buildroot.git
3 years agopackage/terminology: add TERMINOLOGY_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:17:02 +0000 (12:17 +0200)]
package/terminology: add TERMINOLOGY_CPE_ID_VENDOR

cpe:2.3:a:enlightenment:terminology is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aterminology

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libidn: add LIBIDN_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:52:01 +0000 (10:52 +0200)]
package/libidn: add LIBIDN_CPE_ID_VENDOR

cpe:2.3:a:gnu:libidn is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libidn2: add LIBIDN2_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:50:22 +0000 (10:50 +0200)]
package/libidn2: add LIBIDN2_CPE_ID_VENDOR

cpe:2.3:a:gnu:libidn2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tinyproxy: add TINYPROXY_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:44:53 +0000 (10:44 +0200)]
package/tinyproxy: add TINYPROXY_CPE_ID_VENDOR

cpe:2.3:a:tinyproxy_project:tinyproxy is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyproxy_project%3Atinyproxy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tinyxml2: add TINYXML2_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:36:41 +0000 (10:36 +0200)]
package/tinyxml2: add TINYXML2_CPE_ID_VENDOR

cpe:2.3:a:tinyxml2_project:tinyxml2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyxml2_project%3Atinyxml2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tini: add TINI_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:32:57 +0000 (10:32 +0200)]
package/tini: add TINI_CPE_ID_VENDOR

cpe:2.3:a:tini_project:tini is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atini_project%3Atini

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tclap: add TCLAP_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:20:22 +0000 (10:20 +0200)]
package/tclap: add TCLAP_CPE_ID_VENDOR

cpe:2.3:a:tclap_project:tclap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atclap_project%3Atclap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/thermald: add THERMALD_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:12:52 +0000 (10:12 +0200)]
package/thermald: add THERMALD_CPE_ID_VENDOR

cpe:2.3:a:intel:thermald is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aintel%3Athermald

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/taglib: add TAGLIB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 22:05:10 +0000 (00:05 +0200)]
package/taglib: add TAGLIB_CPE_ID_VENDOR

cpe:2.3:a:taglib:taglib is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ataglib%3Ataglib

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qpdf: add QPDF_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 21:54:06 +0000 (23:54 +0200)]
package/qpdf: add QPDF_CPE_ID_VENDOR

cpe:2.3:a:qpdf_project:qpdf is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aqpdf_project%3Aqpdf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mesa3d{,-headers}: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 21:41:42 +0000 (23:41 +0200)]
package/mesa3d{,-headers}: add CPE variables

cpe:2.3:a:mesa3d:mesa is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amesa3d%3Amesa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add to mesa3d-headers too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: add LVM2_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 21:36:06 +0000 (23:36 +0200)]
package/lvm2: add LVM2_CPE_ID_VENDOR

cpe:2.3:a:redhat:lvm2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Alvm2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: add column reporting ignored CVEs
Matt Weber [Thu, 22 Apr 2021 19:45:57 +0000 (14:45 -0500)]
support/scripts/pkg-stats: add column reporting ignored CVEs

When doing analysis it is helpful to be able to view what CVE have
been patched / diagnosed to not apply to Buildroot. This exposes
that list to the reporting and prevents a step where you have to
dig into the .mk's of a pkg to check for sure what has been
ignored.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: only set background if there are ignored CVEs]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: add CPE searching links
Matt Weber [Thu, 22 Apr 2021 19:45:56 +0000 (14:45 -0500)]
support/scripts/pkg-stats: add CPE searching links

For cases of a CPE having a unknown version or when there hasn't
been a CPE verified, proposed a search criteria to help the
user research an update.

(libcurl has NIST dict entries but not this version)
  cpe:2.3:a:haxx:libcurl:7.76.1:*:*:*:*:*:*:*
  CPE identifier unknown in CPE database (Search)

(jitterentropy-library package doesn't have any NIST dict entries)
  no verified CPE identifier (Search)

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: fix flake8 issues]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: add new missing-cpe target
Thomas Petazzoni [Sun, 31 Jan 2021 13:38:18 +0000 (14:38 +0100)]
Makefile: add new missing-cpe target

It invokes the recently introduced gen-missing-cpe script.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/gen-missing-cpe: add new script
Matt Weber [Sun, 31 Jan 2021 13:38:17 +0000 (14:38 +0100)]
support/scripts/gen-missing-cpe: add new script

This script queries the list of CPE IDs for the packages of the
current configuration (based on the "make show-info" output), and:

 - for CPE IDs that do not have any matching entry in the CPE
   database, it emits a warning

 - for CPE IDs that do have a matching entry, but not with the same
   version, it generates a snippet of XML that can be used to propose
   an updated version to NIST.

