Commit Graph

56911 Commits

Author SHA1 Message Date
Fabrice Fontaine
ed653df573 package/nettle: security bump to version 3.7.2
Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2,
where several Nettle signature verification functions (GOST DSA, EDDSA &
ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply
function being called with out-of-range scalers, possibly resulting in
incorrect results. This flaw allows an attacker to force an invalid
signature, causing an assertion failure or possible validation. The
highest threat to this vulnerability is to confidentiality, integrity,
as well as system availability.

https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:18:20 +02:00
Fabio Estevam
769d053f65 configs/imx6-sabresd: bump U-Boot and kernel versions
Bump to U-Boot 2021.04 and kernel 5.10.25 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:33:31 +02:00
Fabio Estevam
bd62da59b9 boot/uboot: bump to version 2021.04
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:31:49 +02:00
Fabrice Fontaine
34764dcfac package/python-botocore: drop docutils dependency
docutils is not a dependency since version 1.18.0 and
dd24dd1b2e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:29:41 +02:00
Fabrice Fontaine
32c10f256b package/fmt: add FMT_CPE_ID_VENDOR
cpe:2.3🅰️fmt:fmt is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afmt%3Afmt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:24:58 +02:00
Alexander Egorenkov
55a7382564 package/multipath-tools: bump to version 0.8.6
https://github.com/opensvc/multipath-tools/releases/tag/0.8.6

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:12 +02:00
Jörg Krause
40ebac416b package/libnpupnp: bump to version 4.1.3
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:06 +02:00
Jörg Krause
ec15f89be9 package/mpd: bump to version 0.22.6
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:02 +02:00
Alexander Dahl
3ce7afbe50 package/dnsmasq: security bump to 2.85
CVE-2021-3448 applies.  See announcement for details.

Link: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014962.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:29:48 +02:00
Ramon Fried
18c3d44a0a package/bitwise: bump version to 0.42
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:29:15 +02:00
Fabrice Fontaine
b27fca6482 package/yavta: disable -Werror
Fix build failure which is raised since bump to latest version in commit
87ba7be02f

Fixes:
 - http://autobuild.buildroot.org/results/d5b4f69f46cef4dd11410fe48d21372cb883ae4a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:28:25 +02:00
Michael Walle
bd82bedfd1 package/linux-serial-test: bump version
Give this package some love and update to the newest version. There are
no released versions, though. Therefore, use the latest commit.

Notable changes:
 - RS485 support fixes and features
 - internal loopback support

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:21:26 +02:00
Sam Voss
4732b78221 package/rsyslog: install default service file
As of v8.2008 rsyslog no longer provides a default service file, and now
suggests using the platform suggested defaults. For Buildroot, install
the Debian service file which has been added in the same version,
however is not included in the official release.

Upstream commit which adds this service file:
cfd07503ba

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:21:04 +02:00
Jörg Krause
53f5dd3115 package/spdlog: bump to version 1.8.5
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:54:46 +02:00
Jörg Krause
8974596836 package/gerbera: bump to version 1.8.0
Also recreate config.xml by building and running Gerbera using:

```
~/buildroot/output/target/usr/bin/gerbera --create-config > package/gerbera/config.xml

```

Note, that Gerbera sets the `<home>` parameter now to the runtime user's home by
default when generating the script. This is not appropriate when running Gerbera
on an embedded Linux system as we usually do not have multiple users or even
users at all. Therefore, we set the home directory to /var/lib/gerbera`.

As this directory is not created when installing Gerbera to the target,
it is created by the start script.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:54:27 +02:00
Francois Perrad
d72152ad8e package/luarocks: improve detection of license files
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:51:43 +02:00
Francois Perrad
2ff52ae939 package/luarocks: bump to version 3.7.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:45:20 +02:00
Jörg Krause
718b6c224a package/luv: bump to version 1.40.0-0
Also fix spacing to use 2 spaces in the hash file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:45:06 +02:00
Maxim Kochetkov
75d1a5a046 DEVELOPERS: add Maxim Kochetkov for postgis
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:44:11 +02:00
Fabrice Fontaine
4a48f2c180 package/oniguruma: bump to version 6.9.7.1
Update hash of COPYING (update in year:
56255e8b3e)

https://github.com/kkos/oniguruma/blob/v6.9.7.1/HISTORY

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:35:43 +02:00
Giulio Benetti
59fedf02df package/libnss: bump version to 3.64
Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.64_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:34:39 +02:00
Fabrice Fontaine
4b4d98e2c5 package/domoticz: drop boost date-time dependency
boost date-time is not a dependency since version 4.9700 and
a3eacbc987

