Commit Graph

45707 Commits

Author SHA1 Message Date
Carlos Santos
240aa29d67 package/liburiparser: bump to version 0.9.3
Version 0.9.3 is a fix-up to 0.9.2. Combined, releases 0.9.2 and 0.9.3
feature:

- Migration from GNU autotools to CMake
- Link fixes for use of uriparser from C++ code
- Library visibility fixes / introduction of -fvisibility=hidden

For more details please check the change log at

   https://github.com/uriparser/uriparser/blob/uriparser-0.9.3/ChangeLog

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:06:26 +02:00
Baruch Siach
d122ebdfd6 package/strace: bump to version 5.0
Drop patches; issues fixed upstream.

Update license file hash due to copyright year update.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:03:10 +02:00
Jörg Krause
12227863eb package/libzip: bump to version 1.5.2
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 19:58:59 +02:00
Jörg Krause
6b8e3e7415 package/popt: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:42:06 +02:00
Jörg Krause
2f2d437cd5 package/luv: bump to version 1.28.0-0
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:41:51 +02:00
Jörg Krause
4a28f22383 package/shairport-sync: bump to version 3.2.2
Drop patches 0001 and 0002 which are included in the new version.

Add hash for the license file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:41:34 +02:00
Jörg Krause
86a7f00919 package/luajit: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:40:49 +02:00
Carlos Santos
06e46d9b05 package/tpm2-totp: fix menu prompt
It must be "tpm2-totp", not "tpm2-tools" (probably a copy/paste issue).

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:40:11 +02:00
Baruch Siach
14c9b9ed27 package/strace: disable build for nds32
Current version of strace does not support nds32.

Fixes:
http://autobuild.buildroot.net/results/05ec776548c9bede4878d4c3c43040c5b0aac182
http://autobuild.buildroot.net/results/24023f2fa3dbf7c281726abdbfd4322badaffbfb

Cc: Nylon Chen <nylon7@andestech.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:59 +02:00
Angelo Compagnucci
669497c5e2 linux: bump Linux CIP to version v4.19.13-cip1
This patch bumps CIP to the latest SLTS version v4.19.13-cip1.
Kernel based on 4.4 is not deprecated, it will continue to be supported
as planned by the CIP foundation.
If the 4.4 version is needed, it should be selected manually.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:50 +02:00
Peter Korsgaard
99890750e0 package/gst1-plugins-base: add upstream SA-2019-0001 security fix
Fixes the following security issue:

CVE-2019-9928: GStreamer before 1.16.0 has a heap-based buffer overflow in
the RTSP connection parser via a crafted response from a server

For more details, see the advisory:
https://gstreamer.freedesktop.org/security/sa-2019-0001.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:37 +02:00
Peter Korsgaard
4f5584af06 package/go: bump version to 1.12.4
Fixes a number of issues discovered since 1.12.1.  From the release notes:

go1.12.2 (released 2019/04/05) includes fixes to the compiler, the go
command, the runtime, and the doc, net, net/http/httputil, and os packages.
See the Go 1.12.2 milestone on our issue tracker for details.

go1.12.3 (released 2019/04/08) was accidentally released without its
intended fix.  It is identical to go1.12.2, except for its version number.
The intended fix is in go1.12.4.

go1.12.4 (released 2019/04/11) fixes an issue where using the prebuilt
binary releases on older versions of GNU/Linux led to failures when linking
programs that used cgo.  Only Linux users who hit this issue need to update.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:21 +02:00
Peter Korsgaard
43ff6b974c package/imagemagick: security bump to version 7.0.8-42
Fixes the following security issues:

- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
  overflow in the function PopHexPixel of coders/ps.c, which allows an
  attacker to cause a denial of service or code execution via a crafted
  image file.

- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
  over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
  attacker to cause a denial of service or information disclosure via a
  crafted image file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:09 +02:00
Fabrice Fontaine
94c6cab917 package/intel-mediasdk: fix license
Fixes:
 - http://autobuild.buildroot.org/results/5730991fded5ab3474cd0325b399f6f27972ca81

