buildroot.git
4 years agopackage/bind: ignore CVE-2017-3139
Matt Weber [Wed, 21 Apr 2021 20:42:26 +0000 (15:42 -0500)]
package/bind: ignore CVE-2017-3139

This CVE is only relevant to the configuration of a specific
RHEL release (6.x).

https://bugzilla.redhat.com/show_bug.cgi?id=1447743

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/bash: add option to keep or remove loadable examples
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:54 +0000 (22:23 +0200)]
package/bash: add option to keep or remove loadable examples

bash has a concept of "loadables", which are "plugins" that can be
loaded at runtime by bash to add new builtin. For example:

    # type whoami
    whoami is hashed (/usr/bin/whoami)
    # whoami
    root

    # enable -f /usr/lib/bash/whoami whoami
    # type whoami
    whoami is a shell builtin
    # whoami
    root

    # enable -d whoami
    # type whoami
    whoami is hashed (/usr/bin/whoami)
    # whoami
    root

bash comes with a set of example loadables, installed in
/usr/lib/bash/. They take 312 KB on ARM32, and are by default not
used, and provide builtins that are for the most part already
available as external commands in Busybox/coreutils:

    Makefile.inc  finfo         mkfifo        realpath      sync
    accept        head          mktemp        rm            tee
    basename      id            mypid         rmdir         truefalse
    csv           ln            pathchk       seq           tty
    cut           loadables.h   print         setpgid       uname
    dirname       logname       printenv      sleep         unlink
    fdflags       mkdir         push          strftime      whoami

So instead of having them unconditionally installed, add an option to
enable/disable their installation (their build apparently cannot be
disabled via a configure option).

Normally, we try to keep backward compatibility by preserving the
existing behavior. In this case, this would have meant making this
option "default y". But this also breaks our principle of "being
minimal by default", and in this case, it feels preferable to be
"minimal by default" than preserving existing behavior.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/bash: drop SHOBJ_STATUS from BASH_CONF_ENV
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:55 +0000 (22:23 +0200)]
package/bash: drop SHOBJ_STATUS from BASH_CONF_ENV

SHOBJ_STATUS=unsupported was added in commit
4a2af11cba83ef176672609dd7321712fa7f6a28 to work around a limitation
of the configure script that forgot to set this variable in
static-linking configurations.

It turns out that this issue has been fixed upstream as of bash 5.0:

  https://git.savannah.gnu.org/cgit/bash.git/diff/configure.ac?id=d233b485e83c3a784b803fb894280773f16f2deb

  (see hunk @@ -1151,6 +1179,9 @@)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/bash: use --bindir instead of exec_prefix=
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:53 +0000 (22:23 +0200)]
package/bash: use --bindir instead of exec_prefix=

We want bash to be installed as /bin/bash. For ages, Buildroot has
been doing this by overriding exec_prefix at install time. First of
all, it would be preferred to do this at configure time. But also,
overriding exec_prefix not only changes where "bash" goes, but also
where the pkgconfig file goes. Due to this, bash.pc goes into
/lib/pkgconfig/, and doesn't get removed by target-finalize.

Since all we want is to have 'bash' as /bin/bash, simply pass
--bindir=/bin at configure time. This allows to use the default target
installation logic for autotools-package. We keep a post-install
target hook to remove /bin/bashbug.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/cups: bump to version 2.3.3op2
James Hilliard [Wed, 21 Apr 2021 11:54:42 +0000 (05:54 -0600)]
package/cups: bump to version 2.3.3op2

Switch to new OpenPrinting upstream repository.

NOTICE hash change due to date+copyright holder update in:
https://github.com/OpenPrinting/cups/commit/1bc199354e592f73b9d17215953b9965849b3124

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libupnp: security bump to version 1.14.6
Jörg Krause [Thu, 22 Apr 2021 07:29:22 +0000 (07:29 +0000)]
package/libupnp: security bump to version 1.14.6

The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.

Fixes CVE-2021-29462

https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libnpupnp: security bump to version 4.1.4
Jörg Krause [Thu, 22 Apr 2021 07:50:16 +0000 (07:50 +0000)]
package/libnpupnp: security bump to version 4.1.4

Fix vulnerability to DNS-rebind attacks.

This security fix addresses the same vulnerability isue which was reported
for libupnp (which libnpupnp is derived from) in CVE-2021-29462.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/protozero: disable tests
Fabrice Fontaine [Thu, 22 Apr 2021 18:24:43 +0000 (20:24 +0200)]
package/protozero: disable tests

Add a patch to disable tests through the standard BUILD_TESTING variable
which is already passed by cmake-package.

While at it, drop protobuf dependency which is only needed for tests

This will fix a build failure on toolchains without wchar, toolchains
for sh4 (ICE) or toolchains where gcc is affected by bug 64735.

