Commit Graph

45570 Commits

Author SHA1 Message Date
Adam Duskett
100fb28bef package/python-pip: bump to version 19.1
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:21:29 +02:00
Adam Duskett
b6559256f6 package/python{3}-setuptools: bump to version 41.0.1
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:20:25 +02:00
Adam Duskett
7002f1ac63 package/mjpegtools: install to staging
The mpeg2enc plugin in gst1-plugins-bad now depends on mjpegtools.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:10:14 +02:00
Adam Duskett
ca2f4541f5 package/libvpx: bump to version v1.8.0
The gst1-plugins-good 1.16.0 vpx plugin requires libvpx v1.8.0

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:09:12 +02:00
John Keeping
14839eca9a package/netcat-openbsd: switch to new upstream URL
anonscm.debian.org has been discontinued and now hosts a page pointing
to salsa.debian.org.  Switch to the new upstream URL, explicitly setting
the method to git now that we use an HTTPS URL.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:08:00 +02:00
Jörg Krause
2d12399b71 package/luv: bump to version 1.28.0-1
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:06:43 +02:00
Francois Perrad
e084ed9fdb package/luarocks: bump to version 3.1.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:06:33 +02:00
Pierre-Jean Texier
489a48fe63 configs/atmel_sama5d27_som1: bump to linux4sam_6.0
This commit :
	- bumps Linux & U-Boot to linux4sam_6.0.
	- bumps at91bootstrap to v3.8.12.
	- removes old in-tree dts (now in dt-overlay-at91 [1][2])
	- adapts genimage accordingly.

[1] https://github.com/linux4sam/dt-overlay-at91/tree/master/sama5d27_som1_ek
[2] http://www.at91.com/linux4sam/bin/view/Linux4SAM/DT-Overlay

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:04:20 +02:00
Yann E. MORIN
7cf13b9b06 configs/qemu_xtensa_lx60_*: kernel build needs mkimage
Following ffbe46a529 ("linux: simplify LINUX_BUILD_CMDS"), the Linux
kernel build for these xtensa qemu builds an image format that needs
mkimage.

Reported-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-01 09:04:07 +02:00
Bernd Kuhls
03a78e3470 package/dovecot-pigeonhole: bump version to 0.5.6
Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000411.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 22:43:30 +02:00
Bernd Kuhls
70784619bc package/dovecot: security bump to version 2.3.6
Fixes
* CVE-2019-11494: Submission-login crashed with signal 11 due to null
  pointer access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was
  started over TLS secured channel and invalid authentication message
  was sent.

Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-April/000408.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 22:43:22 +02:00
Fabrice Fontaine
3d8e1ad1f3 package/python-ply: add host variant
Commit 89e70a7077 (package/bind: fix python build) added a dependency on
host-python-ply to bind, which doesn't exist. Add it.

Fixes:
 - http://autobuild.buildroot.org/results/a68251773f61c3463f4d18aa626c83df70126afc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: reword / add commit reference]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:11:41 +02:00
Carlos Santos
f18c954966 DEVELOPERS: Add Carlos Santos for liburiparser
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Peter: sort alphabetically]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:10:21 +02:00
Carlos Santos
240aa29d67 package/liburiparser: bump to version 0.9.3
Version 0.9.3 is a fix-up to 0.9.2. Combined, releases 0.9.2 and 0.9.3
feature:

- Migration from GNU autotools to CMake
- Link fixes for use of uriparser from C++ code
- Library visibility fixes / introduction of -fvisibility=hidden

For more details please check the change log at

   https://github.com/uriparser/uriparser/blob/uriparser-0.9.3/ChangeLog

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:06:26 +02:00
Baruch Siach
d122ebdfd6 package/strace: bump to version 5.0
Drop patches; issues fixed upstream.

Update license file hash due to copyright year update.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 20:03:10 +02:00
Jörg Krause
12227863eb package/libzip: bump to version 1.5.2
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 19:58:59 +02:00
Jörg Krause
6b8e3e7415 package/popt: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:42:06 +02:00
Jörg Krause
2f2d437cd5 package/luv: bump to version 1.28.0-0
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:41:51 +02:00
Jörg Krause
4a28f22383 package/shairport-sync: bump to version 3.2.2
Drop patches 0001 and 0002 which are included in the new version.

