Commit Graph

44147 Commits

Author SHA1 Message Date
Jörg Krause
bb06035e6a package/upmpdcli: fix static build issue
The spotify plugin requires shared library support and needs <dlfcn.h>.
Explicitly disable the spotify plugin when building upmpdcli in a static
context.

Fixes:
http://autobuild.buildroot.net/results/cb942d3c5f68959d6cbc85535ccff4a275369f91/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-27 21:46:03 +01:00
Thomas De Schampheleire
17ba24bac1 package/libarchive: add four security patches
Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.

- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."

- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."

- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)

"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."

- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)

"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 21:26:20 +01:00
Asaf Kahlon
afffba5cd7 python-pyasn1-modules: bump to version 0.2.4
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 21:24:17 +01:00
Peter Seiderer
0d176bf678 package/rpi-userland: bump version to e5803f2c98
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:38:30 +01:00
Peter Seiderer
567355742f configs/raspberrypi*: bump kernel version to 83b36f98e1
Now based on 4.14.95 (from 4.14.91).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:38:04 +01:00
Bernd Kuhls
e94a4b50c1 package/freeswitch: bump version to 1.8.5
Removed patch 0002, not needed anymore after upstream commit
13f6890f41

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:36:52 +01:00
Bernd Kuhls
e6a67cc410 package/libpng: bump version to 1.6.36
License[1] was bumped to v2, for details see
http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/003791.html

[1] http://www.libpng.org/pub/png/src/libpng-LICENSE.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: use Libpng-2.0 as license tag]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:34:38 +01:00
Bernd Kuhls
0abeee374a package/pngquant: bump version to 2.12.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:13:40 +01:00
Bernd Kuhls
77dacbb0d8 package/znc: bump version to 1.7.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:13:20 +01:00
Francois Perrad
1ad4cc9979 prosody: bump to version 0.11.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 20:11:49 +01:00
Francois Perrad
df9b13e674 perl-uri: bump to version 1.76
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:23:16 +01:00
Francois Perrad
eaf2e397f1 perl-type-tiny: bump to version 1.004004
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:23:07 +01:00
Francois Perrad
b915946af0 perl-package-stash: bump to version 0.38
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:54 +01:00
Francois Perrad
60e12dd35a perl-net-dns: bump to version 1.19
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:48 +01:00
Francois Perrad
2a9bc11ea9 perl-mojolicious: bump to version 8.11
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:40 +01:00
Francois Perrad
b045ebf4d4 perl-gd: bump to version 2.70
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:35 +01:00
Francois Perrad
1662c215b8 perl-file-slurp: bump to version 9999.25
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:25 +01:00
Francois Perrad
5a10613eeb perl-date-manip: bump to version 6.75
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 11:22:11 +01:00
Bernd Kuhls
c331187744 {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:50:29 +01:00
Bernd Kuhls
e1cfe35066 package/clamav: add optional dependency to pcre2
Upstream recommends pcre2 over pcre:
1f71c2b21c

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:49:47 +01:00
Bernd Kuhls
0e424610bc package/clamav: bump version to 0.101.1
Removed patch applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:49:33 +01:00
Bernd Kuhls
3cf46525b9 package/samba4: security bump to version 4.9.4
Fixes the following security issues:

- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set

For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:46:21 +01:00
Bernd Kuhls
c97b479772 package/x11r7/xdriver_xf86-video-neomagic: bump version to 1.3.0
Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:45:36 +01:00
Bernd Kuhls
37edd8a62a package/x11r7/xdriver_xf86-video-mga: bump version to 2.0.0
Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:45:13 +01:00
Bernd Kuhls
22f68ffd83 package/x11r7/xdriver_xf86-video-i128: bump version to 1.4.0
Removed patch applied upstream, added all hashes provided by upstream
and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:44:55 +01:00
Bernd Kuhls
4b29faab1e package/x11r7/xapp_xcursorgen: bump version to 1.0.7
Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:44:40 +01:00
Bernd Kuhls
bff8a0c9c6 package/vlc: bump version to 3.0.6
Rebased patch 0006, removed patch 0008 which is included in upstream
release version, renumbered remaining patches.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:44:12 +01:00
Bernd Kuhls
0cb5237a89 package/libva: bump version to 2.4.0
Removed patch applied upstream:
62bad1239d