Upstream thinks that this is unecessary but no additional feedback was
received on how we should handle those build failures

Fixes:
 - http://autobuild.buildroot.org/results/1cd24b757d87b963c70bc7ff927c6d983d0b142a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kodi-inputstream-adaptive: bump version to 2.6.14-Matrix
Bernd Kuhls [Thu, 22 Apr 2021 18:26:37 +0000 (20:26 +0200)]
package/kodi-inputstream-adaptive: bump version to 2.6.14-Matrix

Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/{mesa3d, mesa3d-headers}: bump version to 21.0.3
Bernd Kuhls [Thu, 22 Apr 2021 18:25:38 +0000 (20:25 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.0.3

Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-April/000627.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/postgis: add optional protobuf-c dependency
Fabrice Fontaine [Thu, 22 Apr 2021 18:26:41 +0000 (20:26 +0200)]
package/postgis: add optional protobuf-c dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/domoticz: bump to version 2021.1
Fabrice Fontaine [Thu, 22 Apr 2021 18:30:11 +0000 (20:30 +0200)]
package/domoticz: bump to version 2021.1

- Drop all patches (already in version)
- USE_BUILTIN_LUA has been removed since
  https://github.com/domoticz/domoticz/commit/275effddf0921698197dbc38bde199c48d4956f9
- cereal is a mandatory dependency since
  https://github.com/domoticz/domoticz/commit/275effddf0921698197dbc38bde199c48d4956f9
- fmt is a mandatory dependency since
  https://github.com/domoticz/domoticz/commit/f049d7d574aae0ab0da1b8a042c59b420106e31c
- Remaining external dependencies (such as minizip which is not
  compatible with our fork of minizip) must be retrieved through git
  submodules since
  https://github.com/domoticz/domoticz/commit/275effddf0921698197dbc38bde199c48d4956f9

https://github.com/domoticz/domoticz/blob/2021.1/History.txt

Fixes:
 - http://autobuild.buildroot.org/results/370/3709e3cd96351ab35d5a8441658faf9bd51cd118

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/samba4: bump version to 4.14.3
Bernd Kuhls [Thu, 22 Apr 2021 19:06:46 +0000 (21:06 +0200)]
package/samba4: bump version to 4.14.3

Release notes: https://www.samba.org/samba/history/samba-4.14.3.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/openvpn: security bump version to 2.5.2
Bernd Kuhls [Thu, 22 Apr 2021 18:40:06 +0000 (20:40 +0200)]
package/openvpn: security bump version to 2.5.2

Fixes CVE-2020-15078:
https://forums.openvpn.net/viewtopic.php?f=20&t=32179

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gerbera: needs dynamic library
Fabrice Fontaine [Thu, 22 Apr 2021 20:52:56 +0000 (22:52 +0200)]
package/gerbera: needs dynamic library

Disable gerbera with static builds as it raises build failures since
bump to version 1.8.0 in commit 8974596836945eada8e162844fb87f88adec9100
and upstream does not seem to care or test static builds:
https://github.com/gerbera/gerbera/issues/1221

Fixes:
 - http://autobuild.buildroot.org/results/9c59ef912d09bb3c0647b98aa8e9eca7fccbe08f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/uftrace: new package
Asaf Kahlon [Fri, 23 Apr 2021 17:26:01 +0000 (20:26 +0300)]
package/uftrace: new package

The uftrace tool is to trace and analyze execution of a program
written in C/C++.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/cgilua: bump to version 6.0.2
Francois Perrad [Fri, 23 Apr 2021 14:05:03 +0000 (16:05 +0200)]
package/cgilua: bump to version 6.0.2

The hash of the HTML license file has changed due to changes in the
HTML menu and other parts of the page that don't change the license
text itself.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/redis: bump to v6.2.2
Titouan Christophe [Fri, 23 Apr 2021 11:46:03 +0000 (13:46 +0200)]
package/redis: bump to v6.2.2

From the release notes:
================================================================================
Redis 6.2.2 Released Mon April 19 19:00:00 IST 2021
================================================================================

Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG REWRITE, or
suffering from performance regression.