Add hash for the license file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:41:34 +02:00
Jörg Krause
86a7f00919 package/luajit: add hash for the license file
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:40:49 +02:00
Carlos Santos
06e46d9b05 package/tpm2-totp: fix menu prompt
It must be "tpm2-totp", not "tpm2-tools" (probably a copy/paste issue).

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 14:40:11 +02:00
Baruch Siach
14c9b9ed27 package/strace: disable build for nds32
Current version of strace does not support nds32.

Fixes:
http://autobuild.buildroot.net/results/05ec776548c9bede4878d4c3c43040c5b0aac182
http://autobuild.buildroot.net/results/24023f2fa3dbf7c281726abdbfd4322badaffbfb

Cc: Nylon Chen <nylon7@andestech.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:59 +02:00
Angelo Compagnucci
669497c5e2 linux: bump Linux CIP to version v4.19.13-cip1
This patch bumps CIP to the latest SLTS version v4.19.13-cip1.
Kernel based on 4.4 is not deprecated, it will continue to be supported
as planned by the CIP foundation.
If the 4.4 version is needed, it should be selected manually.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:50 +02:00
Peter Korsgaard
99890750e0 package/gst1-plugins-base: add upstream SA-2019-0001 security fix
Fixes the following security issue:

CVE-2019-9928: GStreamer before 1.16.0 has a heap-based buffer overflow in
the RTSP connection parser via a crafted response from a server

For more details, see the advisory:
https://gstreamer.freedesktop.org/security/sa-2019-0001.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:37 +02:00
Peter Korsgaard
4f5584af06 package/go: bump version to 1.12.4
Fixes a number of issues discovered since 1.12.1.  From the release notes:

go1.12.2 (released 2019/04/05) includes fixes to the compiler, the go
command, the runtime, and the doc, net, net/http/httputil, and os packages.
See the Go 1.12.2 milestone on our issue tracker for details.

go1.12.3 (released 2019/04/08) was accidentally released without its
intended fix.  It is identical to go1.12.2, except for its version number.
The intended fix is in go1.12.4.

go1.12.4 (released 2019/04/11) fixes an issue where using the prebuilt
binary releases on older versions of GNU/Linux led to failures when linking
programs that used cgo.  Only Linux users who hit this issue need to update.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:21 +02:00
Peter Korsgaard
43ff6b974c package/imagemagick: security bump to version 7.0.8-42
Fixes the following security issues:

- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
  overflow in the function PopHexPixel of coders/ps.c, which allows an
  attacker to cause a denial of service or code execution via a crafted
  image file.

- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
  over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
  attacker to cause a denial of service or information disclosure via a
  crafted image file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:09 +02:00
Fabrice Fontaine
94c6cab917 package/intel-mediasdk: fix license
Fixes:
 - http://autobuild.buildroot.org/results/5730991fded5ab3474cd0325b399f6f27972ca81

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:15:41 +02:00
Asaf Kahlon
3a6235744e package/python-reentry: bump to version 1.3.1
Also update dependency list.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:15:30 +02:00
Fabrice Fontaine
5cad1fe1ff package/subversion: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/098a05b397ba1b05df561b6872b39e17a2bf27df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:14:54 +02:00
Carlos Santos
d54b0e22ae DEVELOPERS: Add Carlos Santos for tpm2-totp
[Peter: reword]
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:02:17 +02:00
Nicolas Serafini
ff064fe02c package/exiv2: bump to version 0.27.1
Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:01:50 +02:00
Peter Korsgaard
3fd23becd4 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 20:01:40 +02:00
Peter Korsgaard
cfa6f2fff0 docs/website: update for 2019.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 13:55:57 +02:00
Peter Korsgaard
b7620c10c1 Update for 2019.02.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b4b3e7cd4)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 13:54:05 +02:00
Fabrice Fontaine
89e70a7077 package/bind: fix python build
A check for python-ply has been added as this is a dependency of the
dnssec-keymgr script so install host-python-ply to avoid a build failure
if python-ply is not installed on host