Ref: NIST has a group email (cpe_dictionary@nist.gov) used to
recieve these version update and new entry xml files.  They do
process the XML and provide feedback. In some cases they will
propose back something different where the vendor or version is
slightly different.

Limitations
 - Currently any use of non-number version identifiers isn't
   supported by NIST as they use ranges to determine impact
   of a CVE
 - Any Linux version from a non-upstream is also not supported
   without manually adjusting the information as the custom
   kernel will more then likely not match the upstream version
   used in the dictionary

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - codestyles as spotted by Arnout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jquery-validation: security bump to version 1.19.3
Fabrice Fontaine [Sun, 16 May 2021 09:34:22 +0000 (11:34 +0200)]
package/jquery-validation: security bump to version 1.19.3

Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).

Update hash of README.md due to changes not related to license

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jquery-validation: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 09:34:21 +0000 (11:34 +0200)]
package/jquery-validation: add CPE variables

cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bullet: needs wchar
Fabrice Fontaine [Fri, 14 May 2021 21:18:01 +0000 (23:18 +0200)]
package/bullet: needs wchar

bullet needs wchar since bump to version 3.09 in commit
28b4947ed8f53c4edfbf8fef9304dc76480c01ca:

/home/giuliobenetti/autobuild/run/instance-0/output-1/build/bullet-3.09/examples/ThirdPartyLibs/Gwen/Structures.h:42:14: error: 'wstring' in namespace 'std' does not name a type
   42 | typedef std::wstring UnicodeString;
      |              ^~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/2b1158970fc45e9ebd4be4d726352166ed417a1f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoRevert "package/libbluray: add optional support for libudfread"
Yann E. MORIN [Sun, 16 May 2021 09:14:29 +0000 (11:14 +0200)]
Revert "package/libbluray: add optional support for libudfread"

This reverts commit 7aa9b9041d29547114d29f963d567fe421cccb1b.

libbluray before 1.3.0 does not properly detect libudfread, because it
checks for the incorrect name (it asks pkg-config for udfread instead of
libudfread). So, even with the dependency, it would miss it.

Reported-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libbluray: add optional support for libudfread
Bernd Kuhls [Sat, 15 May 2021 07:01:41 +0000 (09:01 +0200)]
package/libbluray: add optional support for libudfread

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years ago{linux, linux-headers}: bump 5.{4, 10, 11, 12}.x series
Peter Korsgaard [Sat, 15 May 2021 12:09:22 +0000 (14:09 +0200)]
{linux, linux-headers}: bump 5.{4, 10, 11, 12}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/dmalloc: fix static build
Fabrice Fontaine [Sat, 15 May 2021 15:17:30 +0000 (17:17 +0200)]
package/dmalloc: fix static build

Build of dmalloc is broken since commit
19ec872f169a851b48ba04d22432b7c0939847d4 because --enable-shlib is
unconditionally set

Fixes:
 - http://autobuild.buildroot.org/results/62c9c6aebca60649bd6f635125507bf10d63fc05

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/openssh: security bump to version 8.6p1
Fabrice Fontaine [Sat, 15 May 2021 12:10:35 +0000 (14:10 +0200)]
package/openssh: security bump to version 8.6p1

Security
========

 * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
   option was enabled with a set of patterns that activated logging
   in code that runs in the low-privilege sandboxed sshd process, the
   log messages were constructed in such a way that printf(3) format
   strings could effectively be specified the low-privilege code.

   An attacker who had sucessfully exploited the low-privilege
   process could use this to escape OpenSSH's sandboxing and attack
   the high-privilege process. Exploitation of this weakness is
   highly unlikely in practice as the LogVerbose option is not
   enabled by default and is typically only used for debugging. No
   vulnerabilities in the low-privilege process are currently known
   to exist.

https://www.openssh.com/txt/release-8.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboard/qemu/s390x: disable SSP when needed
Fabrice Fontaine [Sun, 9 May 2021 13:06:34 +0000 (15:06 +0200)]
board/qemu/s390x: disable SSP when needed

Fix build failure raised since commit
810ba387bec3c5b6904e8893fb4cb6f9d3717466 by disabling SSP when needed

Fixes:
 - https://gitlab.com/kubu93/buildroot/-/jobs/1247043361

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mender-grubenv: fix installing on non-efi platforms
Adam Duskett [Thu, 13 May 2021 02:00:52 +0000 (19:00 -0700)]
package/mender-grubenv: fix installing on non-efi platforms

Currently, mender-grubenv unconditionally installs files from the
$(TARGET_DIR)/boot/EFI directory to the $(BINARIES_DIR)/efi-part.
This fails on systems that are not building grub against EFI.

Add a check in mender-grubenv.mk to ensure the files are copied to the correct
location if EFI is not selected.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/refpolicy: fix REFPOLICY_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 11:25:27 +0000 (13:25 +0200)]
package/refpolicy: fix REFPOLICY_CPE_ID_VENDOR

cpe:2.3:a:selinuxproject:refpolicy is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aselinuxproject%3Arefpolicy

Indeed, cpe:2.3:a:tresys:refpolicy has been deprecated since April 21th:

  <cpe-item name="cpe:/a:tresys:refpolicy:2.20180701" deprecated="true" deprecation_date="2021-04-21T16:55:43.710Z">
    <title xml:lang="en-US">Tresys refpolicy 2.20180701</title>
      <reference href="https://github.com/TresysTechnology/refpolicy">Product</reference>
    <cpe-23:cpe23-item name="cpe:2.3:a:tresys:refpolicy:2.20180701:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3:a:selinuxproject:refpolicy:2.20180701:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-autobahn: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 11:48:12 +0000 (13:48 +0200)]
package/python-autobahn: add CPE variables

cpe:2.3:a:crossbar:autobahn is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acrossbar%3Aautobahn

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-tqdm: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 11:34:56 +0000 (13:34 +0200)]
package/python-tqdm: add CPE variables

cpe:2.3:a:tqdm_project:tqdm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atqdm_project%3Atqdm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-requests: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 10:33:55 +0000 (12:33 +0200)]
package/python-requests: add CPE variables

cpe:2.3:a:python:requests is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Arequests

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 10:24:06 +0000 (12:24 +0200)]
package/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDOR

cpe:2.3:a:python-engineio_project:python-engineio is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-engineio_project%3Apython-engineio

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-keyring: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 10:08:48 +0000 (12:08 +0200)]
package/python-keyring: add CPE variables

cpe:2.3:a:python:keyring is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Akeyring

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gstreamer1: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:54:25 +0000 (11:54 +0200)]
package/gstreamer1/gstreamer1: add CPE variables

cpe:2.3:a:gstreamer_project:gstreamer is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agstreamer

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gst1-rtsp-server: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:11:18 +0000 (11:11 +0200)]
package/gstreamer1/gst1-rtsp-server: add CPE variables

cpe:2.3:a:gstreamer_project:gst-rtsp-server is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agst-rtsp-server

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gst1-plugins-bad: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:01:47 +0000 (11:01 +0200)]
package/gstreamer1/gst1-plugins-bad: add CPE variables

cpe:2.3:a:freedesktop:gst-plugins-bad is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Agst-plugins-bad

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/udisks: add UDISKS_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 08:54:38 +0000 (10:54 +0200)]
package/udisks: add UDISKS_CPE_ID_VENDOR

cpe:2.3:a:freedesktop:udisks is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Audisks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/beaglev: enable host jh71xx-tools
Thomas Petazzoni [Fri, 14 May 2021 22:03:16 +0000 (00:03 +0200)]
configs/beaglev: enable host jh71xx-tools

This host utility is useful to recover the bootloader.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jh71xx-tools: new package
Thomas Petazzoni [Fri, 14 May 2021 22:03:15 +0000 (00:03 +0200)]
package/jh71xx-tools: new package