See https://github.com/redis/redis/blob/6.2.2/00-RELEASENOTES

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/rcw-smarc-sal28: bump to version 11
Michael Walle [Tue, 23 Mar 2021 08:46:59 +0000 (09:46 +0100)]
package/rcw-smarc-sal28: bump to version 11

From the changelog:
* Enable SATA RX lane swap
* Add workaround for A-010554 (Improve SATA hard drive detection)
* Add workaround for A-009531 (Wrong IDO bit value for PCIe completion
  packets)

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/kismet: fix static build with uclibc
Fabrice Fontaine [Fri, 2 Apr 2021 18:14:58 +0000 (20:14 +0200)]
package/kismet: fix static build with uclibc

Fix static build with uclibc which is raised since bump to version
2020-12-R3 in commit 14522a8f9d272204763c49a21ebce5653430c612

Fixes:
 - http://autobuild.buildroot.org/results/69dcb7ac99e63fca342e4d52d9311d1ee1931911

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/nut: bump version
Bernd Kuhls [Sat, 3 Apr 2021 08:19:53 +0000 (10:19 +0200)]
package/nut: bump version

The last release is five years old. To support newer hardware we bump
the package to latest git master branch. For upstream discussion see
github issue 819.

Removed patches, they were all applied upstream.

Added NUT_PRE_CONFIGURE_HOOKS to fix autoreconf:

configure.ac:1994: error: required file 'scripts/augeas/nutupsconf.aug.in' not found
configure.ac:1994: error: required file 'scripts/devd/nut-usb.conf.in' not found
configure.ac:1994: error: required file 'scripts/udev/nut-usbups.rules.in' not found

because upstream autogen.sh creates additional files:
https://github.com/networkupstools/nut/blob/master/autogen.sh

Configure is not cross-compile friendly:
https://github.com/networkupstools/nut/blob/master/m4/ax_c_pragmas.m4#L574
Add ax_cv__printf_string_null=yes to fix cross build.

Removed configure option --without-hal due to upstream removal of hal
files:
https://github.com/networkupstools/nut/commit/5860c09e85278e597f85d26b3a23be8c80c199e8

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python{,3}-regex: bump to version 2021.4.4
Leon Anavi [Fri, 9 Apr 2021 09:00:56 +0000 (12:00 +0300)]
package/python{,3}-regex: bump to version 2021.4.4

Upgrade to release 2021.4.4 with the following bug fixes:

- regex fails with a quantified backreference but succeeds with
  repeated backref
- API is not a drop-in replacement for python's re when it comes
  to typing

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/azure-iot-sdk-c: bump version to LTS_01_2021_Ref01
Sergio Prado [Sat, 10 Apr 2021 09:37:38 +0000 (06:37 -0300)]
package/azure-iot-sdk-c: bump version to LTS_01_2021_Ref01

Also remove patch (already in upstream)

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libhttpserver: bump to version 0.18.2
Fabrice Fontaine [Fri, 9 Apr 2021 21:38:32 +0000 (23:38 +0200)]
package/libhttpserver: bump to version 0.18.2

Drop patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-gpiozero: bump version to 1.6.2
Peter Seiderer [Fri, 9 Apr 2021 21:12:58 +0000 (23:12 +0200)]
package/python-gpiozero: bump version to 1.6.2

- update license file hash:
  @@ -1,3 +1,5 @@
  +SPDX-License-Identifier: BSD-3-Clause
  +

- add setuptools runtime dependency, fixes:

$ pinout -r a020d3 -m
Traceback (most recent call last):
  File "/usr/bin/pinout", line 6, in <module>
    from pkg_resources import load_entry_point
ModuleNotFoundError: No module named 'pkg_resources'

For details see [1].

[1] https://gpiozero.readthedocs.io/en/stable/changelog.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-colorzero: bump version to 2.0
Peter Seiderer [Fri, 9 Apr 2021 21:12:57 +0000 (23:12 +0200)]
package/python-colorzero: bump version to 2.0

- change to python3 only

- update license file hash:
  @@ -1,4 +1,4 @@
  -Copyright 2016-2018 Dave Jones <dave@waveform.org.uk>
  +SPDX-License-Identifier: BSD-3-Clause

Changelog ([1]):

  - Dropped Python 2.x support. Current Python support level is 3.5 and above.

  - Added html and css format specifications to the :class:`Color` class'
    string-formatting capabilities.

[1] https://github.com/waveform80/colorzero/blob/master/docs/changelog.rst

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/sdl_mixer: fix static build with tremor
Fabrice Fontaine [Sat, 10 Apr 2021 10:05:54 +0000 (12:05 +0200)]
package/sdl_mixer: fix static build with tremor

Static build with tremor raises a build failure since bump to latest git
tree in commit c8e27f3baa90351a417ff6e172d214c4a72e7314. However, it
should be noted that before this bump, tremor was always disabled in
static builds because vorbisidec detection was broken until
https://github.com/libsdl-org/SDL_mixer/commit/565a9a27cc8c184ad0203f004b834880ffd45d32

Fixes:
 - http://autobuild.buildroot.org/results/9634adc433da0e25732eb98675c59d0f96ac93b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/sdl_mixer: drop unrecognized option
Fabrice Fontaine [Sat, 10 Apr 2021 10:05:53 +0000 (12:05 +0200)]
package/sdl_mixer: drop unrecognized option

