summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* package/upmpdcli: fix static build issueJörg Krause2019-01-271-0/+5
| | | | | | | | | | | | The spotify plugin requires shared library support and needs <dlfcn.h>. Explicitly disable the spotify plugin when building upmpdcli in a static context. Fixes: http://autobuild.buildroot.net/results/cb942d3c5f68959d6cbc85535ccff4a275369f91/ Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libarchive: add four security patchesThomas De Schampheleire2019-01-274-0/+219
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add backported patches for the following four security issues in libarchive. There is no new release yet including these patches. - CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877) "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." - CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878) "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." - CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879) "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file." - CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880) "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file." Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-pyasn1-modules: bump to version 0.2.4Asaf Kahlon2019-01-272-4/+4
| | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/rpi-userland: bump version to e5803f2c98Peter Seiderer2019-01-272-2/+2
| | | | | Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* configs/raspberrypi*: bump kernel version to 83b36f98e1Peter Seiderer2019-01-277-7/+7
| | | | | | | Now based on 4.14.95 (from 4.14.91). Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/freeswitch: bump version to 1.8.5Bernd Kuhls2019-01-273-81/+7
| | | | | | | | Removed patch 0002, not needed anymore after upstream commit https://freeswitch.org/stash/projects/FS/repos/freeswitch/commits/13f6890f411598bd2c567762d457d1a8163a7a8a Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libpng: bump version to 1.6.36Bernd Kuhls2019-01-272-8/+7
| | | | | | | | | | | License[1] was bumped to v2, for details see http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/003791.html [1] http://www.libpng.org/pub/png/src/libpng-LICENSE.txt Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Peter: use Libpng-2.0 as license tag] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/pngquant: bump version to 2.12.2Bernd Kuhls2019-01-272-3/+3
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/znc: bump version to 1.7.2Bernd Kuhls2019-01-272-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* prosody: bump to version 0.11.2Francois Perrad2019-01-274-9/+9
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-uri: bump to version 1.76Francois Perrad2019-01-272-4/+4
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-type-tiny: bump to version 1.004004Francois Perrad2019-01-272-5/+5
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-package-stash: bump to version 0.38Francois Perrad2019-01-272-5/+5
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-net-dns: bump to version 1.19Francois Perrad2019-01-272-3/+3
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-mojolicious: bump to version 8.11Francois Perrad2019-01-272-3/+3
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-gd: bump to version 2.70Francois Perrad2019-01-272-3/+3
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-file-slurp: bump to version 9999.25Francois Perrad2019-01-272-4/+4
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* perl-date-manip: bump to version 6.75Francois Perrad2019-01-272-3/+3
| | | | | Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x seriesBernd Kuhls2019-01-273-11/+11
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/clamav: add optional dependency to pcre2Bernd Kuhls2019-01-271-1/+4
| | | | | | | | Upstream recommends pcre2 over pcre: https://github.com/Cisco-Talos/clamav-devel/commit/1f71c2b21ccaef412280471444f4d01ec9b8099d Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/clamav: bump version to 0.101.1Bernd Kuhls2019-01-273-79/+2
| | | | | | | Removed patch applied upstream. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/samba4: security bump to version 4.9.4Bernd Kuhls2019-01-272-3/+3
| | | | | | | | | | | | | | | Fixes the following security issues: - CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression - CVE-2018-16853: Fix S4U2Self crash with MIT KDC build - CVE-2018-16853: Do not segfault if client is not set For more info, see the release notes: https://www.samba.org/samba/history/samba-4.9.4.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Peter: mention security impact, add CVE info] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/x11r7/xdriver_xf86-video-neomagic: bump version to 1.3.0Bernd Kuhls2019-01-272-3/+8
| | | | | | | Added all hashes provided by upstream and license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/x11r7/xdriver_xf86-video-mga: bump version to 2.0.0Bernd Kuhls2019-01-272-3/+8
| | | | | | | Added all hashes provided by upstream and license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/x11r7/xdriver_xf86-video-i128: bump version to 1.4.0Bernd Kuhls2019-01-273-38/+8
