Matt Weber [Wed, 21 Apr 2021 01:20:08 +0000 (20:20 -0500)]
package/libqmi: add _CPE_ID_VENDOR
cpe:2.3:a:libqmi_project:libqmi:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libqmi_project:libqmi
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 25 Apr 2021 19:37:42 +0000 (21:37 +0200)]
package/pipewire: needs headers >= 3.18
v4l2 plugin needs headers >= 3.18 since
https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/
4cb90f3b868e5169cb9bfe2200f3b079d3f0db7b
(so since its addition to buildroot in commit
75c86f90c73c42ee35559610aec28a02190b65b7) because of
V4L2_PIX_FMT_ARGB555X which is only available since
https://github.com/torvalds/linux/commit/
fcc0d3db28922f9ba21ea6c7b23ea10ffb5d3521
v4l2 plugin can't be disabled until
https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/
8d71d2dab831b77cadb74f2e4630f549acc94ac4
Fixes:
- http://autobuild.buildroot.org/results/
b887b6ccd2c22bb3214c07d1281ad486438fb58e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 25 Apr 2021 13:54:54 +0000 (15:54 +0200)]
package/libfreefare: drop threads dependency
This dependency should have dropped by commit
1a49188a69416542087acd1246b17c0139ff0054 which removed threads
dependency from libnfc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 25 Apr 2021 08:36:10 +0000 (10:36 +0200)]
package/multipath-tools: fix legal-info
Commit
55a7382564e415dfcd29ebcf0b05577a6625d8ba forgot to update hash of
REAMDE.md (changes are not related to license:
https://github.com/opensvc/multipath-tools/commit/
021c2df40f367559e5fa1cf3fe3734e4ec5854ae
https://github.com/opensvc/multipath-tools/commit/
748d4453734937f372a930cfed3445f9903a9934)
Fixes:
- http://autobuild.buildroot.org/results/
9aa925b1a3fe8f0e38bef742c42304101b89b6b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 24 Apr 2021 22:31:10 +0000 (00:31 +0200)]
package/uboot-tools: fix build with FIT
Build with FIT is broken since bump to version 2021.04 in commit
a4c38ae470e6c472f0e0cdfbfb8e2e76f1e8047c
Fake a generated/autoconf.h with just the needed stuff as suggested by
Yann E. Morin in
https://patchwork.ozlabs.org/project/buildroot/patch/
20210422210559.707845-1-fontaine.fabrice@gmail.com
It seems that an empty file is enough as make options are still
interpreted
As a side-effect, drop third patch
Fixes:
- http://autobuild.buildroot.org/results/
5771a7413c98ec202c9623672787a1eee74da5e0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 24 Apr 2021 12:19:50 +0000 (14:19 +0200)]
support/dependencies: set cmake version min to 3.16
domoticz requires cmake 3.16 since version 2020.2 and
https://github.com/domoticz/domoticz/commit/
275effddf0921698197dbc38bde199c48d4956f9
Fixes:
- http://autobuild.buildroot.org/results/
0caec85c70341036a039dbc337ad99196b6005a9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 24 Apr 2021 12:19:49 +0000 (14:19 +0200)]
package/cmake: bump to version 3.16.9
Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Francois Perrad [Sat, 24 Apr 2021 19:20:29 +0000 (21:20 +0200)]
package/perl-role-tiny: bump to version 2.002004
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:28 +0000 (21:20 +0200)]
package/perl-path-tiny: bump to version 0.118
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:27 +0000 (21:20 +0200)]
package/perl-net-ssh2: bump to version 0.72
diff README.pod:
-Copyright (C) 2011 - 2019 by Salvador FandiE<ntilde>o (salva@cpan.org).
+Copyright (C) 2011 - 2020 by Salvador FandiE<ntilde>o (salva@cpan.org).
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:26 +0000 (21:20 +0200)]
package/perl-moo: bump to version 2.005004
diff LICENSE:
-This software is Copyright (c) 2020 by mst - Matt S. Trout (cpan:MSTROUT) <mst@shadowcat.co.uk>.
+This software is Copyright (c) 2021 by mst - Matt S. Trout (cpan:MSTROUT) <mst@shadowcat.co.uk>.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:25 +0000 (21:20 +0200)]
package/perl-mojolicious-plugin-authentication: bump to version 1.36
diff LICENSE:
-This software is copyright (c) 2018 by Ben van Staveren.