--without-x is not recognized since at least version 1.2.12:

configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --without-x

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/can-utils: bump to version 2020.12.0
Francois Perrad [Mon, 12 Apr 2021 16:59:08 +0000 (18:59 +0200)]
package/can-utils: bump to version 2020.12.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-flup: update dependency to python3
Jared Bents [Mon, 12 Apr 2021 16:44:05 +0000 (11:44 -0500)]
package/python-flup: update dependency to python3

Since version flup-1.0.3.dev20151210, flup needs Python 3. This was
apparently missed in Buildroot commit
ff0f53c04db8cc6eb5ce2eb92b7e7d1fe17297ae, which bumped flup from
1.0.3.dev-20110405 to 1.0.3.dev20161029.

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-iwlib: new package
Jared Bents [Mon, 12 Apr 2021 15:20:32 +0000 (10:20 -0500)]
package/python-iwlib: new package

A package for interfacing with iwlib, providing an implementation to
the wireless tools in Linux.

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/librsync: bump to version 2.3.2
Fabrice Fontaine [Mon, 12 Apr 2021 16:17:00 +0000 (18:17 +0200)]
package/librsync: bump to version 2.3.2

This is a patch release that fixes some minor bugs, tidies the code for
many compiler warnings, and improves windows compatibility. Upgrading
from v2.3.1 is recommended for most people, and essential for people
using platforms experiencing bugs #214 or #207.

https://github.com/librsync/librsync/releases/tag/v2.3.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/skalibs: fix build with xtensa
Fabrice Fontaine [Sun, 11 Apr 2021 15:20:14 +0000 (17:20 +0200)]
package/skalibs: fix build with xtensa

Build with xtensa toolchain is broken since bump to version 2.10.0.2 in
commit 4d5587cb56224b2b28f53b0202fb14b2ab32d5fb indeed patch was dropped
assuming that it was included upstream but this assumption was wrong.

The code was just reworked in version 2.10.0.0 and commit
https://github.com/skarnet/skalibs/commit/21e6ea800cc96ba76e94ad8de1dfa58ab1b7ceb6

Fixes:
 - http://autobuild.buildroot.org/results/ee58ffa7b2f0be46ef7bc0ba38d3142f26a9bce9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/s6-linux-init: bump to version 1.0.6.1
Fabrice Fontaine [Sun, 11 Apr 2021 09:11:04 +0000 (11:11 +0200)]
package/s6-linux-init: bump to version 1.0.6.1

Build is broken since bump of skalibs to version 2.10.0.2 in commit
4d5587cb56224b2b28f53b0202fb14b2ab32d5fb because skalibs removed
webipc.h in version 2.10.0.0 and
https://github.com/skarnet/skalibs/commit/e557bab0dcaf35f003fa755b74e4c80000e05e42

So bump to version 1.0.6.1 to retrieve the following commit
https://github.com/skarnet/s6-linux-init/commit/ca8d2c96ea09cb33ff6fef33c0314c24fc6a026a

Update hash of COPYING (update in year:
https://github.com/skarnet/s6-linux-init/commit/5e17662d138fc9c9f70a4422eab059c2bdc9432d
https://github.com/skarnet/s6-linux-init/commit/1de5c2d7c63916b11668078445e5f75c054bc898)

While at it, also update indentation in hash file (two spaces)

Fixes:
 - http://autobuild.buildroot.org/results/fe879267675a80bfc5ba17341144feeee53dc197

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libplatform: fix build with gcc 5
Fabrice Fontaine [Sun, 11 Apr 2021 08:33:17 +0000 (10:33 +0200)]
package/libplatform: fix build with gcc 5

Build with gcc 5 is broken since latest bump in commit
977f5fd13480699d94e0ba63d9afae94b71906e6

Instead of updating workaround, use a patch that has been submitted
upstream

Fixes:
 - http://autobuild.buildroot.org/results/2b1922f99b1c213b4e28a5b1a11879f4e28c202f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-mbstrdecoder: bump to version 1.0.1
Fabrice Fontaine [Sat, 10 Apr 2021 12:26:18 +0000 (14:26 +0200)]
package/python-mbstrdecoder: bump to version 1.0.1

https://github.com/thombashi/mbstrdecoder/releases/tag/v1.0.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-mbstrdecoder: add python-chardet dependency
Fabrice Fontaine [Sat, 10 Apr 2021 12:26:17 +0000 (14:26 +0200)]
package/python-mbstrdecoder: add python-chardet dependency

chardet is a mandatory runtime dependency since version 0.8.2 and
https://github.com/thombashi/mbstrdecoder/commit/e9344a0916f65d143c51e0680c30db4ae7690ccf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/samba4: add required python deps for AD DC support
Bernd Kuhls [Sun, 4 Apr 2021 16:58:23 +0000 (18:58 +0200)]
package/samba4: add required python deps for AD DC support

