Commit Graph

252 Commits

Author SHA1 Message Date
Thomas Petazzoni
a9a56ab6fd package/gdb: add support for GDB 14.1
All patches are still relevant, and have been rebased on top of GDB
14.1.

GDB 14.1 now needs mpfr unconditionally, so it is added as a
dependency of host-gdb, and of gdb when the full debugger is built.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
  - add comment about selecting mpfr for 14.x or later
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-27 22:38:42 +01:00
Thomas Petazzoni
64a5831679 package/libmpd: remove package
Following the removal of gmpc, we can drop libmpd as well, which was
apparently developed/maintained by the same group of people. The URL
in Config.in, http://gmpcwiki.sarine.nl/index.php?title=Libmpd, no
longer works, and no new alternative upstream was found.

The reference MPD client library is libmpdclient, which is still
maintained.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-26 22:37:26 +01:00
Thomas Petazzoni
9212a719a5 .checkpackageignore: stop ignoring ShellCheck issues in google-breakpad
The issues have been fixed by commit
f1089391a8 ("package/google-breakpad/gen-syms.sh:
fix shellcheck warnings")

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/5815132933

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-23 22:35:11 +01:00
Julien Olivain
5baf1ffe7e boot/grub2: bump to version 2.12
For release announce on mailing list, see [1].
For release general news, see [2].

This commit removes all package patches, as they are all included in
this version.

The .checkpackageignore file is updated accordingly (the entry for
patch 0001 is removed).

This commit also removes GRUB2_AVOID_AUTORECONF hooks, since patch
0001 is removed.

This commit also removes the GRUB2_IGNORE_CVES entries associated to
the removed patches. The version bump should now explicitly exclude
those CVEs. For patches 8 and 9, the upstream commit IDs were
incorrectly recorded:
  - patch 8 mentioned d5caac8ab79d068ad9a41030c772d03a4d4fbd7b while
    the actual commit is 5bff31cdb6b93d738f850834e6291df1d0b136fa
  - patch 9 mentioned 166a4d61448f74745afe1dac2f2cfb85d04909bf while
    the actual commit is 347880a13c239b4c2811c94c9a7cf78b607332e3

Finally, this commit introduces a new patch, adding a missing file in
the release tarball.

[1] https://lists.gnu.org/archive/html/grub-devel/2023-12/msg00052.html
[2] https://git.savannah.gnu.org/gitweb/?p=grub.git;a=blob;f=NEWS;hb=refs/tags/grub-2.12

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-23 12:13:18 +01:00
Bernd Kuhls
973b1eba5a package/libopenssl: bump version to 3.2.0
Release notes:
https://www.openssl.org/blog/blog/2023/11/23/OpenSSL32/

Removed patch 0001 and added no-docs configure option due to
956b4c75dc

Removed patch 0003 due to
78634e8ac2

Removed patch 0006 which is included in this release
e1b6ecbab4

Renumbered remaining patches.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:09:45 +01:00
Bernd Kuhls
faec3ca30e package/exim: bump version to 4.97
Removed patches which are included in this release:
https://git.exim.org/exim.git/commitdiff/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
https://git.exim.org/exim.git/commitdiff/d8ecc7bf97934a1e2244788c610c958cacd740bd
https://git.exim.org/exim.git/commitdiff/158dff9936e36a2d31d037d3988b9353458d6471
https://git.exim.org/exim.git/commitdiff/32da6327e434e986a18b75a84f2d8c687ba14619

Added upstream patch to fix build error.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-18 09:09:03 +01:00
Fabrice Fontaine
a32e41b09a package/tesseract-ocr: bump to version 5.3.3
Drop patches (already in version)

This bump will fix the following build failure raised since bump of
leptonica to version 1.83.1 in commit
a4e713558d thanks to
27b1827ccd:

src/textord/devanagari_processing.cpp: In member function 'bool tesseract::ShiroRekhaSplitter::Split(bool, tesseract::DebugPixa*)':
src/textord/devanagari_processing.cpp:130:19: error: invalid use of incomplete type 'struct Pixa'
  130 |     Box *box = ccs->boxa->box[i];
      |                   ^~
In file included from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/alltypes.h:52,
                 from /home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/allheaders.h:35,
                 from src/textord/devanagari_processing.h:16,
                 from src/textord/devanagari_processing.cpp:25:
/home/autobuild/autobuild/instance-5/output-1/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/leptonica/bmf.h:48:12: note: forward declaration of 'struct Pixa'
   48 |     struct Pixa  *pixa;        /*!< pixa of bitmaps for 93 characters        */
      |            ^~~~

https://github.com/tesseract-ocr/tesseract/blob/5.3.3/ChangeLog

Fixes:
 - http://autobuild.buildroot.org/results/46d3ffc8885245ee9a56a528be055b0b27a18245