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:15:41 +02:00
Asaf Kahlon
3a6235744e package/python-reentry: bump to version 1.3.1
Also update dependency list.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:15:30 +02:00
Fabrice Fontaine
5cad1fe1ff package/subversion: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/098a05b397ba1b05df561b6872b39e17a2bf27df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:14:54 +02:00
Carlos Santos
d54b0e22ae DEVELOPERS: Add Carlos Santos for tpm2-totp
[Peter: reword]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:02:17 +02:00
Nicolas Serafini
ff064fe02c package/exiv2: bump to version 0.27.1
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:01:50 +02:00
Peter Korsgaard
3fd23becd4 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:01:40 +02:00
Peter Korsgaard
cfa6f2fff0 docs/website: update for 2019.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 13:55:57 +02:00
Peter Korsgaard
b7620c10c1 Update for 2019.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b4b3e7cd4)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 13:54:05 +02:00
Fabrice Fontaine
89e70a7077 package/bind: fix python build
A check for python-ply has been added as this is a dependency of the
dnssec-keymgr script so install host-python-ply to avoid a build failure
if python-ply is not installed on host

Fixes:
 - http://autobuild.buildroot.org/results/96815b1300547c976443bf74b762febdfcc8d3ba

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:28:29 +02:00
Yann E. MORIN
138014bf23 package/qemu: unset TARGET_DIR
qemu uses TARGET_DIR internally, and it is at least used to display the
shortened compiling commands, like (with a TARGET_DIR=/path/to/target):

    CC /path/to/targetblock/write-threshold.o

VS

    CC block/write-threshold.o

There does not seem to be any adverse effect to that, but this is very
confusing to see, especially when building the host variant.

Fix that by unsetting TARGET_DIR prior to building.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:02:14 +02:00
Yann E. MORIN
80a5217476 package/gst1-plugins-base: drop legacy remnant comment
In 7672234200 (gst1-plugins-base: bump version to 1.12.0), the unknown
options were removed, but the comment associated to --disable-gio_unix_2_0
was left out.

Drop it now.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:08:47 +02:00
Yann E. MORIN
1c4dd7bb5d package/binutils: don't override the build command
In 1d42d0acca (binutils: ensure TARGET_CONFIGURE_ARGS is taken into
consideration for subdirs), the whole BUILD_CMDS was overriden in an
attempt to ensure that the target configure args (in fact, environment
variables) are indeed passed in the environment of the build command.

However, there is no reason to override the whole command, when we can
simply specify additional environment variables, as supported by the
autotools infra.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:08:24 +02:00
Fabrice Fontaine
3b017adcc6 package/xapp_xload: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/a69b957d0f3251031b0c67e951ba8fb8d1043ce0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:05:07 +02:00
Giulio Benetti
6cccfe64cd package/libcamera: bump to version ab0188fc8bbb6f397ac3aa11c9377662b7bd88b0
Build failures due to:
`fatal error: sys/auxv.h: No such file or directory`
have been fixed upstream.

Fixes:
http://autobuild.buildroot.net/results/158/158950190141b4f1b0a3d7813322d3971bb8ba75/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Acked-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-04-27 14:30:28 +02:00
Francois Perrad
6a42b16d43 package/perl-mojolicious: bump to version 8.15
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
3c5e07d1fb package/perl-module-build: bump to version 0.4229
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
f8887825a8 package/perl-mail-dkim: bump to version 0.55
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
1ff12ee663 package/perl-http-headers-fast: bump to version 0.22
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Fabrice Fontaine
73661a7550 package/xapp_xfd: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/e6009f0232eb60ed10eb46b39edf125369eb12e1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Seiderer
022d85cce8 package/{mesa3d, mesa3d-headers}: bump version to 19.0.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
c21edddec9 package/wpa_supplicant: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
b3adfacdb1 package/hostapd: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
bc4ac7da33 package/libpng: security bump to version 1.6.37
Fixes the following security issue:

CVE-2019-7317: png_image_free in png.c in libpng 1.6.36 has a use-after-free
because png_image_free_function is called under png_safe_execute.

Update license hash for a change in copyright year and typo fixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-04-27 14:15:39 +02:00
Peter Korsgaard
fc8ace0938 package/bind: security bump to version 9.11.6-P1
Fixes the following security issues:

 - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
   https://kb.isc.org/docs/cve-2018-5743

 - CVE-2019-6467: An error in the nxdomain redirect feature can cause
   BIND to exit with an INSIST assertion failure in query.c
   https://kb.isc.org/docs/cve-2019-6467

 - CVE-2019-6468: BIND Supported Preview Edition can exit with an
   assertion failure if nxdomain-redirect is used
   https://kb.isc.org/docs/cve-2019-6468

Add an upstream patch to fix building on architectures where bind does not
implement isc_atomic_*.

Upstream moved to a 2019 signing key, so update comment in .hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 16:15:37 +02:00
Fabrice Fontaine
b7650ae940 package/openssh: fix build with atomic
Use pkg-config to retrieve openssl dependencies such as atomic

Fixes:
 - http://autobuild.buildroot.org/results/33d0e56368ab0e74d523be4837824654a4684746

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 16:15:15 +02:00
Trent Piepho
1ab8b96fa8 package/network-manager: don't require an external DHCP client
NetworkManager now has an internal DHCP client.  Therefor, there is no
need to select either the DHCPCD or DHCP_CLIENT package to get DHCP.

Remove the forced select of one of those packages.

The internal DHCP client has become NetworkManager's preferred DHCP
client, so it seems reasonable that it effectively becomes the default,
unless DHCPCD or DHCP_CLIENT are intentionally enabled.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:15:56 +02:00
Pierre-Jean Texier
45537f832d configs/warp7: bump to Linux 5.0.9 and U-Boot 2019.01
This commit bumps Linux & Linux-headers to 5.0 and U-Boot to version 2019.01

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Pierre-Jean Texier <a class="moz-txt-link-rfc2396E" href="mailto:pjtexier@koncepto.io">&lt;pjtexier@koncepto.io&gt;</a>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:14:26 +02:00
Peter Korsgaard
89c7e417ed package/dovecot: security bump to version 2.3.5.2
Fixes the following security issue:

* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.

https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:13:57 +02:00
Peter Korsgaard
5bc45c5e77 package/python-urllib3: security bump to version 1.24.2
Fixes the following security issue:

- CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles
  certain cases where the desired set of CA certificates is different from
  the OS store of CA certificates, which results in SSL connections
  succeeding in situations where a verification failure is the correct
  outcome.  This is related to use of the ssl_context, ca_certs, or
  ca_certs_dir argument.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:13:52 +02:00
Fabrice Fontaine
ef333f99a2 package/bullet: extras needs dlfcn.h and threads
extras needs dynamic library (dlfcn.h) and threads

Fixes:
 - http://autobuild.buildroot.org/results/a2609de74c08d9287beb839b93794161a7868e30
 - http://autobuild.buildroot.org/results/3e961d40f3d7003061eee0f7dc476d26c444bd7b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:06:42 +02:00
Fabrice Fontaine
e611813145 package/websocketpp: fix build with boost 1.70.0
Fix build of libcpprestsdk with boost 1.70.0

Fixes:
 - http://autobuild.buildroot.org/results/65840c7c5b337f1d4e5768d8e68198a5449603fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:06:32 +02:00
Asaf Kahlon
4e35542784 package/python-psutil: bump to version 5.6.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-26 09:05:45 +02:00
Adam Duskett
e783d60473 package/libressl: bump to version 2.9.1
LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a
shared library only build, the --disable-static flag is passed to libressl,
which prevents the building of libtls.a.

With libtls.a not being built, the following error occurs:
libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'.  Stop.

There are three options to fix this:
1) Stick with autotools, and provide a patch that removes building anything in
   the tests folder.
2) Pass --enable-static to LIBRESSL_CONF_OPTS
3) Change the package type to cmake, as a cmake build does not have this issue.

Changing the package type to cmake is the least impactful, it also has the added
benefit of being able to remove the 0001-remove-test-z-DESTDIR-from-ltmain.patch
file.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-25 21:53:35 +02:00
Fabrice Fontaine
1ba73d551e package/rpm: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/26e20e19d878811d90fce52eb0951ee4d8b59068

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-25 21:52:53 +02:00
Romain Naour
9152387703 package/supertuxkart: bump to version 1.0
Remove upstream patch 0001-Fix-3091.patch.

Add enet, libsquish and nettle new dependencies.
Add host-pkgconf since the CMakeLists.txt now use pkg-config
for enet.

Make sure that glew and wiiuse libraries from staging are
used instead of bundled versions.

See:
http://blog.supertuxkart.net/2019/04/supertuxkart-10-release.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-24 22:55:27 +02:00
Romain Naour
aef7bab641 package/libglew: bump to version 2.1.0
See 2.1.0 Change Log:
http://glew.sourceforge.net/log.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-24 22:53:51 +02:00
Romain Naour
4bf328b114 package/enet: new package
enet will be used by supertuxkart 1.0.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-24 22:48:16 +02:00