Commit Graph

67519 Commits

Author SHA1 Message Date
Romain Naour
a379499f73 package/glibc: bump to version 2.37
See:
https://sourceware.org/glibc/wiki/Release/2.37
https://lists.gnu.org/archive/html/info-gnu/2023-02/msg00000.html

Security related changes:

  CVE-2022-39046: When the syslog function is passed a crafted input
  string larger than 1024 bytes, it reads uninitialized memory from the
  heap and prints it to the target log file, potentially revealing a
  portion of the contents of the heap

Remove patch 0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch fixed
in 2.37 release by [1].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=29249

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-04-10 21:11:07 +02:00
Vincent Fazio
b7d4ae98fa utils/check-package: drop six usage
The shebang in check-package now defines python3. There is no longer a
need to maintain support with python 2.x.

See-also: 02b165dc71 (check-package: fix Python3 support)

Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Tested-by: James Knight <james.d.knight@live.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-04-10 21:02:35 +02:00
Francois Perrad
370af35425 configs/olimex_a20_olinuxino_lime*: configure eth0 with DHCP
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-04-10 19:32:38 +02:00
Francois Perrad
9177186711 configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-04-10 19:32:34 +02:00
Oleg Lyovin
0b9efc991f linux: use BR2_MAKE
Since kernel version 6.2, the minimum GNU Make version is 3.82 [1]. We
have an optional host-make 4.0 minimum dependency, so we can use it as
is. It's a bit unfortunate that we have to apply this even to older
kernel versions, but make itself builds fairly fast compared to the
kernel.

Use BR2_MAKE and BR2_MAKE1 for linux, and depend on
BR2_MAKE_HOST_DEPENDENCY. In addition, we need to set LINUX_MAKE to
BR2_MAKE for use in the kconfig infrastructure.

Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-10 17:24:15 +02:00
Oleg Lyovin
36bdfd29d8 package/linux-headers: use BR2_MAKE
Since kernel version 6.2, the minimum GNU Make version is 3.82 [1]. We
have an optional host-make 4.0 minimum dependency, so we can use it as
is. It's a bit unfortunate that we have to apply this even to older
kernel versions, but make itself builds fairly fast compared to the
toolchain (which is the only reason to build linux-headers).

Use BR2_MAKE for linux-headers, and depend on BR2_MAKE_HOST_DEPENDENCY.

Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-10 17:24:14 +02:00
Joachim Wiberg
e09a43abd1 package/mg: bump to v3.6
Excerpt of https://github.com/troglobit/mg/releases/tag/v3.6:

 - Sync with mg upstream, OpenBSD 7.2, as of April 10 2023
   - Drop trailing whitespace on RET (c-mode)
   - Add zap-to-char and zap-up-to-char, binding the former to M-z
   - Fix dobeep_msgs() usage, does not support format strings, this may
     have caused unexpected crashes for some operations, e.g. goto line
     that does not exist
   - Fix memleaks and possible crashes in ctags support
   - Fall back to /bin/sh if $SHELL is undefined
 - Fix typos and duplicate undo in *quick* help buffer
 - Add support for exuberant/universal Ctags tags file format
 - Add support for M-, to pop-tag-mark, like GNU Emacs

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-10 15:47:43 +02:00
Maksim Kiselev
2e330dff6a sunxi-tools: bump to version 1.4.2-168-ged3039c
This patch bumps version of the sunxi-tools to latest commit on master branch.

There are no new tags\releases since 2016 so let's use commit hash as version.
New version brings support for the following SOCs: A63, V5, R528/T113s, V853,
F1C100s, R329, H616, H6

Signed-off-by: Maksim Kiselev <bigunclemax@gmail.com>
[Arnout: use full hash in VERSION]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-10 15:45:43 +02:00
Arnout Vandecappelle
abff5246a7 .checkpackageignore: update properly
When we updated .checkpackageignore in commit 29d6f319a, this was done
using a different version of shellcheck, that apparently detects some
additional issues. Thus,
board/terasic/de10nano_cyclone5/barebox-env/boot/mmc was detected as
containing shellcheck errors. However this doesn't happen with the
version in CI, leading to "Shellcheck was expected to fail" errors.

Re-generate .checkpackageignore under docker-run, like it should have
been done to begin with.

Fixes: 29d6f319a0
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/4084485150

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-10 15:34:00 +02:00
James Hilliard
19c4b1b069 package/python-pep517: drop package
This package is no longer used as python-pypa-build now uses
python-pyproject-hooks instead. In fact, pyproject-hooks is simply the
new name of pep517 [1].