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-09 15:54:28 +01:00
Fabrice Fontaine
1de7de1571 package/jack2: bump to version 1.9.22
- Drop patch (already in version)
- tools option has been dropped since
  564c710eef
- sndfile is not a dependency since
  c69d6097c2
- readline is not a dependency since
  a0b3e3e4dd

https://github.com/jackaudio/jack2/blob/v1.9.22/ChangeLog.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-09 15:50:19 +01:00
Peter Korsgaard
0c6f3d7f2e Merge branch 'next' 2023-12-04 21:11:12 +01:00
Neal Frager
790d554474 configs/zynq_qmtech_defconfig: deprecate board
The zynq_qmtech_defconfig has not been maintained for 3 years, and is now
using a very out of date u-boot and Linux kernel.  Since there are 4 other
zynq7000 defconfigs available in buildroot and Julien no longer has a
functional board, drop the defconfig.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Julien Olivain <ju.o@free.fr>
[Peter: reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-03 19:28:33 +01:00
Fabrice Fontaine
af2cd694e3 package/duma: bump to version 2.5.21
- Switch site to get latest release
- Drop all patches (already in version)
- Update hash of COPYING-LGPL, empty lines removed with
  cceb1b2d80
- Pass $(TARGET_CONFIGURE_OPTS) to install targets to avoid using wrong
  values since
  abdf4074c3

https://github.com/johnsonjh/duma/blob/VERSION_2_5_21/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-12-03 17:44:16 +01:00
Fabrice Fontaine
02e80e06c5 package/gsl: fix musl build on m68k
Update patch to fix the following musl build failure with m68k which is
only raised (for an unknown reason) since bump to version 2.7.1 in commit
3e48f8358e:

In file included from fp.c:6:
fp-gnum68k.c:21:10: fatal error: fpu_control.h: No such file or directory
   21 | #include <fpu_control.h>
      |          ^~~~~~~~~~~~~~~

Add also upstream link to first patch iteration which was sent in
November 2022 but didn't get it any reply (like most of the other emails
sent to bug-gsl@gnu.org ...)

Fixes:
 - http://autobuild.buildroot.org/results/e59636f6ac148807c1c67f09eef0e0a9f5d52303

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 10:21:19 +01:00
Baruch Siach
83b799457f package/socat: bump to version 1.8.0.0
Update README hash for changed not related to license.

Change patch 0001 to git format. socat is now hosted on git. Also,
update to apply to current version.

Add upstream status to both patches.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-27 19:10:52 +01:00
Hmaied Ben Abdellatif
f01bf0dbf1 package/openldap: bump version to 2.5.16
Stripping when cross-compiling and libtool static behavior are fixed in
2.5.16, so drop 0001-fix_cross_strip.patch and rename the remaining patches.

Signed-off-by: Hmaied Ben Abdellatif <hmaied.benabdellatif@etictelecom.com>
[Peter: extend commit message, update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-12 12:33:47 +01:00
James Hilliard
713ce6547d package/python-m2crypto: bump to version 0.40.1
Drop patch and associated CVE ignore which is now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-09 21:57:03 +01:00
James Hilliard
7e5958d077 package/python-dnspython: bump to version 2.4.2
Drop patch which is now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:25 +01:00
Fabrice Fontaine
3b2da40749 package/system-config-printer: bump to version 1.5.18
- Drop first patch (already in version)
- Drop second patch (rejected): cups-config is deprecated in favor of pkg-config
- Drop autoreconf (no more patches)
- intltool has been replaced by gettext since
  e653c1a860

https://github.com/OpenPrinting/system-config-printer/blob/v1.5.18/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:45:39 +01:00
Fabrice Fontaine
d47fa52df5 package/vde2: bump to version 2.3.3
- Switch to github to get latest release
- Drop first and second patches (already in version)
- Drop third patch (not needed anymore)
- Drop BSD-3-Clause and COPYING.slirpvde (slirpvde removed with
  eda0a1bc1d
  14e1c9e06f)
- python removed with
  2c57c25075
- kernel switch removed with
  b196ecd5b7
- parallel build has been fixed with
  7dd9ed46d5
- openssl has been replaced by wolfssl with
  8599321526

https://github.com/virtualsquare/vde-2/releases/tag/v2.3.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:44:09 +01:00
Thomas Petazzoni
646482e339 .checkpackageignore: fix typo
Badly introduced in
727c041a25 ("package/openjdk{-bin}: bump
versions to 17.0.9+9 and 21.0.1+12")

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:16:07 +01:00
Adam Duskett
727c041a25 package/openjdk{-bin}: bump versions to 17.0.9+9 and 21.0.1+12
- Move openjdk-bin.hash into separate directories, as the
  legal/java.prefs/ASSEMBLY_EXCEPTION file has an upated URL for OpenJDK 21.
  openjdk.java.net -> https://openjdk.org. The license type remains the same.

- Move 0001-Add-ARCv2-ISA-processors-support-to-Zero.patch into separate
  directories as the list of architectures in src/hotspot/os/linux/os_linux.cpp
  is no longer the same. 17 has LOONGARCH and 21 has LOONGARCH64.

