Commit Graph

49828 Commits

Author SHA1 Message Date
Peter Seiderer
f5e4100c08 package/qt5base: add upstream security patches for latest variant
Fixed the following security issue:

- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
  search for certain plugins first on the current working directory of the
  application, which allows an attacker that can place files in the file
  system and influence the working directory of Qt-based applications to
  load and execute malicious code.  This issue was verified on macOS and
  Linux and probably affects all other Unix operating systems.  This issue
  does not affect Windows.

- CVE-2020-0570: QLibrary in Qt versions 5.12.0 through 5.14.0, on certain
  x86 machines, would search for certain libraries and plugins relative to
  current working directory of the application, which allows an attacker
  that can place files in the file system and influence the working
  directory of Qt-based applications to load and execute malicious code.
  This issue was verified on Linux and probably affects all Unix operating
  systems, other than macOS (Darwin).  This issue does not affect Windows.

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 23:45:33 +01:00
Peter Seiderer
c0607b38c8 package/qt5base: add upstream security patch for LTS variant
Fixed the following security issue:

- CVE-2020-0569: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would
  search for certain plugins first on the current working directory of the
  application, which allows an attacker that can place files in the file
  system and influence the working directory of Qt-based applications to
  load and execute malicious code.  This issue was verified on macOS and
  Linux and probably affects all other Unix operating systems.  This issue
  does not affect Windows.

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/01/30/1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 23:45:33 +01:00
Bernd Kuhls
d8663e6ff1 package/libva: bump version to 2.6.1
Removed patch which was applied upstream:
69b4230c36

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 23:45:33 +01:00
James Hilliard
77b4f9b31b package/mesa3d: add support for gallium iris driver
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 23:36:31 +01:00
Gervais, Francois
05b8c7da6d boot/arm-trusted-firmware: allow additional make targets
Allow specifying additional build targets for ATF.

This might be more useful when using a custom git repository.

For example, when using with the ATF repository from NXP QorIQ,
there is a new build target 'pbl' which is used to build the
pbl binary image. Note that in the specific case of the 'pbl'
target, additional build variables also need to be specified
through BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 23:15:41 +01:00
Pascal de Bruijn
26c16e9d5b package/php: bump version to 7.4.2
patch 0005 has been sourced from upstream, and can be dropped when
7.4.3 is released.

The mbstrings module used to use a bundled oniguruma library, but now
uses an external one, hence the new dependency on this package for the
mbstrings module.

The hash of the license file has changed due to this change in the
copyright year:

-Copyright (c) 1999 - 2018 The PHP Group. All rights reserved.
+Copyright (c) 1999 - 2019 The PHP Group. All rights reserved.

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 23:06:19 +01:00
James Hilliard
6e2a0ddb77 package/meson: bump to version 0.53.1
Removed patch that is now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 22:51:38 +01:00
Bernd Kuhls
91a1acc805 package/libplist: bump version to 2.1.0
Switched _SITE to github, added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 17:22:21 +01:00
Bernd Kuhls
e80afdac00 package/tor: bump version to 0.4.2.6
Release notes: https://blog.torproject.org/new-releases-tor-0426-0418

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 17:18:52 +01:00
Giulio Benetti
40f73486ba package/libnspr: bump version to 4.25
Xtensa architecture has been added. Let's use upstream sha1 for
tarball's hash.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 17:16:08 +01:00
Clayton Shotwell
94678020c8 squashfs: bump version to 4.4
Bump to version 4.4 and switch to github site since the kernel
repository has not been updated. See
https://github.com/plougher/squashfs-tools/blob/master/README.

Dropping patch that has been incorporated in the new release.

This version bump includes support for reproducible images. See the full
release notes for details at
https://github.com/plougher/squashfs-tools/blob/master/README-4.4

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 17:11:36 +01:00
Fabrice Fontaine
2f185e82ed package/suricata: fix lzma dependency
lzma package is a host-only package so replace this wrong dependency by
xz package

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 16:02:01 +01:00
Fabrice Fontaine
3f44c35b7e package/libpjsip: add v4l2 support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 16:00:50 +01:00
Fabrice Fontaine
20894d60a5 package/libhtp: bump to version 0.5.32
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-01 15:59:46 +01:00
Fabrice Fontaine
95cee16529 package/file: zlib is optional, not mandatory
zlib is optional since version 4.22 and
b950f1f426
and --enable-zlib has been fixed since version 5.37 and
8c6dcd7ef6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-01 12:36:48 +01:00
Pierre-Jean Texier
846a135fa7 package/genimage: bump to version 12
Also drop upstreamed patch

