Commit Graph

47324 Commits

Author SHA1 Message Date
Fabio Estevam
f902445dbb configs/mx53loco: Bump U-Boot and kernel versions
Bump to U-Boot 2019.07 and kernel 5.2.9 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-30 19:26:12 +02:00
Bernd Kuhls
b6255a16ee {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-30 19:25:28 +02:00
Adrian Perez de Castro
c38766d6a6 package/wpewebkit: security bump to version 2.24.3
This is a minor release which includes fixes for CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669,
CVE-2019-8673, CVE-2019-8676, CVE-2019-8678, CVE-2019-8680,
CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8687,
CVE-2019-8688, CVE-2019-8689, and CVE-2019-8690.

This release also contains many build fixes, a few media playback
improvements, and a Web compatibility fix. For a complete list,
the full release notes are available at:

  https://wpewebkit.org/release/wpewebkit-2.24.3.html

The detailed security advisory can be found at:

  https://wpewebkit.org/security/WSA-2019-0004.html

Patch "0001-Build-failure-after-r243644-in-GTK-Li.patch" is now unneeded
because it is one of the build fixes included in this release.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-30 16:39:32 +02:00
Adrian Perez de Castro
046b09f776 package/webkitgtk: security bump to version 2.24.4
This is a minor release which includes fixes for CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8676,
CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, and
CVE-2019-8688.

This release also contains many build fixes, a few media playback
improvements, and a Web compatibility fix. For a complete list,
the full release notes at:

  https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html

The detailed security advisory can be found at:

  https://webkitgtk.org/security/WSA-2019-0004.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-30 16:34:39 +02:00
Zoltan Gyarmati
e1cf3b163e package/tinc: bump to 1.0.36
Update the COPYING hash, since the copyright year was updated:

-Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
+Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
[Thomas: update license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-30 09:18:01 +02:00
Neil Armstrong
151da9661e package/glmark2: bump to the latest version
Bump to the latest git version, containing multiple fixes and support
for render-only GPUs (lima, panfrost, ...) and missing DRM driver
names to run like meson, rockchip, sun4i-drm.

Tested on Khadas VIM2 (aarch64) and Panfrost.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:49:47 +02:00
Sergio Prado
0f169a58c4 package/stella: bump version to 6.0.1
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:49:42 +02:00
Christopher McCrory
08dfa1332d package/zic: bump to version 2019b
Changed _SITE to https.

Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Peter: fix license hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-29 22:44:43 +02:00
Christopher McCrory
60889ccdf0 package/tzdata: bump to version 2019b
Changed _SITE to https.

Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Peter: fix LICENSE hash, only use for the host package]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-29 22:29:51 +02:00
Asaf Kahlon
a4deed54eb package/python-xmltodict: bump to version 0.12.0
Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:25:20 +02:00
Asaf Kahlon
de9ccc2398 package/python-xlwt: bump to version 1.3.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:25:20 +02:00
Asaf Kahlon
a9eaacd9cb package/python-xlrd: bump to version 1.2.0
The license file was changed from xlrd/licences.py to LICENSE in the
following upstream commit:

  e7bcab2f45

While the formatting has changed, the contents are the same. We take
this opportunity to add the hash of the license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: fix license file details]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:24:35 +02:00
Asaf Kahlon
8a50813f1b package/python-ptyprocess: bump to version 0.6.0
Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:18:15 +02:00
Asaf Kahlon
fae5d3298a package/python-oauthlib: bump to version 3.1.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:18:06 +02:00
Asaf Kahlon
a2b4b93bbf package/python-jaraco-classes: bump to version 2.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:55 +02:00
Asaf Kahlon
39d948c11c package/python-iptables: bump to version 0.14.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:49 +02:00
Asaf Kahlon
d11309792b package/python-ipaddr: bump to version 2.2.0
Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:39 +02:00
Asaf Kahlon
c8a33b531d package/python-futures: bump to version 3.3.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:34 +02:00
Asaf Kahlon
5b146ed549 package/python-engineio: bump to version 3.9.3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:28 +02:00
Asaf Kahlon
3153d12ae3 package/python-daemonize: bump to version 2.5.0
Also add hash for license file.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:17:13 +02:00
Zoltan Gyarmati
8768178914 package/libusb: bump to 1.0.23
Also remove obsolete patch and not calling autoreconf (as configure.ac
is not patched anymore)

Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-29 22:14:45 +02:00
Peter Korsgaard
268bdf0360 configs/roseapplepi_defconfig: use gcc 7.x
The old 3.10.x based vendor kernel does not build correctly with gcc 8.x.

While there is basic s500 support in the mainline kernel, there is not yet a
mmc driver so it isn't quite a replacement yet.

Stick to the vender kernel for now and revert back to gcc 7.x, hopefully
mainline support will be more complete once gcc 7.x gets dropped.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-29 21:52:01 +02:00
Petr Vorel
aee34c479a package/network-manager: bump to version 1.20.0
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:45:56 +02:00
Petr Vorel
47068f5d58 package/modem-manager: bump to version 1.10.4
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:45:51 +02:00
Bernd Kuhls
09472e11dd package/x11r7/xfont_font-util: bump version to 1.3.2
Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:44:51 +02:00
Bernd Kuhls
96c9052d60 package/x11r7/xdriver_xf86-video-sis: bump version to 0.11.0
Removed all patches after they were applied upstream:
https://cgit.freedesktop.org/xorg/driver/xf86-video-sis/commit/?id=9e42918588b65860422cb296a92ecede15db7419
https://cgit.freedesktop.org/xorg/driver/xf86-video-sis/commit/?id=4b1356a2b7fd06e9a05d134caa4033681c939737

Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:43:16 +02:00
Bernd Kuhls
627730e174 package/x11r7/xapp_xrandr: bump version to 1.5.1
Switched _SOURCE to .xz, added all hashes provided by upstream and
license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:42:53 +02:00
Bernd Kuhls
ed0c94d94d package/x11r7/xapp_viewres: bump version to 1.0.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:42:17 +02:00
Giulio Benetti
3c961b8e77 package/at: bump version
Mainly this allows to drop 3 patches because they have been upstreamed.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:41:10 +02:00
Giulio Benetti
95990d5481 DEVELOPERS: add Giulio Benetti to at package
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:40:59 +02:00
Petr Vorel
a465dd54fc package/ofono: bump to version 1.30
Removed included in 1.30, refresh patch.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:40:41 +02:00
Bernd Kuhls
53e1150671 package/x11r7/libxcb: bump version to 1.13.1
Upstream does not provide a sha512 hash anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:39:54 +02:00
Bernd Kuhls
1ca7cdc2bf package/vdr: bump version to 2.4.1
Release notes:
https://www.linuxtv.org/pipermail/vdr/2019-June/029497.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:38:40 +02:00
Bernd Kuhls
41f8c443b3 package/pngquant: bump version to 2.12.5
Upstream now provides a sha256 hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:34:46 +02:00
Bernd Kuhls
cea0941d1f package/libvpx: bump version to 1.8.1
Rebased patch.

Changelog: https://github.com/webmproject/libvpx/blob/master/CHANGELOG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:33:30 +02:00
Peter Korsgaard
cd8ab1853d Update for 2019.08-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 23:02:48 +02:00
Bernd Kuhls
77b2dd9a53 package/dovecot-pigeonhole: security bump version to 0.5.7.2
Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116876.html

Fixes
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
  NUL byte when scanning data in quoted strings, leading to out of
  bounds heap memory writes. Found by Nick Roessler and Rafi Rubin.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 17:16:42 +02:00
Bernd Kuhls
4afd405eff package/dovecot: security bump version to 2.3.7.2
Release notes:
https://dovecot.org/pipermail/dovecot/2019-August/116874.html

Fixes
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 17:16:34 +02:00
Peter Korsgaard
e941599f69 package/python: add upstream security fix for CVE-2019-9740
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib
in Python 3.x through 3.7.3.  CRLF injection is possible if the attacker
controls a url parameter, as demonstrated by the first argument to
urllib.request.urlopen with \r\n (specifically in the query string after a ?
character) followed by an HTTP header or a Redis command.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 15:04:22 +02:00
Peter Korsgaard
a0b032ad85 package/qemu: security bump to version 3.1.1
Fixes the following security issues:

CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP).  The
code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and
directories in usb_mtp_object_readdir doesn't consider that the underlying
filesystem may have changed since the time lstat(2) was called in
usb_mtp_object_alloc, a classical TOCTTOU problem.  An attacker with write
access to the host filesystem shared with a guest can use this property to
navigate the host filesystem in the context of the QEMU process and read any
file the QEMU process has access to.  Access to the filesystem may be local
or via a network share protocol such as CIFS.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 15:04:16 +02:00
Bernd Kuhls
e0b0870304 package/file: bump version to 5.37
Changelog: https://github.com/file/file/blob/master/ChangeLog
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:50:51 +02:00
Bernd Kuhls
3cf36896ee package/boinc: bump version to 7.16.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:50:29 +02:00
Bernd Kuhls
45ea73584b package/asterisk: bump version to 16.5.0
Release notes:
https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current-summary.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:49:32 +02:00
Bernd Kuhls
85f4b77123 package/apr: bump version to 1.7.0
Release notes: http://www.apache.org/dist/apr/CHANGES-APR-1.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:43:25 +02:00
Bernd Kuhls
a5f4a45792 package/x265: bump version to 3.1.2
Release notes:
https://bitbucket.org/multicoreware/x265/src/Release_3.1/doc/reST/releasenotes.rst

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:43:17 +02:00
Bernd Kuhls
89337e4f39 package/flac: bump version to 1.3.3
Changelog: https://xiph.org/flac/changelog.html

Removed patch applied upstream, removed autoreconf:
https://git.xiph.org/?p=flac.git;a=commitdiff;h=55721556161e6ab209f940f5023bc44b4051524a

Added all hashes provided by upstream and license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:40:08 +02:00
Bernd Kuhls
a9c509934e package/gnutls: bump version to 3.6.9
Release notes:
https://lists.gnupg.org/pipermail/gnutls-help/2019-July/004556.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:40:00 +02:00
Bernd Kuhls
92cda2a137 package/hwdata: bump version to 0.326
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:38:58 +02:00
Bernd Kuhls
fade4c28ad package/hdparm: bump version to 9.58
Release notes:
https://sourceforge.net/p/hdparm/news/2018/10/hdparm-957-is-released/
https://sourceforge.net/p/hdparm/news/2018/10/hdparm-958-is-released/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:38:38 +02:00
Bernd Kuhls
f2ffdbee2a package/wpa_supplicant: security bump version to 2.9
Fixes https://w1.fi/security/2019-6/

Removed patch applied upstream:
http://w1.fi/cgit/hostap/commit/?id=f2973fa39d6109f0f34969e91551a98dc340d537

Removed all other upstream patches which are included in this release.

Release notes:
http://lists.infradead.org/pipermail/hostap/2019-April/039979.html
http://lists.infradead.org/pipermail/hostap/2019-August/040373.html

Support for the old dbus interface was removed upstream:
http://w1.fi/cgit/hostap/commit/?id=6a8dee76d4090287c016680c009b1334e01b5fbd

Removed Config.in option, removed _NEW from remaining dbus option,
select BR2_PACKAGE_DBUS when needed and added Config.in.legacy options.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:36:42 +02:00