aboutsummaryrefslogtreecommitdiff
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
...
* package/mender: fix missing /var/libGravatar Angelo Compagnucci2019-02-151-0/+1
| | | | | | | | | | | | | | Mender needs /var/lib directory to be available: on some configurations /var/lib is not available and thus the mender package installation fails. This patch does a mkdir to ensure the /var/lib directory is always available. Fixes: http://autobuild.buildroot.net/results/d2237083a13ab7688dd2b6dc8dbcd4226ed5651a/ Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/qt5/qt5base: handle sse2/sse3/ssse3/sse4.1/sse4.2/avx/avx2 configurationGravatar Peter Seiderer2019-02-151-0/+19
| | | | | | | | | | | | The Qt configure auto detection (and announced runtime detection feature) failes (see e.g. [1]), so override the configuration with the buildroot determined settings. [1] http://lists.busybox.net/pipermail/buildroot/2019-January/241862.html Reported-by: David Picard <dplamp@gmx.com> Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/pulseaudio: fix S50pulseaudio init scriptGravatar Peter Seiderer2019-02-151-2/+9
| | | | | | | | | | | | | | | | - fix the following start warnings: W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set. W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set. N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode. N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time. - fix the following stop error: E: [pulseaudio] main.c: Failed to kill daemon: No such process Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/qwt: needs qt5base gui supportGravatar Peter Seiderer2019-02-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | In commit 3e99c8418af904b14b01455d68c84d7b5afd261f ("package/qwt: remove qt4 support"), the following line was incorrectly dropped: select BR2_PACKAGE_QT5BASE_GUI if BR2_PACKAGE_QT5 Due to this, qt5base can now be configured with widgets enabled but gui disabled, causing the following build issue: ERROR: Feature 'widgets' was enabled, but the pre-condition 'features.gui' failed. Re-introduce the proper select, but slightly simplified since only Qt5 is supported now. Fixes: http://autobuild.buildroot.net/results/c771c2d5aac3e21f908e5a118f3755dbc9301a47 Signed-off-by: Peter Seiderer <ps.report@gmx.net> [Thomas: rework commit log] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libcpprestsdk: disable samplesGravatar Fabrice Fontaine2019-02-151-1/+1
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libv4l: bump version to 1.16.3Gravatar Peter Seiderer2019-02-152-3/+3
| | | | | | | | | Changes since 1.16.2: - Makefile.am: don't use relative paths for include - keytable: do not install bpf protocols decoders with execute permission Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/madplay: add hash for license filesGravatar Fabrice Fontaine2019-02-151-0/+2
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/madplay: needs autoreconfGravatar Fabrice Fontaine2019-02-153-110/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | madplay uses a very old configure script. When the toolchain lacks C++ and the build machine lacks /lib/cpp, this old configure script fails because it can't find a C++ preprocessor that is valid: checking for arm-buildroot-linux-uclibcgnueabi-g++... no checking whether we are using the GNU C++ compiler... no checking whether no accepts -g... no checking dependency style of no... none checking how to run the C++ preprocessor... /lib/cpp configure: error: C++ preprocessor "/lib/cpp" fails sanity check See `config.log' for more details. This is yet another case that was tentatively fixed by bd39d11d2e (core/infra: fix build on toolchain without C++), further amended by 4cd1ab15886 (core: alternate solution to disable C++). However, this only works on libtool scripts that are recent enough, and thus we need to autoreconf to get it. We also need to patch configure.ac so that it does not fail on the missing, GNU-specific files: NEWS, AUTHORS, and Changelog. Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as autoreconf will create an up to date ltmain.sh Fixes: - http://autobuild.buildroot.org/results/fc927de0e9a42095789fb0a631d5facf14076f6e Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/python-django: security bump to version 2.1.7Gravatar Peter Korsgaard2019-02-152-4/+4
| | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. https://docs.djangoproject.com/en/2.1/releases/2.1.6/ 2.1.6 contained a packaging error, fixed by 2.1.7: https://docs.djangoproject.com/en/2.1/releases/2.1.7/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libgpiod: bump version to v1.2.1Gravatar Bartosz Golaszewski2019-02-152-2/+2
| | | | | | | This is a bugfix release fixing two problems with C++ bindings. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/mosquitto: bump to version 1.5.7Gravatar Peter Korsgaard2019-02-144-64/+2