Tested on Fedora39 and Debian 11 with:
./support/testing/run-tests tests.package.test_openjdk.TestOpenJdk.test_run

Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:08:09 +01:00
Fabrice Fontaine
1eb07c1904 package/libsolv: bump to version 0.7.25
Drop patch (already in version)

https://github.com/openSUSE/libsolv/blob/0.7.25/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 20:39:29 +01:00
Fabrice Fontaine
c4c555bd57 package/ranger: bump to version 1.9.3
- Switch to github to get latest release
- Drop patch (already in version)
- Update RANGER_DO_NOT_GENERATE_BYTECODE_AT_RUNTIME as scripts/ranger
  symlink to ranger.py has been removed
- Update hash of AUTHORS and add LICENSE file:
  8263cbac88

https://github.com/ranger/ranger/blob/v1.9.3/CHANGELOG.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 20:39:19 +01:00
Fabrice Fontaine
2edabebbb4 package/wavemon: bump to version 0.9.5
Drop patch (already in version)

https://github.com/uoaerg/wavemon/releases/tag/v0.9.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 20:38:43 +01:00
Fabrice Fontaine
ee389788af package/librtas: bump to version 2.0.5
- Drop patch (already in version)
- host-pkgconf is a mandatory dependency to run autoreconf (even when
  cmocka-based tests are disabled) since
  b62ecd4218

https://github.com/ibm-power-utilities/librtas/blob/v2.0.5/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 20:37:45 +01:00
Fabrice Fontaine
160f0e4b5f package/libpam-tacplus: bump to version 1.7.0
- Use official tarball
- Drop patch (already in version)
- Add patch to fix build failure
- The site that was used, https://github.com/jeroennijhof/pam_tacplus,
  now redirects to https://github.com/kravietz/pam_tacplus, so used
  this new site

https://github.com/kravietz/pam_tacplus/blob/v1.7.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-04 22:44:16 +01:00
Fabrice Fontaine
f9f5b3a6cb package/libnfs: bump to version 5.0.2
- Update patch
- Handle pthread support added with
  f55637619e

https://github.com/sahlberg/libnfs/blob/libnfs-5.0.2/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-04 22:33:48 +01:00
Julien BOIBESSOT
61848605cd package/ltris: bump to version 1.2.7
Update to the latest release, remove fix that was merged upstream.

Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-04 21:23:57 +01:00
Fabrice Fontaine
200b264b7a package/libgdiplus: add upstream link to patch
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-11-04 17:46:48 +01:00
Fabrice Fontaine
3904d470f7 package/brltty: bump to version 6.6
- Drop second patch (already in version)
- Update hash of README (DotPadd added with
  5a9288c6bc
  and year updated with
  f21f219916
  6858917969)
- This bump will fix the following build failure raised since bump of
  gettext-gnu to version 0.22 in commit f6a6e3a836
  thanks to
  31061173fd:

/home/thomas/autobuild/instance-2/output-1/host/bin/msgfmt --output-file zh.mo -- ./zh.po
/home/thomas/autobuild/instance-2/output-1/host/bin/msgfmt: input file doesn't contain a header entry with a charset specification
make[3]: *** [Makefile:86: ru.mo] Error 1

https://github.com/brltty/brltty/blob/BRLTTY-6.6/Documents/ChangeLog

Fixes:
 - http://autobuild.buildroot.org/results/29f5ef8a52db4dd717fbaf1ade9d250dfcebe6ff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-03 20:53:10 +01:00
Fabrice Fontaine
1da9c0e1be package/iodine: bump to version 0.8.0
- Replace non upstreamable patch
- Use LICENSE file added with
  721b7f0d9b

https://github.com/yarrick/iodine/blob/v0.8.0/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-03 10:30:24 +01:00
Sébastien Szymanski
72de789023 package/imx-mkimage: bump version to lf-6.1.36-2.1.0
Bump imx-mkimage to the latest version to gain i.MX9 support.

Patch 0001 and 0004 are merged upstream:
ff23c4fd84
bce82912c8

Patch 0002 is no more needed, BUILD_LDFLAGS var is now available:
8185a000a7

Renumber the remaining patch.

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-03 10:13:40 +01:00
Joachim Wiberg
0ff153461f package/libnet: bump to v1.3
Changes:
 - Major upgrade, no API or ABI breaking changes (that we know of).
   https://github.com/libnet/libnet/releases/tag/v1.3

Packaging:
 - Verified builds on *all* test-pkg archs & toolchains
 - Verified test-pkg also with ngrep, suricata, and mz
 - Drop backported int64_t patch
 - Disable doxygen (html docs) in build
 - sha256sum of tarball now generated upstream

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 22:30:01 +01:00
Bernd Kuhls
9c874557aa package/nut: bump version to 2.8.1
Release notes:
https://github.com/networkupstools/nut/blob/master/NEWS.adoc

Removed patch which is included in this release.

Updated license hash due to upstream commit:
3b37731950

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 21:56:32 +01:00
Adam Duskett
095cab35a9 package/openjdk{-bin}: drop OpenJDK11 and add OpenJDK21
OpenJDK 21 is out and with it, OpenJDK11 is now EOL.
See: https://endoflife.date/oracle-jdk As such, drop support for 11 and do the
following:

  - The 0001-Add-ARCv2-ISA-processors-support-to-Zero.patch patch now applies to
    both 17 and 21. Move it out of the version-specific directoriy.

  - BR2_OPENJDK_VERSION_LTS is now set to 17.

  - BR2_OPENJDK_VERSION_LATEST is now set to 21.

  - Drop --disable-hotspot-gtest as it has been removed, and was ignored in 17.

  - Add two separate HOST_OPENJDK_BIN_VERSION defines in openjdk-bin.mk as
    there is not a point release yet for OpenJDK 21.

