LICENSE diff:
- This software is copyright (c) 1994-2017 by Gisle Aas.
+ This software is copyright (c) 1994 by Gisle Aas.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
LICENSE diff:
- This software is copyright (c) 2018 by Toby Inkster.
+ This software is copyright (c) 2020 by Toby Inkster.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport a patch from upstream to fix the build on certain versions of
gsc, notably:
Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0
Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
The upstream patch is simply a change in the gentpl.py script, which is
used to generate parts of the automake machinery, so if we just backport
the upstream patch, we need to call the script to regenerate those files.
However, the modified script is a python script, so we would need to add
a dependency on host-python (2 or 3), which is not so nice.
Furthermore, calling the script is not enough: it needs a specific set
of optionss for each file it is to generate. That set of options is not
static; it is constructed in the convoluted autogen.sh. Calling
autogen.sh is usally not so good an idea in the Buildroot context, and
indeed this fails becasue it calls to autoreconf, but without our
carefuly crafted options and environment variables.
There was a little light in the tunnel, in that autogen.sh can be told
not to run autoreconf, by setting the environemnt variable
FROM_BOOTSTRAP to an non-=empty string, but this is fraught with various
other side-effects, as in that cause, autogen.sh expects to be valled by
an upper sciopt, bootstrap, which is not provided in the tarball
distribution...
So, between all those issues, autogen, bootstrap, and a host-python (2
or 3) dependency, we choose another route: path the script *and* the one
generated file affected by the change. Since that patched file is a .am
file, we also patch the corresponding .in file
However, we're faced with another issue: the other generated file is
now older than the script, so the automake machinery will now want to
re-run autoconf et al during the build step, which is still not a good
idea for us. So we touch the other generated file so it is mopre recent
than the script.
This is still not sufficient, because the patched file also has a
dependency on the generated file, so we need to touch as well.
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=12946
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- keep the hunk about patching gentpl.py
- make it a git-formatted patch
- add the touch
- drastically expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit fa84c176c2 that
replace luabitop by lua_bit32 package when lua 5.1 is used.
Since this change the prosody test in gitlab is fail due to
missing lua-bitops [1]:
Starting prosody:
**************************
Prosody was unable to find lua-bitops
This package can be obtained in the following ways:
Source: http://bitop.luajit.org/
Debian/Ubuntu: sudo apt-get install lua-bitop
luarocks: luarocks install luabitop
WebSocket support will not be available
More help can be found on our website, at https://prosody.im/doc/depends
**************************
The upstream documentation [2] is misleading (or not uptodate)
about lua-bit32 dependency.
Since bitop is builtin since lua5.2, we probably need to select
luabitop package only when lua 5.1 is used as lua interpreter.
Tested with run-tests:
./support/testing/run-tests tests.package.test_prosody.TestProsodyLua51
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/576271975
[2] https://prosody.im/doc/depends#bitop
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since v2.1.2:
https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.3
- fix a cross-compilation failure from Win32 to WinARM
- fix issues while fluid_player is seeking
- fix a NULL pointer dereference if synth.dynamic-sample-loading is enabled
- fix a NULL pointer dereference in delete_rvoice_mixer_threads()
- fix a NULL pointer dereference in the soundfont loader
- fix dsound driver playing garbage when terminating fluidsynth
- avoid memory leaks when using libinstpatch
./utils/test-pkg --package fluidsynth
6 builds, 1 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release fix some bugs in the broker and client libraries,
as well as building with below C99 suport.
Read the whole announcement on:
https://mosquitto.org/blog/2020/05/version-1-6-8-released/
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* libqmi-glib:
** Fix build with GLib < 2.44.
** Fix UTF-8 string validation when the string contains a trailing NUL byte
(e.g. the Sierra specific "DMS Swi Get Current Firmware" command).
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Now by default ethtool depends on libmnl so make this optional
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- edid-decode changed from C to C++, adjust make command
accordingly and add BR2_INSTALL_LIBSTDCPP dependency
- now shipping a LICENSE file, change from (gone) edid-decode.c to this one
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
[CVE-2020-10543] Buffer overflow caused by a crafted regular
expression
[CVE-2020-10878] Integer overflow via malformed bytecode produced by a
crafted regular expression
[CVE-2020-12723] Buffer overflow caused by a crafted regular
expression
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch #1. libnuma is now a mandatory dependency. The ostype and
machinetype variables are not used for the Linux target.
Drop patch #3. SH is not a supported target architecture anymore.
Add mandatory dependency on libnuma (numactl). Propagate numactl
architecture dependency.
Update homepage link. The kernel wiki is dead.
Drop Python build time dependency. Python is an optional run-time
dependency.
Add reference to upstream provided tarball hash.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For use in other packages that select numactl.
Cc: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2020-13254: Potential data leakage via malformed memcached keys
In cases where a memcached backend does not perform key validation,
passing malformed cache keys could result in a key collision, and
potential data leakage. In order to avoid this vulnerability, key
validation is added to the memcached cache backends.
- CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
Query parameters for the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures
query parameters are correctly URL encoded.
For details, see the announcement:
https://docs.djangoproject.com/en/dev/releases/3.0.7/
Additionally, 3.0.5..3.0.7 contains a number of non-security related
bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use CROSS_COMPILE for toolchain prefix. Makefile derives CC, AR, and
RANLIB from that.
Remove sed manipulation of the lib/configure script. Host uname is not
used when the HOST variable is set as we do.
Remove sed manipulation of Makefile. Set STRIP to an empty string
instead.
Format hash file with two space separators.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The HTTPS URL seems to be more reliable and quicker for download than
FTP. FTP may also be a blocked protocol on some sites and in CI/CD
setups.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d42f3adaae)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes since 1.63:
- 1.64 2020-04-11 Fixed error in definitions of BCM2835_AUX_SPI_STAT_TX_LVL
and BCM2835_AUX_SPI_STAT_RX_LVL
- 1.65, 1.66 2020-04-16 Added support for use of capability cap_sys_rawio
to determine if access to /dev/mem is available for non-root users
That latter part (using capabilities) is not supported, because it is
broken upstream (the code is messed up using two similar #defines to
test and enable it; messy...) Since it previously required root access
to work, and still does now, this is not a regression, so do not add
support for capablities.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: explain why we don't support capabilities]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a security release.
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
See https://nodejs.org/en/blog/release/v12.18.0/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-11080 Denial of service: Overly large SETTINGS frames
Signed-off-by: Martin Bark <martin@barkynet.com>
[yann.morin.1998@free.fr: two spaces in hash files]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Although those patches were properly dropped when the origianl bump was
applied to the next branch (commit 4675c7d441), both net and master also
had a commit that moved the patches around when the csku fork was
removed (commit 58af9a70cc and 20f45029cc, respectively).
This seemed to have caused some confusion with git-merge, though, and
the y re-appeared after the merge.
Remove them again for good, this time.
Fixes: http://autobuild.buildroot.net/results/0adfb031c243709b0bac71599ed419b64cc514a4
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- rewrite commit log to explain why the patches reappeared
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: two sapces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patch (already in version)
- Update hash of COPYING (BSD-3 license fixed with
a3e8138359)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