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-01 12:06:23 +01:00
Peter Korsgaard
39ca698bfc package/tpm2-tools: bump version to 4.1.1
Bugfix release, fixing a number of issues in the 4.1 release.  For details,
see the announcement:

https://github.com/tpm2-software/tpm2-tools/releases/tag/4.1.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 11:38:19 +01:00
Fabrice Fontaine
314f0b464b package/gerbera: fix static linking with libmagic
Fixes:
 - http://autobuild.buildroot.org/results/37b1ef54dc41100689f311fbc31fc9300dc6ae63

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 11:30:40 +01:00
Fabrice Fontaine
13f991292f package/file: add libmagic.pc
Fixes:
 - http://autobuild.buildroot.org/results/37b1ef54dc41100689f311fbc31fc9300dc6ae63

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 11:30:28 +01:00
Arthur Courtel
e5cfb319f9 package/arp-scan: bump version to 1.9.7
Signed-off-by: Arthur Courtel <arthur.courtel@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 11:29:39 +01:00
Bernd Kuhls
638469086d package/kodi-audioencoder-vorbis: bump version to 2.0.3-Leia
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-01 11:16:59 +01:00
Bernd Kuhls
35ba89b109 package/kodi-screensaver-matrixtrails: remove 'v' prefix from github-fetched package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: fix hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-01 11:11:46 +01:00
Fabrice Fontaine
adf8751a48 package/file: add bzip2 optional dependency
bzip2 is an optional dependency since version 5.38 and
b259a07ea9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 10:27:32 +01:00
Fabrice Fontaine
7e70be6d29 package/file: add xz optional dependency
xz is an optional dependency since version 5.38 and
b259a07ea9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 10:27:21 +01:00
Frank Vanbever
788a7560cb package/libmodsecurity: point to staging pcre-config
The libmodsecurity build system uses the file installed on the host if not
explicitly pointed to pcre-config in the staging dir.

Fixes:
- http://autobuild.buildroot.net/results/f936ad05bca4bb776917306700750ba6d2498ef0
  + similar failures for other architectures

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 10:26:29 +01:00
Yegor Yefremov
96bbea75a3 support/testing: add python-can test case
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-31 08:05:21 +01:00
Yegor Yefremov
ce0f9052f5 package/python-can: add missing dependency
Python-can depends on aenum package since 3.2.0:

dcf87ce371

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-31 08:01:37 +01:00
Yegor Yefremov
2707f1c872 package/python-aenum: new package
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Peter: add license hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-31 00:04:23 +01:00
Aleksander Morgado
dfb553adff package/modem-manager: update to version 1.12.4
https://lists.freedesktop.org/archives/modemmanager-devel/2020-January/007670.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 23:48:16 +01:00
Aleksander Morgado
73526282a2 package/libqmi: bump to version 1.24.4
https://lists.freedesktop.org/archives/libqmi-devel/2020-January/003193.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 23:48:10 +01:00
Peter Korsgaard
f263a5b2b1 package/wireguard-linux-compat: bump version to 0.0.20200128
Fixes build issues with kernel 5.5. For details, see the announcement:

https://lists.zx2c4.com/pipermail/wireguard/2020-January/004905.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 11:37:03 +01:00
Frank Vanbever
d35873ab0c package/nginx-modsecurity: new package
The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 11:26:53 +01:00
Frank Vanbever
d9205b4da5 package/libmodsecurity: new package
The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the
libmodconfig pkg-config file making builds that statically link against
libmodsecurity fail.

Lua is disabled due to using the host libraries.

Yajl is disabled as enabling it forces the tests to be built. These tests have a
hard dependency on libmodsecurity.a which is not built when --disable-static is
used in the configuration. There is no flag to disable these tests.

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 11:26:05 +01:00
Fabrice Fontaine
ecbd31c376 package/libpjsip: add sound support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 11:21:30 +01:00
Pierre-Jean Texier
d22bd3749e package/libubootenv: bump to version 879c073
This includes the following changes:

879c073 Do not hardcode path for install
d9c639b libubootenv: add pkg-config support

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-30 11:21:09 +01:00
Peter Korsgaard
6648cfc749 Makefile, manual, website: Bump copyright year
Happy 2020!