Needed due to upstream commit:
https://gitlab.com/samba-team/samba/-/commit/2420b7c6d2038aca33759ca3a7d41240c5f19bf7

Fixes:
http://autobuild.buildroot.net/results/12a/12a74665a2349eacb28c3035bb36a4dce1d740d1/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/ell: use official tarball
Fabrice Fontaine [Tue, 6 Apr 2021 16:41:46 +0000 (18:41 +0200)]
package/ell: use official tarball

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libtool: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:34 +0000 (15:11 -0500)]
package/libtool: add _CPE_ID_VENDOR

cpe:2.3:a:gnu:libtool:2.4.6:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:libtool

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: drop version from reference URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sysvinit: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:46 +0000 (15:11 -0500)]
package/sysvinit: add _CPE_ID_VENDOR

cpe:2.3:a:sysvinit_project:sysvinit:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:sysvinit_project:sysvinit

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/sysstat: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:45 +0000 (15:11 -0500)]
package/sysstat: add _CPE_ID_VENDOR

cpe:2.3:a:sysstat_project:sysstat:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:sysstat_project:sysstat

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/rp-pppoe: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:44 +0000 (15:11 -0500)]
package/rp-pppoe: add _CPE_ID_VENDOR

cpe:2.3:a:rp-pppoe_project:rp-pppoe:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:rp-pppoe_project:rp-pppoe

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/rng-tools: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:43 +0000 (15:11 -0500)]
package/rng-tools: add _CPE_ID_VENDOR

cpe:2.3:a:rng-tools_project:rng-tools:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:rng-tools_project:rng-tools

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/python3-setuptools: add _CPE_ID_VENDOR and_CPE_ID_PRODUCT
Matt Weber [Tue, 20 Apr 2021 20:11:42 +0000 (15:11 -0500)]
package/python3-setuptools: add _CPE_ID_VENDOR and_CPE_ID_PRODUCT

cpe:2.3:a:python:setuptools:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:python:setuptools

Note: 63332c33aa already added those for the python(2) variant.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - add reference to 63332c33aa
  - move up, right after license
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/python3-decorator: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT
Matt Weber [Tue, 20 Apr 2021 20:11:41 +0000 (15:11 -0500)]
package/python3-decorator: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT

cpe:2.3:a:python:decorator:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:python:decorator

Note: 4783e5fd8c already added those for the python(2) variant.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - add reference to 4783e5fd8c
  - move up, right after license
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/pugixml: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:40 +0000 (15:11 -0500)]
package/pugixml: add _CPE_ID_VENDOR

cpe:2.3:a:pugixml_project:pugixml:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:pugixml_project:pugixml

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/popt: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:39 +0000 (15:11 -0500)]
package/popt: add _CPE_ID_VENDOR

cpe:2.3:a:popt_project:popt:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:popt_project:popt

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/pkgconf: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:38 +0000 (15:11 -0500)]
package/pkgconf: add _CPE_ID_VENDOR

cpe:2.3:a:pkgconf:pkgconf:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:pkgconf:pkgconf

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/parted: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:37 +0000 (15:11 -0500)]
package/parted: add _CPE_ID_VENDOR

cpe:2.3:a:parted_project:parted:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:parted_project:parted

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/openresolv: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:36 +0000 (15:11 -0500)]
package/openresolv: add _CPE_ID_VENDOR

cpe:2.3:a:openresolv_project:openresolv:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:openresolv_project:openresolv

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/make: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:35 +0000 (15:11 -0500)]
package/make: add _CPE_ID_VENDOR

cpe:2.3:a:gnu:make:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:make

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libnl: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:32 +0000 (15:11 -0500)]
package/libnl: add _CPE_ID_VENDOR

cpe:2.3:a:libnl_project:libnl:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libnl_project:libnl

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libdaemon: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:31 +0000 (15:11 -0500)]
package/libdaemon: add _CPE_ID_VENDOR

cpe:2.3:a:libdaemon_project:libdaemon:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libdaemon_project:libdaemon

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/libcap: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:30 +0000 (15:11 -0500)]
package/libcap: add _CPE_ID_VENDOR

cpe:2.3:a:libcap_project:libcap:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libcap_project:libcap

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/json-for-modern-cpp: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:29 +0000 (15:11 -0500)]
package/json-for-modern-cpp: add _CPE_ID_VENDOR

cpe:2.3:a:json-for-modern-cpp_project:json-for-modern-cpp:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:json-for-modern-cpp_project:json-for-modern-cpp

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/iputils: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:28 +0000 (15:11 -0500)]
package/iputils: add _CPE_ID_VENDOR

cpe:2.3:a:iputils_project:iputils:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:iputils_project:iputils

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/iproute2: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:27 +0000 (15:11 -0500)]
package/iproute2: add _CPE_ID_VENDOR

cpe:2.3:a:iproute2_project:iproute2:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:iproute2_project:iproute2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/gperf: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT
Matt Weber [Tue, 20 Apr 2021 20:11:26 +0000 (15:11 -0500)]
package/gperf: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT

cpe:2.3:a:gperftools_project:gperftools:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gperftools_project:gperftools

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/cmake: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:25 +0000 (15:11 -0500)]
package/cmake: add _CPE_ID_VENDOR

cpe:2.3:a:cmake_project:cmake:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:cmake_project:cmake

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/cgroupfs-mount: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:24 +0000 (15:11 -0500)]
package/cgroupfs-mount: add _CPE_ID_VENDOR

cpe:2.3:a:cgroupfs-mount_project:cgroupfs-mount:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:cgroupfs-mount_project:cgroupfs-mount

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/c-periphery: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:23 +0000 (15:11 -0500)]
package/c-periphery: add _CPE_ID_VENDOR

cpe:2.3:a:c-periphery_project:c-periphery:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:c-periphery_project:c-periphery

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/automake: add _CPE_ID_VENDOR
Matt Weber [Tue, 20 Apr 2021 20:11:22 +0000 (15:11 -0500)]
package/automake: add _CPE_ID_VENDOR

cpe:2.3:a:gnu:automake:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aautomake

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/timescaledb: bump version to 2.1.1
Maxim Kochetkov [Thu, 8 Apr 2021 05:02:46 +0000 (08:02 +0300)]
package/timescaledb: bump version to 2.1.1

Release notes: https://github.com/timescale/timescaledb/releases/tag/2.1.1

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoboot/at91bootstrap: add legal information
Thomas Petazzoni [Mon, 5 Apr 2021 15:32:48 +0000 (17:32 +0200)]
boot/at91bootstrap: add legal information

The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/python-falcon: bump to version 3.0.0
Grzegorz Blach [Tue, 6 Apr 2021 16:06:04 +0000 (18:06 +0200)]
package/python-falcon: bump to version 3.0.0

Depends on BR2_PACKAGE_PYTHON3

The hash of the license file has changed because a short license file
was replaced by the complete text of the Apache 2.0 license. The
license itself remains the same.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gstreamer1/gst1-interpipe: bump version to 1.1.4
Peter Seiderer [Mon, 12 Apr 2021 19:42:06 +0000 (21:42 +0200)]
package/gstreamer1/gst1-interpipe: bump version to 1.1.4

Changelog:

  - fix for memory leak in set of listen-to property

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/exfatprogs: bump to version 1.1.0
Fabrice Fontaine [Sun, 18 Apr 2021 19:53:36 +0000 (21:53 +0200)]
package/exfatprogs: bump to version 1.1.0

https://github.com/exfatprogs/exfatprogs/releases/tag/1.1.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/uboot-tools: security bump to version 2021.04
Fabrice Fontaine [Sun, 18 Apr 2021 19:43:32 +0000 (21:43 +0200)]
package/uboot-tools: security bump to version 2021.04

- Fix CVE-2021-27097: The boot loader in Das U-Boot before 2021.04-rc2
  mishandles a modified FIT.
- Fix CVE-2021-27138: The boot loader in Das U-Boot before 2021.04-rc2
  mishandles use of unit addresses in a FIT.

- Update second patch
- Drop fourth patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/nettle: security bump to version 3.7.2
Fabrice Fontaine [Sun, 18 Apr 2021 18:51:14 +0000 (20:51 +0200)]
package/nettle: security bump to version 3.7.2

Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2,
where several Nettle signature verification functions (GOST DSA, EDDSA &
ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply
function being called with out-of-range scalers, possibly resulting in
incorrect results. This flaw allows an attacker to force an invalid
signature, causing an assertion failure or possible validation. The
highest threat to this vulnerability is to confidentiality, integrity,
as well as system availability.

https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoconfigs/imx6-sabresd: bump U-Boot and kernel versions
Fabio Estevam [Tue, 20 Apr 2021 14:01:06 +0000 (11:01 -0300)]
configs/imx6-sabresd: bump U-Boot and kernel versions

Bump to U-Boot 2021.04 and kernel 5.10.25 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agoboot/uboot: bump to version 2021.04
Fabio Estevam [Tue, 20 Apr 2021 13:29:22 +0000 (10:29 -0300)]
boot/uboot: bump to version 2021.04