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:42:57 +01:00
Asaf Kahlon
e05e274148 python-psycopg2: bump to version 2.7.7
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:41:57 +01:00
Asaf Kahlon
11f4c717ca python-psutil: bump to version 5.5.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:41:42 +01:00
Asaf Kahlon
8c807f3ac4 python-pip: bump to version 19.0.1
License change - a year bump.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:41:30 +01:00
Asaf Kahlon
1abe2884dd python-msgpack: bump to version 0.6.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:41:15 +01:00
Asaf Kahlon
0e881a3ef3 python-engineio: bump to version 3.3.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-27 10:41:07 +01:00
Clayton Shotwell
f6843a75fe libwebsock: Fix openssl reporting in header
The websock_config.h file currently ends up being installed into the
sysroot with a #include "config.h" line but the config.h file does not
get copied into the sysroot. Refactoring the original patch to have the
configure script properly report whether or not SSL support is enabled
without using the config.h file.

Patch has been submitted upstream but may never be merged since upstream
appears to be dead.
https://github.com/payden/libwebsock/pull/38

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-01-26 00:51:26 +01:00
Bernd Kuhls
252b2085a1 package/x11r7/xdriver_xf86-video-intel: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:40:40 +01:00
Bernd Kuhls
5917877388 package/{mesa3d, mesa3d-headers}: bump version to 18.3.2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:40:18 +01:00
Bernd Kuhls
af54cd6270 package/libdrm: bump version to 2.4.97
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:39:59 +01:00
Nicolas Serafini
c177fd12bf package/libqmi: bump to version 1.22.0
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:38:58 +01:00
Nicolas Serafini
c91e9e0fd4 package/libmbim: bum to version 1.18.0
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:38:40 +01:00
Nicolas Serafini
17ae27c740 package/mobile-broadband-provider-info: bump to version 20190116
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:38:23 +01:00
Nicolas Serafini
081e3bbb20 package/ofono: bump to version 1.28
Add patch to fix musl TEMP_FAILURE_RETRY error

Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:37:45 +01:00
Bernd Kuhls
997480735d package/tor: bump version to 0.3.5.7
Patch rebased and re-formatted with git.

Release notes:
https://blog.torproject.org/new-releases-tor-0357-03410-and-03311

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-25 15:36:58 +01:00
Christian Stewart
bcc66605f0 rpi-firmware: bump version to 81cca1a93
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-24 10:47:05 +01:00
Christian Stewart
0ab3cb7a97 go: security bump to 1.11.5
Go 1.11.5 addresses a reported security issue, CVE-2019-6486.

Signed-off-by: Christian Stewart <christian@paral.in>
Acked-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-24 10:46:22 +01:00
Martin Kepplinger
7e80e2e6a3 tslib: update to 1.19
For the curious, there's the short changelog summary:
https://github.com/kergoth/tslib/releases

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-24 10:46:12 +01:00
Fabrice Fontaine
0c35c287bc libkcapi: fix build with gcc 8.2.x
Fixes:
 - http://autobuild.buildroot.org/results/8355bc42238e885f7f11ed3d9d37fc55ebdead2b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-24 10:38:20 +01:00
Matt Weber
332d476195 package/iperf: fixed hash to match v2.0.13 archive
The iperf project changed the archive after the release without changing
the filename of the archive.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-23 22:51:08 +01:00
Fabrice Fontaine
c5cad242d6 musl: fix hash of license file
COPYRIGHT file has been updated between version 1.1.20 and 1.1.21:
https://git.musl-libc.org/cgit/musl/commit/COPYRIGHT?id=c50985d5c8e316c5c464f352e79eeebfed1121a9

Fixes:
 - http://autobuild.buildroot.org/results/8cfa70b906221442c9e6dfd46b64011c987d24bf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-23 22:50:35 +01:00
Ryan Coe
c18a3001b8 package/inadyn: bump version to 2.5
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-23 22:50:23 +01:00
Ryan Coe
fbb114a64f package/libite: bump version to 2.0.2
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-23 22:50:09 +01:00