00
Peter Korsgaard
4b7460aa05 configs/roseapplypi: bump kernel to 5.10.1
And drop now upstreamed patches. Mmc support is still not mainline, but
enqueued for 5.12:

https://www.spinics.net/lists/linux-i2c/msg49279.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:34:07 +01:00
Fabrice Fontaine
eaff5c39c1 package/tinycbor: fix build on musl
Fixes:
 - http://autobuild.buildroot.org/results/c23b694442e7f86cbdd14d8789b12e6a8fd26a70

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:33:05 +01:00
Fabrice Fontaine
4f971450ac package/syslog-ng: bump to version 3.30.1
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.30.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:32:46 +01:00
Fabrice Fontaine
1fba651d5b package/wireshark: security bump to version 3.4.2
The following vulnerabilities have been fixed:
 - wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739.
   CVE-2020-26418.
 - wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.
 - wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994.
   CVE-2020-26420.
 - wnpa-sec-2020-19 Multiple dissector memory leak. Bug 17032.
   CVE-2020-26419.
 - wnpa-sec-2020-20 QUIC dissector crash Bug 17073.

https://www.wireshark.org/docs/relnotes/wireshark-3.4.1.html
https://www.wireshark.org/docs/relnotes/wireshark-3.4.2.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-19 08:32:34 +01:00
Bernd Amend
0e310b4fd0 pkg-cmake.mk: fix host ccache support for CMake 3.19
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .

Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.

/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++"  -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF  -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler

Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-17 22:26:03 +01:00
Changming Huang
ad50d8a478 package/qoriq-rcw: rename from package/rcw
This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.

Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.

Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
  - rebase on master
  - incorporate changes by Michael
  - don't move to an 'nxp' sub-directory
  - reword the legacy entry; select the new package
  - expand commit log to explain why we keep installing in
    host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-16 19:34:45 +01:00
Fabio Estevam
5b0ffd5c3d configs/imx6-sabresd: bump kernel version to 5.10
Bump the kernel version to 5.10.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:25:12 +01:00
Francois Perrad
81f14be9ba package/iptables: bump to version 1.8.6
remove merged patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:24:21 +01:00
Peter Korsgaard
0675498b5d {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:22:51 +01:00
Peter Korsgaard
b829a60bd6 package/linux-headers: drop 5.8 headers
The 5.8.x series is now EOL, so drop it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:22:37 +01:00
Michael Walle
127f8ac898 board/kontron/smarc-sal28: remove "known bugs" section
Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:20:48 +01:00
Bernd Kuhls
f4100fbf48 package/sqlite: bump version to 3.34.0
Release notes: https://sqlite.org/releaselog/3_34_0.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:20:30 +01:00
Marcin Niestroj
39a6b4c52c package/python-requests: bump to version 2.25.0
LICENSE file content has been changed ([1]) to follow Apache-2.0
instructions.

[1] 22b5a39098

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:19:46 +01:00
Fabrice Fontaine
d154a698b1 package/git: fix build without threads
Fix build of git version >= 2.29.0 without threads

Fixes:
 - http://autobuild.buildroot.org/results/d41638d1ad8e78dd6f654367c905996b838ee649

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:18:35 +01:00
Peter Korsgaard
16914e4b28 package/mosquitto: bump version to 2.0.2
Bugfix release.  Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:17:47 +01:00
Christian Stewart
267dd8b427 package/go: bump to version 1.15.6
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-16 12:16:59 +01:00
Bernd Kuhls
4c921fdee6 package/uclibc-ng-test: add hashes
Fixes:
http://autobuild.buildroot.net/results/4bb/4bb46976665bea99ac62c86d3953ad025f7f0a96/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 22:04:50 +01:00
Fabrice Fontaine
8712bd53bd package/uclibc-ng-test: fix TLS for nios2
Fix TLS for nios2 to avoid the following build failure:

In file included from tst-tls1.c:6:
tls-macros.h:101:3: error: #error "No support for this architecture so far."
 # error "No support for this architecture so far."
   ^~~~~

Fixes:
 - http://autobuild.buildroot.org/results/303e50d996b7261896f163418831fabb40779ff5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 22:03:16 +01:00
Francois Gervais
70f35db9f7 package/systemd: add a menu entry to enable portable services
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Reviewed-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 22:00:55 +01:00
Fabrice Fontaine
1294447142 package/shadowsocks-libev: fix static build with netfilter_conntrack
Fixes:
 - http://autobuild.buildroot.org/results/6cad497a7ab941a0ee3fd7007defc81e30cdcbe0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:43:14 +01:00
Fabrice Fontaine
a2dafc4180 package/kismet: fix static build with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/b859eb3850c0beb23e18010dc2f07cd0f5c14440

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-12-15 21:40:16 +01:00
Christoph Müllner
7b3fcbcdaa boot/arm-trusted-firmware: Forward stack protection configuration
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.

As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).

So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.

This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:

  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]

TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.

Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:24:48 +01:00
Fabrice Fontaine
d409f8b418 package/libeXosip2: bump to version 5.2.0
- Drop patch (already in version)
- Update indentation in hash file (two spaces)

https://git.savannah.nongnu.org/cgit/exosip.git/tree/ChangeLog?h=5.2.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:17:49 +01:00
Fabrice Fontaine
dc20092aac package/libosip2: bump to version 5.2.0
Update indentation in hash file (two spaces)

https://git.savannah.nongnu.org/cgit/osip.git/tree/ChangeLog?h=5.2.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:17:18 +01:00
Michael Walle
f33009bbd3 arch/Config.in.powerpc: Drop PPC601 support
Linux support was removed in 5.10 [1]. Since no in-tree defconfig
depends on it, just remove it.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/powerpc?id=f0ed73f3fa2cdca65973659689ec9e46d99a5f60

Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr: reorder legacy entry]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-15 19:30:03 +01:00
Michael Walle
69e5046e7b configs/kontron_smarc_sal28: use kernel 5.10
Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 16:04:15 +01:00
Michael Walle
aa769e0431 {linux, linux-headers}: add version 5.10
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 16:03:08 +01:00
Fabrice Fontaine
611d06d486 package/suricata: bump to version 6.0.1
These releases are bug fix releases, fixing numerous important issues.

The 6.0.1 release also improves the experimental HTTP/2 support.

https://suricata-ids.org/2020/12/04/suricata-6-0-1-5-0-5-and-4-1-10-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:52:49 +01:00
Fabrice Fontaine
f1a8511a92 package/libhtp: bump to version 0.5.36
https://github.com/OISF/libhtp/releases/tag/0.5.36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:52:39 +01:00
Fabrice Fontaine
93048218f6 package/libcap-ng: bump to version 0.8.2
https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2
https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:52:31 +01:00
Fabrice Fontaine
ed5082f012 package/haproxy: bump to version 2.2.6
Two major bugs were fixed in this versions, both leading to a memory
corruption and random crashes.

https://www.mail-archive.com/haproxy@formilux.org/msg39068.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:51:44 +01:00
Fabrice Fontaine
ebcaa0192c package/python-pybind: bump to version 2.6.1
Update indentation in hash file (two spaces)

https://github.com/pybind/pybind11/releases/tag/v2.6.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:51:03 +01:00
Fabrice Fontaine
1cd5c27755 package/nmap: fix license
Commit 78dc1f185b forgot to update the
license file from COPYING to LICENSE.

Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:

Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.

Fixes:
 - http://autobuild.buildroot.org/results/8cef6a5e99ae341cced405a389346e2faccf6eec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:49:49 +01:00
Thomas De Schampheleire
43021dfb77 package/libglib2: correct upstream status for patch 0001
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.

Clarify the 'Upstream-status' line to make this more clear.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:48:41 +01:00
Fabrice Fontaine
4eb3201120 package/unbound: security bump to version 1.13.0
This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.

Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:47:43 +01:00
Francois Perrad
cad3da5f18 package/can-utils: bump to version 2020.11.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:47:18 +01:00
Francois Perrad
bfb8129b60 package/htop: bump to version 3.0.3
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:46:54 +01:00
Peter Korsgaard
ea41a5faab package/python-lxml: security bump to version 4.6.2
Fixes the following security issues:

* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
  by Yaniv Nizry, which allowed JavaScript to pass through.  The cleaner now
  removes more sneaky "style" content.

* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more
  sneaky "style" content.

For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:44:31 +01:00
Peter Korsgaard
2af6d8a875 package/mosquitto: bump version to 2.0.0
A new major version, see the announcement for details:
https://mosquitto.org/blog/2020/12/version-2-0-0-released/

License has now changed to v2.0 of the Eclipse Public License, so update the
license info and hashes to match.

There is now optional cJSON support, so handle that.

Add upstream post-2.0.0 patches fixing build with cJSON and without TLS
support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:44:22 +01:00
Fabrice Fontaine
f38893f8dd package/sqlcipher: security bump to version 4.4.2
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.

https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:44:02 +01:00
Fabrice Fontaine
fe347897b8 package/mongoose: add mbedtls support
mbedtls is supported since version 6.7 and
65e01dbabc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-13 22:47:10 +01:00
Peter Seiderer
eda1040762 package/kmsxx: fix fmt dependency (needs wchar)
Propagate the fmt dependency on wchar.

Fixes:

 - http://autobuild.buildroot.net/results/814b0f9c3df0076791ca73579b844ef4d56f13c3

  [ 66%] Building CXX object CMakeFiles/fmt.dir/src/os.cc.o
  In file included from .../build/fmt-7.1.3/include/fmt/os.h:26,
                   from .../build/fmt-7.1.3/src/os.cc:13:
  .../build/fmt-7.1.3/include/fmt/format.h:1139:8: error: 'wstring' in namespace 'std' does not name a type
     std::wstring str() const { return {&buffer_[0], size()}; }
          ^~~~~~~

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-13 22:44:36 +01:00