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 22:31:02 +01:00
Bernd Kuhls
7c373b614e package/samba4: bump version to 4.11.6
Release notes: https://www.samba.org/samba/history/samba-4.11.6.html

Removed patch 0004 which was applied upstream:
https://git.samba.org/samba.git/?p=samba.git;a=commit;h=1d28d27070a7ade82283dab11c9ef7cadfbf54fb
https://git.samba.org/samba.git/?p=samba.git;a=commit;h=3889444e00866eafebcdfb42be5f07990b881c56

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 20:49:43 +01:00
Fabrice Fontaine
3fe4a3603c package/libpjsip: add bcg729 optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 20:49:23 +01:00
Bernd Kuhls
44655cda41 package/{mesa3d, mesa3d-headers}: bump version to 19.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 20:48:18 +01:00
Peter Korsgaard
f40acb4684 package/go: security bump to version 1.13.7
Fixes the following security issue:

- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates.  net/http clients
can be made to crash by an HTTPS server, while net/http servers that accept
client certificates will recover the panic and are unaffected.  Thanks to
Project Wycheproof for providing the test cases that led to the discovery of
this issue.  The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 20:47:32 +01:00
James Hilliard
f6820165c7 package/python-aiohttp-debugtoolbar: bump to version 0.6.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 20:47:22 +01:00
Grzegorz Blach
a28dcaa434 package/python-rpi-ws281x: Bump to version 4.2.3
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:17:41 +01:00
Francois Perrad
db78559f6a package/luarocks: bump to version 3.3.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:17:23 +01:00
Fabrice Fontaine
7a339a42dd package/opkg-utils: bump to version 0.4.2
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:16:53 +01:00
Fabrice Fontaine
4ec6085f09 package/gensio: fix detection of openssl with -latomic
Add an upstream patch to fix --with-openssl argument and allow gensio to use
pkg-config to retrieve openssl dependencies otherwise the detection of
openssl will fail on architecture that needs to link with -latomic such as
sparc v8 32 bits:

configure:9379: checking for openssl/ssl.h in /home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr
configure:9386: result: yes
configure:9402: checking whether compiling and linking against OpenSSL works
Trying link with OPENSSL_LDFLAGS=-L/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib; OPENSSL_LIBS=-lssl -lcrypto; OPENSSL_INCLUDES=-I/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/include
configure:9424: /home/fabrice/buildroot/output/host/bin/sparc-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os   -static -I/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -static -L/home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib conftest.c -lssl -lcrypto  -lpthread >&5
/home/fabrice/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/8.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/fabrice/buildroot/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_lib.o): in function `CRYPTO_UP_REF.isra.6':
ssl_lib.c:(.text+0x3c8): undefined reference to `__atomic_fetch_add_4'

Fixes:
 - No autobuilder failures (silent error)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:15:56 +01:00
Fabrice Fontaine
0dfef9faa7 package/libpjsip: add opencore-amr support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:13:55 +01:00
Peter Korsgaard
6f6118ec3a {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-29 17:13:39 +01:00
Peter Korsgaard
9412a38fec package/wpewebkit: security bump to version 2.26.3
Fixes the following security issues:

- CVE-2019-8835: Multiple memory corruption issues were addressed with
  improved memory handling

- CVE-2019-8844: Multiple memory corruption issues were addressed with
  improved memory handling

- CVE-2019-8846: A use after free issue was addressed with improved memory
  management

For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html

Drop now upstreamed patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-28 23:26:35 +01:00
Peter Korsgaard
35df7bdb07 package/webkitgtk: security bump to version 2.26.3
Fixes the following security issues:

- CVE-2019-8835: Multiple memory corruption issues were addressed with
  improved memory handling

- CVE-2019-8844: Multiple memory corruption issues were addressed with
  improved memory handling

- CVE-2019-8846: A use after free issue was addressed with improved memory
  management

For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html

Drop now upstreamed patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-28 23:26:30 +01:00
Max Berger
3880544582 package/opkg: bump version to 0.4.2
Signed-off-by: Max Berger <phobie@protonmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-28 23:23:53 +01:00