| | | | | | | | Removed patch applied upstream, added all hashes provided by upstream and license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/x11r7/xapp_xcursorgen: bump version to 1.0.7Bernd Kuhls2019-01-272-3/+8
| | | | | | | Added all hashes provided by upstream and license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/vlc: bump version to 3.0.6Bernd Kuhls2019-01-276-221/+9
| | | | | | | | Rebased patch 0006, removed patch 0008 which is included in upstream release version, renumbered remaining patches. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libva: bump version to 2.4.0Bernd Kuhls2019-01-273-77/+4
| | | | | | | | Removed patch applied upstream: https://github.com/intel/libva/commit/62bad1239d8ea1bb269ca69d3469aa267f57cdec Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-psycopg2: bump to version 2.7.7Asaf Kahlon2019-01-272-4/+4
| | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-psutil: bump to version 5.5.0Asaf Kahlon2019-01-272-4/+4
| | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-pip: bump to version 19.0.1Asaf Kahlon2019-01-272-5/+5
| | | | | | | License change - a year bump. Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-msgpack: bump to version 0.6.1Asaf Kahlon2019-01-272-4/+4
| | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* python-engineio: bump to version 3.3.0Asaf Kahlon2019-01-272-4/+4
| | | | | Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libwebsock: Fix openssl reporting in headerClayton Shotwell2019-01-261-13/+8
| | | | | | | | | | | | | | | The websock_config.h file currently ends up being installed into the sysroot with a #include "config.h" line but the config.h file does not get copied into the sysroot. Refactoring the original patch to have the configure script properly report whether or not SSL support is enabled without using the config.h file. Patch has been submitted upstream but may never be merged since upstream appears to be dead. https://github.com/payden/libwebsock/pull/38 Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/x11r7/xdriver_xf86-video-intel: bump versionBernd Kuhls2019-01-252-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/{mesa3d, mesa3d-headers}: bump version to 18.3.2Bernd Kuhls2019-01-253-7/+7
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libdrm: bump version to 2.4.97Bernd Kuhls2019-01-252-6/+6
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libqmi: bump to version 1.22.0Nicolas Serafini2019-01-252-2/+2
| | | | | Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libmbim: bum to version 1.18.0Nicolas Serafini2019-01-252-2/+2
| | | | | Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mobile-broadband-provider-info: bump to version 20190116Nicolas Serafini2019-01-252-3/+5
| | | | | Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ofono: bump to version 1.28Nicolas Serafini2019-01-253-2/+41
| | | | | | | Add patch to fix musl TEMP_FAILURE_RETRY error Signed-off-by: Nicolas Serafini <nicolas.serafini@sensefly.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/tor: bump version to 0.3.5.7Bernd Kuhls2019-01-254-136/+87
| | | | | | | | | | Patch rebased and re-formatted with git. Release notes: https://blog.torproject.org/new-releases-tor-0357-03410-and-03311 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* rpi-firmware: bump version to 81cca1a93Christian Stewart2019-01-242-2/+2
| | | | | Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* go: security bump to 1.11.5Christian Stewart2019-01-242-2/+2
| | | | | | | | Go 1.11.5 addresses a reported security issue, CVE-2019-6486. Signed-off-by: Christian Stewart <christian@paral.in> Acked-by: Anisse Astier <anisse@astier.eu> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* tslib: update to 1.19Martin Kepplinger2019-01-242-3/+3
| | | | | | | | For the curious, there's the short changelog summary: https://github.com/kergoth/tslib/releases Signed-off-by: Martin Kepplinger <martink@posteo.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libkcapi: fix build with gcc 8.2.xFabrice Fontaine2019-01-241-0/+54
| | | | | | | | Fixes: - http://autobuild.buildroot.org/results/8355bc42238e885f7f11ed3d9d37fc55ebdead2b Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/iperf: fixed hash to match v2.0.13 archiveMatt Weber2019-01-231-2/+2
| | | | | | | | The iperf project changed the archive after the release without changing the filename of the archive. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* musl: fix hash of license fileFabrice Fontaine2019-01-231-1/+1
| | | | | | | | | | | COPYRIGHT file has been updated between version 1.1.20 and 1.1.21: https://git.musl-libc.org/cgit/musl/commit/COPYRIGHT?id=c50985d5c8e316c5c464f352e79eeebfed1121a9 Fixes: - http://autobuild.buildroot.org/results/8cfa70b906221442c9e6dfd46b64011c987d24bf Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/inadyn: bump version to 2.5Ryan Coe2019-01-232-4/+4
| | | | | Signed-off-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libite: bump version to 2.0.2Ryan Coe2019-01-232-2/+2
| | | | | Signed-off-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud