buildroot.git
3 years agopackage/bison: add BISON_CPE_ID_VENDOR
Fabrice Fontaine [Mon, 8 Feb 2021 20:10:38 +0000 (21:10 +0100)]
package/bison: add BISON_CPE_ID_VENDOR

cpe:2.3:a:gnu:bison is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abison

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/c-icap: set C_ICAP_CPE_ID_VALID
Fabrice Fontaine [Mon, 8 Feb 2021 20:05:19 +0000 (21:05 +0100)]
package/c-icap: set C_ICAP_CPE_ID_VALID

cpe:2.3:a:c-icap_project:c-icap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ac-icap_project%3Ac-icap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/exfat(-utils): change license to GPL-2.0+
Pieter Ronsijn [Thu, 4 Feb 2021 21:57:22 +0000 (22:57 +0100)]
package/exfat(-utils): change license to GPL-2.0+

The license is specified in https://github.com/relan/exfat/blob/master/COPYING and indicates GPL-2.0+
The license changed from from GPL-3.0+ to GPL-2.0+ in 2013 but was never updated in buildroot.

https://github.com/relan/exfat/commit/48573fff5d070863e3279769e8a95d5c15a5c77d

Signed-off-by: Pieter Ronsijn <pieterronsijn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/fetchmail: bump version to 6.4.16
Bernd Kuhls [Mon, 8 Feb 2021 18:53:21 +0000 (19:53 +0100)]
package/fetchmail: bump version to 6.4.16

Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/37215482/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/c-icap: bump to version 0.5.7
Fabrice Fontaine [Mon, 8 Feb 2021 20:05:18 +0000 (21:05 +0100)]
package/c-icap: bump to version 0.5.7

https://sourceforge.net/p/c-icap/news/2020/10/the-c-icap-057-is-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/bluez5_utils: add CPE variables
Fabrice Fontaine [Mon, 8 Feb 2021 20:08:25 +0000 (21:08 +0100)]
package/bluez5_utils: add CPE variables

cpe:2.3:a:bluez:bluez is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abluez%3Abluez

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix s/BLUEZ5_CPE/BLUEZ5_UTILS_CPE/ typo]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/berkeleydb: add CPE variables
Fabrice Fontaine [Mon, 8 Feb 2021 20:06:58 +0000 (21:06 +0100)]
package/berkeleydb: add CPE variables

cpe:2.3:a:oracle:berkeley_db is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoracle%3Aberkeley_db

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python: clarify that this refers to the deprecated 2.7 series
Peter Korsgaard [Mon, 8 Feb 2021 13:24:11 +0000 (14:24 +0100)]
package/python: clarify that this refers to the deprecated 2.7 series

Python 2.7 is EOL, so people should use the python3 package instead if
possible.  Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/connman: add upstream security fixes for CVE-2021-2667{5, 6}
Peter Korsgaard [Mon, 8 Feb 2021 09:39:21 +0000 (10:39 +0100)]
package/connman: add upstream security fixes for CVE-2021-2667{5, 6}

Fixes the following security issues:

- CVE-2021-26675: Remote (adjacent network) code execution flaw
- CVE-2021-26676: Remote stack information leak

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/02/08/2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoCHANGES: update with recent changes
Peter Korsgaard [Mon, 8 Feb 2021 21:05:36 +0000 (22:05 +0100)]
CHANGES: update with recent changes

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/at-spi2-atk: add AT_SPI2_ATK_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 20:39:34 +0000 (21:39 +0100)]
package/at-spi2-atk: add AT_SPI2_ATK_CPE_ID_VENDOR

cpe:2.3:a:gnome:at-spi2-atk is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Aat-spi2-atk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoconfigs/avenger96_defconfig: add support for Arrow Avenger96 board
Peter Korsgaard [Sun, 7 Feb 2021 21:52:27 +0000 (22:52 +0100)]
configs/avenger96_defconfig: add support for Arrow Avenger96 board

Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/memtester: fix compile and link flags
Baruch Siach [Mon, 8 Feb 2021 09:04:34 +0000 (11:04 +0200)]
package/memtester: fix compile and link flags

The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.

Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libXrandr: add CPE variables
Fabrice Fontaine [Mon, 8 Feb 2021 07:46:35 +0000 (08:46 +0100)]
package/x11r7/xlib_libXrandr: add CPE variables

cpe:2.3:a:x.org:libxrandr is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrandr

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/connman: set CONNMAN_CPE_ID_VENDOR
Heiko Thiery [Mon, 8 Feb 2021 10:10:35 +0000 (11:10 +0100)]
package/connman: set CONNMAN_CPE_ID_VENDOR

cpe:2.3:a:intel:connman is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/702658?namingFormat=2.3&orderBy=CPEURI&keyword=connman&status=FINAL

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agoconfigs/kontron_smarc_sal28_defconfig: use Python 3.x for U-Boot build
Heiko Thiery [Mon, 8 Feb 2021 08:04:50 +0000 (09:04 +0100)]
configs/kontron_smarc_sal28_defconfig: use Python 3.x for U-Boot build

New U-Boot versions need Python 3.x for pylibfdt.

Fixes:
 - https://gitlab.com/buildroot.org/buildroot/-/jobs/1006924823

Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/brotli: add BROTLI_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 12:57:37 +0000 (13:57 +0100)]
package/brotli: add BROTLI_CPE_ID_VENDOR

cpe:2.3:a:google:brotli is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Abrotli

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/audiofile: drop package
Fabrice Fontaine [Sun, 7 Feb 2021 20:27:18 +0000 (21:27 +0100)]
package/audiofile: drop package

The audiofile package is affected by multiple CVEs and is not maintained
anymore (no release since 2013):

  https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/avahi: add AVAHI_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 20:35:15 +0000 (21:35 +0100)]
package/avahi: add AVAHI_CPE_ID_VENDOR

cpe:2.3:a:avahi:avahi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aavahi%3Aavahi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/augeas: add AUGEAS_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 20:31:18 +0000 (21:31 +0100)]
package/augeas: add AUGEAS_CPE_ID_VENDOR

cpe:2.3:a:augeas:augeas is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaugeas%3Aaugeas

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libXi: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:34:37 +0000 (14:34 +0100)]
package/x11r7/xlib_libXi: add CPE variables

cpe:2.3:a:x.org:libxi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libXvMC: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:52:26 +0000 (14:52 +0100)]
package/x11r7/xlib_libXvMC: add CPE variables

cpe:2.3:a:x.org:libxvmc is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxvmc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libsigsegv: bump version to 2.13
Bernd Kuhls [Sun, 7 Feb 2021 13:16:16 +0000 (14:16 +0100)]
package/libsigsegv: bump version to 2.13

Removed patches applied upstream:

0001-Improve-support-for-Linux-RISC-V.patch
https://github.com/roswell/libsigsegv/commit/671b2528b55c57eda1a8fe5872ff1ef61014235f

0002-m4-stack-direction-RISC-V-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/fd0e3d99d109b46d73ef37f38a23076f5acd1053

0003-Improve-support-for-Linux-nds32.patch
0004-m4-stack-direction-NDS32-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/51a03192a3e024931309bdf11a9c055985de0ddf

Reformatted hashes.

Release notes: https://github.com/roswell/libsigsegv/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gnupg: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:03:28 +0000 (14:03 +0100)]
package/gnupg: add CPE variables

cpe:2.3:a:gnupg:gnupg is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agnupg

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libshout: bump version to 2.4.5
Bernd Kuhls [Sun, 7 Feb 2021 13:06:01 +0000 (14:06 +0100)]
package/libshout: bump version to 2.4.5

Added sha512 hash provided by upstream, reformatted hashes.

Changelog:
https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libgsm: bump version to 1.0.19
Bernd Kuhls [Sun, 7 Feb 2021 12:58:18 +0000 (13:58 +0100)]
package/libgsm: bump version to 1.0.19

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/msmtp: bump version to 1.8.14
Bernd Kuhls [Sun, 7 Feb 2021 12:52:45 +0000 (13:52 +0100)]
package/msmtp: bump version to 1.8.14

Release notes:
https://github.com/marlam/msmtp-mirror/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libgsasl: bump version to 1.10.0
Bernd Kuhls [Sun, 7 Feb 2021 12:52:44 +0000 (13:52 +0100)]
package/libgsasl: bump version to 1.10.0

Added hashes provided by upstream, updated license hash due to various
upstream commits:
https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=history;f=README

Release notes:
https://lists.gnu.org/archive/html/help-gsasl/2021-01/msg00007.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libgphoto2: bump version to 2.5.26
Bernd Kuhls [Sun, 7 Feb 2021 12:43:04 +0000 (13:43 +0100)]
package/libgphoto2: bump version to 2.5.26

Removed md5 hash, reformatted remaining hashes.
Added optional support for libcurl available since version 2.5.24.

Release notes: https://github.com/gphoto/libgphoto2/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libraw: add LIBRAW_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 12:39:19 +0000 (13:39 +0100)]
package/libraw: add LIBRAW_CPE_ID_VENDOR

cpe:2.3:a:libraw:libraw is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibraw%3Alibraw

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/memcached: add MEMCACHED_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 12:31:54 +0000 (13:31 +0100)]
package/memcached: add MEMCACHED_CPE_ID_VENDOR

cpe:2.3:a:memcached:memcached is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amemcached%3Amemcached

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libgpg-error: bump version to 1.41
Bernd Kuhls [Sun, 7 Feb 2021 12:29:12 +0000 (13:29 +0100)]
package/libgpg-error: bump version to 1.41

Release notes:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libass: set LIBASS_CPE_ID_VALID
Fabrice Fontaine [Sun, 7 Feb 2021 12:26:55 +0000 (13:26 +0100)]
package/libass: set LIBASS_CPE_ID_VALID

cpe:2.3:a:libass_project:libass is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibass_project%3Alibass

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/liberation: bump version to 2.1.2
Bernd Kuhls [Sun, 7 Feb 2021 12:17:53 +0000 (13:17 +0100)]
package/liberation: bump version to 2.1.2

Changelog:
https://github.com/liberationfonts/liberation-fonts/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libedit: bump version to 20191231-3.1
Bernd Kuhls [Sun, 7 Feb 2021 12:14:08 +0000 (13:14 +0100)]
package/libedit: bump version to 20191231-3.1

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/ccid: bump version to 1.4.34
Bernd Kuhls [Sun, 7 Feb 2021 12:02:31 +0000 (13:02 +0100)]
package/ccid: bump version to 1.4.34

Release notes:
http://lists.infradead.org/pipermail/pcsclite-muscle/2021-January/001170.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/pigz: bump version to 2.6
Bernd Kuhls [Sun, 7 Feb 2021 11:56:37 +0000 (12:56 +0100)]
package/pigz: bump version to 2.6

Updated license hash due to various commits bumping the version number:
https://github.com/madler/pigz/commits/master/README

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libdvbsi: bump version to 0.3.9
Bernd Kuhls [Sun, 7 Feb 2021 12:09:31 +0000 (13:09 +0100)]
package/libdvbsi: bump version to 0.3.9

Switched _SITE to github, removed md5 hash, reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libX11: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:13:02 +0000 (14:13 +0100)]
package/x11r7/xlib_libX11: add CPE variables

cpe:2.3:a:x.org:libx11 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibx11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libXrender: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:45:10 +0000 (14:45 +0100)]
package/x11r7/xlib_libXrender: add CPE variables

cpe:2.3:a:x.org:libxrender is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrender

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/x11r7/xlib_libXv: add CPE variables
Fabrice Fontaine [Sun, 7 Feb 2021 13:47:50 +0000 (14:47 +0100)]
package/x11r7/xlib_libXv: add CPE variables

cpe:2.3:a:x.org:libxv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/cryptsetup: set CRYPTSETUP_CPE_ID_VALID
Fabrice Fontaine [Sun, 7 Feb 2021 12:35:51 +0000 (13:35 +0100)]
package/cryptsetup: set CRYPTSETUP_CPE_ID_VALID

cpe:2.3:a:cryptsetup_project:cryptsetup is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptsetup_project%3Acryptsetup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libfastjson: bump version to 0.99.9
Bernd Kuhls [Sun, 7 Feb 2021 12:21:06 +0000 (13:21 +0100)]
package/libfastjson: bump version to 0.99.9

Changelog: https://github.com/rsyslog/libfastjson/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mosquitto: add MOSQUITTO_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 7 Feb 2021 13:07:46 +0000 (14:07 +0100)]
package/mosquitto: add MOSQUITTO_CPE_ID_VENDOR

cpe:2.3:a:eclipse:mosquitto is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aeclipse%3Amosquitto

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/webp: bump to version 1.2.0
Gilles Talis [Sun, 7 Feb 2021 10:48:36 +0000 (11:48 +0100)]
package/webp: bump to version 1.2.0

Also fixed indentation in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/sox: fix static build with id3tag
Fabrice Fontaine [Sat, 6 Feb 2021 10:30:56 +0000 (11:30 +0100)]
package/sox: fix static build with id3tag

This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e

Fixes:
 - http://autobuild.buildroot.org/results/73efdacf237e3d567fa66f3b3f68e624f5e35bc7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/tpm2-pkcs11: add p11-kit optional dependency
Fabrice Fontaine [Sun, 7 Feb 2021 09:19:29 +0000 (10:19 +0100)]
package/tpm2-pkcs11: add p11-kit optional dependency

Fixes:
 - http://autobuild.buildroot.org/results/fee607da7226a92cceab2bbfd4c5d031016dfa3d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/lua-http: bump to version 0.4
Francois Perrad [Sat, 6 Feb 2021 11:36:40 +0000 (12:36 +0100)]
package/lua-http: bump to version 0.4

diff LICENSE.md
- Copyright (c) 2015-2019 Daurnimator
+ Copyright (c) 2015-2021 Daurnimator

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libblockdev: bump version to 2.25
Bernd Kuhls [Sat, 6 Feb 2021 19:03:59 +0000 (20:03 +0100)]
package/libblockdev: bump version to 2.25

Release notes:
https://github.com/storaged-project/libblockdev/blob/2.x-branch/NEWS.rst

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libbytesize: bump version to 2.5
Bernd Kuhls [Sat, 6 Feb 2021 19:03:58 +0000 (20:03 +0100)]
package/libbytesize: bump version to 2.5

Release notes:
https://github.com/storaged-project/libbytesize/releases/tag/2.4
https://github.com/storaged-project/libbytesize/releases/tag/2.5

Removed patch which was applied upstream:
https://github.com/storaged-project/libbytesize/commit/f2b6600f5483fc68c46d596d578be10546f5ac43

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libabseil-cpp: bump version to 20200923.3
Bernd Kuhls [Sat, 6 Feb 2021 18:43:45 +0000 (19:43 +0100)]
package/libabseil-cpp: bump version to 20200923.3

Release notes:
https://github.com/abseil/abseil-cpp/releases/tag/20200923.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/openrc: set OPENRC_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 16:14:15 +0000 (17:14 +0100)]
package/openrc: set OPENRC_CPE_ID_VALID

cpe:2.3:a:openrc_project:openrc is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenrc_project%3Aopenrc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/jsoncpp: set JSONCPP_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 16:54:53 +0000 (17:54 +0100)]
package/jsoncpp: set JSONCPP_CPE_ID_VALID

cpe:2.3:a:jsoncpp_project:jsoncpp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajsoncpp_project%3Ajsoncpp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/unbound: add UNBOUND_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 6 Feb 2021 15:50:11 +0000 (16:50 +0100)]
package/unbound: add UNBOUND_CPE_ID_VENDOR

cpe:2.3:a:nlnetlabs:unbound is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aunbound

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mariadb: set MARIADB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 6 Feb 2021 16:04:30 +0000 (17:04 +0100)]
package/mariadb: set MARIADB_CPE_ID_VENDOR

cpe:2.3:a:mariadb:mariadb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amariadb%3Amariadb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/gnuplot: set GNUPLOT_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 15:59:52 +0000 (16:59 +0100)]
package/gnuplot: set GNUPLOT_CPE_ID_VALID

cpe:2.3:a:gnuplot_project:gnuplot is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnuplot_project%3Agnuplot

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/pkg-utils: escape \ in generated legal-info
Yann E. MORIN [Sat, 6 Feb 2021 08:51:02 +0000 (09:51 +0100)]
package/pkg-utils: escape \ in generated legal-info

In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).

For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).

However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:

      File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
        obj, end = self.scan_once(s, idx)
    ValueError: Invalid \escape: line 1 column 608554 (char 608553)

We fix that be globally escaping \ in our json output, in the generic
sanitising macro.

[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/cryptopp: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 15:43:48 +0000 (16:43 +0100)]
package/cryptopp: add CPE variables

cpe:2.3:a:cryptopp:crypto\+\+ is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Acryptopp%3Acrypto%5C%2B%5C%2B

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/slirp: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 16:11:22 +0000 (17:11 +0100)]
package/slirp: add CPE variables

cpe:2.3:a:libslirp_project:libslirp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibslirp_project%3Alibslirp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rtty: bump version to 7.3.2
Jianhui Zhao [Sat, 6 Feb 2021 14:33:59 +0000 (22:33 +0800)]
package/rtty: bump version to 7.3.2

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/redis: add REDIS_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 6 Feb 2021 16:29:37 +0000 (17:29 +0100)]
package/redis: add REDIS_CPE_ID_VENDOR

cpe:2.3:a:redislabs:redis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredislabs%3Aredis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/mosquitto: bump version to 2.0.7
Peter Korsgaard [Sat, 6 Feb 2021 16:31:39 +0000 (17:31 +0100)]
package/mosquitto: bump version to 2.0.7

Includes a number of bugfixes.  For details, see the announcement:
https://mosquitto.org/blog/2021/02/version-2-0-7-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-flask-cors: bump to version 3.0.10
Fabrice Fontaine [Sat, 6 Feb 2021 09:59:39 +0000 (10:59 +0100)]
package/python-flask-cors: bump to version 3.0.10

https://github.com/corydolphin/flask-cors/releases/tag/3.0.10

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libkrb5: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 16:20:05 +0000 (17:20 +0100)]
package/libkrb5: add CPE variables

cpe:2.3:a:mit:kerberos_5 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amit%3Akerberos_5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/binutils: bump 2.36.x series to 2.36.1
Thomas Petazzoni [Sat, 6 Feb 2021 20:11:19 +0000 (21:11 +0100)]
package/binutils: bump 2.36.x series to 2.36.1

Release notes:

  We are very sorry to have to report that a problem was found with the
  GNU Binutils 2.36 release.  It turns out that it contained a small
  portion of code that was not covered by an FSF copyright assignment.
  So we have created a replacement release - 2.36.1 - with that code
  removed.

  In addition we found that a fix for a theoretical security
  vulnerability[1] was itself broken and could result in the archiver
  program "ar" misbehaving.  So we have chosen to revert the fix from
  the 2.36.1 release whilst the problem is properly resolved.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/oniguruma: set ONIGURUMA_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 16:58:07 +0000 (17:58 +0100)]
package/oniguruma: set ONIGURUMA_CPE_ID_VALID

cpe:2.3:a:oniguruma_project:oniguruma is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoniguruma_project%3Aoniguruma

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/freetype: add FREETYPE_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 6 Feb 2021 16:51:15 +0000 (17:51 +0100)]
package/freetype: add FREETYPE_CPE_ID_VENDOR

cpe:2.3:a:freetype:freetype is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreetype%3Afreetype

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libcoap: bump version
Bernd Kuhls [Sat, 6 Feb 2021 19:19:50 +0000 (20:19 +0100)]
package/libcoap: bump version

Reformatted hashes, updated license hash due to copyright year bump:
https://github.com/obgm/libcoap/commit/12fd8a25f708aa45a20f61e363f127b934633668

Release notes:
https://sourceforge.net/p/libcoap/mailman/message/36801445/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/{apparmor, libapparmor}: bump version to 3.0.1
Bernd Kuhls [Sat, 6 Feb 2021 18:54:09 +0000 (19:54 +0100)]
package/{apparmor, libapparmor}: bump version to 3.0.1

Release notes:
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1

Removed patches which were applied upstream, updated _SITE.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libcli: bump version to 1.10.4
Bernd Kuhls [Sat, 6 Feb 2021 19:15:25 +0000 (20:15 +0100)]
package/libcli: bump version to 1.10.4

Removed whitespace and updated project URL in Config.in.
Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libcap: bump version to 2.48
Bernd Kuhls [Sat, 6 Feb 2021 19:07:21 +0000 (20:07 +0100)]
package/libcap: bump version to 2.48

Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/rauc: package/rauc: bump version to 1.5.1
Bartosz Bilas [Sat, 6 Feb 2021 18:53:24 +0000 (19:53 +0100)]
package/rauc: package/rauc: bump version to 1.5.1

Removed patch applied upstream.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years ago{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Bernd Kuhls [Sat, 6 Feb 2021 11:53:19 +0000 (12:53 +0100)]
{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Stick to 4.4.255 / 4.4.255 even though .256 is ready, as the wraparound of
the minor version may cause problems:

https://lkml.org/lkml/2021/2/5/747
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.256

https://lkml.org/lkml/2021/2/5/862
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.256

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: stick to 4.{4,9}.255]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/iputils: update path for tftpd
Petr Vorel [Sat, 6 Feb 2021 18:56:40 +0000 (18:56 +0000)]
package/iputils: update path for tftpd

tftpd has been installed into /usr/sbin in 20210202
(in upstream commit 8d1420f tftpd: install into sbindir).

Thus remove hook which expected it in /usr/bin and tried to move it into
/usr/sbin.

Fixes:
 - http://autobuild.buildroot.net/results/3d142a705f07d496b1342e04094cd03ce7d92994
 - http://autobuild.buildroot.net/results/dae643b2d23d74b5f91225d00e85c350861a0e8a
 - http://autobuild.buildroot.net/results/dcfcb082bc188e7f990e280c3fd5d971f32cc048

Fixes: ea422f9950 ("package/iputils: bump version to 20210202")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libmdbx: bump version to 0.9.3
Leonid Yuriev [Fri, 5 Feb 2021 21:29:49 +0000 (00:29 +0300)]
package/libmdbx: bump version to 0.9.3

Release notes: https://github.com/erthink/libmdbx/releases/tag/v0.9.3

Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/htop: add lm-sensors optional dependency
Fabrice Fontaine [Sat, 30 Jan 2021 17:14:55 +0000 (18:14 +0100)]
package/htop: add lm-sensors optional dependency

lm-sensors is an optional dependency (enabled by default) since version
3.0.3 and
https://github.com/htop-dev/htop/commit/1b225cd7a0af03a6349c48326118a287fc36acd0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/tpm2-pkcs11: new package
Yair Ben-Avraham [Sun, 24 Jan 2021 19:29:26 +0000 (19:29 +0000)]
package/tpm2-pkcs11: new package

A PKCS#11 interface for TPM2 hardware

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[Peter: add openssl dependency, drop tpm2-tools, unconditionally pass -std=gnu99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/tmux: bump to version 3.1c
Fabrice Fontaine [Sat, 6 Feb 2021 11:07:51 +0000 (12:07 +0100)]
package/tmux: bump to version 3.1c

- Drop patch (already in version)
- Update hash of COPYING (examples directory removed:
  https://github.com/tmux/tmux/commit/e722ba38e3133cb01b4cd17bf5fe7c56e42a4962)
- Update indentation in hash file (two spaces)

https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/p11-kit: set P11_KIT_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 11:22:44 +0000 (12:22 +0100)]
package/p11-kit: set P11_KIT_CPE_ID_VALID

cpe:2.3:a:p11-kit_project:p11-kit is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ap11-kit_project%3Ap11-kit

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nodejs: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 11:16:14 +0000 (12:16 +0100)]
package/nodejs: add CPE variables

cpe:2.3:a:nodejs:node.js is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anodejs%3Anode.js

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tmux: set TMUX_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 11:07:50 +0000 (12:07 +0100)]
package/tmux: set TMUX_CPE_ID_VALID

cpe:2.3:a:tmux_project:tmux is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atmux_project%3Atmux