  - Update the expectedVersion variable in JniTest.java from 0x000A0000 to
    0x00150000

Tested with:
./support/testing/run-tests tests.package.test_openjdk.TestOpenJdk.test_run

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 19:00:50 +01:00
Adam Duskett
547552a9cb package/openjdk-bin: bump OpenJDK17 version to 17.0.8.1+1
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 18:59:36 +01:00
Fabrice Fontaine
2ced8d5878 package/uftrace: bump to version 0.14
Add Upstream link to patch (even if it was rejected)

https://github.com/namhyung/uftrace/blob/v0.14/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 17:10:16 +01:00
Fabrice Fontaine
0c9dc366bf package/ace: bump to version 7.1.1
- Drop patches (already in version)
- C++14 is mandatory since version 7.1.0

https://github.com/DOCGroup/ACE_TAO/blob/ACE%2BTAO-7_1_1/ACE/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 12:45:11 +01:00
Adrian Perez de Castro
111986f435 package/cage: bump to version 0.1.5
Update Cage to version 0.1.5, which is a bug fix release that
supports using wlroots 0.16.x.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 12:25:52 +01:00
Fabrice Fontaine
8716942ca6 package/zchunk: security bump to version 1.3.2
- Drop patches (already in version)
- tests can be disabled since version 1.2.3 and
  e2e3d6b14e
- docs can be disabled since version 1.2.3 and
  af6c10e8be
- Fix CVE-2023-46228: zchunk before 1.3.2 has multiple integer overflows
  via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c,
  lib/dl/multipart.c, or lib/header.c.

https://github.com/zchunk/zchunk/compare/1.2.2...1.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-10-28 22:49:02 +02:00
Peter Korsgaard
bbf9a9ba7a .checkpackageignore: drop now removed network-manager patches
Commit 0455f957a3 (package/network-manager: bump to version 1.44.2)
dropped the two patches but forgot to update .checkpackageignore.

Fix that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-17 10:35:53 +02:00
Fabrice Fontaine
cef841bf7d package/libebml: bump to version 1.4.4
- Drop patch (already in version)
- C++14 is required since
  4159caf84c

https://github.com/Matroska-Org/libebml/blob/release-1.4.4/NEWS.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-10-10 22:47:18 +02:00
Arnout Vandecappelle
8cf183be9e .checkpackageingore: refresh
Commit 4cbc2af604 moved the nodejs patches
to the nodejs-src directory, but forgot to update .checkpackageignore
accordingly. Fix that, by running `make .checkpackageignore`.

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-10-07 16:17:18 +02:00
Jens Maus
14c4bd7bf8 package/linux-tools: fix SysV init script
This commit fixes the S10hyperv SysV init script which expects binaries
to be locate in /sbin while they are installed in /usr/sbin. Please
note, that the systemd init scripts correctly reference them.
Furthermore, the SysV init script did not check for an actual HyperV
environment to be present, which is also corrected. In addition, this
commit also fixes check-package warnings regarding a missing DAEMON
definition.

Signed-off-by: Jens Maus <mail@jens-maus.de>
[Peter: drop from .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-01 11:47:27 +02:00
Fabrice Fontaine
d65b960859 package/powertop: bump to version 2.15
- Switch site to get latest version
- Replace patch by an upstreamable one

https://github.com/fenrus75/powertop/compare/v2.13...v2.15

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-30 19:18:30 +02:00
Fabrice Fontaine
4c32b3d9ff package/olsr: fix build with gpsd >= 3.25
Fix the following build failure with gpsd >= 3.25 raised since commit
3c7fece853:

In file included from src/configuration.h:50,
                 from src/configuration.c:46:
src/gpsdclient.h:64:8: error: redefinition of 'struct fixsource_t'
   64 | struct fixsource_t {
      |        ^~~~~~~~~~~
In file included from src/gpsdclient.h:49,
                 from src/configuration.h:50,
                 from src/configuration.c:46:
/tmp/instance-17/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/include/gps.h:2714:8: note: originally defined here
 2714 | struct fixsource_t
      |        ^~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/47a619686bb47debd525c92aa7e14bee5c40ca9e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-30 19:11:12 +02:00
Yann E. MORIN
540e512f9f checkpagage: drop ignore pattern fr removed pppd patches
Commit 0c15169f5a (package/pppd: bump version to 2.5.0) forgot to drop
the check-package exclusion when it dropped the patches.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-30 00:27:32 +02:00
Fabrice Fontaine
60e899bfa0 package/freeipmi: bump to version 1.6.11
Drop patch (already in version) and so also drop autoreconf

https://lists.gnu.org/archive/html/freeipmi-announce/2023-06/msg00000.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-29 22:49:29 +02:00
Fabrice Fontaine
e1b2cd5835 package/neon: drop patches
Patches (and so autoreconf) are not needed since bump to version 0.32.4
in commit f39ac8336e and
9924d4d315

