Commit Graph

37315 Commits

Author SHA1 Message Date
Peter Korsgaard
c857673111 configs: nexbox_a95x_defconfig: bump to kernel 4.13
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:09:16 +02:00
Baruch Siach
f871b21c89 libarchive: security bump to version 3.3.2
CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function
in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a
denial of service via a crafted non-printable multibyte character in a
filename.

CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track
of line sizes when extending the read-ahead, which allows remote
attackers to cause a denial of service (crash) via a crafted file, which
triggers an invalid read in the (1) detect_form or (2) bid_entry
function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-8689: The read_Header function in
archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote
attackers to cause a denial of service (out-of-bounds read) via multiple
EmptyStream attributes in a header in a 7zip archive.

CVE-2016-10209: The archive_wstring_append_from_mbs function in
archive_string.c in libarchive 3.2.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via a
crafted archive file.

CVE-2016-10349: The archive_le32dec function in archive_endian.h in
libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.

CVE-2016-10350: The archive_read_format_cab_read_header function in
archive_read_support_format_cab.c in libarchive 3.2.2 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-5601: An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.

Add upstream patch fixing the following issue:

CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a
denial of service (xml_data heap-based buffer over-read and application
crash) via a crafted xar archive, related to the mishandling of empty
strings in the atol8 function in archive_read_support_format_xar.c.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:07:04 +02:00
Eric Le Bihan
db91484dde s6-linux-init: bump version to 0.3.1.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:55 +02:00
Eric Le Bihan
6d3069e381 s6-linux-utils: bump version to 2.4.0.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:53 +02:00
Eric Le Bihan
7edbba4505 s6-portable-utils: bump version to 2.2.1.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:52 +02:00
Eric Le Bihan
d7df2399c7 s6-rc: bump version to 0.2.1.2
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:50 +02:00
Eric Le Bihan
452706bb96 s6-networking: bump version to 2.3.0.2
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:48 +02:00
Eric Le Bihan
ed13c6ecc7 s6-dns: bump version to 2.2.0.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:47 +02:00
Eric Le Bihan
bba8f9f6a6 s6: bump version to 2.6.1.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:45 +02:00
Eric Le Bihan
aee4dc8f01 execline: bump version to 2.3.0.2
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:43 +02:00
Eric Le Bihan
dceca89464 skalibs: bump version to 2.6.0.0
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:01:41 +02:00
Sergio Prado
d47a0f4319 stella: fix build without threads support
Fix build error when building using toolchain without threads support:

src/common/tv_filters/AtariNTSC.hxx:172:16: error: 'thread' is not a member of 'std'
     unique_ptr<std::thread[]> myThreads;
                     ^~~

Since version 5.0.2, Stella needs a toolchain with threads support.

Fixes:
http://autobuild.buildroot.net/results/bd30388ee24294158d0a373764408c8c846853d4
http://autobuild.buildroot.net/results/ad1571cecfc697650b436c147b5f3a1b4326091d
http://autobuild.buildroot.net/results/10b73362358f3af45534a0cd096672dd1460a7d0

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-09 22:00:16 +02:00
Sven Haardiek
c121c78a7b DEVELOPERS: add myself as a maintainer for lcdproc
Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:22:44 +02:00
Yegor Yefremov
30f667b704 python-paho-mqtt: bump to version 1.3.0
Change setup type to setuptools.

Add a patch removing the pytest-runner dependency. The patch was sent
upstream.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:18:32 +02:00
Thomas Petazzoni
95389fe98c qt: add patch fixing build failure on ARMv8 in 32-bit mode
The Qt package currently fails to build on ARMv8 cores in 32-bit mode
(for example, if you select ARM and then Cortex-A53), because the ARM
atomic operation implementation in Qt checks if we're on ARMv7, then
on ARMv6, and otherwise falls back to an ARMv5 implementation. The
latter uses the swp instruction, which doesn't exist on ARMv8, causing
a build failure.

To solve this, we simply add a patch that uses the ARMv7 atomic
operations for ARMv8-A.

There is no autobuilder reference because we don't have any ARMv8
32-bit configuration in the autobuilders.

Cc: <ivychend@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:18:19 +02:00
Peter Korsgaard
f77fb7b585 libzip: security bump to version 1.3.0
Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:56 +02:00
Jörg Krause
0e19178c53 shairport-sync: bump to version 3.1.1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:33 +02:00
Romain Naour
66390e07c0 package/openpowerlink: bump to v2.6.1
http://openpowerlink.sourceforge.net/web/openPOWERLINK/Download/openPOWERLINK%202.6.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:08 +02:00
Peter Korsgaard
322599744c unrar: security bump to version 5.5.8
Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:15:08 +02:00
Peter Korsgaard
2a59db1bb0 strongswan: add upstream security patch
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.

For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:14:42 +02:00
Peter Korsgaard
0f5398f0e6 libsoup: security bump to version 2.56.1
Fixes CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding

For more details, see
https://bugzilla.gnome.org/show_bug.cgi?id=785774

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:14:09 +02:00
Peter Korsgaard
3b85d24c1d gd: security bump to version 2.2.5
Fixes the following security issues:

CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory

Drop patches no more needed:

0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure

0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
6913dd3cd2

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:13:57 +02:00
Fabio Estevam
f396d1310b configs/imx7dpico: Bump to 4.13 kernel
Bump to 4.13 kernel and remove all the dts patches as they
are part of upstream now.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:59:14 +02:00
Bernd Kuhls
cee153b838 package/php: bump version to 7.1.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:41:59 +02:00
Fabio Estevam
7c3ef9aac2 configs/imx6q-sabresd: Bump kernel to 4.13
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:08:49 +02:00
Fabio Estevam
412f046091 linux: bump default to version 4.13
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:08:09 +02:00
Fabio Estevam
f239daec64 linux-headers: bump to 4.13 kernel version
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:07:24 +02:00
Fabio Estevam
1576b89234 toolchain: add 4.13.x choice for headers
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:06:03 +02:00
Bernd Kuhls
19af2fe70c linux-headers: bump 4.{4, 9, 12}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:05:39 +02:00
Bernd Kuhls
7d8e2a307d package/eudev: bump version to 3.2.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:02:59 +02:00
Baruch Siach
d0bf15a829 strace: bump to version 4.19
Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 21:02:40 +02:00
Baruch Siach
aa70897e29 mbedtls: security bump to version 2.6.0
Fixes CVE-2017-14032: authentication bypass.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Add license hash.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-07 11:18:26 +02:00
Bernd Kuhls
0dea780436 package/mesa3d-headers: bump version to 17.2.0
Forgot to bump this package in
https://git.buildroot.net/buildroot/commit/package/mesa3d?id=88b5e583a3b9389159c0b008f140aaa1cf578a3c

Fixes
http://autobuild.buildroot.net/results/ef2/ef23996ba10a2143087c3ff0b7549f4acbbe6777/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-07 09:20:48 +02:00
Bernd Kuhls
36be74f974 DEVELOPERS: add myself as maintainer for libpng
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:54:12 +02:00
Bernd Kuhls
4b11bb084e package/eudev: bump version to 3.2.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:48:44 +02:00
Aleksander Morgado
5cb40de7ee libqmi: add optional features
The libqmi library and tools come with several optional features that
may be enabled or disabled during build.

This patch adds support to automatically enable or disable them based
on the presence of the required dependencies for each:
 * QMI-over-MBIM is enabled if libmbim is selected.
 * udev support in qmi-firmware-update is enabled if libgudev is
   selected.
 * MM runtime check in qmi-firmware-update is enabled if ModemManager
   is selected (but we don't build-depend on it, the runtime check is
   done using plain glib2 DBus operations).

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:48:24 +02:00
Aleksander Morgado
e1c06945ee libmbim: add udev as optional feature
udev support will be enabled in the build if libgudev is selected.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:36:13 +02:00
Angelo Compagnucci
5cf9897f5b package/python-web2py: bump to version R-2.15.4
This patch bumps web2py to the latest version R-2.15.4 and bumps
also the python-pydal dependency to the required latest version 17.8.
Starting with version R-2.15.x web2py supports also python 3, so
updating the package to support both versions.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:34:57 +02:00
Baruch Siach
371d3a7ab8 mmc-utils: use upstream provided install target
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:31:20 +02:00
Yegor Yefremov
06a2d82de7 python-pytablewriter: bump to 0.24.0
Reorder and fix dependencies.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:25 +02:00
Yegor Yefremov
7a6d0a9dbc python-dataproperty: bump to version 0.25.6
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:21 +02:00
Yegor Yefremov
a4d15237c4 python-typepy: bump to version 0.0.20
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:19 +02:00
Yegor Yefremov
57bfe67b77 python-pytablereader: bump to version 0.13.3
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:28:18 +02:00
Yegor Yefremov
40f3658f8e python-simplesqlite: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Thomas: add upstream URL in Config.in.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 23:23:48 +02:00
Sven Haardiek
028cf5897c lcdproc: bump to version 0.5.9
This commit bumps lcdproc to version 0.5.9, and switches to the new
upstream on github.

The new version also compiles with musl without any patches.

Signed-off-by: Sven Haardiek <sven.haardiek@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:57:14 +02:00
Baruch Siach
bfa4428d78 expat: bump to version 2.2.4
Upstream migrated to automake for autotools: the "installlib" target
no longer exist, and we can use the standard "install" target, and
therefore drop the special INSTALL_STAGING_OPTS and
INSTALL_TARGET_OPTS variables.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:42:14 +02:00
Aleksander Morgado
596291dc89 libmbim: bump to version 1.14.2
New stable update in the 1.14.x series:
https://lists.freedesktop.org/archives/libmbim-devel/2017-August/000917.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:39:07 +02:00
Francois Perrad
4dd0919a47 xavante: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:31:04 +02:00
Francois Perrad
aad1825e93 wsapi-xavante: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:31:02 +02:00
Francois Perrad
c80c858bbc wsapi-fcgi: add LICENSE_FILES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:30:59 +02:00