Add jh71xx-tools as a new host package, it includes a tool that allows
to recover the bootloader of JH71xx-based platforms, such as the
BeagleV.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
  - fix alphabetical order, spotted by Bin
  - use LICENSE as license file, update license hash accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/libxcb: add LIBXCB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 08:34:53 +0000 (10:34 +0200)]
package/x11r7/libxcb: add LIBXCB_CPE_ID_VENDOR

cpe:2.3:a:x:libxcb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libdmx: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:29:43 +0000 (10:29 +0200)]
package/x11r7/xlib_libdmx: add CPE variables

cpe:2.3:a:x:libdmx is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibdmx

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXxf86vm: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:26:04 +0000 (10:26 +0200)]
package/x11r7/xlib_libXxf86vm: add CPE variables

cpe:2.3:a:x:libxxf86vm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86vm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXxf86dga: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:23:04 +0000 (10:23 +0200)]
package/x11r7/xlib_libXxf86dga: add CPE variables

cpe:2.3:a:x:libxxf86dga is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86dga

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/libXres: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:21:47 +0000 (00:21 +0200)]
package/x11r7/libXres: add CPE variables

cpe:2.3:a:x:libxres is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxres

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXpm: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:17:31 +0000 (00:17 +0200)]
package/x11r7/xlib_libXpm: add CPE variables

cpe:2.3:a:libxpm_project:libxpm is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibxpm_project%3Alibxpm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libFS: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:11:14 +0000 (00:11 +0200)]
package/x11r7/xlib_libFS: add CPE variables

cpe:2.3:a:x:libfs is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibfs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libICE: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:06:16 +0000 (00:06 +0200)]
package/x11r7/xlib_libICE: add CPE variables

cpe:2.3:a:freedesktop:libice is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Alibice

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXt: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:02:12 +0000 (00:02 +0200)]
package/x11r7/xlib_libXt: add CPE variables

cpe:2.3:a:x:libxt is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXtst: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:59:20 +0000 (23:59 +0200)]
package/x11r7/xlib_libXtst: add CPE variables

cpe:2.3:a:x:libxtst is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxtst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXcursor: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:55:18 +0000 (23:55 +0200)]
package/x11r7/xlib_libXcursor: add CPE variables

cpe:2.3:a:x:libxcursor is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcursor

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXdmcp: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:51:32 +0000 (23:51 +0200)]
package/x11r7/xlib_libXdmcp: add CPE variables

cpe:2.3:a:x.org:libxdmcp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxdmcp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXext: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:48:12 +0000 (23:48 +0200)]
package/x11r7/xlib_libXext: add CPE variables

cpe:2.3:a:x:libxext is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxext

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXfixes: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:44:44 +0000 (23:44 +0200)]
package/x11r7/xlib_libXfixes: add CPE variables

cpe:2.3:a:x:libxfixes is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfixes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXinerama: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:41:11 +0000 (23:41 +0200)]
package/x11r7/xlib_libXinerama: add CPE variables

cpe:2.3:a:x:libxinerama is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxinerama

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXfont2: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:35:13 +0000 (23:35 +0200)]
package/x11r7/xlib_libXfont2: add CPE variables

cpe:2.3:a:x:libxfont is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfont

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/localedef: fix host gcc-11.x compile
Peter Seiderer [Fri, 14 May 2021 17:54:29 +0000 (19:54 +0200)]
package/localedef: fix host gcc-11.x compile

Add two upstream patches fixing host gcc-11.x compile.

Fixes:

  - https://bugs.busybox.net/show_bug.cgi?id=13806

  In file included from ../include/pthread.h:1,
                   from ../sysdeps/nptl/thread_db.h:25,
                   from ../nptl/descr.h:32,
                   from ../sysdeps/x86_64/nptl/tls.h:130,
                   from ../sysdeps/generic/libc-tsd.h:44,
                   from ./localeinfo.h:224,
                   from programs/ld-ctype.c:37:
  ../sysdeps/nptl/pthread.h:734:47: error: argument 1 of type ‘struct __jmp_buf_tag *’ declared as a pointer [-Werror=array-parameter=]
    734 | extern int __sigsetjmp (struct __jmp_buf_tag *__env, int __savemask) __THROWNL;
        |                         ~~~~~~~~~~~~~~~~~~~~~~^~~~~
  In file included from ../include/setjmp.h:2,
                   from ../nptl/descr.h:24,
                   from ../sysdeps/x86_64/nptl/tls.h:130,
                   from ../sysdeps/generic/libc-tsd.h:44,
                   from ./localeinfo.h:224,
                   from programs/ld-ctype.c:37:
  ../setjmp/setjmp.h:54:46: note: previously declared as an array ‘struct __jmp_buf_tag[1]’
     54 | extern int __sigsetjmp (struct __jmp_buf_tag __env[1], int __savemask) __THROWNL;
        |                         ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libxslt: fix build with latest libxml2
Fabrice Fontaine [Fri, 14 May 2021 20:28:38 +0000 (22:28 +0200)]
package/libxslt: fix build with latest libxml2

