Commit Graph

43324 Commits

Author SHA1 Message Date
Peter Korsgaard
c1a01ac2f1 libcurl: security bump to version 7.62.0
Fixes the following security issues:

CVE-2018-16839: SASL password overflow via integer overflow
https://curl.haxx.se/docs/CVE-2018-16839.html

CVE-2018-16840: use-after-free in handle close
https://curl.haxx.se/docs/CVE-2018-16840.html

CVE-2018-16842: warning message out-of-buffer read
https://curl.haxx.se/docs/CVE-2018-16842.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-31 09:48:06 +01:00
Thomas Petazzoni
074ca5a45e python-typing: rewrap Config.in help text
Fixes the following check-package warning:

package/python-typing/Config.in:5: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-31 09:42:07 +01:00
Francois Perrad
864f85262f luarocks: bump to version 3.0.4
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-31 09:37:11 +01:00
Bernd Kuhls
0a51ba655c package/network-manager: Add upstream patch to fix CVE-2018-15688
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.

When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:50:30 +01:00
Bernd Kuhls
b01f05e775 package/network-manager: bump version to 1.10.8
Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:50:22 +01:00
Thomas Petazzoni
dab1539613 configs/{at91, atmel}*_dev*: drop Dropbear as it duplicates OpenSSH
The "development" defconfigs for Atmel platforms enable both OpenSSH
and Dropbear, which doesn't make a lot of sense, as only one SSH
server can start on port 22.

This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those
defconfigs, keeping OpenSSH as an SSH server/client, as was requested
by Atmel/Microchip folks in the review of an earlier version of this
patch [1]. Since those defconfigs are "development" defconfigs, they
are not meant to be minimal, and already provide an arbitrary set of
packages, so using openssh is just as good as using dropbear in this
case.

[1] https://patchwork.ozlabs.org/patch/989516/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:49:00 +01:00
Asaf Kahlon
122792e9e6 python-pytz: bump to version 2018.7
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:48:45 +01:00
Asaf Kahlon
673808cf7a python-psutil: bump to version 5.4.8
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:48:35 +01:00
Fabrice Fontaine
03d142edc8 openswan: bump to version 2.56.1.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:48:22 +01:00
Yegor Yefremov
5b4042073f python-can: bump to version 3.0.0
Add new dependencies and change download location.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:10:52 +01:00
Yegor Yefremov
0135bc5b60 python-typing: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:10:28 +01:00
Yegor Yefremov
e97a83b726 python-wrapt: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:09:57 +01:00
Bernd Kuhls
bc6ecbbeef package/systemd: Add upstream patch to fix CVE-2018-15688
Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers.
A attacker could exploit this via malicious DHCP server to corrupt heap
memory on client machines, resulting in a denial of service or potential
code execution.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: add description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:07:36 +01:00
Peter Korsgaard
646ae5a0b1 ruby: security bump to version 2.4.5
Fixes the following security issues:

- CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Update hash of LEGAL as it had a few (wayback machine) URLs added/changed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:05:19 +01:00
Peter Korsgaard
15793bc19f lighttpd: security bump to version 1.14.51
Fixes the following security issues:

1.4.50:
[mod_alias] security: potential path traversal with specific configs
[core] security: use-after-free invalid Range req
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
[core] security: use-after-free after invalid Range request (fixes #2899)

1.4.51:
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”

1.4.51 brings optional pam and wolfssl support.  Explicitly disable these
options for now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:05:13 +01:00
Fabrice Fontaine
0646d67c1d qemu: switch to sdl2
Since version 2.12.0 and
e52c6ba341,
SDL 1.2 is deprecated so switch to SDL 2.0 as SDL 1.2 will be removed in
the last release of 2018

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:02:51 +01:00
Fabrice Fontaine
8153ce21e7 qemu: sdl frontend needs x11
Since qemu 2.12.0 and
2ec78706d1,
x_keymap.h has been converted from "SDL display driver" to "X11 keymaps"

So add a select on BR2_PACKAGE_SDL_X11

Fixes:
 - http://autobuild.buildroot.org/results/1908d2d7de8d3aff11ed6fbb8fe4cf3eff54b5a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:01:39 +01:00
Fabrice Fontaine
54000d187a synergy: needs gcc >= 4.9
Since version 1.9.0 and
c0376e9e2f,
synergy needs C++14 so add a dependency on
BR2_TOOLCHAIN_GCC_AT_LEAST_4_9

