* [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33
@ 2019-01-15 16:37 Baruch Siach
2019-01-15 16:37 ` [Buildroot] [PATCH 2/3] package/libassuan: bump to version 2.5.2 Baruch Siach
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Baruch Siach @ 2019-01-15 16:37 UTC (permalink / raw)
To: buildroot
The syscfg header name is now based on the target triplet, with the
vendor part set to "unknown". The symlink approach no longer works since
we use "buildroot" for the vendor part. Override the target host
configure parameter to match the build system expectation.
The x86 header vendor part has been renamed to "unknown" as well.
Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libgpg-error/Config.in | 2 +-
package/libgpg-error/libgpg-error.hash | 4 ++--
package/libgpg-error/libgpg-error.mk | 13 +++----------
3 files changed, 6 insertions(+), 13 deletions(-)
diff --git a/package/libgpg-error/Config.in b/package/libgpg-error/Config.in
index 0659a834bf2f..dbb554989e6b 100644
--- a/package/libgpg-error/Config.in
+++ b/package/libgpg-error/Config.in
@@ -48,5 +48,5 @@ config BR2_PACKAGE_LIBGPG_ERROR_SYSCFG
if BR2_sparc
default "sparc64-unknown-linux-gnu" \
if BR2_sparc64
- default "x86_64-pc-linux-gnu" \
+ default "x86_64-unknown-linux-gnu" \
if BR2_x86_64
diff --git a/package/libgpg-error/libgpg-error.hash b/package/libgpg-error/libgpg-error.hash
index 93593b14116e..b18ab7e6b6e8 100644
--- a/package/libgpg-error/libgpg-error.hash
+++ b/package/libgpg-error/libgpg-error.hash
@@ -1,7 +1,7 @@
# Locally calculated after checking pgp signature
-# https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.bz2.sig
+# https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.33.tar.bz2.sig
# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256 c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca libgpg-error-1.32.tar.bz2
+sha256 5d38826656e746c936e7742d9cde072b50baa3c4c49daa168a56813612bf03ff libgpg-error-1.33.tar.bz2
# Locally calculated
sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING
sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LIB
diff --git a/package/libgpg-error/libgpg-error.mk b/package/libgpg-error/libgpg-error.mk
index ef817c7cc689..d26d92fb0555 100644
--- a/package/libgpg-error/libgpg-error.mk
+++ b/package/libgpg-error/libgpg-error.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBGPG_ERROR_VERSION = 1.32
+LIBGPG_ERROR_VERSION = 1.33
LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error
LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2
LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+
@@ -12,14 +12,7 @@ LIBGPG_ERROR_LICENSE_FILES = COPYING COPYING.LIB
LIBGPG_ERROR_INSTALL_STAGING = YES
LIBGPG_ERROR_CONFIG_SCRIPTS = gpg-error-config
LIBGPG_ERROR_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
-
-define LIBGPG_ERROR_FIX_CROSS_COMPILATION
- cd $(@D)/src/syscfg && \
- ln -s lock-obj-pub.$(call qstrip, $(BR2_PACKAGE_LIBGPG_ERROR_SYSCFG)).h \
- lock-obj-pub.$(GNU_TARGET_NAME).h
-endef
-LIBGPG_ERROR_PRE_CONFIGURE_HOOKS += LIBGPG_ERROR_FIX_CROSS_COMPILATION
-
-LIBGPG_ERROR_CONF_OPTS = --disable-tests
+LIBGPG_ERROR_CONF_OPTS = --disable-tests \
+ --host=$(BR2_PACKAGE_LIBGPG_ERROR_SYSCFG)
$(eval $(autotools-package))
--
2.20.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 2/3] package/libassuan: bump to version 2.5.2
2019-01-15 16:37 [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Baruch Siach
@ 2019-01-15 16:37 ` Baruch Siach
2019-01-15 20:34 ` Peter Korsgaard
2019-01-24 19:01 ` Peter Korsgaard
2019-01-15 16:37 ` [Buildroot] [PATCH 3/3] gnupg2: security bump to version 2.2.12 Baruch Siach
` (2 subsequent siblings)
3 siblings, 2 replies; 9+ messages in thread
From: Baruch Siach @ 2019-01-15 16:37 UTC (permalink / raw)
To: buildroot
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libassuan/libassuan.hash | 7 ++++---
package/libassuan/libassuan.mk | 2 +-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/package/libassuan/libassuan.hash b/package/libassuan/libassuan.hash
index 2e80cfa4e11d..4878a692cf64 100644
--- a/package/libassuan/libassuan.hash
+++ b/package/libassuan/libassuan.hash
@@ -1,7 +1,8 @@
# From https://www.gnupg.org/download/integrity_check.html
-sha1 c8432695bf1daa914a92f51e911881ed93d50604 libassuan-2.5.1.tar.bz2
+sha1 fb66bc1e8971d48ac9dbacd1cdaf6487a3e77375 libassuan-2.5.2.tar.bz2
# Locally calculated after checking signature
-# https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig
-sha256 47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449 libassuan-2.5.1.tar.bz2
+# https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.2.tar.bz2.sig
+# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+sha256 986b1bf277e375f7a960450fbb8ffbd45294d06598916ad4ebf79aee0cb788e7 libassuan-2.5.2.tar.bz2
sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LIB