Build is broken since bump of libxml2 to version 2.9.11 in commit
a241dcec4188dbf30fbc8b65d7e6f2ece9da3d04 because libxslt calls the
following command "${XML_CONFIG} --libs print" which will return an
error code since
https://github.com/GNOME/libxml2/commit/2a357ab99e6f5c9196384b11cd91dd993f93014c

Fixes:
 - http://autobuild.buildroot.org/results/47ceb8c24c9ead8a450b7fea3266f760d6b77b4f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/prosody: security bump to version 0.11.9
Peter Korsgaard [Fri, 14 May 2021 09:43:09 +0000 (11:43 +0200)]
package/prosody: security bump to version 0.11.9

Fixes the following security issues:

- CVE-2021-32918: DoS via insufficient memory consumption controls

  It was discovered that default settings leave Prosody susceptible to
  remote unauthenticated denial-of-service (DoS) attacks via memory
  exhaustion when running under Lua 5.2 or Lua 5.3.  Lua 5.2 is the default
  and recommended Lua version for Prosody 0.11.x series.

- CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU
  consumption

  It was discovered that Prosody does not disable SSL/TLS renegotiation,
  even though this is not used in XMPP.  A malicious client may flood a
  connection with renegotiation requests to consume excessive CPU resources
  on the server.

- CVE-2021-32921: Use of timing-dependent string comparison with sensitive
  values

  It was discovered that Prosody does not use a constant-time algorithm for
  comparing certain secret strings when running under Lua 5.2 or later.
  This can potentially be used in a timing attack to reveal the contents of
  secret strings to an attacker.

- CVE-2021-32917: Use of mod_proxy65 is unrestricted in default
  configuration

  mod_proxy65 is a file transfer proxy provided with Prosody to facilitate
  the transfer of files and other data between XMPP clients.

  It was discovered that the proxy65 component of Prosody allows open access
  by default, even if neither of the users have an XMPP account on the local
  server, allowing unrestricted use of the server’s bandwidth.

- CVE-2021-32919: Undocumented dialback-without-dialback option insecure

  The undocumented option ‘dialback_without_dialback’ enabled an
  experimental feature for server-to-server authentication.  A flaw in this
  feature meant it did not correctly authenticate remote servers, allowing a
  remote server to impersonate another server when this option is enabled.

For more details, see the advisory:
https://prosody.im/security/advisory_20210512/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agotest_docker_compose.py: Test the volume mount feature
Peter Korsgaard [Thu, 13 May 2021 21:03:53 +0000 (23:03 +0200)]
test_docker_compose.py: Test the volume mount feature

Extend docker_compose_test() to expose /bin on the host to the container
through a volume mount and verify that /bin/busybox can be downloaded and
contains the right data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agotest_docker_compose.py: Test the port publish feature
Peter Korsgaard [Thu, 13 May 2021 21:03:52 +0000 (23:03 +0200)]
test_docker_compose.py: Test the port publish feature

Extend docker_test() to expose a random (8888) port to verify that doesn't
fail, and extend the docker-compose test to run the busybox httpd in the
background, expose that as port 80 and verify that /etc/resolv.conf could be
fetched by wget.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/docker-engine: fix port forwarding for hosts without IPv6
Peter Korsgaard [Thu, 13 May 2021 21:03:51 +0000 (23:03 +0200)]
package/docker-engine: fix port forwarding for hosts without IPv6

docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
support:

docker: Error response from daemon: driver failed programming external
connectivity on endpoint naughty_moore
(038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
starting userland proxy: listen tcp6 [::]:80: socket: address family not
supported by protocol.