+This software is copyright (c) 2021 by Ben van Staveren.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:24 +0000 (21:20 +0200)]
package/perl-mojolicious: bump to version 9.17
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:23 +0000 (21:20 +0200)]
package/perl-libwww-perl: bump to version 6.53
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:22 +0000 (21:20 +0200)]
package/perl-io-socket-ssl: bump to version 2.070
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Sat, 24 Apr 2021 19:20:21 +0000 (21:20 +0200)]
package/perl-date-manip: bump to version 6.85
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 18 Apr 2021 16:23:58 +0000 (18:23 +0200)]
package/numactl: make available on all architectures
Since its introduction in commit
b05e74ff92b6728369e1540fc0a2bd60025f2146 in 2013, numactl has had an
explicit list of architectures that it supports. Interestingly, this
list does not include ARM, and now that rt-tests unconditionally needs
numactl, it meant the rt-tests package was no longer available on ARM.
Further investigation revealed that there is nothing in recent
versions of numactl that appears to be architecture-specific. It does
build with all of Buildroot toolchains currently used in the
autobuilders.
The only necessary changes are:
* Exclude no-MMU architectures, as madvise() is used in the code
base, and this is not available on no-MMU architectures.
* Make sure to use -latomic when needed, as some atomic operations
are used.
* Backport a patch that fixes the .symver usage, which only affects
really old gcc versions: only the old ARM Sourcery toolchain was
affected by this. Newer gcc versions support the gcc "symver"
attribute, so that the code that directly emits the assembly
.symver directive is not invoked.
With these changes, numactl builds successfully on all our supported
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 18 Apr 2021 20:50:42 +0000 (22:50 +0200)]
package/libp11: bump to version 0.4.11
Update indentation in hash file (two spaces)
https://github.com/OpenSC/libp11/releases/tag/libp11-0.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 20:38:58 +0000 (22:38 +0200)]
package/python-pytrie: bump to version 0.4.0
- python 2 support has been dropped since
https://github.com/gsakkis/pytrie/commit/
a60a601d85a660976f4aaab4cb0efcb15b91263b
- Use LICENSE instead of PKG-INFO which is available in the official
tarball since
https://github.com/gsakkis/pytrie/commit/
1ba5d547dfbf0d384dd16cf78a2cce91ef69fce8
- Update indentation in hash file (two spaces)
https://github.com/gsakkis/pytrie/blob/0.4.0/README.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 20:26:37 +0000 (22:26 +0200)]
package/python-sortedcontainers: bump to version 2.3.0
- Update indentation in hash file (two spaces)
- Update hash of LICENSE file (update in year:
https://github.com/grantjenks/python-sortedcontainers/commit/
d127cdde5f77804fe51f355fdad469a0ac7caede)
https://github.com/grantjenks/python-sortedcontainers/blob/v2.3.0/HISTORY.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 20:18:48 +0000 (22:18 +0200)]
package/usb_modeswitch: bump to version 2.6.1
Update indentation in hash file (two spaces)
https://www.draisberghof.de/usb_modeswitch/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 19 Apr 2021 23:58:28 +0000 (16:58 -0700)]
package/mender-artifact: bump version to 3.5.1
Also update various license hashes
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Mon, 19 Apr 2021 23:58:27 +0000 (16:58 -0700)]
package/mender: bump version to 2.6.0
Also update the progressbarlicense hash due to a year bump
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Tue, 20 Apr 2021 21:18:21 +0000 (23:18 +0200)]
configs/freescale_imx8*: bump BSP components to lf-5.10.y-1.0.0
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.10.y_1.0.0 versions.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Tue, 20 Apr 2021 21:18:20 +0000 (23:18 +0200)]
configs/freescale_imx8m*: bump BSP components to lf-5.10.y-1.0.0
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.10.y_1.0.0 versions.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Tue, 20 Apr 2021 21:18:19 +0000 (23:18 +0200)]
configs/freescale_imx7dsabresd: bump BSP components to lf-5.10.y-1.0.0
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.10.y-1.0.0 versions.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Stephane Viau [Tue, 20 Apr 2021 21:18:18 +0000 (23:18 +0200)]
configs/freescale_imx6*: bump BSP components to lf-5.10.y-1.0.0
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.10.y-1.0.0 versions.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:21:04 +0000 (10:21 +0200)]
package/freescale-imx/imx-sc-firmware: bump to version 1.8.0
- Same version as NXP release 5.10.9_1.0.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v19
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:21:03 +0000 (10:21 +0200)]
package/freescale-imx/imx-seco: bump to version 3.7.5
- Same version as NXP release 5.10.9_1.0.0
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:21:02 +0000 (10:21 +0200)]
package/freescale-imx/imx-gpu-g2d: bump to version 6.4.3.p1.2
- Same version as NXP release 5.10.9_1.0.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v19
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:21:01 +0000 (10:21 +0200)]
package/freescale-imx/imx-gpu-viv: bump to version 6.4.3.p1.2
- Same version as NXP release 5.10.9_1.0.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v19
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:21:00 +0000 (10:21 +0200)]
package/freescale-imx/firmware-imx: bump version to 8.11
- Same version as NXP release 5.10.9_1.0.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v19
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:20:59 +0000 (10:20 +0200)]
package/freescale-imx/imx-vpu-hantro: bump version to 1.21.0
- Same version as NXP release 5.10.9_1.0.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v19
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 24 Apr 2021 16:08:57 +0000 (18:08 +0200)]
package/uftrace: fix build on i386
The --arch value on i386 must be "i386", and not i486, i586 or i686,
so let's have a special case for BR2_i386, and use $(BR2_ARCH) for the
other supported CPU architectures.
Fixes:
http://autobuild.buildroot.net/results/
01a28789bcec9af66137cbce5a8fda2d606de99f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sébastien Szymanski [Tue, 20 Apr 2021 08:29:53 +0000 (10:29 +0200)]
package/freescale-imx/imx-vpu: fix {EULA, COPYING} file hashes
Commit
a646cd27b112 (package/freescale-imx/imx-vpu: bump version to
5.4.39.3) somehow messed up when updating the hashes of the licene
files:
>>> imx-vpu 5.4.39.3 Collecting legal info
ERROR: EULA has wrong sha256 hash:
ERROR: expected:
a39da2e94bd8b99eaac4325633854620ea3a55145259c3a7748c610a80714cfc
ERROR: got :
7ffad92e72e5f6b23027e7cf93a770a4acef00a92dcf79f22701ed401c5478c0
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
ERROR: COPYING has wrong sha256 hash:
ERROR: expected:
69cbb76b3f10ac5a8c36f34df7bbdf50825815560c00a946fff2922365ef01a2
ERROR: got :
2ceab29de5ea533b86f570bcc4e9ddbfb5fe85a1da4978a8613ff3fd9bed781d
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
The most probable cause is some confusion with imx-vpu-hantro, as the
faulty hashes reported above are those found in imx-vpu-hantro.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[yann.morin.1998@free.fr: rewrite commit log with a probably reason]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:35 +0000 (15:42 -0500)]
package/tar: ignore CVE-2007-4476
https://security-tracker.debian.org/tracker/CVE-2007-4476
Currently NVD has this incorrectly tagged for all versions.
The bug trackers on different distros show it was generally
fixed in versions >= 1.16 but because the impacted source
code is in the GNU paxutils, it is hard to follow in what
cases tar has been fixed around that 1.16 version.
https://bugs.gentoo.org/196978
https://www.itsecdb.com/oval/definition/oval/org.mitre.oval/def/9336/Buffer-overflow-in-the-safer-name-suffix-function-in-GNU-tar.html
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:34 +0000 (15:42 -0500)]
package/rsyslog: ignore CVE-2015-3243
https://security-tracker.debian.org/tracker/CVE-2015-3243
"Rsyslog uses weak permissions for generating log files."
Ignoring this CVE for Buildroot as normally there are not local
users and a build could customize the rsyslog.conf to be more
restrictive ($FileCreateMode 0640).
Example fix from Alpino Linux
https://github.com/libTorrentUser/alpino-linux-aports/commit/
3cb5210cdac46fb8805d4028df16f5889f393a09
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:33 +0000 (15:42 -0500)]
package/ncurses: ignore CVE-2018-10754, CVE-2018-19211, CVE-2018-19217, CVE-2019-17594, CVE-2019-17595
Commit
4b21273d71d09 added upstream (security) patches up to
20200118
and in the commit description it outlines these CVEs were patched.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:32 +0000 (15:42 -0500)]
package/wpa_supplicant: ignore CVE-2021-30004 when using openssl
The CVE can be ignored when the internal TLS impl isn't used.
https://security-tracker.debian.org/tracker/CVE-2021-30004
"Issue only affects the "internal" TLS implementation
(CONFIG_TLS=internal)"
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:31 +0000 (15:42 -0500)]
package/hostapd: ignore CVE-2021-30004 when using openssl
The CVE can be ignored when the internal TLS impl isn't used.
https://security-tracker.debian.org/tracker/CVE-2021-30004
"Issue only affects the "internal" TLS implementation
(CONFIG_TLS=internal)"
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:30 +0000 (15:42 -0500)]
package/flex: ignore CVE-2019-6293
https://security-tracker.debian.org/tracker/CVE-2019-6293
https://github.com/NixOS/nixpkgs/issues/55386#issuecomment-
683792976
"But this bug does not cause stack overflows in the generated code.
The function and file referred to in the bug (mark_beginning_as_normal
in nfa.c) are part of the flex code generator, not part of the
generated code. If flex crashes before generating any code, that
can hardly be a vulnerability. If flex does not crash, the generated
code is fine (or perhaps subject to other unreported bugs, who knows,
but the NFA has been generated correctly)."
Upstream has chosen to not provide a fix
https://github.com/westes/flex/issues/414
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: use actual upstream URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:29 +0000 (15:42 -0500)]
package/cmake: ignore CVE-2016-10642
This is specific to the npm package that installs cmake, so isn't
relevant to Buildroot.
https://github.com/openembedded/openembedded-core/blob/
14241ed09f9ed317045cf75a6d08416d3579bb8d/meta/recipes-devtools/cmake/cmake.inc
https://nvd.nist.gov/vuln/detail/CVE-2016-10642#vulnCurrentDescriptionTitle
"cmake installs the cmake x86 linux binaries. cmake downloads
binary resources over HTTP, which leaves it vulnerable to
MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested binary with
an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server."
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:28 +0000 (15:42 -0500)]
package/bind: ignore CVE-2019-6470
There had existed in one of the ISC BIND libraries a bug in a
function that was used by dhcpd when operating in DHCPv6 mode.
There was also a bug in dhcpd relating to the use of this function
per its documentation, but the bug in the library function
prevented this from causing any harm. All releases of dhcpd from
ISC contain copies of this, and other, BIND libraries in
combinations that have been tested prior to release and are known
to not present issues like this.
Affects: Builds of dhcpd versions prior to version 4.4.1 when
using BIND versions 9.11.2 or later.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6470
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:27 +0000 (15:42 -0500)]
package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
This CVE is only relevant to a build when the SUSE coreutils-i18n.patch
is included. The upstream codebase does not include this patch, nor
does Buildroot.
https://security-tracker.debian.org/tracker/CVE-2013-0221
https://security-tracker.debian.org/tracker/CVE-2013-0222
https://security-tracker.debian.org/tracker/CVE-2013-0223
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Wed, 21 Apr 2021 20:42:26 +0000 (15:42 -0500)]
package/bind: ignore CVE-2017-3139
This CVE is only relevant to the configuration of a specific
RHEL release (6.x).
https://bugzilla.redhat.com/show_bug.cgi?id=
1447743
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:54 +0000 (22:23 +0200)]
package/bash: add option to keep or remove loadable examples
bash has a concept of "loadables", which are "plugins" that can be
loaded at runtime by bash to add new builtin. For example:
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
# enable -f /usr/lib/bash/whoami whoami
# type whoami
whoami is a shell builtin
# whoami
root
# enable -d whoami
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
bash comes with a set of example loadables, installed in
/usr/lib/bash/. They take 312 KB on ARM32, and are by default not
used, and provide builtins that are for the most part already
available as external commands in Busybox/coreutils:
Makefile.inc finfo mkfifo realpath sync
accept head mktemp rm tee
basename id mypid rmdir truefalse
csv ln pathchk seq tty
cut loadables.h print setpgid uname
dirname logname printenv sleep unlink
fdflags mkdir push strftime whoami
So instead of having them unconditionally installed, add an option to
enable/disable their installation (their build apparently cannot be
disabled via a configure option).
Normally, we try to keep backward compatibility by preserving the
existing behavior. In this case, this would have meant making this
option "default y". But this also breaks our principle of "being
minimal by default", and in this case, it feels preferable to be
"minimal by default" than preserving existing behavior.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:55 +0000 (22:23 +0200)]
package/bash: drop SHOBJ_STATUS from BASH_CONF_ENV
SHOBJ_STATUS=unsupported was added in commit
4a2af11cba83ef176672609dd7321712fa7f6a28 to work around a limitation
of the configure script that forgot to set this variable in
static-linking configurations.
