Matt Weber [Tue, 20 Apr 2021 20:11:28 +0000 (15:11 -0500)]
package/iputils: add _CPE_ID_VENDOR
cpe:2.3:a:iputils_project:iputils:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:iputils_project:iputils
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:27 +0000 (15:11 -0500)]
package/iproute2: add _CPE_ID_VENDOR
cpe:2.3:a:iproute2_project:iproute2:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:iproute2_project:iproute2
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:26 +0000 (15:11 -0500)]
package/gperf: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT
cpe:2.3:a:gperftools_project:gperftools:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gperftools_project:gperftools
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:25 +0000 (15:11 -0500)]
package/cmake: add _CPE_ID_VENDOR
cpe:2.3:a:cmake_project:cmake:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:cmake_project:cmake
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:24 +0000 (15:11 -0500)]
package/cgroupfs-mount: add _CPE_ID_VENDOR
cpe:2.3:a:cgroupfs-mount_project:cgroupfs-mount:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:cgroupfs-mount_project:cgroupfs-mount
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:23 +0000 (15:11 -0500)]
package/c-periphery: add _CPE_ID_VENDOR
cpe:2.3:a:c-periphery_project:c-periphery:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:c-periphery_project:c-periphery
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Matt Weber [Tue, 20 Apr 2021 20:11:22 +0000 (15:11 -0500)]
package/automake: add _CPE_ID_VENDOR
cpe:2.3:a:gnu:automake:* is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aautomake
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Maxim Kochetkov [Thu, 8 Apr 2021 05:02:46 +0000 (08:02 +0300)]
package/timescaledb: bump version to 2.1.1
Release notes: https://github.com/timescale/timescaledb/releases/tag/2.1.1
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Mon, 5 Apr 2021 15:32:48 +0000 (17:32 +0200)]
boot/at91bootstrap: add legal information
The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Grzegorz Blach [Tue, 6 Apr 2021 16:06:04 +0000 (18:06 +0200)]
package/python-falcon: bump to version 3.0.0
Depends on BR2_PACKAGE_PYTHON3
The hash of the license file has changed because a short license file
was replaced by the complete text of the Apache 2.0 license. The
license itself remains the same.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Mon, 12 Apr 2021 19:42:06 +0000 (21:42 +0200)]
package/gstreamer1/gst1-interpipe: bump version to 1.1.4
Changelog:
- fix for memory leak in set of listen-to property
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 19:53:36 +0000 (21:53 +0200)]
package/exfatprogs: bump to version 1.1.0
https://github.com/exfatprogs/exfatprogs/releases/tag/1.1.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 19:43:32 +0000 (21:43 +0200)]
package/uboot-tools: security bump to version 2021.04
- Fix CVE-2021-27097: The boot loader in Das U-Boot before 2021.04-rc2
mishandles a modified FIT.
- Fix CVE-2021-27138: The boot loader in Das U-Boot before 2021.04-rc2
mishandles use of unit addresses in a FIT.
- Update second patch
- Drop fourth patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 18:51:14 +0000 (20:51 +0200)]
package/nettle: security bump to version 3.7.2
Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2,
where several Nettle signature verification functions (GOST DSA, EDDSA &
ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply
function being called with out-of-range scalers, possibly resulting in
incorrect results. This flaw allows an attacker to force an invalid
signature, causing an assertion failure or possible validation. The
highest threat to this vulnerability is to confidentiality, integrity,
as well as system availability.
https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Tue, 20 Apr 2021 14:01:06 +0000 (11:01 -0300)]
configs/imx6-sabresd: bump U-Boot and kernel versions
Bump to U-Boot 2021.04 and kernel 5.10.25 versions.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabio Estevam [Tue, 20 Apr 2021 13:29:22 +0000 (10:29 -0300)]
boot/uboot: bump to version 2021.04
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 18 Apr 2021 20:06:01 +0000 (22:06 +0200)]
package/python-botocore: drop docutils dependency
docutils is not a dependency since version 1.18.0 and
https://github.com/boto/botocore/commit/
dd24dd1b2ee8654ae0cf6aebce4a2f50ea7d75f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 18 Apr 2021 18:38:47 +0000 (20:38 +0200)]
package/fmt: add FMT_CPE_ID_VENDOR
cpe:2.3:a:fmt:fmt is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afmt%3Afmt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Alexander Egorenkov [Mon, 12 Apr 2021 09:03:37 +0000 (11:03 +0200)]
package/multipath-tools: bump to version 0.8.6
https://github.com/opensvc/multipath-tools/releases/tag/0.8.6
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Mon, 12 Apr 2021 08:04:02 +0000 (10:04 +0200)]
package/libnpupnp: bump to version 4.1.3
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Mon, 12 Apr 2021 07:29:58 +0000 (09:29 +0200)]
package/mpd: bump to version 0.22.6
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Alexander Dahl [Sun, 18 Apr 2021 07:20:40 +0000 (09:20 +0200)]
package/dnsmasq: security bump to 2.85
CVE-2021-3448 applies. See announcement for details.