Add a libnetwork patch from an upstream pull request to fix this, after
adjusting the patch to apply to docker-engine (which has libnetwork vendored
under vendor/github.com/docker/libnetwork):

- https://github.com/moby/libnetwork/pull/2635,
- https://github.com/moby/moby/pull/42322

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/live555: security bump to version 2021.05.03
Fabrice Fontaine [Fri, 14 May 2021 20:08:26 +0000 (22:08 +0200)]
package/live555: security bump to version 2021.05.03

Fix CVE-2021-28899: Vulnerability in the
AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession,
and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession
subclasses in Networks LIVE555 Streaming Media before 2021.3.16.

http://live555.com/liveMedia/public/changelog.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libxml2: bump to version 2.9.12
Fabrice Fontaine [Fri, 14 May 2021 19:52:34 +0000 (21:52 +0200)]
package/libxml2: bump to version 2.9.12

Brown-paper bag release:
https://github.com/GNOME/libxml2/commit/b48e77cf4f6fa0792c5f4b639707a2b0675e461b

Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoDEVELOPERS: add package/bitcoin for Dick Olsson
Dick Olsson [Fri, 14 May 2021 12:55:21 +0000 (12:55 +0000)]
DEVELOPERS: add package/bitcoin for Dick Olsson

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoDEVELOPERS: add myself for bitcoin
Bernd Kuhls [Fri, 14 May 2021 07:51:30 +0000 (09:51 +0200)]
DEVELOPERS: add myself for bitcoin

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoipackage/modem-manager: bump version to 1.16.4
Petr Vorel [Thu, 29 Apr 2021 19:08:20 +0000 (21:08 +0200)]
ipackage/modem-manager: bump version to 1.16.4

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/opentyrian: switch to using github
Yann E. MORIN [Thu, 29 Apr 2021 19:53:24 +0000 (21:53 +0200)]
package/opentyrian: switch to using github

OpenTyrian was previously managed in a Mercurial repository hosted on
Bitbucket. Mid-2020, Bitbucket shut off all its Mercurial repositories:
    https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket

Since then, OpenTyrian's source code is inacessible, but we have had no
build failure associated as there is an old archive hosted on s.b.o, so
that all builds fallback to downloading that:
    http://sources.buildroot.net/opentyrian/opentyrian-9c9f0ec3532b.tar.gz

However, the project has been revived (kinda) on github:
    https://github.com/opentyrian/opentyrian

Git commit cf5dbeb69eebd9ef9afc4473088d9469b79589eb has been found to
be the closest, both in content and date, to the Mercuail reference
9c9f0ec3532b we were using. The only deltas are in Mercurial-specific
files:

 b/.hg_archival.txt |    5     0     5     0 -----
 b/.hgtags          |    2     1     1     0 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

While at it, add a hash file.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/postgis: fix comment dependencies (binutils-bug-21464, binutils-bug-27597)
Peter Seiderer [Sun, 2 May 2021 14:40:48 +0000 (16:40 +0200)]
package/postgis: fix comment dependencies (binutils-bug-21464, binutils-bug-27597)

The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libgeos: fix comment dependencies (binutils-bug-12464, binutils-bug-27597)
Peter Seiderer [Sun, 2 May 2021 14:40:47 +0000 (16:40 +0200)]
package/libgeos: fix comment dependencies (binutils-bug-12464, binutils-bug-27597)

The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agosupport/testing: remove TestPythonPy2Colorzero
Romain Naour [Thu, 13 May 2021 14:37:31 +0000 (16:37 +0200)]
support/testing: remove TestPythonPy2Colorzero

The python2 support has been removed since the python-colorzero bump version to 2.0.

[1] 73bf3292e16b9419c5c88d10e9755d7208ca3623

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agosupport/testing: remove TestPythonPy2Gpiozero
Romain Naour [Thu, 13 May 2021 14:34:31 +0000 (16:34 +0200)]
support/testing: remove TestPythonPy2Gpiozero

The python2 support has been removed since the python-colorzero bump version to 2.0.