It turns out that this issue has been fixed upstream as of bash 5.0:
https://git.savannah.gnu.org/cgit/bash.git/diff/configure.ac?id=
d233b485e83c3a784b803fb894280773f16f2deb
(see hunk @@ -1151,6 +1179,9 @@)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Fri, 23 Apr 2021 20:23:53 +0000 (22:23 +0200)]
package/bash: use --bindir instead of exec_prefix=
We want bash to be installed as /bin/bash. For ages, Buildroot has
been doing this by overriding exec_prefix at install time. First of
all, it would be preferred to do this at configure time. But also,
overriding exec_prefix not only changes where "bash" goes, but also
where the pkgconfig file goes. Due to this, bash.pc goes into
/lib/pkgconfig/, and doesn't get removed by target-finalize.
Since all we want is to have 'bash' as /bin/bash, simply pass
--bindir=/bin at configure time. This allows to use the default target
installation logic for autotools-package. We keep a post-install
target hook to remove /bin/bashbug.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
James Hilliard [Wed, 21 Apr 2021 11:54:42 +0000 (05:54 -0600)]
package/cups: bump to version 2.3.3op2
Switch to new OpenPrinting upstream repository.
NOTICE hash change due to date+copyright holder update in:
https://github.com/OpenPrinting/cups/commit/
1bc199354e592f73b9d17215953b9965849b3124
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Thu, 22 Apr 2021 07:29:22 +0000 (07:29 +0000)]
package/libupnp: security bump to version 1.14.6
The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.
Fixes CVE-2021-29462
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Thu, 22 Apr 2021 07:50:16 +0000 (07:50 +0000)]
package/libnpupnp: security bump to version 4.1.4
Fix vulnerability to DNS-rebind attacks.
This security fix addresses the same vulnerability isue which was reported
for libupnp (which libnpupnp is derived from) in CVE-2021-29462.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 22 Apr 2021 18:24:43 +0000 (20:24 +0200)]
package/protozero: disable tests
Add a patch to disable tests through the standard BUILD_TESTING variable
which is already passed by cmake-package.
While at it, drop protobuf dependency which is only needed for tests
This will fix a build failure on toolchains without wchar, toolchains
for sh4 (ICE) or toolchains where gcc is affected by bug 64735.
Upstream thinks that this is unecessary but no additional feedback was
received on how we should handle those build failures
Fixes:
- http://autobuild.buildroot.org/results/
1cd24b757d87b963c70bc7ff927c6d983d0b142a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 22 Apr 2021 18:26:37 +0000 (20:26 +0200)]
package/kodi-inputstream-adaptive: bump version to 2.6.14-Matrix
Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 22 Apr 2021 18:25:38 +0000 (20:25 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.0.3
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-April/000627.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 22 Apr 2021 18:26:41 +0000 (20:26 +0200)]
package/postgis: add optional protobuf-c dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 22 Apr 2021 18:30:11 +0000 (20:30 +0200)]
package/domoticz: bump to version 2021.1
- Drop all patches (already in version)
- USE_BUILTIN_LUA has been removed since
https://github.com/domoticz/domoticz/commit/
275effddf0921698197dbc38bde199c48d4956f9
- cereal is a mandatory dependency since
https://github.com/domoticz/domoticz/commit/
275effddf0921698197dbc38bde199c48d4956f9
- fmt is a mandatory dependency since
https://github.com/domoticz/domoticz/commit/
f049d7d574aae0ab0da1b8a042c59b420106e31c
- Remaining external dependencies (such as minizip which is not
compatible with our fork of minizip) must be retrieved through git
submodules since
https://github.com/domoticz/domoticz/commit/
275effddf0921698197dbc38bde199c48d4956f9
https://github.com/domoticz/domoticz/blob/2021.1/History.txt
Fixes:
- http://autobuild.buildroot.org/results/370/
3709e3cd96351ab35d5a8441658faf9bd51cd118
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 22 Apr 2021 19:06:46 +0000 (21:06 +0200)]
package/samba4: bump version to 4.14.3
Release notes: https://www.samba.org/samba/history/samba-4.14.3.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 22 Apr 2021 18:40:06 +0000 (20:40 +0200)]
package/openvpn: security bump version to 2.5.2
Fixes CVE-2020-15078:
https://forums.openvpn.net/viewtopic.php?f=20&t=32179
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 22 Apr 2021 20:52:56 +0000 (22:52 +0200)]
package/gerbera: needs dynamic library
Disable gerbera with static builds as it raises build failures since
bump to version 1.8.0 in commit
8974596836945eada8e162844fb87f88adec9100
and upstream does not seem to care or test static builds:
https://github.com/gerbera/gerbera/issues/1221
Fixes:
- http://autobuild.buildroot.org/results/
9c59ef912d09bb3c0647b98aa8e9eca7fccbe08f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asaf Kahlon [Fri, 23 Apr 2021 17:26:01 +0000 (20:26 +0300)]
package/uftrace: new package
The uftrace tool is to trace and analyze execution of a program
written in C/C++.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Fri, 23 Apr 2021 14:05:03 +0000 (16:05 +0200)]
package/cgilua: bump to version 6.0.2
The hash of the HTML license file has changed due to changes in the
HTML menu and other parts of the page that don't change the license
text itself.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Titouan Christophe [Fri, 23 Apr 2021 11:46:03 +0000 (13:46 +0200)]
package/redis: bump to v6.2.2
From the release notes:
================================================================================
Redis 6.2.2 Released Mon April 19 19:00:00 IST 2021
================================================================================
Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG REWRITE, or
suffering from performance regression.
See https://github.com/redis/redis/blob/6.2.2/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Michael Walle [Tue, 23 Mar 2021 08:46:59 +0000 (09:46 +0100)]
package/rcw-smarc-sal28: bump to version 11
From the changelog:
* Enable SATA RX lane swap
* Add workaround for A-010554 (Improve SATA hard drive detection)
* Add workaround for A-009531 (Wrong IDO bit value for PCIe completion
packets)
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 2 Apr 2021 18:14:58 +0000 (20:14 +0200)]
package/kismet: fix static build with uclibc
Fix static build with uclibc which is raised since bump to version
2020-12-R3 in commit
14522a8f9d272204763c49a21ebce5653430c612
Fixes:
- http://autobuild.buildroot.org/results/
69dcb7ac99e63fca342e4d52d9311d1ee1931911
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 3 Apr 2021 08:19:53 +0000 (10:19 +0200)]
package/nut: bump version
The last release is five years old. To support newer hardware we bump
the package to latest git master branch. For upstream discussion see
github issue 819.
Removed patches, they were all applied upstream.
Added NUT_PRE_CONFIGURE_HOOKS to fix autoreconf:
configure.ac:1994: error: required file 'scripts/augeas/nutupsconf.aug.in' not found
configure.ac:1994: error: required file 'scripts/devd/nut-usb.conf.in' not found
configure.ac:1994: error: required file 'scripts/udev/nut-usbups.rules.in' not found
because upstream autogen.sh creates additional files:
https://github.com/networkupstools/nut/blob/master/autogen.sh
Configure is not cross-compile friendly:
https://github.com/networkupstools/nut/blob/master/m4/ax_c_pragmas.m4#L574
Add ax_cv__printf_string_null=yes to fix cross build.
Removed configure option --without-hal due to upstream removal of hal
files:
https://github.com/networkupstools/nut/commit/
5860c09e85278e597f85d26b3a23be8c80c199e8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Leon Anavi [Fri, 9 Apr 2021 09:00:56 +0000 (12:00 +0300)]
package/python{,3}-regex: bump to version 2021.4.4
Upgrade to release 2021.4.4 with the following bug fixes:
- regex fails with a quantified backreference but succeeds with
repeated backref
- API is not a drop-in replacement for python's re when it comes
to typing
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sat, 10 Apr 2021 09:37:38 +0000 (06:37 -0300)]
package/azure-iot-sdk-c: bump version to LTS_01_2021_Ref01
Also remove patch (already in upstream)
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 9 Apr 2021 21:38:32 +0000 (23:38 +0200)]
package/libhttpserver: bump to version 0.18.2
Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Fri, 9 Apr 2021 21:12:58 +0000 (23:12 +0200)]
package/python-gpiozero: bump version to 1.6.2
- update license file hash:
@@ -1,3 +1,5 @@
+SPDX-License-Identifier: BSD-3-Clause
+
- add setuptools runtime dependency, fixes:
$ pinout -r a020d3 -m
Traceback (most recent call last):
File "/usr/bin/pinout", line 6, in <module>
from pkg_resources import load_entry_point
ModuleNotFoundError: No module named 'pkg_resources'
For details see [1].
[1] https://gpiozero.readthedocs.io/en/stable/changelog.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Fri, 9 Apr 2021 21:12:57 +0000 (23:12 +0200)]
package/python-colorzero: bump version to 2.0
- change to python3 only
- update license file hash:
@@ -1,4 +1,4 @@
-Copyright 2016-2018 Dave Jones <dave@waveform.org.uk>
+SPDX-License-Identifier: BSD-3-Clause
Changelog ([1]):
- Dropped Python 2.x support. Current Python support level is 3.5 and above.