Link: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014962.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ramon Fried [Sat, 17 Apr 2021 16:45:04 +0000 (19:45 +0300)]
package/bitwise: bump version to 0.42
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 17 Apr 2021 11:00:15 +0000 (13:00 +0200)]
package/yavta: disable -Werror
Fix build failure which is raised since bump to latest version in commit
87ba7be02fdd185668f86a59539343c70e1108e0
Fixes:
- http://autobuild.buildroot.org/results/
d5b4f69f46cef4dd11410fe48d21372cb883ae4a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Michael Walle [Tue, 13 Apr 2021 20:48:40 +0000 (22:48 +0200)]
package/linux-serial-test: bump version
Give this package some love and update to the newest version. There are
no released versions, though. Therefore, use the latest commit.
Notable changes:
- RS485 support fixes and features
- internal loopback support
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sam Voss [Wed, 14 Apr 2021 21:09:27 +0000 (16:09 -0500)]
package/rsyslog: install default service file
As of v8.2008 rsyslog no longer provides a default service file, and now
suggests using the platform suggested defaults. For Buildroot, install
the Debian service file which has been added in the same version,
however is not included in the official release.
Upstream commit which adds this service file:
https://github.com/rsyslog/rsyslog/commit/
cfd07503ba055100a84d75d1a78a5c6cceb9fdab
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 13 Apr 2021 08:35:24 +0000 (10:35 +0200)]
package/spdlog: bump to version 1.8.5
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 13 Apr 2021 08:23:54 +0000 (10:23 +0200)]
package/gerbera: bump to version 1.8.0
Also recreate config.xml by building and running Gerbera using:
```
~/buildroot/output/target/usr/bin/gerbera --create-config > package/gerbera/config.xml
```
Note, that Gerbera sets the `<home>` parameter now to the runtime user's home by
default when generating the script. This is not appropriate when running Gerbera
on an embedded Linux system as we usually do not have multiple users or even
users at all. Therefore, we set the home directory to /var/lib/gerbera`.
As this directory is not created when installing Gerbera to the target,
it is created by the start script.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Wed, 14 Apr 2021 09:57:19 +0000 (11:57 +0200)]
package/luarocks: improve detection of license files
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Francois Perrad [Wed, 14 Apr 2021 09:57:18 +0000 (11:57 +0200)]
package/luarocks: bump to version 3.7.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Wed, 14 Apr 2021 05:16:07 +0000 (07:16 +0200)]
package/luv: bump to version 1.40.0-0
Also fix spacing to use 2 spaces in the hash file.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maxim Kochetkov [Wed, 14 Apr 2021 04:35:45 +0000 (07:35 +0300)]
DEVELOPERS: add Maxim Kochetkov for postgis
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 17 Apr 2021 10:42:45 +0000 (12:42 +0200)]
package/oniguruma: bump to version 6.9.7.1
Update hash of COPYING (update in year:
https://github.com/kkos/oniguruma/commit/
56255e8b3e209453938b62cb2a5045d29e3c3ff9)
https://github.com/kkos/oniguruma/blob/v6.9.7.1/HISTORY
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Thu, 15 Apr 2021 22:01:45 +0000 (00:01 +0200)]
package/libnss: bump version to 3.64
Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.64_release_notes
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 20:07:30 +0000 (22:07 +0200)]
package/domoticz: drop boost date-time dependency
boost date-time is not a dependency since version 4.9700 and
https://github.com/domoticz/domoticz/commit/
a3eacbc987b59dd4aa73ada24a0a6e9a0d27b740
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 18 Apr 2021 20:07:29 +0000 (22:07 +0200)]
package/domoticz: drop first patch
Patch not needed since commit
37f197f8634352750f169b6a287588a09b82e00e
which bumped host-cmake dependency from 3.10 to 3.15
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Michael Nosthoff [Thu, 15 Apr 2021 12:08:11 +0000 (14:08 +0200)]
package/libgpiod: bump to version 1.6.3
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Thu, 15 Apr 2021 11:44:49 +0000 (13:44 +0200)]
package/meson: bump version to 0.57.2
Release notes: https://groups.google.com/g/mesonbuild/c/3YR_iOkh7co
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Michael Nosthoff [Thu, 15 Apr 2021 11:41:37 +0000 (13:41 +0200)]
package/grpc: bump to version 1.37.0
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 16 Apr 2021 05:57:42 +0000 (07:57 +0200)]
package/libcurl: bump version to 7.76.1
Bugfix release. For details, see the changelog:
https://curl.se/changes.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 18 Apr 2021 11:42:53 +0000 (13:42 +0200)]
package/m4: fix build with glibc 2.34
m4 fails to build with glibc 2.34 because SIGSTKSZ is now a run-time
variable since
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=
6c57d320484988e87e446e2e60ce42816bf51d53
So backport an upstream patch from gnulib, see:
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00015.html
An other option would have been to apply patch from
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00024.html
but no feedback was received on this patch
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13721
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Mon, 12 Apr 2021 19:41:25 +0000 (21:41 +0200)]
support/scripts/cve.py: use proper CPE ID version when available
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sergio Prado [Sun, 25 Oct 2020 16:34:57 +0000 (13:34 -0300)]
package/tio: disable for sparc and sparc64 architectures
tio fails to build on sparc and sparc64 architectures with a
redefinition of 'struct termio' error, with no proper fix or workaround
for now. See discussions in [1] and [2] and picocom source code in [3].