Remove the gpiozero test with python2

[1] 73bf3292e16b9419c5c88d10e9755d7208ca3623

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libxml2: security bump to version 2.9.11
Adrian Perez de Castro [Thu, 13 May 2021 15:18:50 +0000 (18:18 +0300)]
package/libxml2: security bump to version 2.9.11

Update libxml2 to version 2.9.11, which incorporates all the patches
carried by Buildroot (which are hence removed), and includes fixes for
CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2021-3541 (at
least), as per

  https://gitlab.gnome.org/GNOME/libxml2/-/issues/186#note_1104945

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/postgresql: security bump version to 13.3
Bernd Kuhls [Fri, 14 May 2021 05:59:45 +0000 (07:59 +0200)]
package/postgresql: security bump version to 13.3

Fixes CVE-2021-32027, CVE-2021-32028 & CVE-2021-32029:
https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoboot/opensbi: only check/reference COPYING.BSD when _LATEST_VERSION is used
Peter Korsgaard [Wed, 12 May 2021 08:41:03 +0000 (10:41 +0200)]
boot/opensbi: only check/reference COPYING.BSD when _LATEST_VERSION is used

With the addition of support for custom opensbi version in commit
5c7166d387b (boot/opensbi: add support for version configuration), we can no
longer be sure that the license file name / hash will be correct in all
cases, so only specify COPYING.BSD when _LATEST_VERSION is used, similar to
how we do it for the Linux kernel.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoboot/opensbi: move patches to 0.9/ subdir to only apply when the 0.9 version is selected
Peter Korsgaard [Wed, 12 May 2021 08:41:02 +0000 (10:41 +0200)]
boot/opensbi: move patches to 0.9/ subdir to only apply when the 0.9 version is selected

With the addition of support for custom opensbi version in commit
5c7166d387b (boot/opensbi: add support for version configuration), we can no
longer be sure that the Buildroot patches can be applied - So move them to a
0.9 subdir to ensure they are only applied when the _LATEST_VERSION is used.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rt-tests: add patch to fix compatibility with make 3.81
Peter Korsgaard [Wed, 12 May 2021 07:41:04 +0000 (09:41 +0200)]
package/rt-tests: add patch to fix compatibility with make 3.81

Fixes:
http://autobuild.buildroot.net/results/cf7c4f360f5464c700788cc8299fd086544c80e8/build-end.log

Older GNU make versions don't like the explicit undefine.  It isn't really
needed as ifdef handles undefined and defined-to-the-empty-string the same
way, so just drop the undefine logic.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/bitcoin: security bump to version 0.21.1
Fabrice Fontaine [Wed, 12 May 2021 21:21:20 +0000 (23:21 +0200)]
package/bitcoin: security bump to version 0.21.1

Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/vlc: security bump version to 3.0.14
Bernd Kuhls [Thu, 13 May 2021 07:04:31 +0000 (09:04 +0200)]
package/vlc: security bump version to 3.0.14

Removed patch 0002 which was applied upstream:
https://code.videolan.org/videolan/vlc/-/commit/41caaa08cde60c4fec4bf2e5f9610e2a1b9e6a23

Renumbered remaining patches.

Release notes:
https://www.videolan.org/vlc/releases/3.0.13.html
https://www.videolan.org/vlc/releases/3.0.12-update.html

Version 3.0.13 fixes VideoLAN-SB-VLC-3013:
https://www.videolan.org/security/sb-vlc3013.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agodocs/website: update for 2021.02.2
Peter Korsgaard [Wed, 12 May 2021 09:39:25 +0000 (11:39 +0200)]
docs/website: update for 2021.02.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2021.02.2
Peter Korsgaard [Wed, 12 May 2021 09:05:47 +0000 (11:05 +0200)]
Update for 2021.02.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76b4f9e9b658d3a4a72266e4aa2e63aa7a3f54f9)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoUpdate for 2021.05-rc1
Peter Korsgaard [Wed, 12 May 2021 08:49:31 +0000 (10:49 +0200)]
Update for 2021.05-rc1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoboot/opensbi: unconditionally disable SSP
Fabrice Fontaine [Sat, 8 May 2021 19:41:55 +0000 (21:41 +0200)]
boot/opensbi: unconditionally disable SSP

Fix build failure raised since commit
810ba387bec3c5b6904e8893fb4cb6f9d3717466

Fixes:
 - https://gitlab.com/kubu93/buildroot/-/jobs/1247043359

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/sysklogd: bump to version 2.2.3
Joachim Wiberg [Wed, 12 May 2021 04:24:54 +0000 (06:24 +0200)]
package/sysklogd: bump to version 2.2.3

https://github.com/troglobit/sysklogd/releases/tag/v2.2.3

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kodi: bump version to 19.1
Bernd Kuhls [Sun, 9 May 2021 16:43:39 +0000 (18:43 +0200)]
package/kodi: bump version to 19.1