- Added html and css format specifications to the :class:`Color` class'
string-formatting capabilities.
[1] https://github.com/waveform80/colorzero/blob/master/docs/changelog.rst
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 10 Apr 2021 10:05:54 +0000 (12:05 +0200)]
package/sdl_mixer: fix static build with tremor
Static build with tremor raises a build failure since bump to latest git
tree in commit
c8e27f3baa90351a417ff6e172d214c4a72e7314. However, it
should be noted that before this bump, tremor was always disabled in
static builds because vorbisidec detection was broken until
https://github.com/libsdl-org/SDL_mixer/commit/
565a9a27cc8c184ad0203f004b834880ffd45d32
Fixes:
- http://autobuild.buildroot.org/results/
9634adc433da0e25732eb98675c59d0f96ac93b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 10 Apr 2021 10:05:53 +0000 (12:05 +0200)]
package/sdl_mixer: drop unrecognized option
--without-x is not recognized since at least version 1.2.12:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --without-x
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Mon, 12 Apr 2021 16:59:08 +0000 (18:59 +0200)]
package/can-utils: bump to version 2020.12.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jared Bents [Mon, 12 Apr 2021 16:44:05 +0000 (11:44 -0500)]
package/python-flup: update dependency to python3
Since version flup-1.0.3.dev20151210, flup needs Python 3. This was
apparently missed in Buildroot commit
ff0f53c04db8cc6eb5ce2eb92b7e7d1fe17297ae, which bumped flup from
1.0.3.dev-
20110405 to 1.0.3.dev20161029.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jared Bents [Mon, 12 Apr 2021 15:20:32 +0000 (10:20 -0500)]
package/python-iwlib: new package
A package for interfacing with iwlib, providing an implementation to
the wireless tools in Linux.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 12 Apr 2021 16:17:00 +0000 (18:17 +0200)]
package/librsync: bump to version 2.3.2
This is a patch release that fixes some minor bugs, tidies the code for
many compiler warnings, and improves windows compatibility. Upgrading
from v2.3.1 is recommended for most people, and essential for people
using platforms experiencing bugs #214 or #207.
https://github.com/librsync/librsync/releases/tag/v2.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 11 Apr 2021 15:20:14 +0000 (17:20 +0200)]
package/skalibs: fix build with xtensa
Build with xtensa toolchain is broken since bump to version 2.10.0.2 in
commit
4d5587cb56224b2b28f53b0202fb14b2ab32d5fb indeed patch was dropped
assuming that it was included upstream but this assumption was wrong.
The code was just reworked in version 2.10.0.0 and commit
https://github.com/skarnet/skalibs/commit/
21e6ea800cc96ba76e94ad8de1dfa58ab1b7ceb6
Fixes:
- http://autobuild.buildroot.org/results/
ee58ffa7b2f0be46ef7bc0ba38d3142f26a9bce9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 11 Apr 2021 09:11:04 +0000 (11:11 +0200)]
package/s6-linux-init: bump to version 1.0.6.1
Build is broken since bump of skalibs to version 2.10.0.2 in commit
4d5587cb56224b2b28f53b0202fb14b2ab32d5fb because skalibs removed
webipc.h in version 2.10.0.0 and
https://github.com/skarnet/skalibs/commit/
e557bab0dcaf35f003fa755b74e4c80000e05e42
So bump to version 1.0.6.1 to retrieve the following commit
https://github.com/skarnet/s6-linux-init/commit/
ca8d2c96ea09cb33ff6fef33c0314c24fc6a026a
Update hash of COPYING (update in year:
https://github.com/skarnet/s6-linux-init/commit/
5e17662d138fc9c9f70a4422eab059c2bdc9432d
https://github.com/skarnet/s6-linux-init/commit/
1de5c2d7c63916b11668078445e5f75c054bc898)
While at it, also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/
fe879267675a80bfc5ba17341144feeee53dc197
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 11 Apr 2021 08:33:17 +0000 (10:33 +0200)]
package/libplatform: fix build with gcc 5
Build with gcc 5 is broken since latest bump in commit
977f5fd13480699d94e0ba63d9afae94b71906e6
Instead of updating workaround, use a patch that has been submitted
upstream
Fixes:
- http://autobuild.buildroot.org/results/
2b1922f99b1c213b4e28a5b1a11879f4e28c202f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 10 Apr 2021 12:26:18 +0000 (14:26 +0200)]
package/python-mbstrdecoder: bump to version 1.0.1
https://github.com/thombashi/mbstrdecoder/releases/tag/v1.0.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 10 Apr 2021 12:26:17 +0000 (14:26 +0200)]
package/python-mbstrdecoder: add python-chardet dependency
chardet is a mandatory runtime dependency since version 0.8.2 and
https://github.com/thombashi/mbstrdecoder/commit/
e9344a0916f65d143c51e0680c30db4ae7690ccf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 4 Apr 2021 16:58:23 +0000 (18:58 +0200)]
package/samba4: add required python deps for AD DC support