sha256 fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7 COPYING
diff --git a/package/libassuan/libassuan.mk b/package/libassuan/libassuan.mk
index 4dc8f70d1f04..1e4467b36dbd 100644
--- a/package/libassuan/libassuan.mk
+++ b/package/libassuan/libassuan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBASSUAN_VERSION = 2.5.1
+LIBASSUAN_VERSION = 2.5.2
LIBASSUAN_SITE = ftp://ftp.gnupg.org/gcrypt/libassuan
LIBASSUAN_SOURCE = libassuan-$(LIBASSUAN_VERSION).tar.bz2
LIBASSUAN_LICENSE = LGPL-2.1+ (library), GPL-3.0 (tests, doc)
--
2.20.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 3/3] gnupg2: security bump to version 2.2.12
2019-01-15 16:37 [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Baruch Siach
2019-01-15 16:37 ` [Buildroot] [PATCH 2/3] package/libassuan: bump to version 2.5.2 Baruch Siach
@ 2019-01-15 16:37 ` Baruch Siach
2019-01-15 20:34 ` Peter Korsgaard
2019-01-24 19:01 ` Peter Korsgaard
2019-01-15 20:33 ` [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Peter Korsgaard
2019-01-24 19:00 ` Peter Korsgaard
3 siblings, 2 replies; 9+ messages in thread
From: Baruch Siach @ 2019-01-15 16:37 UTC (permalink / raw)
To: buildroot
Fixes CVE-2018-1000858: Cross Site Request Forgery with arbitrary HTTPS
GET requests via HTTP redirect.
https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/gnupg2/gnupg2.hash | 8 ++++----
package/gnupg2/gnupg2.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index a367effcab72..f985e11ad3c3 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,7 +1,7 @@
-# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q3/000428.html
-sha1 3e87504e2ca317718aa9b6299947ebf7e906b54e gnupg-2.2.10.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000433.html
+sha1 2aeccc35ea8034306ff7a1072b84abbaa79619c3 gnupg-2.2.12.tar.bz2
# Calculated based on the hash above and signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2.sig
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.12.tar.bz2.sig
# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256 799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915 gnupg-2.2.10.tar.bz2
+sha256 db030f8b4c98640e91300d36d516f1f4f8fe09514a94ea9fc7411ee1a34082cb gnupg-2.2.12.tar.bz2
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index 64329522d513..9365e960f258 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG2_VERSION = 2.2.10
+GNUPG2_VERSION = 2.2.12
GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG2_LICENSE = GPL-3.0+
--
2.20.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33
2019-01-15 16:37 [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Baruch Siach
2019-01-15 16:37 ` [Buildroot] [PATCH 2/3] package/libassuan: bump to version 2.5.2 Baruch Siach
2019-01-15 16:37 ` [Buildroot] [PATCH 3/3] gnupg2: security bump to version 2.2.12 Baruch Siach
@ 2019-01-15 20:33 ` Peter Korsgaard
2019-01-24 19:00 ` Peter Korsgaard
3 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2019-01-15 20:33 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> The syscfg header name is now based on the target triplet, with the
> vendor part set to "unknown". The symlink approach no longer works since
> we use "buildroot" for the vendor part. Override the target host
> configure parameter to match the build system expectation.
> The x86 header vendor part has been renamed to "unknown" as well.
> Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33
2019-01-15 16:37 [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Baruch Siach
` (2 preceding siblings ...)
2019-01-15 20:33 ` [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Peter Korsgaard
@ 2019-01-24 19:00 ` Peter Korsgaard
3 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2019-01-24 19:00 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> The syscfg header name is now based on the target triplet, with the
> vendor part set to "unknown". The symlink approach no longer works since
> we use "buildroot" for the vendor part. Override the target host
> configure parameter to match the build system expectation.
> The x86 header vendor part has been renamed to "unknown" as well.
> Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2019-01-24 19:01 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-15 16:37 [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Baruch Siach
2019-01-15 16:37 ` [Buildroot] [PATCH 2/3] package/libassuan: bump to version 2.5.2 Baruch Siach
2019-01-15 20:34 ` Peter Korsgaard
2019-01-24 19:01 ` Peter Korsgaard
2019-01-15 16:37 ` [Buildroot] [PATCH 3/3] gnupg2: security bump to version 2.2.12 Baruch Siach
2019-01-15 20:34 ` Peter Korsgaard
2019-01-24 19:01 ` Peter Korsgaard
2019-01-15 20:33 ` [Buildroot] [PATCH 1/3] package/libgpg-error: bump to version 1.33 Peter Korsgaard
2019-01-24 19:00 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox