git.libre-soc.org Git - buildroot.git/log

package/ubus: bump version to d1d9ddf

- change download url to https

- update homepage url (the old one redirects to legacy read only
OpenWrt wiki system)

- update license file hash (ubusd_acl.h - license unrelated source
code changes only)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libubox: bump version to 5bc0146a

- change download url to https

- update homepage url (the old one returns 404 - No projects found)

- add hash file

- delete 0001-blobmsg-fix-array-out-of-bounds-GCC-10-warning.patch
(from upstream [1])

[1] https://git.openwrt.org/?p=project/libubox.git;a=commit;h=eb7eb6393d47a918c420f5b287946dbd6c0d5f57

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/util-linux: bump version to 2.36.2

For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2102.1/07236.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpa_supplicant: Simplify D-Bus support.

wpa_supplicant 2.8 dropped support for the old D-Bus interface, so
remove mentions of it and rename DBUS_NEW variables to just DBUS.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/wpa_supplicant: Add options to disable more features.

Together, they increase the size of the binary by a bit less than a
megabyte.

As a result, make the wpa_supplicant option a menuconfig.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/wpa_supplicant: Fix options to actually disable features.

Since wpa_supplicant 2.8, most features are now enabled by default,
instead of being disabled by default. Remove setting of options that are
already enabled by default, and turn ENABLE into DISABLE where
appropriate.

This also makes the existing options disable more features, otherwise,
it would still include dead code or even fail to compile.

Als correct/update some help texts.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/eudev: bump version to 3.2.10

Removed patch which was applied upstream:
https://github.com/gentoo/eudev/commit/799591c57368bbe47667f5b696050247a766b117

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx6cubox: bump Linux and U-Boot versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2021.02-rc1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ngircd: bump to version 26.1

https://github.com/ngircd/ngircd/releases/tag/rel-26.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnuradio: add gr-uhd option

GNURadio has a block to use USRP, through UHD, to receive or transmit RF
signals.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/uhd: add missing support

Complete uhd package with the rest of USRP, octoclock and python support.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libostree: libfuse is optional, not mandatory

libfuse is optional since its addition in version 2016.2 with
https://github.com/ostreedev/ostree/commit/e9ccdd2d007801ef25cc7283188942d791889c27

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/attr: set ATTR_CPE_ID_VALID

cpe:2.3:a:attr_project:attr is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aattr_project%3Aattr

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/freerdp: add FREERDP_CPE_ID_VENDOR

cpe:2.3:a:freerdp:freerdp is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreerdp%3Afreerdp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/waf: bump to v2.0.22

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/intel-microcode: security bump to version 20201118

Fixes the following security issues:

- CVE-2020-8694: Insufficient access control in the Linux kernel driver for
  some Intel(R) Processors may allow an authenticated user to potentially
  enable information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

- CVE-2020-8695: Observable discrepancy in the RAPL interface for some
  Intel(R) Processors may allow a privileged user to potentially enable
  information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

- CVE-2020-8698: Improper removal of sensitive information before storage or
  transfer in some Intel(R) Processors may allow an authenticated user to
  potentially enable information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/connman: bump version to 1.39

Drop patches that are upstream now and fix hash file indentation.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bison: add BISON_CPE_ID_VENDOR

cpe:2.3:a:gnu:bison is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abison

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/c-icap: set C_ICAP_CPE_ID_VALID

cpe:2.3:a:c-icap_project:c-icap is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ac-icap_project%3Ac-icap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/exfat(-utils): change license to GPL-2.0+

The license is specified in https://github.com/relan/exfat/blob/master/COPYING and indicates GPL-2.0+
The license changed from from GPL-3.0+ to GPL-2.0+ in 2013 but was never updated in buildroot.

https://github.com/relan/exfat/commit/48573fff5d070863e3279769e8a95d5c15a5c77d

Signed-off-by: Pieter Ronsijn <pieterronsijn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/fetchmail: bump version to 6.4.16

Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/37215482/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/c-icap: bump to version 0.5.7

https://sourceforge.net/p/c-icap/news/2020/10/the-c-icap-057-is-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bluez5_utils: add CPE variables

cpe:2.3:a:bluez:bluez is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abluez%3Abluez