[1] https://github.com/pypa/pyproject-hooks/issues/136

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 23:11:41 +02:00
Ricardo Martincoski
29a0dd4a30 utils/checkpackagelib: warn about $(HOST_DIR)/usr
It's been ages (5 years at the next release) that we've not installed
host packages in $(HOST_DIR)/usr, but we still have a few packages that
reference it or install things in there. See [1]

Add a new check_function that warns when a file is added installing to
or referencing $(HOST_DIR)/usr .

[1] "d9ff62c4cd pacakge: drop remnants of $(HOST_DIR)/usr"

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: exclude skeleton.mk with disable comment instead of explicit
         code]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 22:56:16 +02:00
Arnout Vandecappelle
47910ccc36 package/efivar: don't install in $(HOST_DIR)/usr
For years already, $(HOST_DIR)/usr is deprecated. Install directly in
$(HOST_DIR). This will trigger a check-package error in the following
commit.

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 22:56:15 +02:00
Ricardo Martincoski
9df6503ed0 Makefile: merge check-flake8 into check-package
Teach check-package to detect python files by type and check them using
flake8.
Do not use subprocess to call 'python3 -m flake8' in order to avoid too
many spawned shells, which in its turn would slow down the check for
multiple files. (make check-package takes twice the time using a shell
for each flake8 call, when compared of importing the main application)

Expand the runtime test and the unit tests for check-package.

Remove check-flake8 from the makefile and also from the GitLab CI
because the exact same checks become part of check-package.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: add a comment to x-python to explain its purpose]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 22:33:24 +02:00
Ricardo Martincoski
60fdaf56fe utils/check-package: check files in support/
The .mk files inside both support/dependencies and support/misc are not
package recipes, similar to package/pkg-*.mk. The check-package don't
apply to them. Therefore ignore such files.

In the test infra, some br2-externals are used as fixtures to provide
(sometimes) failure cases, so ignore files in these directories.

Files inside support/kconfig are files copied from linux upstream, so do
not generate warnings for them.

support/gnuconfig contains auto-generated config.{guess,sub} files,
so do not generate shellcheck warnings for them.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 21:59:04 +02:00
Ricardo Martincoski
29d6f319a0 utils/check-package: check files in board/
When a SysV init script is inside package/ it doesn't need to be
executable. However, when an init script is inside a fs_overlay, it
*does* need to be executable. Therefore, skip the NotExecutable test for
init scripts. We detect them based on the directory /etc/init.d

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: update .checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 21:51:11 +02:00
James Hilliard
d775b2ac05 package/pkg-cargo: set RUSTFLAGS for host in HOST_PKG_CARGO_ENV
Move RUSTFLAGS for host builds to HOST_PKG_CARGO_ENV so that they
are set for host cargo builds which don't use the cargo infrastructure,
e.g. python packages that include rust code.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 21:28:07 +02:00
Dario Binacchi
39b5d5eb13 configs/imx8mn_bsh_smm_s2_pro_defconfig: bump U-Boot version to 2023.04
Bump U-Boot to version 2023.04.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 16:19:56 +02:00
Dario Binacchi
2df4bf8373 configs/imx8mn_bsh_smm_s2_defconfig: bump U-Boot version to 2023.04
Bump U-Boot to version 2023.04 and remove the patch that has already
been upstreamed.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 16:19:11 +02:00
Daniel Lang
9e9d807a47 package/pangomm: bump to version 2.50.1
https://gitlab.gnome.org/GNOME/pangomm/-/blob/2.50.1/NEWS

Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 16:10:05 +02:00
Daniel Lang
853c1d053c package/libmodbus: bump to version 3.1.10
https://github.com/stephane/libmodbus/releases/tag/v3.1.10

Also update URL in Config.in to use https instead of http.

Also remove --without-documentation configure option, which already
didn't exist in 3.1.8.

Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 16:08:21 +02:00
Petr Vorel
c3c3fe141f package/ima-evm-utils: bump version to 1.5
Project primary git repository moved to github.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:58:32 +02:00
Julien Olivain
15a649fd2d package/fluidsynth: bump to version 2.3.2
For change log since v2.3.1, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.2

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:49:18 +02:00
James Hilliard
298173e2be package/{rust, rust-bin}: bump to version 1.68.2
Link to Rust 1.68.2 announcement: https://blog.rust-lang.org/2023/03/28/Rust-1.68.2.html

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:44:51 +02:00
Simon Rowe
0385719706 package/mdadm: install udev rules
mdadm contains various udev rules to manage RAID assembly and create
symlinks, install them if udev (or equivalent) is enabled.

Signed-off-by: Simon Rowe <simon.rowe@nutanix.com>
[Arnout: use MDADM_INSTALL_TARGET_OPTS for install-bin as well]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:42:49 +02:00
Joachim Wiberg
be44dcf695 package/libite: bump version to v2.5.3
Fixes, from https://github.com/troglobit/libite/releases/tag/v2.5.3

 - rsync() does not copy single files correctly
 - copyfile() does not handle empty source files correctly (error)
 - copyfile() does not properly create destination dir

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:39:58 +02:00
Dario Binacchi
40db6955df configs/beaglebone_defconfig: bump Linux version to 5.10.162-ti-r59
Tested on beaglebone black.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:39:22 +02:00
Dario Binacchi
924b163b1e configs/stm32f469_disco_sd_defconfig: explicitly set U-Boot version
The version of U-Boot must be explicitly set because if you keep the
default setting, the bootloader is continuously updated in buildroot with
the risk of building a non-working image.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:38:34 +02:00
Florian Fainelli
95b8e7245d package/bluez5_utils: Fix builds with musl-libc
Backport upstream commit ca6546fe521360fcf905bc115b893f322e706cb2
("shared: define MAX_INPUT for musl") to fix builds with musl-libc.

Fixes:
- http://autobuild.buildroot.net/results/3fd24a604a29eff70e20f82690e3f058f04903f9/
- http://autobuild.buildroot.net/results/bd57f1813be699cd5ce2ae94f5f511a71fe10428/
- http://autobuild.buildroot.net/results/90d528cc18a367af2f68e1c0673d962fe399e1ac/
- http://autobuild.buildroot.net/results/552b700ee129e1c7f651de13f6766eae5325dcbc/

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:36:41 +02:00
Giulio Benetti
97f8cc355b package/matio: fix build failure due to gcc bug 99410
The matio package exhibits gcc bug 99410 when built for the Nios2
architecture with optimization enabled, which causes a build failure.

As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_99410=y.

Fixes:
http://autobuild.buildroot.net/results/971/9714160b80a0d1a01983d29af38a95049c07b4d3/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-09 15:32:26 +02:00
Francois Perrad
00709af66e package/squashfs: bump to version 4.6.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 23:14:13 +02:00
Giulio Benetti
cbf89eb4e4 package/libfuse3: bump to version 3.14.1
Add local patch pending upstream[0] to fix build failure with uclibc.

[0]: https://github.com/libfuse/libfuse/pull/753

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 23:11:25 +02:00
Francois Perrad
c0e1ef258b package/sqlite: bump to version 3.41.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 23:11:10 +02:00
Fabrice Fontaine
6d80b5ddbf package/domoticz: bump to version 2023.1
Drop patch (already in version)

https://github.com/domoticz/domoticz/blob/2023.1/History.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:35:00 +02:00
Fabrice Fontaine
402e06a02f package/openpowerlink: bump to version 2.7.2
https://github.com/OpenAutomationTechnologies/openPOWERLINK_V2/blob/V2.7.2/revision.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:34:41 +02:00
Fabrice Fontaine
835d778031 package/irrlicht: bump to version 1.8.5
Drop second patch (not needed since
https://sourceforge.net/p/irrlicht/code/5349/)

https://irrlicht.sourceforge.io/forum/viewtopic.php?f=2&t=52775

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:33:59 +02:00
Fabrice Fontaine
69ee42a26b package/ccid: bump to version 1.5.2
https://github.com/LudovicRousseau/CCID/releases/tag/1.5.1
https://github.com/LudovicRousseau/CCID/releases/tag/1.5.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:31:24 +02:00
Fabrice Fontaine
f89f3787a0 package/avrdude: bump to version 7.1
Switch to cmake-package (autotools removed)

https://github.com/avrdudes/avrdude/blob/v7.1/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:19:06 +02:00
Christian Stewart
b7eaa9af7b package/go: security bump to version 1.19.8
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well as
bug fixes to the compiler, the linker, the runtime, and the time package.