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/python-botocore: drop docutils dependency
Fabrice Fontaine [Sun, 18 Apr 2021 20:06:01 +0000 (22:06 +0200)]
package/python-botocore: drop docutils dependency

docutils is not a dependency since version 1.18.0 and
https://github.com/boto/botocore/commit/dd24dd1b2ee8654ae0cf6aebce4a2f50ea7d75f5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/fmt: add FMT_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 18 Apr 2021 18:38:47 +0000 (20:38 +0200)]
package/fmt: add FMT_CPE_ID_VENDOR

cpe:2.3:a:fmt:fmt is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afmt%3Afmt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agopackage/multipath-tools: bump to version 0.8.6
Alexander Egorenkov [Mon, 12 Apr 2021 09:03:37 +0000 (11:03 +0200)]
package/multipath-tools: bump to version 0.8.6

https://github.com/opensvc/multipath-tools/releases/tag/0.8.6

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libnpupnp: bump to version 4.1.3
Jörg Krause [Mon, 12 Apr 2021 08:04:02 +0000 (10:04 +0200)]
package/libnpupnp: bump to version 4.1.3

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/mpd: bump to version 0.22.6
Jörg Krause [Mon, 12 Apr 2021 07:29:58 +0000 (09:29 +0200)]
package/mpd: bump to version 0.22.6

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/dnsmasq: security bump to 2.85
Alexander Dahl [Sun, 18 Apr 2021 07:20:40 +0000 (09:20 +0200)]
package/dnsmasq: security bump to 2.85

CVE-2021-3448 applies.  See announcement for details.

Link: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014962.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/bitwise: bump version to 0.42
Ramon Fried [Sat, 17 Apr 2021 16:45:04 +0000 (19:45 +0300)]
package/bitwise: bump version to 0.42

Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/yavta: disable -Werror
Fabrice Fontaine [Sat, 17 Apr 2021 11:00:15 +0000 (13:00 +0200)]
package/yavta: disable -Werror

Fix build failure which is raised since bump to latest version in commit
87ba7be02fdd185668f86a59539343c70e1108e0

Fixes:
 - http://autobuild.buildroot.org/results/d5b4f69f46cef4dd11410fe48d21372cb883ae4a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/linux-serial-test: bump version
Michael Walle [Tue, 13 Apr 2021 20:48:40 +0000 (22:48 +0200)]
package/linux-serial-test: bump version

Give this package some love and update to the newest version. There are
no released versions, though. Therefore, use the latest commit.

Notable changes:
 - RS485 support fixes and features
 - internal loopback support

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/rsyslog: install default service file
Sam Voss [Wed, 14 Apr 2021 21:09:27 +0000 (16:09 -0500)]
package/rsyslog: install default service file

As of v8.2008 rsyslog no longer provides a default service file, and now
suggests using the platform suggested defaults. For Buildroot, install
the Debian service file which has been added in the same version,
however is not included in the official release.

Upstream commit which adds this service file:
https://github.com/rsyslog/rsyslog/commit/cfd07503ba055100a84d75d1a78a5c6cceb9fdab

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/spdlog: bump to version 1.8.5
Jörg Krause [Tue, 13 Apr 2021 08:35:24 +0000 (10:35 +0200)]
package/spdlog: bump to version 1.8.5

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/gerbera: bump to version 1.8.0
Jörg Krause [Tue, 13 Apr 2021 08:23:54 +0000 (10:23 +0200)]
package/gerbera: bump to version 1.8.0

Also recreate config.xml by building and running Gerbera using:

```
~/buildroot/output/target/usr/bin/gerbera --create-config > package/gerbera/config.xml

```

Note, that Gerbera sets the `<home>` parameter now to the runtime user's home by
default when generating the script. This is not appropriate when running Gerbera
on an embedded Linux system as we usually do not have multiple users or even
users at all. Therefore, we set the home directory to /var/lib/gerbera`.

As this directory is not created when installing Gerbera to the target,
it is created by the start script.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/luarocks: improve detection of license files
Francois Perrad [Wed, 14 Apr 2021 09:57:19 +0000 (11:57 +0200)]
package/luarocks: improve detection of license files

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/luarocks: bump to version 3.7.0
Francois Perrad [Wed, 14 Apr 2021 09:57:18 +0000 (11:57 +0200)]
package/luarocks: bump to version 3.7.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/luv: bump to version 1.40.0-0
Jörg Krause [Wed, 14 Apr 2021 05:16:07 +0000 (07:16 +0200)]
package/luv: bump to version 1.40.0-0

Also fix spacing to use 2 spaces in the hash file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agoDEVELOPERS: add Maxim Kochetkov for postgis
Maxim Kochetkov [Wed, 14 Apr 2021 04:35:45 +0000 (07:35 +0300)]
DEVELOPERS: add Maxim Kochetkov for postgis