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-29 22:48:37 +02:00
Fabrice Fontaine
ce17f93e82 package/suricata: security bump to version 6.0.14
- Fix CVE-2023-35852: In Suricata before 6.0.13 (when there is an
  adversary who controls an external source of rules), a dataset
  filename, that comes from a rule, may trigger absolute or relative
  directory traversal, and lead to write access to a local filesystem.
  This is addressed in 6.0.13 by requiring allow-absolute-filenames and
  allow-write (in the datasets rules configuration section) if an
  installation requires traversal/writing in this situation.
- Fix CVE-2023-35853: In Suricata before 6.0.13, an adversary who
  controls an external source of Lua rules may be able to execute Lua
  code. This is addressed in 6.0.13 by disabling Lua unless allow-rules
  is true in the security lua configuration section.
- Drop first patch (not needed since
  c8a3aa608e)

https://github.com/OISF/suricata/blob/suricata-6.0.14/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-28 23:03:52 +02:00
Fabrice Fontaine
ede7d0bd77 package/liburcu: bump to version 0.14.0
- Drop second and third patches (already in version)
- C++ is mandatory since
  153b081a9b

https://github.com/urcu/userspace-rcu/blob/v0.14.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-28 14:06:24 +02:00
Fabrice Fontaine
1df2976f79 package/keepalived: bump to version 2.2.8
Drop all patches (already in version) and so drop autoreconf

https://www.keepalived.org/release-notes/Release-2.2.8.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-28 14:05:58 +02:00
Fabrice Fontaine
05fbb29322 package/unixodbc: bump to version 2.3.12
Drop patch (already in version)

https://github.com/lurcher/unixODBC/releases/tag/2.3.12

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:13:26 +02:00
Fabrice Fontaine
c11478fb27 package/brotli: bump to version 1.1.0
Drop patches (already in version)

https://github.com/google/brotli/releases/tag/v1.1.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:12:33 +02:00
Fabrice Fontaine
7aa5e8f84f package/snappy: bump to version 1.1.10
Drop patch (already in version)

https://github.com/google/snappy/blob/1.1.10/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:11:38 +02:00
Fabrice Fontaine
197d0a4cb2 package/sg3_utils: bump to version 1.48
- Drop patches (already in version) and so drop autoreconf
- Update hash of BSD_LICENSE (update in year:
  551657bfbf)

https://github.com/hreinecke/sg3_utils/blob/v1.48/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:11:04 +02:00
Fabrice Fontaine
6ce55ab0ed package/memcached: bump to version 1.6.21
- Send first patch upstream
- Drop second and third patches (already in version) and so drop
  autoreconf

https://github.com/memcached/memcached/wiki/ReleaseNotes1618
https://github.com/memcached/memcached/wiki/ReleaseNotes1619
https://github.com/memcached/memcached/wiki/ReleaseNotes1620
https://github.com/memcached/memcached/wiki/ReleaseNotes1621

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:04:40 +02:00
Fabrice Fontaine
56c7da8e08 package/xxhash: bump to version 0.8.2
- Drop all patches (already in version)
- Update hash of LICENSE file (year updated with
  f035303b8a)

https://github.com/Cyan4973/xxHash/releases/tag/v0.8.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 21:04:14 +02:00
Fabrice Fontaine
c76f5f24c7 package/libdnet: bump to version 1.16.4
Drop second patch (already in version)

https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2
https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.3
https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-27 19:46:09 +02:00
Fabrice Fontaine
2314928cf8 package/open-iscsi: bump to version 2.1.9
- Drop patch (already in version)
- Drop license comment and add REAMDE and libopeniscsiusr/COPYING as
  license files due to
  10d50ed4bc

https://github.com/open-iscsi/open-iscsi/blob/2.1.9/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-24 12:25:19 +02:00
Peter Korsgaard
7447700f05 package/libpjsip: security bump to version 2.13.1
Fixes the following security vulnerability:

- CVE-2023-27585: Heap buffer overflow when parsing DNS packet
  https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

Drop now upstreamed security fixes for CVE-2022-23537 and CVE-2022-23547.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-24 11:01:06 +02:00
Julien Olivain
ec8a9cc518 package/tcl: fix package patch
The commit 4e365d1768 "package/tcl: bump to version 8.6.13" did NOT
refreshed the package patch, because the patch was still applying
correctly and the package was working as expected.

It was refreshed in the previous bump, in commit 9cf314745a
"package/tcl: bump to version 8.6.12". This was part of 2022.02.

Looking closer at the patch content, the -/+ lines are exactly the
same. So this patch does not change anything. Since the file was kept
and the commit log mention a patch refresh, the intent was more
likely to carry over the old patch (which was declaring all libc
functions as "unbroken".

This commit actually refreshes this patch. It was regenerated with
git format-patch. Since the patch is renamed due to git format-patch,
the .checkpackageignore is updated accordingly.

Note:
This ancient patch will be removed soon, as an upstream commit [1],
not yet in a release, cleaned up and removed those old parts.

[1] 04d66a2571

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-09-21 20:49:26 +02:00
Fabrice Fontaine
d170cde027 package/netatalk: security bump to version 3.1.17
- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
  9bd45cc06e
  6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
  execute arbitrary code on affected installations of Netatalk.
  Authentication is not required to exploit this vulnerability. The
  specific flaw exists within the dsi_writeinit function. The issue
  results from the lack of proper validation of the length of
  user-supplied data prior to copying it to a fixed-length heap-based
  buffer. An attacker can leverage this vulnerability to execute code in
  the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
  heap-based buffer overflow resulting in code execution via a crafted
  .appl file. This provides remote root access on some platforms such as
  FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()

https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-20 19:42:01 +02:00
Fabrice Fontaine
4ccfb2561f package/freerdp: security bump to version 2.11.0
- Fix CVE-2023-39350 to CVE-2023-39354, CVE-2023-39356, CVE-2023-40181,
  CVE-2023-40186, CVE-2023-40188, CVE-2023-40567, CVE-2023-40569 and
  CVE-2023-40589
- Drop fourth patch (already in version)

https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-16 00:19:58 +02:00
Fabrice Fontaine
c89d7a2daf package/libqb: security bump to version 2.0.8
- Fix CVE-2023-39976: log_blackbox.c in libqb before 2.0.8 allows a
  buffer overflow via long log messages because the header size is not
  considered.
- Drop patch (already in version) and so autoreconf

https://github.com/ClusterLabs/libqb/compare/v2.0.6...v2.0.8
https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7
https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-15 23:38:08 +02:00
Joachim Wiberg
046872a1f8 package/libteam: bump to v1.32
- Drop backported patches
 - Add necessary runner to kernel