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/asterisk: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 11:05:54 +0000 (12:05 +0100)]
package/asterisk: add CPE variables

cpe:2.3:a:asterisk:open_source is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aasterisk%3Aopen_source

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/raptor: add CPE variables
Fabrice Fontaine [Sat, 6 Feb 2021 10:39:27 +0000 (11:39 +0100)]
package/raptor: add CPE variables

cpe:2.3:a:librdf:raptor_rdf_syntax_library is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibrdf%3Araptor_rdf_syntax_library

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/atftp: set ATFTP_CPE_ID_VALID
Fabrice Fontaine [Sat, 6 Feb 2021 09:56:50 +0000 (10:56 +0100)]
package/atftp: set ATFTP_CPE_ID_VALID

cpe:2.3:a:atftp_project:atftp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aatftp_project%3Aatftp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/atftp: bump to version 0.7.4
Fabrice Fontaine [Sat, 6 Feb 2021 09:56:49 +0000 (10:56 +0100)]
package/atftp: bump to version 0.7.4

- Drop patches (already in version) and so autoreconf
- Update indentation in hash file (two spaces)

https://sourceforge.net/p/atftp/code/ci/v0.7.4/tree/Changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python3: add upstream security fix for CVE-2021-3177
Peter Korsgaard [Fri, 5 Feb 2021 13:07:56 +0000 (14:07 +0100)]
package/python3: add upstream security fix for CVE-2021-3177

Fixes the following security issue:

- CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in
  PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
  in certain Python applications that accept floating-point numbers as
  untrusted input, as demonstrated by a 1e300 argument to
  c_double.from_param.  This occurs because sprintf is used unsafely.

For details, see the advisory:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/netsnmp: bump version to 5.9
Stefan Sørensen [Fri, 5 Feb 2021 10:00:21 +0000 (11:00 +0100)]
package/netsnmp: bump version to 5.9

- Rebased patches 1 and 4
- Dropped upstreamed patches 5 and 6

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr:
  - update patches 1-2 with actual backports, as noticed by Stefan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-bottle: add CPE variables
Fabrice Fontaine [Fri, 5 Feb 2021 07:54:04 +0000 (08:54 +0100)]
package/python-bottle: add CPE variables

cpe:2.3:a:bottlepy:bottle is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abottlepy%3Abottle

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-flask-cors: add CPE variables
Fabrice Fontaine [Fri, 5 Feb 2021 18:18:30 +0000 (19:18 +0100)]
package/python-flask-cors: add CPE variables

cpe:2.3:a:flask-cors_project:flask-cors is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aflask-cors_project%3Aflask-cors

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/makedumpfile: fix build on sparc64
Fabrice Fontaine [Thu, 4 Feb 2021 19:31:11 +0000 (20:31 +0100)]
package/makedumpfile: fix build on sparc64

Fix the following build failure on sparc64:

/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: /tmp/ccylTux8.o: in function `find_kaslr_offsets':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/makedumpfile-1.6.8/makedumpfile.c:4017: undefined reference to `get_kaslr_offset'

Even if this build failure is only raised with version 1.6.8,
get_kaslr_offset was also undeclared on sparc64 in version 1.6.7

Fixes:
 - http://autobuild.buildroot.org/results/1421f54f7599bba62c0a4bd5c65ce21c8cc7ee1a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libfuse3: bump version to 3.10.2
Asaf Kahlon [Fri, 5 Feb 2021 16:36:39 +0000 (18:36 +0200)]
package/libfuse3: bump version to 3.10.2

Remove patch (already on upstream).

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libpwquality: bump version to 1.4.4
Stefan Sørensen [Fri, 5 Feb 2021 10:00:20 +0000 (11:00 +0100)]
package/libpwquality: bump version to 1.4.4

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/atftp: add security fix for CVE-2020-6097
Peter Korsgaard [Fri, 5 Feb 2021 09:01:01 +0000 (10:01 +0100)]
package/atftp: add security fix for CVE-2020-6097

Fixed the following security issue:

- CVE-2020-6097: An exploitable denial of service vulnerability exists in
  the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1.  A
  specially crafted sequence of RRQ-Multicast requests trigger an assert()
  call resulting in denial-of-service.  An attacker can send a sequence of
  malicious packets to trigger this vulnerability.

