Commit Graph

41226 Commits

Author SHA1 Message Date
Fabio Estevam
abcc95b3c1 linux: bump default to version 4.17.1
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 22:21:01 +02:00
Baruch Siach
e46cecf2d4 hiawatha: bump to version 10.8.1
Drop upstream patch.

Add license file hash.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 15:03:36 +02:00
Baruch Siach
b94ddb8d5d lighttpd: bump to version 1.4.49
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 15:03:15 +02:00
Carlos Santos
a3df894e83 board/synopsys: synchronize custom inittab with BusyBox' one
Apply modifications made in recent commits:

- 456ea9871e busybox: add /dev/std{in, out, err} symlinks to inittab
- 13dbe73782 busybox: reduce number of mkdir calls in inittab
- 8a89d290d4 busybox: add an inittab entry to activate swap

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 14:56:17 +02:00
Carlos Santos
d524cc7d9d busybox: add an inittab entry to activate swap
There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 14:56:07 +02:00
Carlos Santos
d2a091c96b sysvinit: add an inittab entry to activate swap
There is a call to swapoff in the shutdown sequence, so call "swapon -a"
on startup. As stated in the swapon man page,

   All devices marked as "swap" in /etc/fstab are made available, except
   for those with the "noauto" option. Devices that are already being
   used as swap are silently skipped.

So even if the system has some init script to start/stop swap (e.g. from
a rootfs ovelay) calling swapon/swapoff would be harmless.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 14:56:00 +02:00
Carlos Santos
dc267db6ab sysvinit: reduce number of mkdir calls in inittab
The default sysvinit inittab does two separate mkdir calls to create
/dev/pts and /dev/shm. Reduce this to call mkdir only once for both
directories.

This removes id "si3" but keeps ids "si4".."si9" intact rather than
renumbering them. This would just increase the turmoil without any
practical effect.

Based on commit e9db8122fb, by Florian La Roche <F.LaRoche@pilz.de>.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 11:22:34 +02:00
Joseph Kogut
9a5c3d5bb4 libnss: bump to version 3.37.3
Fixes:
http://autobuild.buildroot.net/results/fd64ee3486f9045dfbd83908b8f06ef62c0d9781/
http://autobuild.buildroot.net/results/698500a92688c50e9cc71cf82c0848cb4adb81ad/
http://autobuild.buildroot.net/results/adaa2f79b202cb01ae57fa0cdb0eac9c07b22ea2/
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 11:09:43 +02:00
Baruch Siach
82818284ed flatcc: fix build with gcc 8
gcc 8 enables a strncpy() warning. This breaks the build of flatcc that
enables -Werror. Add upstream patch fixing the issue.

Fixes:
http://autobuild.buildroot.net/results/0e3/0e3a959855fad5899db184f7d2c960c89df03672/
http://autobuild.buildroot.net/results/d2c/d2c03bc253bdf135b0f31f3d1e6fd33f7d37d64b/
http://autobuild.buildroot.net/results/163/1636ec6ddad92add95f42451d941156451c6d936/

Cc: Joel Carlson <JoelsonCarl@gmail.com>
Cc: Mikkel Fahnøe Jørgensen <mikkel@dvide.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 08:41:21 +02:00
Baruch Siach
2b88def5db triggerhappy: add optional dependency on systemd
triggerhappy can use systemd for socket activation.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:05:36 +02:00
Baruch Siach
1b86479da5 znc: fix build without openssl
Add a patch to include <memory> unconditionally.

Fixes:
http://autobuild.buildroot.net/results/4c3/4c3d9f6f5214052b7eda4c7bbfabe5b463080b12/
http://autobuild.buildroot.net/results/d06/d06176f00109ad0707032b0d76fe94f1d414106c/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 22:01:43 +02:00
Baruch Siach
ba2ee2306b x265: fix build
Add upstream patch fixing missing function argument issue.

Fixes:
http://autobuild.buildroot.net/results/caa/caaaa5dc428c12ce7137194589153313911b000f/
http://autobuild.buildroot.net/results/741/741d8bacbe12e2f40047e30f7765039a88d1ce8f/
http://autobuild.buildroot.net/results/2c3/2c3f5b18efe5f42e1ab5269e106b9200690330af/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:59:35 +02:00
Jared Bents
d06d70d28d modem-manager: update to version 1.8.0
Update to modem manager 1.8.0 which does not require udev.
Added option to build without udev but if udev exists in
the build, it build with libgudev.

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:42:56 +02:00
Jan Kraval
c7a445a58f configs/orangepi_lite: Enable HDMI and analog audio in Linux config
Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:41:32 +02:00
Jan Kraval
0b0bc52cdd configs/orangepi_lite: Bump kernel and U-Boot versions
Bump kernel to version 4.17 and U-Boot to 2018.05.