Fixes:
 - http://autobuild.buildroot.org/results/c4646ee9342ea8bd906bfe2b29996c48cb403ccc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Reviewed-by: Pieterjan Camerlynck <pieterjan.camerlynck@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:00:35 +01:00
Fabrice Fontaine
87187d5c99 motion: bump to version 4.2
- Remove patch (already in version)
- Add new mandatory libmicrohttpd dependency, see:
  3cd68cab49
- Add new optional gettext dependency, see:
  4ff191be82

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 21:00:02 +01:00
Petr Vorel
0d61e067eb kconfig: Refresh patches
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:58:54 +01:00
Petr Vorel
a3366b2705 kconfig: Restore missing custom changes + add patches
Commit 6eacea5ae0 accidentally removed these changes in merge_config.sh:
0f56304521 ("merge_config.sh: create temporary files in /tmp")
28fac3973b ("merge_config.sh: add br2-external support")

Changes were lost because commits just changed files, but didn't add patches.
Therefore not only restore our changes, but also add (updated) patches.

Missing 0f56304521 caused breaking merge_config.sh when used in out of
tree build:
$ make -C buildroot O=$PWD/output defconfig
...
$ cd output
$ echo 'BR2_TARGET_GENERIC_HOSTNAME="test"' > test.frag
$ ../buildroot/support/kconfig/merge_config.sh .config test.frag
Using .config as base
Merging test.frag
umask 0022 && make -C /home/test/buildroot O=/home/test/output/. alldefconfig
  GEN     /home/test/output/Makefile
*** Can't read seed configuration "./.tmp.config.qIcpASpUyh"!
make[1]: *** [Makefile:925: alldefconfig] Error 1
make: *** [Makefile:16: _all] Error 2

Fixes: 6eacea5ae0 support/kconfig: bump to kconfig from Linux 4.17-rc2

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Reported-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:58:09 +01:00
Petr Vorel
775087fab0 kconfig: Add missing patch
which was specified, but not added during last update.

Fixes: 6eacea5ae0 ("support/kconfig: bump to kconfig from Linux 4.17-rc2")

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:57:04 +01:00
Fabrice Fontaine
91b6ca9682 neardal: fix static build with libedit and libbsd
Add an upstreamable patch to use pkg-config for finding libedit and
readline dependencies and drop ncurses "hack"

Fixes:
 - http://autobuild.buildroot.org/results/b0b17f4a5b0a32631a12bdb350ba7c21f7c595d0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:56:10 +01:00
Asaf Kahlon
5654eb3c9a python-pycryptodomex: bump to version 3.7.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:55:40 +01:00
Fabrice Fontaine
1de17e341b openswan: security bump to version 2.6.50.1
- Fixes CVE-2018-15836 (a Bleichenbacher-style signature forgery which
  involves RSA padding attack)
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:54:51 +01:00
Fabrice Fontaine
8a0c8258b4 openswan: disable documentation
Disable pod2man and xmlto which are used to build man pages

Fixes:
 - http://autobuild.buildroot.org/results/2268814b8f5a071ecec1aab962b50a1edcb818d7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 20:54:01 +01:00
Fabrice Fontaine
8b3dea2c2a libkcapi: disable documentation
Disable db2pdf, db2ps and xmlto which are used for building PDF, PS, man
or html documentation

Fixes:
 - http://autobuild.buildroot.org/results/28df3b50d90bc53b965280b77224f89fe09ec2b9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-28 17:36:17 +01:00
Peter Seiderer
f79f459887 valgrind: fix uclibc c99 support detection
Fixes [1]:

  checking for /home/peko/autobuild/instance-0/output/host/bin/powerpc-linux-gcc option to accept ISO C99... unsupported
  configure: error: Valgrind relies on a C compiler supporting C99

with the following in the valgrind-3.14.0/config.log:

  configure:5517: checking for .../host/bin/powerpc-linux-gcc option to accept ISO C99
  configure:5666: .../host/bin/powerpc-linux-gcc -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -fno-stack-protector -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
  conftest.c:55:9: error: unknown type name 'wchar_t'
     const wchar_t *name;
           ^~~~~~~

[1] http://autobuild.buildroot.net/results/b25013f785a11f07e8da3735741b96036712f42a

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-28 16:57:49 +01:00
Francois Perrad
5b7563f3d6 scancpan: also use README.md as default license file
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-28 15:16:07 +01:00
Fabrice Fontaine
b4501ca80d lcdproc: use ac_cv_mtab_file
Set ac_cv_mtab_file to /etc/mtab otherwise build will fail if no mtab,
mnttab or fstab is found in /etc (on host)