| | | | | | | | Bugfix release, fixing a number of issues discovered post-1.5.6. Drop patches as they are now included upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/qemu: fix build of host-qemu on systems with old kernel headersGravatar Thomas Petazzoni2019-02-141-0/+60
| | | | | | | | | | | | | | | | | Qemu assumes that when <linux/usbdevice_fs.h> is available, it can build its USBFS code. However, some systems have <linux/usbdevice_fs.h>, but it doesn't provide all the definitions that Qemu needs, causing a build failure. In order to fix this, we introduce a Qemu patch that improves the check that determines whether USBFS support should be enabled or not. Fixes: http://autobuild.buildroot.net/results/c4af5505f80e1e6185df70d191e85d9393df5795/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mender: change to use release archiveGravatar Angelo Compagnucci2019-02-142-2/+3
| | | | | | | | Relase archive is distributed with depencies, this prevents the go build system to download them. Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x seriesGravatar Peter Korsgaard2019-02-141-5/+5
| | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/efivar: needs host gcc >= 4.8Gravatar Thomas Petazzoni2019-02-142-4/+9
| | | | | | | | | | | | | | | | | The efivar code compiled for the host machine uses __builtin_bswap16(), which is only available starting from gcc 4.8: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624 So let's add a dependency on host gcc >= 4.8 to efivar and its unique reverse dependency, efibootmgr. Fixes: http://autobuild.buildroot.net/results/48ba906bb6f4dc0c8af43ec11be64f7168dd62fd/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/docker-containerd: fix typo in uclibc dependencyGravatar Thomas Petazzoni2019-02-141-1/+1
| | | | | | | | | | | | | | | | Commit 6e3f7fbc072c88ab344f2ffa39e402464b566f19 ("package/runc: add upstream security fix for CVE-2019-5736") added a dependency of docker-containerd to uclibc (inherited from runc), but the depends on has a typo that makes it ineffective. Due to this, docker-containerd can still be selected in uClibc configurations, causing runc to be build, and failing to build due fexecve() being missing in uClibc. Fixes: http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docker-engine: fix runc version check warningGravatar Christian Stewart2019-02-121-0/+45
| | | | | | | | | | | | Fixes the startup warning from Docker: failed to retrieve runc version: unknown output format: runc version commit ... Introduces a patch to replace the faulty version detection logic in the Docker engine. Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docker-engine: bump to v18.09.2Gravatar Christian Stewart2019-02-122-2/+2
| | | | | Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docker-cli: bump to v18.09.2Gravatar Christian Stewart2019-02-122-2/+2
| | | | | Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* docker-containerd: bump to v1.2.3Gravatar Christian Stewart2019-02-122-2/+2
| | | | | Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mongodb: new packageGravatar Fabrice Fontaine2019-02-125-0/+192
| | | | | | | | | | | | | | | | | | | | | | | Here is the list of the changes compared to the removed mongodb 3.3.4 version: - Remove patch (not applicable anymore) - Add patch (sent upstream) to fix openssl build with gcc 7 and -fpermissive - Remove 32 bits x86 platforms, removed since version 3.4: https://docs.mongodb.com/manual/installation/#supported-platforms - Change license: since October 2018, license is SSPL: - https://www.mongodb.com/community/licensing - https://jira.mongodb.org/browse/SERVER-38767 - gcc must be at least 5.3 so add a dependency on gcc >= 6 - Add a dependency on host-python-xxx modules: https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md - Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib instead of embedded mongodb ones - Add hash for license files Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Tested-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-typing: add host variantGravatar Fabrice Fontaine2019-02-121-0/+1
| | | | | | | host-python-typing is needed for mongodb 4.0.6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/python-pyyaml: add host variantGravatar Fabrice Fontaine2019-02-121-0/+2
| | | | | | | | host-python-pyyaml is needed for mongodb 4.0.6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Peter: s/HOST_PYTHON/HOST_PYTHON_PYYAML/] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libyaml: add host variantGravatar Fabrice Fontaine2019-02-121-0/+1
| | | | | | | host-libyaml is needed for host-python-pyyaml Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/runc: add upstream security fix for CVE-2019-5736Gravatar Peter Korsgaard2019-02-124-6/+347
