Commit Graph

47249 Commits

Author SHA1 Message Date
Fabrice Fontaine
c421e718fa package/zziplib: fixup the 'v' prefix in the version
In order for the zziplib version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ZZIPLIB_SITE and not ZZIPLIB_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-14 15:42:54 +02:00
Fabrice Fontaine
e0ada56a2a package/perl-class-std-fast: fixup the 'v' prefix in the version
In order for the perl-class-std-fast version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
PERL_CLASS_STD_FAST_SOURCE and not PERL_CLASS_STD_FAST_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:38:01 +02:00
Peter Korsgaard
8c3032414e package/nodejs: security bump to version v10.16.3
Fixes the following security vulnerabilities:

- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
  from a specified resource over multiple streams.  They manipulate window
  size and stream priority to force the server to queue the data in 1-byte
  chunks.  Depending on how efficiently this data is queued, this can
  consume excess CPU, memory, or both, potentially leading to a denial of
  service.

- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume excess
  CPU, memory, or both, potentially leading to a denial of service.

- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way that
  causes substantial churn to the priority tree.  This can consume excess
  CPU, potentially leading to a denial of service.

- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
  sends an invalid request over each stream that should solicit a stream of
  RST_STREAM frames from the peer.  Depending on how the peer queues the
  RST_STREAM frames, this can consume excess memory, CPU, or both,
  potentially leading to a denial of service.

- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
  frames to the peer.  Since the RFC requires that the peer reply with one
  acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
  equivalent in behavior to a ping.  Depending on how efficiently this data
  is queued, this can consume excess CPU, memory, or both, potentially
  leading to a denial of service.

- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
  headers with a 0-length header name and 0-length header value, optionally
  Huffman encoded into 1-byte or greater headers.  Some implementations
  allocate memory for these headers and keep the allocation alive until the
  session dies.  This can consume excess memory, potentially leading to a
  denial of service.

- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave the
  TCP window closed so the peer cannot actually write (many of) the bytes on
  the wire.  The attacker then sends a stream of requests for a large
  response object.  Depending on how the servers queue the responses, this
  can consume excess memory, CPU, or both, potentially leading to a denial
  of service.

- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
  with an empty payload and without the end-of-stream flag.  These frames
  can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.  The peer spends
  time processing each frame disproportionate to attack bandwidth.  This can
  consume excess CPU, potentially leading to a denial of service.
  (Discovered by Piotr Sikora of Google)

Notice that this version bump requires nghttp2 1.39.2.  It also includes an
(unconditional) embedded copy of brotli.

Update the license hash because of copyright year changes and the addition
of the MIT-style license text for large_pages and brotli.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:32:42 +02:00
Peter Korsgaard
4c7e7acbe4 package/nghttp2: security bump to version 1.39.2
Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:30:03 +02:00
Peter Korsgaard
8e2845eb1a package/jo: bump to version 1.2
Drop the v prefix on the download URL as the 1.2 git tag is just '1.2' and
add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:29:06 +02:00
Asaf Kahlon
f106a31654 package/ccache: bump to version 3.7.4
- Update CCACHE_SITE to github.

- The hash of the license file is updated. There were two changes:

  * The reference to the credits.html file changed from
    ccache.samba.org to ccache.dev

  * The MIT license text for minitrace.[ch] was added, but it doesn't
    change the fact that the whole is under GPL-3.0, and we anyway
    already had "GPL-3.0, others" in CCACHE_LICENSE

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:24:14 +02:00
Peter Korsgaard
8103460aa1 package/luksmeta: bump to version v9
Bugfix release, fixing a potential infinite loop when handling the LUKS
header:

git shortlog v8..v9
Daniel Kopeček (2):
      Use asciidoc as the manual page source format
      Generate manual page from source during build time

Milan Broz (1):
      Fix infinite loop when initializing trimmed LUKS header.

Nathaniel McCallum (3):
      Fix invalid man page section reference
      Fix typos in the man page
      Release version 9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:16:01 +02:00
André Hentschel
8ad978b196 package/wine: bump to version 4.0.2
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 21:56:37 +02:00
Petr Vorel
f95580cd3d package/links: bump to version 2.20
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 19:23:19 +02:00
Christopher McCrory
c5ffc43b21 package/gawk: bump to version 5.0.1
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 19:20:53 +02:00
Carlos Santos
749334cb36 package/nfs-utils: always use libtirpc and enable IPv6
nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.

As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806

Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 19:10:33 +02:00
Thomas Petazzoni
3f08ffa423 support/scripts/pkg-stats: extract current commit id, not master
pkg-stats extracts the Buildroot commit id from which the package
information was collected. However, when doing so, it always assumes
we're using the master branch, by running "git log master".

But in fact, pkg-stats can be run from any branch/tag, so it makes a
lot more sense to use "git log HEAD".

Cc: victor.huesca@bootlin.com
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 18:53:14 +02:00
Alexander Dahl
a96e82edf9 package/zic: bump version to 2019c
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 18:49:53 +02:00
Alexander Dahl
15933309a5 package/tzdata: bump version to 2019c
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 18:48:38 +02:00
Thomas Petazzoni
902fed5184 package/ascii-invaders: drop the SOURCE variable
There is no need to override the SOURCE variable when the github macro
is used, and in fact keeping the default SOURCE value gives a much
more sensible tarball name, so let's drop the SOURCE variable
entirely.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 09:27:15 +02:00
Fabrice Fontaine
acecf6375e package/ascii-invaders: fixup the 'v' prefix in the version
In order for the ascii-invaders version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ASCII_INVADERS_SITE and not ASCII_INVADERS_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-12 09:26:29 +02:00
Alexander Kurz
b444dc2fc4 package/minimodem: new package
Minimodem is a command-line program which decodes (or generates)
audio modem tones at any specified baud rate, using various
framing protocols. It acts a general-purpose software FSK modem,
and includes support for various standard FSK protocols such as
Bell103, Bell202, RTTY, TTY/TDD NOAA SAME, and Caller-ID.

Signed-off-by: Alexander Kurz <akurz@blala.de>
[Thomas:
- switch from a depends on to a select for the libsndfile or
  pulseaudio or alsa dependency
- re-order statements in Config.in
- add missing host-pkgconf dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-11 15:34:42 +02:00
Pierre-Jean Texier
c6b2269f36 DEVELOPERS: add Pierre-Jean Texier for haveged
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-11 09:37:09 +02:00
Pierre-Jean Texier
8e1b0d8857 package/haveged: bump to version 1.9.6
This includes the following changes:

94079e6 Fixed invalid UTF-8 codes in ChangeLog
1470a82 Updated service.fedora
9596c53 Updated service.fedora
b50b59b New version 1.9.5
037e059 New version 1.9.5
2681d01 Added test for /dev/random symlink
0dac21b Update to automake 1.16
638e2f0 Fixed built issue on Cygwin
083f827 minimize diff
b38def1 minimize diff
e16369d take into account review by @nbraud
6dfce53 Remove support for CPUID on ia64
fc50dda [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test
be4e481 NEWS: Cleanup extraneous whitespace
0815b3c Fixup upstream changelog
6d52229 Fix type mismatch in get_poolsize
90d00f7 service.redhat: update PIDFile
16a9726 fix segv at start
ceab89a init.d/Makefile.am: add missing dependency
01e3154 Diagnostics capture mode now works correctly by referencing the right variable during rng warmup
f219358 Fix segfault on arm machines

Also add a 'v' prefix in _SITE variable.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-11 09:36:42 +02:00
Fabrice Fontaine
3ec1d992d8 package/apitrace: bump to version 8.0
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-11 09:26:40 +02:00
Chris Packham
c1ddf5c82b package/syslog-ng: update version in config file
syslog-ng warns when using a configuration from an older version. Update
the version in the example config.

Fixes: 9695f3e069 ("package/syslog-ng: bump version to 3.22.1")
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:35:35 +02:00
Mohana Datta Yelugoti
9135ab7a7c package/python-sip: bump to version 4.19.13
Signed-off-by: Mohana Datta Yelugoti <ymdatta.work@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:33:15 +02:00
Yegor Yefremov
15beee1ee7 package/socketcand: bump version
Change download location as the project is now part of the linux-can
organization.

Also remove an upstreamed patch.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:32:06 +02:00
Refik TUZAKLI
7a597d3dc8 DEVELOPERS: adjust e-mail address for Refik Tuzakli
My email address will be deactivated in two weeks.

Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:30:12 +02:00
Raphaël Mélotte
b5c553ba59 docs/manual/adding-packages-python.txt: fix outdated Python 3 explanation
Python packages should no longer depend on BR2_PACKAGE_PYTHON in their
config file, unless they are only compatible with Python 2.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:29:21 +02:00
Matt Weber
25b0bca954 package/iperf3: bump to 3.7
- Dropped musl and profiling patches as they were incorporated upstream.
- Profiling is set as explicitly disabled as it can now be configured.
- License file hash is changed due to an update in the copyright year:
  -"iperf, Copyright (c) 2014-2018, The Regents of the University of California,
  +"iperf, Copyright (c) 2014-2019, The Regents of the University of California,

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 19:27:12 +02:00
Baruch Siach
a5215d5cdc package/uhubctl: bump to version 2.1.0
Update license file hash: copyright year update.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 18:53:43 +02:00
Matt Weber
1f00c695d2 package/protobuf: bump to version 3.9.1
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 12:51:50 +02:00
Matt Weber
eddd985c4e package/protobuf-c: bump to version 1.3.2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 12:45:50 +02:00
Joel Carlson
edc482d2c5 package/capnproto: require GCC 5 for C++14
Adds dependency on at least GCC 5 to have C++14 language features that
are required starting in version 0.7.0 of capnproto.

Fixes:
http://autobuild.buildroot.org/results/5c09e745cab822d830f73e33647f3b0e765c9181
(capnproto build failure)

Fixes:
http://autobuild.buildroot.org/results/743c750e9932658c20965a25de89c3f21a1d43e9
(host-capnproto build failure)

This updated dependency is propagated to capnproto unique reverse
dependency, c-capnproto.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 12:00:34 +02:00
Matt Weber
e33e3190f5 package/libqmi: bump to 1.22.6
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 11:54:07 +02:00
Asaf Kahlon
c2417843c8 package/libuv: bump to version 1.32.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 00:23:48 +02:00
Matt Weber
09cc81ff1b package/smcroute: bump to 2.4.4
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 00:22:17 +02:00
Matt Weber
eb569ea39e package/tclap: bump to 1.2.2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 00:20:53 +02:00
Oleksandr Zhadan
6bf3b56f28 configs/acturus_ucls1012a: bump kernel and u-boot version
Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/289126214

Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Michael Durrant <mdurrant@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 00:15:19 +02:00
Thomas Petazzoni
8acb79e9f3 DEVELOPERS: add Gerome Burlats as contact for Qemu defconfigs
Gerome Burlats recently took care of the Qemu defconfigs, so it makes
sense to list him as a contact for the maintenance of these
defconfigs.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Acked-by: Gerome Burlats <gerome.burlats@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 09:47:41 +02:00
Thomas Petazzoni
fa54d02458 DEVELOPERS: remove Pranit Sirsat, e-mail bounces
<Pranit.Sirsat@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[91.207.212.86]
    said: 550 5.1.1 User Unknown (in reply to RCPT TO command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 09:46:21 +02:00
Christopher McCrory
eb60327619 package/openal: bump to version 1.19.1
Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 01:09:19 +02:00
Christopher McCrory
dfa98a7af6 package/nmap: bump to version 7.80
The hash of the license file changed due to this single change of the
copyright year:

- * The Nmap Security Scanner is (C) 1996-2018 Insecure.Com LLC ("The Nmap  *
+ * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap  *

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 01:04:32 +02:00
Christopher McCrory
03c7cc83d2 package/libv4l: bump to version 1.16.6
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 01:00:36 +02:00
Christopher McCrory
23ef7f979c package/liblinear: bump to version 2.30
Update hash for license file (update in year).

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 00:58:18 +02:00
Christopher McCrory
6f753c9ae6 package/libdvbsi: bump to version 0.3.8
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 00:54:22 +02:00
Christopher McCrory
425a09ef5e package/less: bump to version 551
updated _SITE

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 00:46:48 +02:00
Thomas Petazzoni
7a029fec78 Revert "package/gperf: bump to version 3.1"
This reverts commit 3e29e1ed5b, as it
breaks the build of host-libcap.

Fixes:

  http://autobuild.buildroot.net/results/4db6fcffd4f1432d2f2349ecb58992c6be568073/

Thanks to Ricardo Martincoski <ricardo.martincoski@gmail.com> for the
analysis of the problem.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-09 00:38:30 +02:00
Christopher McCrory
eb1e323eed package/haproxy: bump to version 2.0.5
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-08 18:59:18 +02:00
Christopher McCrory
3e29e1ed5b package/gperf: bump to version 3.1
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-08 18:56:18 +02:00
Christopher McCrory
1f6cf3c181 package/debianutils: bump to version 4.8.6.3
updated _SITE

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-08 18:52:01 +02:00
Christopher McCrory
8d2a9d089a package/cairo: bump to version 1.16.0
Changed _SITE to releases

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-08 18:44:11 +02:00
Fabrice Fontaine
1a977137e9 package/lttng-tools: fix build with glibc 2.30
Fixes:
 - http://autobuild.buildroot.org/results/8680c5a355b226cf978397615cbe5df1c5f8c656

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-07 23:41:54 +02:00
Francois Perrad
534c9c73e2 package/lua-messagepack: bump to version 0.5.2
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-07 23:26:29 +02:00