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix s/BLUEZ5_CPE/BLUEZ5_UTILS_CPE/ typo]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/berkeleydb: add CPE variables

cpe:2.3:a:oracle:berkeley_db is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoracle%3Aberkeley_db

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python: clarify that this refers to the deprecated 2.7 series

Python 2.7 is EOL, so people should use the python3 package instead if
possible. Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/connman: add upstream security fixes for CVE-2021-2667{5, 6}

Fixes the following security issues:

- CVE-2021-26675: Remote (adjacent network) code execution flaw
- CVE-2021-26676: Remote stack information leak

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/02/08/2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES: update with recent changes

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/at-spi2-atk: add AT_SPI2_ATK_CPE_ID_VENDOR

cpe:2.3:a:gnome:at-spi2-atk is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Aat-spi2-atk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/avenger96_defconfig: add support for Arrow Avenger96 board

Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/memtester: fix compile and link flags

The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.

Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXrandr: add CPE variables

cpe:2.3:a:x.org:libxrandr is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrandr

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/connman: set CONNMAN_CPE_ID_VENDOR

cpe:2.3:a:intel:connman is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/detail/702658?namingFormat=2.3&orderBy=CPEURI&keyword=connman&status=FINAL

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/kontron_smarc_sal28_defconfig: use Python 3.x for U-Boot build

New U-Boot versions need Python 3.x for pylibfdt.

Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1006924823

Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/brotli: add BROTLI_CPE_ID_VENDOR

cpe:2.3:a:google:brotli is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Abrotli

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/audiofile: drop package

The audiofile package is affected by multiple CVEs and is not maintained
anymore (no release since 2013):

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/avahi: add AVAHI_CPE_ID_VENDOR

cpe:2.3:a:avahi:avahi is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aavahi%3Aavahi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/augeas: add AUGEAS_CPE_ID_VENDOR

cpe:2.3:a:augeas:augeas is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaugeas%3Aaugeas

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXi: add CPE variables

cpe:2.3:a:x.org:libxi is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXvMC: add CPE variables

cpe:2.3:a:x.org:libxvmc is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxvmc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libsigsegv: bump version to 2.13

Removed patches applied upstream:

0001-Improve-support-for-Linux-RISC-V.patch
https://github.com/roswell/libsigsegv/commit/671b2528b55c57eda1a8fe5872ff1ef61014235f

0002-m4-stack-direction-RISC-V-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/fd0e3d99d109b46d73ef37f38a23076f5acd1053

0003-Improve-support-for-Linux-nds32.patch
0004-m4-stack-direction-NDS32-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/51a03192a3e024931309bdf11a9c055985de0ddf

Reformatted hashes.

Release notes: https://github.com/roswell/libsigsegv/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnupg: add CPE variables

cpe:2.3:a:gnupg:gnupg is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agnupg

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libshout: bump version to 2.4.5

Added sha512 hash provided by upstream, reformatted hashes.

Changelog:
https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgsm: bump version to 1.0.19

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/msmtp: bump version to 1.8.14

Release notes:
https://github.com/marlam/msmtp-mirror/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgsasl: bump version to 1.10.0

Added hashes provided by upstream, updated license hash due to various
upstream commits:
https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=history;f=README

Release notes:
https://lists.gnu.org/archive/html/help-gsasl/2021-01/msg00007.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgphoto2: bump version to 2.5.26

Removed md5 hash, reformatted remaining hashes.
Added optional support for libcurl available since version 2.5.24.