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-15 23:33:17 +02:00
Yann E. MORIN
bcee3ca6d6 support/download/git: fix shellcheck errors
The quoting around the expansion of ${relative_dir} was indeed incorrect
since it was introduced back in 8fe9894f65 (suport/download: fix git
wrapper with submodules on older git versions): it is in fact already
quoted as part of the whole sed expression.

${GIT} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-14 23:02:20 +02:00
Niklas Cassel
443f7feeb6 package/elf2flt: update to version 2023.09
Several of our patches have been accepted upstream and are included in
elf2flt version 2023.09.

Patch 0001-elf2flt-handle-binutils-2.34.patch is upstream as of commit
c70b9f208979 ("elf2flt: handle binutils >= 2.34").

Patch 0002-elf2flt.ld-reinstate-32-byte-alignment-for-.data-sec.patch is
upstream as of commit 679c94adf27c ("elf2flt.ld: reinstate 32 byte
alignment for .data section").

Patch 0003-elf2flt-add-riscv-64-bits-support.patch is upstream as of
commit c5c8043c4d79 ("elf2flt: add riscv 64-bits support").

Patch 0008-riscv64-add-more-relocations-required-to-be-handled.patch was
squashed into upstream commit c5c8043c4d79 ("elf2flt: add riscv 64-bits
support") during upstreaming.

Patch 0006-xtensa-fix-text-relocations.patch is upstream as of commit
26dfb54a59c8 ("elf2flt: xtensa: fix text relocations").

Patch 0007-elf2flt-remove-use-of-BFD_VMA_FMT.patch is upstream as of
commit a36df7407d9e ("elf2flt: remove use of BFD_VMA_FMT").

Patch 0004-elf2flt-create-a-common-helper-function.patch simply added
a helper function to make the changes in the follow-up patch
0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
less intrusive.

Patch 0005-elf2flt-fix-fatal-error-regression-on-m68k-xtensa-ri.patch
is no longer needed as upstream has reverted the commit that necessitated
this patch, see upstream commit 35c692ca4546 ("Revert "elf2flt: fix for
segfault on some ARM ELFs""). The problem that the reverted upstream patch
solved is now instead solved by the combination of upstream commits
7a59b265c2dc ("Revert "elf2flt: fix relocations for read-only data"") and
a934fb42cf59 ("elf2flt: force ARM.exidx section into text").

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-14 22:32:49 +02:00
Peter Seiderer
dc4436245c package/speechd: bump version to 0.11.5
- remove 0001-add-disable-doc.patch (upstream applied, see [1])

For details see [2].

[1] 1dbc42684d
[2] https://github.com/brailcom/speechd/releases/tag/0.11.5

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-11 21:51:46 +02:00
Julien Olivain
01a5adfc15 package/libgpgme: bump to version 1.21.0
For change log, see [1] and [2].

This commit also drops the package patch, as an alternate upstream
commit is included in release, see [3]. Consequently, AUTORECONF = YES
is dropped as we're no longer patching the configure.ac script.

The option "--disable-cpp-test" is removed from _CONF_OPTS since it no
longer needed.

The file .checkpackageignore is also updated to reflect the patch
removal.

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=log;h=gpgme-1.21.0
[2] https://dev.gnupg.org/T6585
[3] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=e2103be390764f62b21a4e5d4fa90a7b78326787

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-10 21:05:59 +02:00
Adam Duskett
c69f12d1c1 package/php-gnupg: bump version to 1.5.1
Drop upstream patch

Signed-off-by: Adam Duskett <aduskett@gmail.comm>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-08 21:47:06 +02:00
Adam Duskett
1c0ec66203 package/php-amqp: bump version to 2.0.0
Drop upstream patches

Signed-off-by: Adam Duskett <aduskett@gmail.comm>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-08 21:46:49 +02:00
Peter Korsgaard
600e36f8f2 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-07 16:50:14 +02:00
Thomas Devoogdt
de9187eca2 package/libsrtp: bump to version 2.5.0
https://github.com/cisco/libsrtp/releases/tag/v2.5.0

See detailed change log:
https://github.com/cisco/libsrtp/blob/v2.5.0/CHANGES#L3-L43

Dropped patch wich was already upstream.

Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-09-02 09:44:42 +02:00
Arnout Vandecappelle
6bee7c3eb2 .checkpackageignore: correct renamed path of openjdk 17.0.8+7 patch
Commit c1038fe47c renamed the patch, but didn't update
.checkpackageignore, leading to two failures:

.checkpackageignore:1055: ignored file package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch is missing
package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)

Rename the file in .checkpackageignore as well.

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:57:01 +02:00
Thomas Petazzoni
65c99394ff boot/grub2: backport fixes for numerous CVEs
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).

