This bump is not marked as security bump. The 8.1 release fixes a XMSS
key parsing code vulnerability. This code can not be enabled without
explicit definition of the WITH_XMSS macro.
Update LICENCE hash; converted to UTF-8.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 3.9.2 strips the trailing comments generated by udhcpc
LICENSE copyright updated to 2019
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version is a minor update with a number of crash/fuzz fixes only.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-14287: a sudo user may be able to run a command as root
when the Runas specification explicitly disallows root access as long as
the ALL keyword is listed first.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
per upstream commit: e9f2ea6c22f36cb7986d2228763629ed44b9e76b
e9f2ea6c22
The update to the GPL text in COPYRIGHT is purely cosmetic.
Added COPYING.LGPL to licenses for libnm.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also drop the musl compat patch as it was already included upstream.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select BR2_TARGET_UBOOT_NEEDS_LZOP in order to avoid the following
build error on a host machine without lzop installed:
/bin/sh: 1: lzop: not found
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/318105190
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
News from upstream [1]:
"""
This version adds the GLOB_TILDE extension for glob, a non-stub
implementation of the catgets localization API, and posix_spawn
extensions for chdir in the child. Many arch-specific bugs are fixed,
some serious, including CVE-2019-14697 affecting several math
functions only on i386, broken riscv64 atomics, broken lseek with
large offsets on x32 and mipsn32, and broken setjmp/longjmp on mipsr6.
Various low-severity, non-arch-specific bugs are also fixed.
In addition, this release cycle sets the internal groundwork for
moving 32-bit archs to 64-bit time_t, needed for their future
viability as Y2038 approaches. Most of the changes are not externally
visible, but some affect which syscalls are used. Notably, mips64
stat-family functions can now report 64-bit file timestamps correctly,
and some time-related breakage on x32 is fixed. In addition, select no
longer stores remaining time back to the timeout argument. Previously,
whether it did so was arch-dependent and merely a consequence of the
Linux syscall behavior, which was found to be mildly non-conforming.
"""
Remove patches 0002 to 0005, which are included in the new version.
Note, that the CVE fix mentioned above is the same as patch 0004.
The license file has changed because Arm was added to the copyright
file.
[1] https://www.musl-libc.org/download.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A modern CSS selector implementation for Beautiful Soup.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Add host-python-setuptools-scm-git-archive as build-time dependecy.
* Update runtime dependecies list.
* Update license file name (and hash): LICENSE was renamed to LICENSE.md
with no changes. After that, the copyright year was bumped.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The package is only needed for building Python packages, so
it's going to be compiled for host only.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
And remove scandir from runtime dependencies.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update dependency list.
* Take tarball from PyPI.
* Update license hash: same content, changed to UNIX line endings.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update dependency list.
* Update license hash: same content, line endings are now CRLF.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch build system from autotools to meson.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5cb821d563 added a new option to enable GLX support in mesa3d.
Before that, GLX was implicitly enabled whenever a DRI driver was built.
Adjust xserver_xorg-server to use the new GLX option instead of just
DRI.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This fixes breakage with gperf 3.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
0002-pkeys-Fix-uclibc-build-caused-by-conflicting-signatu.patch
(patch was accepted in a slightly different form)
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerability:
CVE-2019-13503: mq_parse_http in mongoose.c in Mongoose 6.15
has a heap-based buffer over-read.
See https://github.com/cesanta/mongoose/releases/tag/6.16
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Backport of functools.lru_cache from Python 3.3.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>