Fixes security vulnerabilities:

go/parser: infinite loop in parsing (CVE-2023-24537)

html/template: backticks not treated as string delimiters (CVE-2023-24538)

net/http, net/textproto: denial of service from excessive memory
allocation (CVE-2023-24534)

net/http, net/textproto, mime/multipart: denial of service from excessive
resource consumption (CVE-2023-24536)

https://go.dev/doc/devel/release#go1.19.8
https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:17:52 +02:00
Peter Thompson
7e763381b7 package/sdl2_image: bump version to 2.6.3
Signed-off-by: Peter Thompson <peter.macleod.thompson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:14:55 +02:00
Peter Thompson
8d9308a5a6 package/sdl2_ttf: bump version to 2.20.2
Signed-off-by: Peter Thompson <peter.macleod.thompson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:14:54 +02:00
Baruch Siach
13812ee16e package/daemon: bump to version 0.8.2
Drop upstream patches.

Update license to include mode licenses. Add license file hashes and
update hashes of existing files for added licenses, as well as
formatting and copyright date updates.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:14:53 +02:00
Dario Binacchi
5b5b68df60 configs/beaglebone: bump U-Boot version to 2023.04
Bump U-Boot to version 2023.04.

Tested on beaglebone black.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:14:51 +02:00
Laurent Vivier
a2f554c1bd package/petitboot: new package
Although this is a "boot loader", it really is a tool that should be
part of an image that acts as the bootloader. Thus, it is not in the
bootloader menu.

A UI is required and can be provided by ncurses, X11 or fbdev. Only
ncurses is supported for now. The other two use libtwin which isn't part
of Buildroot for now.

Adapted from https://github.com/glevand/petitboot--buildroot
Updated to work with m68k architecture rather than just PlayStation3
(focused on qemu-system-m68k virt machine)

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
[Arnout:
 - Add missing arch and toolchain dependencies.
 - Remove nonexistent BR2_PACKAGE_NCURSES_TARGET_* selects.
 - Swap kexec/kexec-lite priority.
 - Add hash for license file.
 - Use version without v for VERSION.
 - Remove unnecessary --localstatedir=/var.
 - Add --disable-busybox.
 - Remove --enable-debug.
 - Remove --with-ncursesw and explicit libraries.
 - Add explicit arguments for all configure options.
 - Always select busybox tftp.
 - Add optional dependency on dtc.
 - Move dtc-specific options under a single condition.
 - Minor cleanups (whitespace, comments, ...).
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-05 22:08:37 +02:00
Laurent Vivier
3d7557d80f package/kexec: add m68k support
kexec supports m68k since commit
027413d822fd57dd39d2d2afab1484bc6b6b84f9 in v2.0.5

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
[Arnout:
 - Split off in a separate commit.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-05 22:08:36 +02:00
Arnout Vandecappelle
64fa94f72f package/kexec: introduce BR2_PACKAGE_KEXEC_ARCH_SUPPORTS
This makes it easier for other packages to add the arch dependency.

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-04-05 22:08:35 +02:00
Stefan Agner
0d8d348826 package/docker-cli: bump version to v23.0.3
This release contains some fixes and small improvements. For the
full list see:
https://github.com/moby/moby/releases/tag/v23.0.3

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:01:56 +02:00
Stefan Agner
238d494687 package/docker-engine: security bump version to v23.0.3
Fixed a number of issues that can cause Swarm encrypted overlay networks
to fail to uphold their guarantees, addressing CVE-2023-28841,
CVE-2023-28840, and CVE-2023-28842.

https://github.com/moby/moby/releases/tag/v23.0.3

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 22:01:25 +02:00
Stefan Agner
8bf66c5640 package/containerd: security bump to version 1.6.20
Various bugfixes and improvements. Noteable security fixes:

- CVE-2023-25153: Fix OCI image importer memory exhaustion
  https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2

- CVE-2023-25173: Fix supplementary groups not being set up properly
  https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p

https://github.com/containerd/containerd/releases/tag/v1.6.20

Signed-off-by: Stefan Agner <stefan@agner.ch>
[Peter: add CVE references]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 21:58:18 +02:00
Waldemar Brodkorb
f12bf2e6a7 package/uclibc: security update to 1.0.43
Security fix for CVE-2022-29503

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-05 21:54:00 +02:00
Stefan Agner
413a28940b package/docker-cli: bump version to v23.0.2
This release contains some fixes and small improvements. For the
full list see:
https://github.com/moby/moby/releases/tag/v23.0.2

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-03 11:01:27 +02:00