Release notes: https://github.com/gphoto/libgphoto2/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libraw: add LIBRAW_CPE_ID_VENDOR

cpe:2.3:a:libraw:libraw is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibraw%3Alibraw

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/memcached: add MEMCACHED_CPE_ID_VENDOR

cpe:2.3:a:memcached:memcached is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amemcached%3Amemcached

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgpg-error: bump version to 1.41

Release notes:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libass: set LIBASS_CPE_ID_VALID

cpe:2.3:a:libass_project:libass is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibass_project%3Alibass

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/liberation: bump version to 2.1.2

Changelog:
https://github.com/liberationfonts/liberation-fonts/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libedit: bump version to 20191231-3.1

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ccid: bump version to 1.4.34

Release notes:
http://lists.infradead.org/pipermail/pcsclite-muscle/2021-January/001170.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pigz: bump version to 2.6

Updated license hash due to various commits bumping the version number:
https://github.com/madler/pigz/commits/master/README

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libdvbsi: bump version to 0.3.9

Switched _SITE to github, removed md5 hash, reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libX11: add CPE variables

cpe:2.3:a:x.org:libx11 is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibx11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXrender: add CPE variables

cpe:2.3:a:x.org:libxrender is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrender

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXv: add CPE variables

cpe:2.3:a:x.org:libxv is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptsetup: set CRYPTSETUP_CPE_ID_VALID

cpe:2.3:a:cryptsetup_project:cryptsetup is a valid CPE identifier for
this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptsetup_project%3Acryptsetup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libfastjson: bump version to 0.99.9

Changelog: https://github.com/rsyslog/libfastjson/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mosquitto: add MOSQUITTO_CPE_ID_VENDOR

cpe:2.3:a:eclipse:mosquitto is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aeclipse%3Amosquitto

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/webp: bump to version 1.2.0

Also fixed indentation in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sox: fix static build with id3tag

This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e

Fixes:
- http://autobuild.buildroot.org/results/73efdacf237e3d567fa66f3b3f68e624f5e35bc7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-pkcs11: add p11-kit optional dependency

Fixes:
- http://autobuild.buildroot.org/results/fee607da7226a92cceab2bbfd4c5d031016dfa3d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lua-http: bump to version 0.4

diff LICENSE.md
- Copyright (c) 2015-2019 Daurnimator
+ Copyright (c) 2015-2021 Daurnimator

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libblockdev: bump version to 2.25

Release notes:
https://github.com/storaged-project/libblockdev/blob/2.x-branch/NEWS.rst

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libbytesize: bump version to 2.5

Release notes:
https://github.com/storaged-project/libbytesize/releases/tag/2.4
https://github.com/storaged-project/libbytesize/releases/tag/2.5

Removed patch which was applied upstream:
https://github.com/storaged-project/libbytesize/commit/f2b6600f5483fc68c46d596d578be10546f5ac43

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libabseil-cpp: bump version to 20200923.3

Release notes:
https://github.com/abseil/abseil-cpp/releases/tag/20200923.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openrc: set OPENRC_CPE_ID_VALID

cpe:2.3:a:openrc_project:openrc is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenrc_project%3Aopenrc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/jsoncpp: set JSONCPP_CPE_ID_VALID

cpe:2.3:a:jsoncpp_project:jsoncpp is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajsoncpp_project%3Ajsoncpp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/unbound: add UNBOUND_CPE_ID_VENDOR

cpe:2.3:a:nlnetlabs:unbound is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aunbound

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mariadb: set MARIADB_CPE_ID_VENDOR

cpe:2.3:a:mariadb:mariadb is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amariadb%3Amariadb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnuplot: set GNUPLOT_CPE_ID_VALID

cpe:2.3:a:gnuplot_project:gnuplot is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnuplot_project%3Agnuplot

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkg-utils: escape \ in generated legal-info

In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).

For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).

However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:

      File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
        obj, end = self.scan_once(s, idx)
    ValueError: Invalid \escape: line 1 column 608554 (char 608553)

We fix that be globally escaping \ in our json output, in the generic
sanitising macro.