| | | | | | | | | | | | | | | | | | | | | | | The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root within a container in either of these contexts: * Creating a new container using an attacker-controlled image. * Attaching (docker exec) into an existing container which the attacker had previous write access to. For more details, see the advisory: https://www.openwall.com/lists/oss-security/2019/02/11/2 The fix for this issue uses fexecve(3), which isn't available on uClibc, so add a dependency on !uclibc to runc and propagate to the reverse dependencies (containerd/docker-engine). Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ghostscript: add upstream security fixesGravatar Baruch Siach2019-02-126-0/+1715
| | | | | | | | | | CVE-2019-6116: Remote code execution. https://www.openwall.com/lists/oss-security/2019/01/23/5 Cc: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libarchive: add upstream security fixesGravatar Baruch Siach2019-02-122-0/+124
| | | | | | | | | | CVE-2019-1000019: Crash when parsing some 7zip archives. CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause read_CE() to loop forever. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sqlcipher: force libopensslGravatar Matt Weber2019-02-121-0/+1
| | | | | | | | | | | | | | v3.2.0 has a bug in the configure step which causes it to fail when being built against libressl. As libopenssl is selected as the default, the autobuilders have not uncovered this failure. The issue has been confirmed in LTS 2018.02.10 (probably broken prior to that as well) and is not related to the Openssl bump to 1.1.x. Thread with more details http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/jpeg-turbo: add upstream security fixesGravatar Baruch Siach2019-02-122-0/+90
| | | | | | | | | | | | | CVE-2018-20330: Integer overflow causing segfault occurred when attempting to load a BMP file with more than 1 billion pixels using the `tjLoadImage()` function. CVE-2018-19664: Buffer overrun occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. Cc: Murat Demirten <mdemirten@yh.com.tr> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: add upstream security fixesGravatar Baruch Siach2019-02-122-0/+461
| | | | | | | | | | | | | | | | | | | | CVE-2019-6109: Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6111: Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libva-utils: fix build failure when x11 support is disabledGravatar Bernd Kuhls2019-02-112-0/+34
| | | | | | | | Fixes http://autobuild.buildroot.net/results/2f8/2f89e41f79e8bec1c0561b486ae5750fc87a6320/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/sg3_utils: ensure to build against librt when neededGravatar Thomas Petazzoni2019-02-112-1/+30
| | | | | | | | | | | | | | | The sg3_utils has provisions to build against librt when needed, but forgot to use that mechanism for the sg_turs program. This commit fixes that. The patch has been submitted upstream to the sg3_utils author. Fixes: http://autobuild.buildroot.net/results/67b890a41d05497820ea4f44e187257dd6818b0b/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libupnp18: fix static linking with mpdGravatar Fabrice Fontaine2019-02-112-1/+53
| | | | | | | | | | | | | - Add a call to PKG_CHECK_MODULES in configure.ac to get openssl libraries and its dependencies if openssl support is enabled - Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with pupnp (such as mpd) will be able to retrieve openssl libraries Fixes: - http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/sqlcipher: add OpenSSL 1.1.x compatibilityGravatar Matt Weber2019-02-113-0/+187
| | | | | | | | Fixes http://autobuild.buildroot.net/results/5e2/5e2c3178d8a6e11b1af1c37144737097730ba222/ Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/opentracing-cpp: needs dynamic library supportGravatar Thomas De Schampheleire2019-02-111-2/+4
| | | | | | | | | | | | opentracing-cpp requires dlfcn.h from src/dynamic_load_unix.cpp. This file is compiled unconditionally. Disable opentracing-cpp on BR2_STATIC_LIBS configurations. Fixes: http://autobuild.buildroot.net/results/454173aef9ff7c808294a974088d7682cad240a8/ Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/brcm-patchram-plus: bump to version ↵Gravatar Fabrice Fontaine2019-02-113-68/+4
| | | | | | | | | | | 95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042 - Remove patch (already in version) - Use COPYING as license file as COPYING has been fixed by: https://github.com/AsteroidOS/brcm-patchram-plus/commit/95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/googlefontdirectory: better solution to avoid check-package warningGravatar Yann E. MORIN2019-02-111-5/+4
| | | | | | | | | | Rather than tell check-package to ignore a false-positive issue, just avoid the issue to begin with, by using an intermediate variable to construct the list of licenses. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/brcm-patchram-plus: fix license file hashGravatar Thomas Petazzoni2019-02-101-1/+1