Signed-off-by: Jan Kraval <jan.kraval@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:41:20 +02:00
Peter Korsgaard
a961005990 orangepi_pc_defconfig: bump linux to 4.17, u-boot to 2018.05
4.17 brings support for HDMI out, but sunxi_defconfig hasn't been updated to
enable the drivers - So add a kernel fragment to enable them.

Likewise, analog audio has been supported since 4.10, but the driver isn't
enabled in sunxi_defconfig, so enable it in the fragment.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:40:33 +02:00
Baruch Siach
b4a7145b0b triggerhappy: use target pkg-config
triggerhappy uses pkg-config to detect the systemd library. Make sure it
uses the target pkg-config, not the host one.

Fixes build failure when the host has systemd pkg-config files:

.../host/bin/arm-linux-gcc -static  th-cmd.o cmdsocket.o  -lsystemd -o th-cmd
.../host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/6.4.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: cannot find -lsystemd

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:37:36 +02:00
Baruch Siach
0647268416 gnupg: security bump to version 1.4.23
Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:36:52 +02:00
Baruch Siach
b78a365b56 gnupg2: security bump to version 2.2.8
Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.

Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:36:33 +02:00
Fabrice Fontaine
693b27e225 yaml-cpp: disable tests
fork is used in tests so build fails without MMU

Fixes:
- http://autobuild.buildroot.net/results/3cb7c4d93e466c6eef69aacd0e561a9fb569e69b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-11 21:35:51 +02:00
Thomas Petazzoni
12b70acb82 mender: fix check-package warnings
Fixes:

package/mender/Config.in:7: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/mender/Config.in:8: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/mender/mender.mk:8: remove default value of _SOURCE variable (http://nightly.buildroot.org/#generic-package-reference)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 16:43:53 +02:00
Yann E. MORIN
529219ba96 docs/manual: always point to the correct license file
The manual is GPL-2, and points to the COPYING file in the repository.
When we do a rendering of the manual for a specific version, that URL
is currently always poitning to the latest version of the COPYING file.

If we ever have to change the content of that file (e.g. to add a new
exception, more clarifications, a license change, or whatever), then
an old manual would point to that newer version, which would then be
incorrect.

Include the sha1 of the commit in the URL, so that the manual always
point to the tree at the time the manual was rendered, not the time
it is consulted. Contrary to the informative text above, use the full
sha1, not the shortened one.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 16:33:44 +02:00
Fabrice Fontaine
1ec1f86551 librsvg: bump to version 2.42.5
- Add a dependency to host-cargo
- Add a patch to set RUST_TARGET
- Add a dependency to BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS
- Forward this dependency to efl svg, enlightment, gst-plugins-bad and
  gst1-plugins-bad
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: propagate the new dependency to the gst-plugins-bad and
gst1-plugins-bad Config.in comments.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 16:20:52 +02:00
Thomas Petazzoni
9962368a90 rustc: drop BR2_PACKAGE_HAS_HOST_RUSTC
This commit drops the option BR2_PACKAGE_HAS_HOST_RUSTC, which is no
longer used following commit bd425f716f
("host-cargo: select host-rustc").

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 15:58:29 +02:00
Fabrice Fontaine
bd425f716f host-cargo: select host-rustc
Buildroot documentation specifies that cargo-based package should only
depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS and selects
BR2_PACKAGE_HOST_CARGO but this fails with the following error:

warning: (BR2_PACKAGE_LIBRSVG) selects BR2_PACKAGE_HOST_CARGO which has
unmet direct dependencies (BR2_PACKAGE_HAS_HOST_RUSTC)

Indeed, host-cargo depends on
BR2_PACKAGE_HAS_HOST_RUSTC which is selected only when host-rustc is
selected.

So instead of having to select both cargo and rustc in each cargo-based
package, replace BR2_PACKAGE_HAS_HOST_RUSTC dependency by
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS and select
BR2_PACKAGE_HOST_RUSTC

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 15:57:55 +02:00
Yann E. MORIN
99723554c0 support/testing: fix python syntax
Fix three issues with code style in our test infra:
  - 'print' is now a function,
  - exceptions need to be caught-assigned with the 'as' keyword,
  - old-style "%s"%() formatting is deprecated.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Thomas: drop indices in format strings.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 15:56:25 +02:00
Mikhail Karpenko
a1f4421cc7 numactl: change source code provider to GitHub
The original ftp with source code is not reachable any more and this
commit changes the location of the package to corresponding GitHub
project.