Fixes:
 - http://autobuild.buildroot.org/results/96815b1300547c976443bf74b762febdfcc8d3ba

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:28:29 +02:00
Yann E. MORIN
138014bf23 package/qemu: unset TARGET_DIR
qemu uses TARGET_DIR internally, and it is at least used to display the
shortened compiling commands, like (with a TARGET_DIR=/path/to/target):

    CC /path/to/targetblock/write-threshold.o

VS

    CC block/write-threshold.o

There does not seem to be any adverse effect to that, but this is very
confusing to see, especially when building the host variant.

Fix that by unsetting TARGET_DIR prior to building.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-29 09:02:14 +02:00
Yann E. MORIN
80a5217476 package/gst1-plugins-base: drop legacy remnant comment
In 7672234200 (gst1-plugins-base: bump version to 1.12.0), the unknown
options were removed, but the comment associated to --disable-gio_unix_2_0
was left out.

Drop it now.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:08:47 +02:00
Yann E. MORIN
1c4dd7bb5d package/binutils: don't override the build command
In 1d42d0acca (binutils: ensure TARGET_CONFIGURE_ARGS is taken into
consideration for subdirs), the whole BUILD_CMDS was overriden in an
attempt to ensure that the target configure args (in fact, environment
variables) are indeed passed in the environment of the build command.

However, there is no reason to override the whole command, when we can
simply specify additional environment variables, as supported by the
autotools infra.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:08:24 +02:00
Fabrice Fontaine
3b017adcc6 package/xapp_xload: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/a69b957d0f3251031b0c67e951ba8fb8d1043ce0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-28 22:05:07 +02:00
Giulio Benetti
6cccfe64cd package/libcamera: bump to version ab0188fc8bbb6f397ac3aa11c9377662b7bd88b0
Build failures due to:
`fatal error: sys/auxv.h: No such file or directory`
have been fixed upstream.

Fixes:
http://autobuild.buildroot.net/results/158/158950190141b4f1b0a3d7813322d3971bb8ba75/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Acked-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-04-27 14:30:28 +02:00
Francois Perrad
6a42b16d43 package/perl-mojolicious: bump to version 8.15
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
3c5e07d1fb package/perl-module-build: bump to version 0.4229
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
f8887825a8 package/perl-mail-dkim: bump to version 0.55
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Francois Perrad
1ff12ee663 package/perl-http-headers-fast: bump to version 0.22
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Fabrice Fontaine
73661a7550 package/xapp_xfd: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/e6009f0232eb60ed10eb46b39edf125369eb12e1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Seiderer
022d85cce8 package/{mesa3d, mesa3d-headers}: bump version to 19.0.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
c21edddec9 package/wpa_supplicant: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
b3adfacdb1 package/hostapd: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Peter Korsgaard
bc4ac7da33 package/libpng: security bump to version 1.6.37
Fixes the following security issue:

CVE-2019-7317: png_image_free in png.c in libpng 1.6.36 has a use-after-free
because png_image_free_function is called under png_safe_execute.

Update license hash for a change in copyright year and typo fixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-04-27 14:15:39 +02:00
Peter Korsgaard
fc8ace0938 package/bind: security bump to version 9.11.6-P1
Fixes the following security issues:

 - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
   https://kb.isc.org/docs/cve-2018-5743

 - CVE-2019-6467: An error in the nxdomain redirect feature can cause
   BIND to exit with an INSIST assertion failure in query.c
   https://kb.isc.org/docs/cve-2019-6467

 - CVE-2019-6468: BIND Supported Preview Edition can exit with an
   assertion failure if nxdomain-redirect is used
   https://kb.isc.org/docs/cve-2019-6468

Add an upstream patch to fix building on architectures where bind does not
implement isc_atomic_*.

Upstream moved to a 2019 signing key, so update comment in .hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-26 16:15:37 +02:00