| | | | | | | | | | | | | | | | Commit 684bcc45e52a8300a2115799e96017b180695a14 ("package/brcm-patchram-plus: fix build on sparc") added a patch that modifies the src/main.c file, without paying attention to the fact that this file is used as the license file for the package, and therefore the .hash had to be updated at the same time. This commit updates the license file hash as needed. There are obviously no licensing related changes in the SPARC build fixes. Fixes: http://autobuild.buildroot.net/results/083ce1c3100b10e40480e6330ce0c29dde51f5e0/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/systemd: add optional bash-completion dependencyGravatar Fabrice Fontaine2019-02-101-0/+1
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/systemd: add optional cryptsetup dependencyGravatar Fabrice Fontaine2019-02-101-1/+7
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/systemd: add optional valgrind dependencyGravatar Fabrice Fontaine2019-02-101-0/+7
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/clamav: needs wcharGravatar Bernd Kuhls2019-02-101-2/+4
| | | | | | | | Fixes http://autobuild.buildroot.net/results/77c/77cd536a0fab78eabe27e055d28db2da354008d7/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/{mesa3d, mesa3d-headers}: bump version to 18.3.3Gravatar Bernd Kuhls2019-02-103-7/+7
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libva-utils: bump version to 2.4.0Gravatar Bernd Kuhls2019-02-103-124/+5
| | | | | | | | Removed patch 0002, applied upstream. Follow upstream switch of release tarball to bz2 and new location. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/gst1-shark: select BR2_PACKAGE_GSTREAMER1_GST_DEBUGGravatar Chris Packham2019-02-101-0/+1
| | | | | | | | | | | | | gst-shark needs gstreamer to be compiled with debugging support enabled. Make this selection automatically when the gst-shark package is selected. Fixes: - http://autobuild.buildroot.net/results/09b894b0775df2dd87d8fb2d53c6a243d8668aba/ - and many more Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/webkitgtk: security bump to version 2.22.6Gravatar Adrian Perez de Castro2019-02-102-5/+5
| | | | | | | | | | | | | | | | | | | | This is a maintenance release of the current stable WebKitGTK+ version, which contains security fixes for CVE identifiers: CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234. Additionally, it contains a few minor fixes. Release notes can be found in the announcement: https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html More details on the issues covered by securit fixes can be found in the corresponding security advisory: https://webkitgtk.org/security/WSA-2019-0001.html Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libopenssl: add runtime fixes for torGravatar Bernd Kuhls2019-02-102-0/+488
| | | | | | | For details see https://bugs.archlinux.org/task/61623 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/mosquitto: security bump to version 1.5.6Gravatar Peter Korsgaard2019-02-104-2/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: CVE-2018-12551: If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. Affects version 1.0 to 1.5.5 inclusive. CVE-2018-12550: If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. Affects versions 1.0 to 1.5.5 inclusive. CVE-2018-12546: If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option check_retain_source has been introduced to enforce checking of the retained message source on publish. Add two upstream post-1.5.6 patches to fix a build error in the bridge code when ADNS is enabled and when building with older toolchains not defaulting to C99 mode. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/php: security bump to version 7.3.2Gravatar Bernd Kuhls2019-02-103-10/+30
| | | | | | | | | | Rebased patch 0004. This bump fixes https://bugs.php.net/bug.php?id=77369, status of CVE-ID: needed Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/xenomai: move arch restriction to Cobalt core, no restriction for ↵Gravatar Thomas De Schampheleire2019-02-091-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Mercury Xenomai has two mutually exclusive cores: - Cobalt: dual-kernel approach: patched kernel + userland - Mercury: only userland In the Cobalt core, not all architectures are supported. This is the source of the existing ARCH_SUPPORTS variable. In the Mercury core, there is no imposed architecture restriction. Rename the XENOMAI_ARCH_SUPPORTS flag to XENOMAI_COBALT_ARCH_SUPPORTS and move its check from the Xenomai package to the Cobalt core. Nevertheless, even for Mercury, there are some restrictions: - pthread_atfork is used, which requires an MMU - sync functions like __sync_sub_and_fetch and __sync_add_and_fetch are expected. As the corresponding 'linux extension' selects Xenomai, we add the MMU and sync dependencies there too. They may or may not already be covered by XENOMAI_COBALT_ARCH_SUPPORTS flag. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>