So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.

It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.

This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.

All Grub test cases are working fine:

  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585
  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:54:23 +02:00
Bernd Kuhls
cb83990af5 package/tor: bump version to 0.4.8.4
Release notes:
https://forum.torproject.org/t/stable-release-0-4-8-4/8884

Removed all patches due to upstream commit adding compatibility with
LibreSSL 3.5:
f3dabd705f

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-25 19:11:25 +02:00
Bernd Kuhls
0a0786bc78 package/ytree: bump version to 2.05
Release notes: https://www.han.de/~werner/ytree.html

Removed patch which was applied upstream in a slightly changed way.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-25 19:08:56 +02:00
Julien Olivain
96a54b0907 package/screen: security bump to version 4.9.1
See release announce:
https://lists.gnu.org/archive/html/screen-users/2023-08/msg00000.html

Fixes:
CVE-2023-24626: https://www.cve.org/CVERecord?id=CVE-2023-24626

Note: Buildroot installs screen as setuid, so the described scenario
in CVE applies.

This commit also rebases all patches on this release. Patch were
regenerated with 'git format-patch -N', so patch file name changed in
this process. The file .checkpackageignore is also updated accordingly.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-24 22:34:41 +02:00
Paul Cercueil
290f3985dd package/libiio: bump to version v0.25
The changelog is available here:
https://github.com/analogdevicesinc/libiio/releases/tag/v0.25

Remove the 0001 patch as it is included in the v0.25 version.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 21:22:45 +02:00
Zoltan Gyarmati
8ed8f00319 package/libusb-compat: bump to 0.1.8
Removing upstreamed patch and force autoreconf

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-22 20:29:27 +02:00
Yann E. MORIN
2423d9f16b Release 2023.08-rc2
-----BEGIN PGP SIGNATURE-----
 
 iG8EABECADAWIQSrB9gG0s50H7iG7lCwJbqLWcNjGQUCZOKHvRIcamFjbWV0QHVj
 bGliYy5vcmcACgkQsCW6i1nDYxn1/QCg2un/vUk0HEIbpn4d1fMRZFBDSlwAmKRp
 iO+4qkBgt1h+2LxZSJmNbPY=
 =nvGJ
 -----END PGP SIGNATURE-----

Merge tag '2023.08-rc2' into next

Conflicts:
  - .checkpackageignore
  - Makefile
  - board/versal/post-image.sh
  - package/sentry-cli/0001-Disable-SSL-support-for-the-curl-module.patch
      => keep version in next

  - Config.in.legacy
      => merge, introduce legacy comment for 2023.11

  - toolchain/toolchain-external/toolchain-external-bootlin/Config.in.options
      => regenerate, drop dependency on inexistant BR2_ARCH_NEEDS_GCC_AT_LEAST_14

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-21 21:36:17 +02:00
Waldemar Brodkorb
2298de6853 package/file: bump version to 5.45
Patch is included upstream.
See here for Changes in 5.45:
https://mailman.astron.com/pipermail/file/2023-July/001205.html
See here for Changes in 5.44:
https://mailman.astron.com/pipermail/file/2022-December/001042.html

The hash of src/vasprintf.c, which is used as one of the license
files, has been updated due to source code changes that do not affect
the licensing terms.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-21 13:16:24 +02:00
Clement Ramirez
d5162e790d package/connman: security bump version to 1.42
The 1.42 version of connman comes with the following CVEs fixes :
 - CVE-2022-32292
 - CVE-2022-32293
 - CVE-2023-28488

The first two CVEs have been fixed wuth upstream patches [0] which we
carry since 2f2b4c80f4 (package/connman: fix CVE-2022-3229{2,3}), now
included in this version bump; the third CVE [2] is also fixed by this
version bump [3].

[0] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd
    https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c
    https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a

[1] 2f2b4c80f4 package/connman: fix CVE-2022-3229{2,3}

[2] https://nvd.nist.gov/vuln/detail/CVE-2023-28488

[3] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138

Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com>
[yann.morin.1998@free.fr:
  - squash CVE-2023-28488 backport with version bump
  - reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-20 11:05:36 +02:00
Bernd Kuhls
f6a6e3a836 package/gettext-gnu: bump to version 0.22
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html
https://lists.gnu.org/archive/html/info-gnu/2023-06/msg00003.html

Removed patch 0001, the patched file is not present in this release.
Removed patch 0002 which was applied upstream.

Added comment to gettext-tiny.mk about version bumps.

Since upstream commit
785a89e5df
gettext-runtime is a build-dependency for gettext-tools so we are
building the complete package for the host from now on.

Doing so we can drop the _POST_INSTALL_HOOK, and we can rely of the
in-tree libtextstyle.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-19 20:36:02 +02:00
Waldemar Brodkorb
af48ddb139 package/xfsprogs: bump version to 6.4.0
Patch 0003-libxfs-stop-overriding-MAP_SYNC-in-publicly-exported.patch is upstreamed.

See here for changes to the previous version:
https://fossies.org/linux/xfsprogs/doc/CHANGES

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-12 21:40:39 +02:00
Baruch Siach
651429d0b8 boot/mv-ddr-marvell: fix build with gcc 12
gcc 12 added a warning that triggers on access to low addresses. Add a
patch to allow access since this is normal for low level code.