Removed patch 0002 which was applied upstream:
https://github.com/xbmc/xbmc/commit/c9cf94d3108d742e50ea73b5553125ef5e405c73

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kodi-pvr-nextpvr: bump version to 8.2.3-Matrix
Bernd Kuhls [Sun, 9 May 2021 06:54:10 +0000 (08:54 +0200)]
package/kodi-pvr-nextpvr: bump version to 8.2.3-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.nextpvr/blob/Matrix/pvr.nextpvr/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/luvi: bump to version 2.12.0
Jörg Krause [Tue, 11 May 2021 09:48:45 +0000 (09:48 +0000)]
package/luvi: bump to version 2.12.0

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/luv: bump to version 1.41.0-0
Jörg Krause [Tue, 11 May 2021 09:35:42 +0000 (09:35 +0000)]
package/luv: bump to version 1.41.0-0

Enable Lua 5.4 support which is fixed now.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/upmpdcli: bump to version 1.5.12
Jörg Krause [Tue, 11 May 2021 09:17:05 +0000 (09:17 +0000)]
package/upmpdcli: bump to version 1.5.12

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/php: bump version to 7.4.19
Bernd Kuhls [Tue, 11 May 2021 17:49:21 +0000 (19:49 +0200)]
package/php: bump version to 7.4.19

Changelog: https://www.php.net/ChangeLog-7.php#7.4.19

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.1
Bernd Kuhls [Fri, 30 Apr 2021 20:55:37 +0000 (22:55 +0200)]
package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.1

Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003083.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xorgproto: bump version to 2021.4
Bernd Kuhls [Fri, 30 Apr 2021 20:55:36 +0000 (22:55 +0200)]
package/x11r7/xorgproto: bump version to 2021.4

Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003085.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/tor: bump version to 0.4.5.8
Bernd Kuhls [Tue, 11 May 2021 15:58:29 +0000 (17:58 +0200)]
package/tor: bump version to 0.4.5.8

Release notes: https://blog.torproject.org/node/2031

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kodi-pvr-iptvsimple: bump version to 7.6.4-Matrix
Bernd Kuhls [Tue, 11 May 2021 15:41:17 +0000 (17:41 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.4-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/kodi-inputstream-ffmpegdirect: bump version to 1.21.3-Matrix
Bernd Kuhls [Tue, 11 May 2021 15:41:16 +0000 (17:41 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.21.3-Matrix

Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-pyjwt: Bump to version 2.1.0
Grzegorz Blach [Sun, 2 May 2021 12:56:16 +0000 (14:56 +0200)]
package/python-pyjwt: Bump to version 2.1.0

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/log4qt: add telnet optional logging
Bartosz Bilas [Wed, 5 May 2021 19:22:10 +0000 (21:22 +0200)]
package/log4qt: add telnet optional logging

Telnet logging is an optional feature that's disabled by default.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/log4qt: link with latomic if needed
Bartosz Bilas [Wed, 5 May 2021 18:10:12 +0000 (20:10 +0200)]
package/log4qt: link with latomic if needed

Fixes:
 - http://autobuild.buildroot.net/results/fb5/fb52f5366a25230606149f44dc46f86f0273a680/

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libcamera: bump version to 3a1f67a
Peter Seiderer [Sun, 2 May 2021 09:54:18 +0000 (11:54 +0200)]
package/libcamera: bump version to 3a1f67a

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rpi-wifi-firmware: bump version to 4c47758
Peter Seiderer [Sun, 2 May 2021 09:48:29 +0000 (11:48 +0200)]
package/rpi-wifi-firmware: bump version to 4c47758

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rpi-bt-firmware: bump version to 4c47758
Peter Seiderer [Sun, 2 May 2021 09:48:28 +0000 (11:48 +0200)]
package/rpi-bt-firmware: bump version to 4c47758

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rpi-userland: bump version to 45a0022
Peter Seiderer [Sun, 2 May 2021 09:48:27 +0000 (11:48 +0200)]
package/rpi-userland: bump version to 45a0022

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>