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:33:55 +02:00
Fabrice Fontaine
8a46b41b4a package/domoticz: drop first patch
Patch not needed since commit 37f197f863
which bumped host-cmake dependency from 3.10 to 3.15

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:33:34 +02:00
Michael Nosthoff
8d51ee7c79 package/libgpiod: bump to version 1.6.3
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:46 +02:00
Bernd Kuhls
5dd2b7d774 package/meson: bump version to 0.57.2
Release notes: https://groups.google.com/g/mesonbuild/c/3YR_iOkh7co

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:28 +02:00
Michael Nosthoff
efd762feaa package/grpc: bump to version 1.37.0
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:25 +02:00
Bernd Kuhls
cffe295259 package/libcurl: bump version to 7.76.1
Bugfix release.  For details, see the changelog:
https://curl.se/changes.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-19 22:23:55 +02:00
Fabrice Fontaine
5a9504831f package/m4: fix build with glibc 2.34
m4 fails to build with glibc 2.34 because SIGSTKSZ is now a run-time
variable since
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6c57d320484988e87e446e2e60ce42816bf51d53

So backport an upstream patch from gnulib, see:
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00015.html

An other option would have been to apply patch from
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00024.html
but no feedback was received on this patch

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13721

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:18:27 +02:00
Thomas Petazzoni
d06bf96097 support/scripts/cve.py: use proper CPE ID version when available
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-18 18:20:27 +02:00
Sergio Prado
5e37992132 package/tio: disable for sparc and sparc64 architectures
tio fails to build on sparc and sparc64 architectures with a
redefinition of 'struct termio' error, with no proper fix or workaround
for now. See discussions in [1] and [2] and picocom source code in [3].

[1] http://patchwork.ozlabs.org/project/buildroot/patch/20191227204520.1500501-1-fontaine.fabrice@gmail.com/
[2] http://patchwork.ozlabs.org/project/buildroot/patch/20200511142602.46170-1-vadim4j@gmail.com/
[3] https://github.com/npat-efault/picocom/blob/master/termbits2.h#L37

So let's disable it for now on sparc and sparc64 architectures.

Fixes:
http://autobuild.buildroot.org/results/e041dde522e2a774f528d4377f67ca0a8a99461c
http://autobuild.buildroot.org/results/6e1f9fe47e8b2cfdf5effcb7bbc697189f54ff2c
http://autobuild.buildroot.org/results/49708fe6f404fea6761f102af854e98d6a1d43c1
Many more...

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:32:32 +02:00
Peter Korsgaard
f31227e628 support/scripts/cve.py: use fast ijson backend if available on old ijson versions
ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:

time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html

Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total

To
93,53s user 2,00s system 98% cpu 1:36,65 total

E.G. almost 2x as fast.

As a workaround, detect when the python backend is used and try to use a
more efficient one instead.  Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.

The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:14:40 +02:00
Michael Nosthoff
5d4dc98c58 package/systemd: fix homed dependency warning
Fixes:

showing "enable home daemon"
and "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12"
when BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12

introduced by fa62b5165c

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:07:26 +02:00
James Hilliard
56fd68b688 package/libdrm: fix man page disabling option
Commit 841c695468 (libdrm: change to meson build system) converted the
autotools --disable-manpages to the neson -Dmanpages=false. However, the
actual option is 'man-pages':

    WARNING: Unknown options: "manpages"

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: tweak commit log as per Peter's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:05:26 +02:00
Fabrice Fontaine
6333d5d1dc package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR
cpe:2.3🅰️libcgroup_project:libcgroup is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcgroup_project%3Alibcgroup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 08:58:43 +02:00
Fabrice Fontaine
d917e92c9b package/libcgroup: bump to version 0.42.2
Drop patch (already in version)

https://github.com/libcgroup/libcgroup/releases/tag/v0.42.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 08:58:42 +02:00
Bernd Kuhls
51761e0f93 package/x11r7/xserver_xorg-server: remove unused configure option --disable-xsdl
Upstream removed this configure option:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=52bc6d944946e66ea2cc685feaeea40bb496ea83