Rebase our existing patch on top. While at it, add also a proper
Upstream tag.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4795673785

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-12 16:23:21 +02:00
Thomas Petazzoni
503252d8b0 boot/lpc32xxcdl: remove package
This package has dubious licensing conditions (not even documented in
the .mk file), and is a bootloader for very old platforms. The
defconfigs making use of it have been removed in Buildroot in 2014, in
commit c6a410964b ("configs: remove
lpc32xx defconfigs"), so let's get rid of the package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
[yann.morin.1998@free.fr: remove reference in test]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-10 19:41:42 +02:00
Neal Frager
b831bac16a board/versal: clean shellcheck issues
This patch cleans up the shellcheck issues in the versal post scripts.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-08 00:06:56 +02:00
Yann E. MORIN
3b7c7e6106 support/scripts: fix fix-rpath
Commit 134900401f (support/scripts/fix-rpath: parallelize patching
files) broke the rpath fixup, because it improperly quoted or expanded
variables:

  - $@ was expanded in the main() context, rather than in the sub-bash
    as expected, propagating incorrect parameters to patch_file();

  - an array was passed without array expansion, so only the first item
    was passed; that was in turn assigned to a string, anyway loosign
    the array. Liuckily, we only ever put a single item in that array,
    so that worked by chance.

We fix that by inverting the parameters to patch_elf(), where the extra
args are passed last, so we can put as many we want in the future. We
also pass every variables as positional parameters outside the bash -c
command, which allows us proper quoting of all variables, specifically
of the extra args array which now comes last.

The ultralong line was split, too, in a hopefully easier-to-read form.

Fixing all that also required fixing the many shellcheck issues at the
same time (wome were pre-existing before 134900401f).

While at it, expand two TABs into spaces like the rest of the script.

Note: shellcheck does not seem to warn when a variable expansion will be
used as the command to run, i.e. ${PATCHELF} does not trigger the
quoting error. Still, for consistency, we also double-quote it (we know
it is a single word, as it is already double-quoted once in the script).

Fixes: 134900401f

Cc: Victor Dumas <dumasv.dev@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-08-07 23:20:31 +02:00
Neal Frager
78039eb59a configs/zynqmp: bump to xilinx-v2023.1
This patch bumps the zynqmp defconfigs to xilinx-v2023.1 which includes
the following updates:

- Linux v6.1.5
- U-Boot v2023.01
- ATF v2.8 (including mainline buildroot patches)
- PMUFW xilinx_v2023.1
- Updated pm_cfg_obj.c from Vitis v2023.1
- Removed kria u-boot patch which is included with xilinx-v2023.1

Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 17:39:15 +02:00
Thomas Petazzoni
809fdb3a7a package/gdb: remove gdb 10.x
Now that gdb 13.x has been added, and 12.x made the default, follow
our usual logic of dropping the oldest gdb version: 10.x.

Only the special ARC release still needs some special handling of the
GMP dependency.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 16:41:25 +02:00
Thomas Petazzoni
ae0b6f4383 package/gdb: add support for GDB 13.2
Sadly, the stack of patches remain exactly the same, none of the
changes have been upstreamed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 16:41:22 +02:00
Yann E. MORIN
206d08c04a support/download: fix shellcheck errors in svn backend
Bizarrely enough, the unquoted expansion of ${quiet} does not trigger
any warning from shellcheck, so we do not add any exception for it.

${SVN} can contain more than one item, but we don't care about splitting
on spaces when we just print it for debug, so we can just quote it
rather than add an exception.

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 16:35:41 +02:00
Thomas Petazzoni
f3b22e3642 package/elf2flt: refresh patches
Some patches had some fuzz, and patch 0004 was no longer applicable
using "git am". Patch 0006 is renamed so that it matches the commit
log title, as generated automatically by git format-patch.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 15:43:07 +02:00
Neal Frager
2b738044ed board/versal: clean shellcheck issues
This patch cleans up the shellcheck issues in the versal post scripts.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-06 14:25:57 +02:00
Bernd Kuhls
7991d2c48a package/libarchive: bump version to 3.7.1
Removed patch, upstream applied a different solution:
1f35c466aa

Release notes:
https://github.com/libarchive/libarchive/releases/tag/v3.7.1
https://github.com/libarchive/libarchive/releases/tag/v3.7.0

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-05 23:59:53 +02:00
Bernd Kuhls
09c4a7a35f package/gmp: bump version to 6.3.0
Removed patch which is included in this release.

Release notes:
https://gmplib.org/list-archives/gmp-announce/2023-July/000050.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-05 23:59:46 +02:00
Bernd Kuhls
1391c99d62 package/binutils: drop 2.38.x series
Now that 2.41.x has been added, that 2.40.x is the default version,
drop support for 2.38.x.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-01 23:12:01 +02:00
Bernd Kuhls
3fd79fcb61 package/gerbera: bump version to 1.12.1
Removed patch which is included in this release.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-30 22:43:06 +02:00
Fabrice Fontaine
7205df8a4f package/libmemcached: bump to version 1.1.4
- Switch to an active fork
- Switch to cmake-package
- Drop all patches (not needed anymore)
- Use LICENSE file instead of COPYING as COPYING is now a symlink to
  LICENSE
- Handle libevent and openssl dependencies

https://awesomized.github.io/libmemcached/ChangeLog-1.1.html#v-1-1-4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-07-30 00:17:52 +02:00