[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptopp: add CPE variables

cpe:2.3:a:cryptopp:crypto\+\+ is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Acryptopp%3Acrypto%5C%2B%5C%2B

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/slirp: add CPE variables

cpe:2.3:a:libslirp_project:libslirp is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibslirp_project%3Alibslirp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rtty: bump version to 7.3.2

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/redis: add REDIS_CPE_ID_VENDOR

cpe:2.3:a:redislabs:redis is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredislabs%3Aredis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mosquitto: bump version to 2.0.7

Includes a number of bugfixes. For details, see the announcement:
https://mosquitto.org/blog/2021/02/version-2-0-7-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-flask-cors: bump to version 3.0.10

https://github.com/corydolphin/flask-cors/releases/tag/3.0.10

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libkrb5: add CPE variables

cpe:2.3:a:mit:kerberos_5 is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amit%3Akerberos_5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: bump 2.36.x series to 2.36.1

Release notes:

  We are very sorry to have to report that a problem was found with the
  GNU Binutils 2.36 release.  It turns out that it contained a small
  portion of code that was not covered by an FSF copyright assignment.
  So we have created a replacement release - 2.36.1 - with that code
  removed.

  In addition we found that a fix for a theoretical security
  vulnerability[1] was itself broken and could result in the archiver
  program "ar" misbehaving.  So we have chosen to revert the fix from
  the 2.36.1 release whilst the problem is properly resolved.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/oniguruma: set ONIGURUMA_CPE_ID_VALID

cpe:2.3:a:oniguruma_project:oniguruma is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoniguruma_project%3Aoniguruma

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/freetype: add FREETYPE_CPE_ID_VENDOR

cpe:2.3:a:freetype:freetype is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreetype%3Afreetype

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcoap: bump version

Reformatted hashes, updated license hash due to copyright year bump:
https://github.com/obgm/libcoap/commit/12fd8a25f708aa45a20f61e363f127b934633668

Release notes:
https://sourceforge.net/p/libcoap/mailman/message/36801445/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{apparmor, libapparmor}: bump version to 3.0.1

Release notes:
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1

Removed patches which were applied upstream, updated _SITE.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcli: bump version to 1.10.4

Removed whitespace and updated project URL in Config.in.
Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcap: bump version to 2.48

Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rauc: package/rauc: bump version to 1.5.1

Removed patch applied upstream.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Stick to 4.4.255 / 4.4.255 even though .256 is ready, as the wraparound of
the minor version may cause problems:

https://lkml.org/lkml/2021/2/5/747
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.256

https://lkml.org/lkml/2021/2/5/862
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.256

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: stick to 4.{4,9}.255]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/iputils: update path for tftpd

tftpd has been installed into /usr/sbin in 20210202
(in upstream commit 8d1420f tftpd: install into sbindir).

Thus remove hook which expected it in /usr/bin and tried to move it into
/usr/sbin.

Fixes:
- http://autobuild.buildroot.net/results/3d142a705f07d496b1342e04094cd03ce7d92994
- http://autobuild.buildroot.net/results/dae643b2d23d74b5f91225d00e85c350861a0e8a
- http://autobuild.buildroot.net/results/dcfcb082bc188e7f990e280c3fd5d971f32cc048

Fixes: ea422f9950 ("package/iputils: bump version to 20210202")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libmdbx: bump version to 0.9.3

Release notes: https://github.com/erthink/libmdbx/releases/tag/v0.9.3

Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/htop: add lm-sensors optional dependency

lm-sensors is an optional dependency (enabled by default) since version
3.0.3 and
https://github.com/htop-dev/htop/commit/1b225cd7a0af03a6349c48326118a287fc36acd0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tpm2-pkcs11: new package

A PKCS#11 interface for TPM2 hardware

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[Peter: add openssl dependency, drop tpm2-tools, unconditionally pass -std=gnu99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tmux: bump to version 3.1c

- Drop patch (already in version)
- Update hash of COPYING (examples directory removed:
https://github.com/tmux/tmux/commit/e722ba38e3133cb01b4cd17bf5fe7c56e42a4962)
- Update indentation in hash file (two spaces)

https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/p11-kit: set P11_KIT_CPE_ID_VALID

cpe:2.3:a:p11-kit_project:p11-kit is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ap11-kit_project%3Ap11-kit

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nodejs: add CPE variables

cpe:2.3:a:nodejs:node.js is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anodejs%3Anode.js

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/tmux: set TMUX_CPE_ID_VALID

cpe:2.3:a:tmux_project:tmux is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atmux_project%3Atmux

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>