For more details, see the report:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/timescaledb: bump version to 2.0.1
Maxim Kochetkov [Fri, 5 Feb 2021 05:57:45 +0000 (08:57 +0300)]
package/timescaledb: bump version to 2.0.1

Release notes: https://github.com/timescale/timescaledb/releases/tag/2.0.1

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/python-django: add CPE variables
Fabrice Fontaine [Fri, 5 Feb 2021 08:03:31 +0000 (09:03 +0100)]
package/python-django: add CPE variables

cpe:2.3:a:djangoproject:django is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adjangoproject%3Adjango

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/vala: add VALA_CPE_ID_VENDOR
Fabrice Fontaine [Fri, 5 Feb 2021 07:46:26 +0000 (08:46 +0100)]
package/vala: add VALA_CPE_ID_VENDOR

cpe:2.3:a:gnome:vala is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Avala

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/cryptodev-linux: set CRYPTODEV_LINUX_CPE_ID_VENDOR
Fabrice Fontaine [Fri, 5 Feb 2021 07:45:09 +0000 (08:45 +0100)]
package/cryptodev-linux: set CRYPTODEV_LINUX_CPE_ID_VENDOR

cpe:2.3:a:cryptodev-linux:cryptodev-linux is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptodev-linux%3Acryptodev-linux

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/libtirpc: set LIBTIRPC_CPE_ID_VALID
Fabrice Fontaine [Fri, 5 Feb 2021 07:42:17 +0000 (08:42 +0100)]
package/libtirpc: set LIBTIRPC_CPE_ID_VALID

cpe:2.3:a:libtirpc_project:libtirpc is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtirpc_project%3Alibtirpc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3 years agopackage/wpa_supplicant: add upstream 2020-2 security fix
Peter Korsgaard [Fri, 5 Feb 2021 12:13:29 +0000 (13:13 +0100)]
package/wpa_supplicant: add upstream 2020-2 security fix

Fixes the following security issue:

 - wpa_supplicant P2P group information processing vulnerability (no CVE yet)

   A vulnerability was discovered in how wpa_supplicant processing P2P
   (Wi-Fi Direct) group information from active group owners.  The actual
   parsing of that information validates field lengths appropriately, but
   processing of the parsed information misses a length check when storing a
   copy of the secondary device types.  This can result in writing attacker
   controlled data into the peer entry after the area assigned for the
   secondary device type.  The overflow can result in corrupting pointers
   for heap allocations.  This can result in an attacker within radio range
   of the device running P2P discovery being able to cause unexpected
   behavior, including termination of the wpa_supplicant process and
   potentially arbitrary code execution.

For more details, see the advisory:
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: keep _PATCH near _VERSION and _SITE]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/xenomai: disable cobalt for armv8
Romain Naour [Tue, 2 Feb 2021 20:56:14 +0000 (21:56 +0100)]
package/xenomai: disable cobalt for armv8

When a armv8 target is used in 32bits mode, xenomai fail to detect the
ARM architecture and abord the build. (__ARM_ARCH_7A__ is not defined
for armv8 cpus).

There are no autobuilder failures for this issue since cobalt is never
selected, but the following defconfig:

BR2_arm=y
BR2_cortex_a53=y
BR2_ARM_FPU_NEON_VFPV4=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_XENOMAI=y
BR2_PACKAGE_XENOMAI_COBALT=y

This was initialy reproduced using the raspberrypi3_defconfig with
Xenomai package with cobalt selected.

In order to use Xenomai on raspberrypi3 in 32 bits mode, one has to
select BR2_cortex_a7 instead of BR2_cortex_a53 (see a13a388dd444).

See:
https://gitlab.denx.de/Xenomai/xenomai/-/blob/v3.1/lib/cobalt/arch/arm/include/asm/xenomai/features.h#L52

Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr:
  - switch to independent conditional 'default y'
  - slightly reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>