NTLM is an old authentication protocol depending on DES and MD4 and
its creator, Microsoft, discourage its use since 2010, because it is
weak and vulnerable to many attacks.
libgit2 has support for NTLM and it is enabled by default if openssl
is used, however, since commit a83d41867c ("package/libopenssl: add
option to enable some features"), support for DES and MD4 can be
disabled in openssl.
Since openssl is an optional dependency to libgit2 and getting rid of
NTLM is a goal in itself for many windows administrators, disable NTLM
by default.
Fixes: http://autobuild.buildroot.net/results/efb4ce2174cb6944558e895ce852182ba2738a70
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This update includes a build fix for the RaspberryPi 4 (from 1.5.7)
and a fix for the GL library loader when GLX is involved (from 1.5.6)
Release notes:
https://github.com/anholt/libepoxy/releases/tag/1.5.6https://github.com/anholt/libepoxy/releases/tag/1.5.7
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[francois.perrad@gadz.org: fix indent in hash file]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: meld Adrian and François' patches together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Among other fixes, switching to the current stable version plugs a few
memory leaks; solves many WebSocket bugs; makes NTLM authentication work;
allows building gobject-introspection data when cross-building (to be
enabled in a separate patch); fixes message cancellation; adds support
for HTTP 308 permanent redirects, same-site cookies, secure cookies,
HSTS, and Brotli compression.
This also removes the unneeded LIBSOUP_CONF_ENV which defined an
autoconf variable, and updates the Meson build configuration options
to follow the changes done by upstream.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- reorder options and move them one per line
- while at it, do the same for dependencies
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since 810ba387be, some form of these options are enable
by default. Specifically:
- Kept FORTIFY level 2 option as the default is now level 1.
- Removed all SSP options as the default now uses the best
option based on toolchain support.
- Similar to SSP, for RELRO, the default now uses the best
option based on toolchain support.
- Completely drop PIC PIE as it defaults =y
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The default for FOO_CPE_ID_VERSION is to default to FOO_VERSION, so drop
this superfluous definition.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Reviewed-by: Matthew Weber <Matthew.Weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Change libsoup to version 2.66.5, which introduces many fixes. This
needs adding the libpsl dependency, and switching over to Meson as the
autotools based build system is no more. The existing patch is not
needed anymore.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Package libpsl is a new non-optional dependency of future libsoup
versions.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: reorder some variables]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: dependencies fit on a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Switch site to github to get latest release
- Drop all patches (already in version)
- Update indentation in hash file (two spaces)
https://github.com/libsndfile/libsndfile/releases/tag/1.0.31
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use pkg-config to retrieve libsndfile dependencies
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 888546e527)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use pkg-config to retrieve libsndfile dependencies
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
webpmux is an optional dependency since version 2.2.0 and
b4735f7829
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: move into existing webp conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libxcb is an optional dependency since version 7.1.0 and
3c39e6fcf6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
lcms2 is an optional dependency since version 2.3.0 and
6d9f349140
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since bump to version 0.3.26 in commit
a6d88d3ba5, pipewire needs dynamic library
support for at least spa plugins (which can be disabled) and spa tools
(which can't be disabled)
Fixes:
- http://autobuild.buildroot.org/results/ea05fa6ca39b1ac55e301e5c11d3a62080d36e9e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes a potential memory corruption with negative memmove() size. For
details, see (NVD not yet updated):
https://security-tracker.debian.org/tracker/CVE-2021-3520
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