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:37 +02:00
Bernd Kuhls
974448aed3 package/x11r7/xserver_xorg-server: remove optional support for tslib
Upstream removed support for tslib:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=5c7ed785e3bdb9f0fbf8fbfdc93b5fdd2b2c7dbf

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:36 +02:00
Bernd Kuhls
553a123526 package/x11r7/xserver_xorg-server: remove evdev input drivers for kdrive
Upstream removed the evdev driver for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=27819950e4158326e0f83a30f2e8968b932625ef

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:34 +02:00
Bernd Kuhls
2779de195f package/x11r7/xserver_xorg-server: remove xfbdev
Upstream removed the kdrive framebuffer device server:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=feed7e3f982a7ac14f6fe85ed2e1ec4a83700841

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:33 +02:00
Bernd Kuhls
eea0da855b package/x11r7/xserver_xorg-server: remove non-evdev input drivers for kdrive
Upstream removed support for non-evdev input drivers for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=e7b8b7b131d8283c96ed0aff4593ab41441b5d3b

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:32 +02:00
Bernd Kuhls
d12c8c43fd package/x11r7/xserver_xorg-server: security bump version to 1.20.11
Fixes CVE-2021-3472:
https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003081.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:31 +02:00
Einar Jon Gunnarsson
c45accd295 package/modem-manager: add support for introspection
Enable introspection when GObject Introspection is enabled.

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Acked-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr: drop config option, rely on GOI package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:07:01 +02:00
Einar Jon Gunnarsson
87ba7be02f package/yavta: bump to latest version
Add hash file
Convert to meson build
Use https instead of http and git

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
[yann.morin.1998@free.fr: also switch repo to https]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:01:50 +02:00
Arnout Vandecappelle (Essensium/Mind)
148e8c92b9 package/Config.in: change postgresql condition
The condition around postgis was added to make a sort of submenu of the
postgresql extensions under postgresql itself. However, such a condition
should be on BR2_PACKAGE_POSTGRESQL, not on its suboption
BR2_PACKAGE_POSTGRESQL_FULL.

Change the condition in package/Config.in to BR2_PACKAGE_POSTGRESQL, and
move the BR2_PACKAGE_POSTGRESQL_FULL condition to
package/postgis/Config.in.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 22:27:47 +02:00
Maxim Kochetkov
fceec33568 package/protozero: new package
Minimalistic protocol buffer decoder and encoder in C++.
Designed for high performance. Suitable for writing zero copy
parsers and encoders with minimal need for run-time allocation
of memory.

Low-level: this is designed to be a building block for writing
a very customized decoder for a stable protobuf schema. If your
protobuf schema is changing frequently or lazy decoding is not
critical for your application then this approach offers
no value: just use the C++ API that can be generated with
the Google Protobufs protoc program.

https://github.com/mapbox/protozero

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:48:15 +02:00
Fabrice Fontaine
51d55fc132 package/genext2fs: bump to version 1.5.0
- Retrieve latest version from github
- Drop patch (already in version)

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13741

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:08:17 +02:00
Fabrice Fontaine
b147af911a package/quickjs: disable on nios2
quickjs unconditionally uses FE_{DOWN,UP}WARD and so fails to build on
nios2 since its addition in commit
5d50793659

Fixes:
 - http://autobuild.buildroot.org/results/69e280a7f478d1b16be989c7bd559f766053134b
 - http://autobuild.buildroot.org/results/f2c3ef7e3bbe30ac24710288336adabebd8b83a6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:07:35 +02:00
Fabrice Fontaine
0efb6e0cae package/postgis: add POSTGIS_CPE_ID_VENDOR
cpe:2.3🅰️postgis:postgis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apostgis%3Apostgis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:04:19 +02:00
Peter Seiderer
ee60021d54 package/postgis: add optional pcre dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:04:02 +02:00
Peter Seiderer
b4e7fd305a package/postgis: add optional json-c dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:03:48 +02:00