Needed due to upstream commit:
https://gitlab.com/samba-team/samba/-/commit/
2420b7c6d2038aca33759ca3a7d41240c5f19bf7
Fixes:
http://autobuild.buildroot.net/results/12a/
12a74665a2349eacb28c3035bb36a4dce1d740d1/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 6 Apr 2021 16:41:46 +0000 (18:41 +0200)]
package/ell: use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Tue, 20 Apr 2021 20:11:34 +0000 (15:11 -0500)]
package/libtool: add _CPE_ID_VENDOR
cpe:2.3:a:gnu:libtool:2.4.6:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:libtool
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: drop version from reference URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:46 +0000 (15:11 -0500)]
package/sysvinit: add _CPE_ID_VENDOR
cpe:2.3:a:sysvinit_project:sysvinit:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:sysvinit_project:sysvinit
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:45 +0000 (15:11 -0500)]
package/sysstat: add _CPE_ID_VENDOR
cpe:2.3:a:sysstat_project:sysstat:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:sysstat_project:sysstat
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:44 +0000 (15:11 -0500)]
package/rp-pppoe: add _CPE_ID_VENDOR
cpe:2.3:a:rp-pppoe_project:rp-pppoe:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:rp-pppoe_project:rp-pppoe
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:43 +0000 (15:11 -0500)]
package/rng-tools: add _CPE_ID_VENDOR
cpe:2.3:a:rng-tools_project:rng-tools:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:rng-tools_project:rng-tools
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:42 +0000 (15:11 -0500)]
package/python3-setuptools: add _CPE_ID_VENDOR and_CPE_ID_PRODUCT
cpe:2.3:a:python:setuptools:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:python:setuptools
Note:
63332c33aa already added those for the python(2) variant.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
- add reference to
63332c33aa
- move up, right after license
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:41 +0000 (15:11 -0500)]
package/python3-decorator: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT
cpe:2.3:a:python:decorator:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:python:decorator
Note:
4783e5fd8c already added those for the python(2) variant.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
- add reference to
4783e5fd8c
- move up, right after license
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:40 +0000 (15:11 -0500)]
package/pugixml: add _CPE_ID_VENDOR
cpe:2.3:a:pugixml_project:pugixml:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:pugixml_project:pugixml
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:39 +0000 (15:11 -0500)]
package/popt: add _CPE_ID_VENDOR
cpe:2.3:a:popt_project:popt:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:popt_project:popt
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:38 +0000 (15:11 -0500)]
package/pkgconf: add _CPE_ID_VENDOR
cpe:2.3:a:pkgconf:pkgconf:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:pkgconf:pkgconf
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:37 +0000 (15:11 -0500)]
package/parted: add _CPE_ID_VENDOR
cpe:2.3:a:parted_project:parted:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:parted_project:parted
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:36 +0000 (15:11 -0500)]
package/openresolv: add _CPE_ID_VENDOR
cpe:2.3:a:openresolv_project:openresolv:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:openresolv_project:openresolv
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:35 +0000 (15:11 -0500)]
package/make: add _CPE_ID_VENDOR
cpe:2.3:a:gnu:make:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:make
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:32 +0000 (15:11 -0500)]
package/libnl: add _CPE_ID_VENDOR
cpe:2.3:a:libnl_project:libnl:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libnl_project:libnl
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:31 +0000 (15:11 -0500)]
package/libdaemon: add _CPE_ID_VENDOR
cpe:2.3:a:libdaemon_project:libdaemon:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libdaemon_project:libdaemon
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:30 +0000 (15:11 -0500)]
package/libcap: add _CPE_ID_VENDOR
cpe:2.3:a:libcap_project:libcap:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:libcap_project:libcap
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:29 +0000 (15:11 -0500)]
package/json-for-modern-cpp: add _CPE_ID_VENDOR
cpe:2.3:a:json-for-modern-cpp_project:json-for-modern-cpp:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:json-for-modern-cpp_project:json-for-modern-cpp
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>