Signed-off-by: Mikhail Karpenko <karpenko@fastmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 15:01:50 +02:00
Fabrice Fontaine
9475c20a81 libtirpc: bump to version 1.0.3
- Remove 0006-include-stdint.h-for-uintptr_t.patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:57:25 +02:00
Peter Korsgaard
a4f7700f0b libvncserver: add upstream security fix for CVE-2018-7225
Fixes CVE-2018-7225 - An issue was discovered in LibVNCServer through
0.9.11.  rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially sensitive
data or possibly unspecified other impact (e.g., an integer overflow) via
specially crafted VNC packets.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:21:19 +02:00
Fabrice Fontaine
e5975c729e yaml-cpp: bump to version 0.6.2
- Remove boost dependency (not needed since 0.6)
- Add C++11 dependency (needed since 0.6)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:16:35 +02:00
Bernd Kuhls
cb67c1d55b package/mpg123: security bump to version 1.25.10
Version 1.25.4 fixes CVE-2017-9545, for details see release notes:
http://www.mpg123.org/cgi-bin/news.cgi

Added upstream hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:14:34 +02:00
Bernd Kuhls
687c7e5e48 package/fdk-aac: bump version to 0.1.6
Added upstream and license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:14:21 +02:00
Bernd Kuhls
bc864a5b55 package/nvidia-driver: bump version to 390.67
Added license hash, adjusted upstream library names.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:13:08 +02:00
Bernd Kuhls
a73c944fa9 package/x265: bump version to 2.8
Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:12:49 +02:00
Bernd Kuhls
c3387c59bb package/imagemagick: security bump to version 7.0.7-38
Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:12:33 +02:00
Bernd Kuhls
2cc2a63ea1 package/dtv-scan-tables: bump version
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:10:45 +02:00
Bernd Kuhls
88f659fe25 package/speex: bump version to 1.2.0
Added upstream md5 & locally computed license hashes, rebased patch,
updated SPEEX_SITE.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:24:50 +02:00
Bernd Kuhls
76d1654dfc package/speex: use pkgconf to detect libogg
Upstream removed with-ogg-* configure options and switched to pkgconf
to detect libogg back in 2014:
https://git.xiph.org/?p=speex.git;a=commitdiff;h=e1b1eeabce815283c5bbc42016a9d6a11eda2866

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:24:48 +02:00
Bernd Kuhls
54917abdd7 package/wireless-regdb: bump version to 2018.05.31
Added license hash, updated project URL, old site is dead.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:24:47 +02:00
Bernd Kuhls
43ebb35e9b package/pngquant: bump version to 2.12.0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:24:45 +02:00
Bernd Kuhls
0aa611fd0e DEVELOPERS: add myself for sqlite
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:21:41 +02:00
Bernd Kuhls
f7e4793c50 package/sqlite: bump version to 3.24.0
Release notes:
https://www.sqlite.org/releaselog/3_24_0.html
https://www.sqlite.org/releaselog/3_23_1.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 13:21:41 +02:00
Eric Le Bihan
574fba15fc meson: bump version to 0.46.1
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:41:54 +02:00
Peter Korsgaard
5fbacdd59f mariadb: security bump version to 10.1.33
Release notes: https://mariadb.com/kb/en/mariadb-10133-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10133-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2782 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2784 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2787 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2766 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.6.39 and
prior and 5.7.21 and prior.  Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server.  Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2018-2755 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication).  Supported versions that are affected
are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks require human interaction from a person other than the
attacker and while the vulnerability is in MySQL Server, attacks may
significantly impact additional products.  Successful attacks of this
vulnerability can result in takeover of MySQL Server.

CVE-2018-2819 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB).  Supported versions that are affected are 5.5.59 and
prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2817 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2761 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2781 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2771 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Locking).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server.  Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2018-2813 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL).  Supported versions that are affected are
5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.  Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server.  Successful attacks of this
vulnerability can result in unauthorized read access to a subset of MySQL
Server accessible data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:41:30 +02:00
Fabrice Fontaine
cc90a068d7 aubio: bump to version 0.4.6
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:41:15 +02:00
Fabrice Fontaine
14b3352b2b jansson: bump to version 2.11
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:40:57 +02:00
Joel Carlson
8779224f2b DEVELOPERS: update email for flatcc
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:40:44 +02:00
Fabrice Fontaine
a1567b6037 pugixml: bump to version 1.9
- Remove patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:40:18 +02:00
Fabrice Fontaine
3d32f7f6fe json-glib: bump to version 1.4.2
- Switch to meson-package
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:39:41 +02:00
Fabrice Fontaine
ba819ad3b9 json-c: bump to version 0.13.1
Drop patch, issue has been properly fixed by:
0f814e52dd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-09 16:39:16 +02:00