Fixes:
 - http://autobuild.buildroot.org/results/efaf2833d674c7e366c59f367f0b83c7f88546bb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:14:28 +01:00
Carlos Santos
2f3042a79b liburiparser: security bump to version 0.9.0
Fixes an out-of-bounds write, detect an integer overflow and protect
against acting on NULL input. For additional datails, see

   https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:12:30 +01:00
Asaf Kahlon
658ebd8d23 python3: bump to version 3.7.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:11:32 +01:00
Asaf Kahlon
76419040f7 python-setuptools: bump to version 40.5.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:11:07 +01:00
Bernd Kuhls
0a4e2bfd64 package/mjpg-streamer: add optional dependency to zeromq
The ZeroMQ output module also depends on protobuf, see upstream PR 145.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:02:39 +01:00
Bernd Kuhls
367d7dc7a1 package/mjpg-streamer: bump version
This bump includes
2b751f1f2a

which fixes
http://autobuild.buildroot.net/results/247/247a55398aed37a08c67cc21db6836ad342d24ca/

and includes
ddb69b7b4f

which fixes
http://autobuild.buildroot.net/results/dad/dad054954de76cab56333747274520f269be2066/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-28 08:01:28 +01:00
Fabrice Fontaine
c0deed8eed gpsd: disable documentation
Fixes:
 - http://autobuild.buildroot.org/results/cbdb4cc34080714082f044fde7e069e6ab5a0e8e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-27 22:59:15 +02:00
Asaf Kahlon
170723fd57 python-dateutil: bump to version 2.7.5
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-27 22:58:56 +02:00
Peter Korsgaard
1d9fe18e97 iproute2: fix build on glibc < 2.21 / uClibc
Fixes:
http://autobuild.buildroot.net/results/fc9/fc99b1ad49080f552ce611d5a7a2f9fe171b5a2c/
http://autobuild.buildroot.net/results/5f7/5f74c258a3adafa5aecd4abc378eef0573143764/

q_{etf,taprio}.c uses CLOCK_TAI, which isn't exposed by glibc < 2.21 or
uClibc, breaking the build. Provide a fallback definition like it is done
for IPPROTO_MPLS and others.

Patch submitted upstream:
https://lwn.net/ml/netdev/20181027153102.32302-1-peter%40korsgaard.com/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-27 22:58:22 +02:00
Asaf Kahlon
2c0a2c7a3d python-fastentrypoints: bump to version 0.12
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-27 22:58:13 +02:00
Peter Korsgaard
e79df78ce2 iproute2: bump version to 4.19.0
For support for the new 4.19+ kernel features. Release notes:
https://lwn.net/ml/netdev/20181023104935.282ff4ec@xeon-e3/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-27 11:42:07 +02:00
Thomas Petazzoni
cbf62fc569 mysql: properly order "depends on" vs. bool
This fixes a check-package warning introduced by commit
19df27ed03 ("package/mariadb: add option
to disable build of embedded server")

Fixes:

package/mysql/Config.in:59: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:28:31 +02:00
Danomi Manchego
a216a344c4 arm-trusted-firmware: replace hard-coded arm64 with MKIMAGE_ARCH
We already use $(MKIMAGE_ARCH) in lots of places; use it here too.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:26:33 +02:00
Danomi Manchego
22ea9d5a87 arm-trusted-firmware: replace mkimage invocation with MKIMAGE
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:26:27 +02:00
Danomi Manchego
0210f16083 uboot: replace mkimage invocation with MKIMAGE
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:26:17 +02:00
Francois Perrad
ece585dee1 perl-path-tiny: bump to version 0.104
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00
Francois Perrad
0a88a6c04f perl-net-ping: bump to version 2.71
The license file hash is changed due to:

 - Changes in the README file unrelated to the licensing terms.
 - Update of the copyright year (2017 changed to 2017-2018)

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00
Francois Perrad
27d462b9c2 perl-net-dns: bump to version 1.18
The license file hash is updated, but due to changes to the README
file that do not affect the licensing terms.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00
Francois Perrad
5614ca4bc2 perl-mojolicious: bump to version 8.04
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00
Francois Perrad
a30274ae89 perl-mail-dkim: bump to version 0.54
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00
Francois Perrad
b2ec1ee7a3 perl-libwww-perl: bump to version 6.36
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:20:15 +02:00