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/oniguruma: bump to version 6.9.7.1
Fabrice Fontaine [Sat, 17 Apr 2021 10:42:45 +0000 (12:42 +0200)]
package/oniguruma: bump to version 6.9.7.1

Update hash of COPYING (update in year:
https://github.com/kkos/oniguruma/commit/56255e8b3e209453938b62cb2a5045d29e3c3ff9)

https://github.com/kkos/oniguruma/blob/v6.9.7.1/HISTORY

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libnss: bump version to 3.64
Giulio Benetti [Thu, 15 Apr 2021 22:01:45 +0000 (00:01 +0200)]
package/libnss: bump version to 3.64

Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.64_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/domoticz: drop boost date-time dependency
Fabrice Fontaine [Sun, 18 Apr 2021 20:07:30 +0000 (22:07 +0200)]
package/domoticz: drop boost date-time dependency

boost date-time is not a dependency since version 4.9700 and
https://github.com/domoticz/domoticz/commit/a3eacbc987b59dd4aa73ada24a0a6e9a0d27b740

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/domoticz: drop first patch
Fabrice Fontaine [Sun, 18 Apr 2021 20:07:29 +0000 (22:07 +0200)]
package/domoticz: drop first patch

Patch not needed since commit 37f197f8634352750f169b6a287588a09b82e00e
which bumped host-cmake dependency from 3.10 to 3.15

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libgpiod: bump to version 1.6.3
Michael Nosthoff [Thu, 15 Apr 2021 12:08:11 +0000 (14:08 +0200)]
package/libgpiod: bump to version 1.6.3

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/meson: bump version to 0.57.2
Bernd Kuhls [Thu, 15 Apr 2021 11:44:49 +0000 (13:44 +0200)]
package/meson: bump version to 0.57.2

Release notes: https://groups.google.com/g/mesonbuild/c/3YR_iOkh7co

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/grpc: bump to version 1.37.0
Michael Nosthoff [Thu, 15 Apr 2021 11:41:37 +0000 (13:41 +0200)]
package/grpc: bump to version 1.37.0

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/libcurl: bump version to 7.76.1
Bernd Kuhls [Fri, 16 Apr 2021 05:57:42 +0000 (07:57 +0200)]
package/libcurl: bump version to 7.76.1

Bugfix release.  For details, see the changelog:
https://curl.se/changes.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 years agopackage/m4: fix build with glibc 2.34
Fabrice Fontaine [Sun, 18 Apr 2021 11:42:53 +0000 (13:42 +0200)]
package/m4: fix build with glibc 2.34

m4 fails to build with glibc 2.34 because SIGSTKSZ is now a run-time
variable since
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6c57d320484988e87e446e2e60ce42816bf51d53

So backport an upstream patch from gnulib, see:
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00015.html

An other option would have been to apply patch from
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00024.html
but no feedback was received on this patch

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13721

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agosupport/scripts/cve.py: use proper CPE ID version when available
Thomas Petazzoni [Mon, 12 Apr 2021 19:41:25 +0000 (21:41 +0200)]
support/scripts/cve.py: use proper CPE ID version when available

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 years agopackage/tio: disable for sparc and sparc64 architectures
Sergio Prado [Sun, 25 Oct 2020 16:34:57 +0000 (13:34 -0300)]
package/tio: disable for sparc and sparc64 architectures

tio fails to build on sparc and sparc64 architectures with a
redefinition of 'struct termio' error, with no proper fix or workaround
for now. See discussions in [1] and [2] and picocom source code in [3].

[1] http://patchwork.ozlabs.org/project/buildroot/patch/20191227204520.1500501-1-fontaine.fabrice@gmail.com/
[2] http://patchwork.ozlabs.org/project/buildroot/patch/20200511142602.46170-1-vadim4j@gmail.com/
[3] https://github.com/npat-efault/picocom/blob/master/termbits2.h#L37

So let's disable it for now on sparc and sparc64 architectures.

Fixes:
http://autobuild.buildroot.org/results/e041dde522e2a774f528d4377f67ca0a8a99461c
http://autobuild.buildroot.org/results/6e1f9fe47e8b2cfdf5effcb7bbc697189f54ff2c
http://autobuild.buildroot.org/results/49708fe6f404fea6761f102af854e98d6a1d43c1
Many more...

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 years agosupport/scripts/cve.py: use fast ijson backend if available on old ijson versions
Peter Korsgaard [Fri, 9 Apr 2021 11:01:12 +0000 (13:01 +0200)]
support/scripts/cve.py: use fast ijson backend if available on old ijson versions

ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:

time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html

Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total

To
93,53s user 2,00s system 98% cpu 1:36,65 total

E.G. almost 2x as fast.

As a workaround, detect when the python backend is used and try to use a
more efficient one instead.  Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.

The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>