[1] http://patchwork.ozlabs.org/project/buildroot/patch/
20191227204520.
1500501-1-fontaine.fabrice@gmail.com/
[2] http://patchwork.ozlabs.org/project/buildroot/patch/
20200511142602.46170-1-vadim4j@gmail.com/
[3] https://github.com/npat-efault/picocom/blob/master/termbits2.h#L37
So let's disable it for now on sparc and sparc64 architectures.
Fixes:
http://autobuild.buildroot.org/results/
e041dde522e2a774f528d4377f67ca0a8a99461c
http://autobuild.buildroot.org/results/
6e1f9fe47e8b2cfdf5effcb7bbc697189f54ff2c
http://autobuild.buildroot.org/results/
49708fe6f404fea6761f102af854e98d6a1d43c1
Many more...
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Fri, 9 Apr 2021 11:01:12 +0000 (13:01 +0200)]
support/scripts/cve.py: use fast ijson backend if available on old ijson versions
ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:
time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html
Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total
To
93,53s user 2,00s system 98% cpu 1:36,65 total
E.G. almost 2x as fast.
As a workaround, detect when the python backend is used and try to use a
more efficient one instead. Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.
The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Michael Nosthoff [Fri, 16 Apr 2021 07:29:54 +0000 (09:29 +0200)]
package/systemd: fix homed dependency warning
Fixes:
showing "enable home daemon"
and "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12"
when BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12
introduced by
fa62b5165ca41e4800e00a84af9026bfa5fb9155
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
James Hilliard [Fri, 16 Apr 2021 07:27:39 +0000 (01:27 -0600)]
package/libdrm: fix man page disabling option
Commit
841c695468fa (libdrm: change to meson build system) converted the
autotools --disable-manpages to the neson -Dmanpages=false. However, the
actual option is 'man-pages':
WARNING: Unknown options: "manpages"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: tweak commit log as per Peter's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 16 Apr 2021 20:34:13 +0000 (22:34 +0200)]
package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR
cpe:2.3:a:libcgroup_project:libcgroup is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcgroup_project%3Alibcgroup
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 16 Apr 2021 20:34:12 +0000 (22:34 +0200)]
package/libcgroup: bump to version 0.42.2
Drop patch (already in version)
https://github.com/libcgroup/libcgroup/releases/tag/v0.42.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:52:46 +0000 (08:52 +0200)]
package/x11r7/xserver_xorg-server: remove unused configure option --disable-xsdl
Upstream removed this configure option:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
52bc6d944946e66ea2cc685feaeea40bb496ea83
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:52:45 +0000 (08:52 +0200)]
package/x11r7/xserver_xorg-server: remove optional support for tslib
Upstream removed support for tslib:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
5c7ed785e3bdb9f0fbf8fbfdc93b5fdd2b2c7dbf
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:52:44 +0000 (08:52 +0200)]
package/x11r7/xserver_xorg-server: remove evdev input drivers for kdrive
Upstream removed the evdev driver for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
27819950e4158326e0f83a30f2e8968b932625ef
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:52:43 +0000 (08:52 +0200)]
package/x11r7/xserver_xorg-server: remove xfbdev
Upstream removed the kdrive framebuffer device server:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
feed7e3f982a7ac14f6fe85ed2e1ec4a83700841
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:52:42 +0000 (08:52 +0200)]
package/x11r7/xserver_xorg-server: remove non-evdev input drivers for kdrive
Upstream removed support for non-evdev input drivers for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
e7b8b7b131d8283c96ed0aff4593ab41441b5d3b
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Thu, 15 Apr 2021 06:22:58 +0000 (08:22 +0200)]
package/x11r7/xserver_xorg-server: security bump version to 1.20.11
Fixes CVE-2021-3472:
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003081.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Einar Jon Gunnarsson [Thu, 15 Apr 2021 11:19:56 +0000 (13:19 +0200)]
package/modem-manager: add support for introspection
Enable introspection when GObject Introspection is enabled.
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Acked-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr: drop config option, rely on GOI package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Einar Jon Gunnarsson [Thu, 15 Apr 2021 11:20:56 +0000 (13:20 +0200)]
package/yavta: bump to latest version
Add hash file
Convert to meson build
Use https instead of http and git
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
[yann.morin.1998@free.fr: also switch repo to https]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Arnout Vandecappelle (Essensium/Mind) [Thu, 15 Apr 2021 20:27:47 +0000 (22:27 +0200)]
package/Config.in: change postgresql condition
The condition around postgis was added to make a sort of submenu of the
postgresql extensions under postgresql itself. However, such a condition
should be on BR2_PACKAGE_POSTGRESQL, not on its suboption
BR2_PACKAGE_POSTGRESQL_FULL.
Change the condition in package/Config.in to BR2_PACKAGE_POSTGRESQL, and
move the BR2_PACKAGE_POSTGRESQL_FULL condition to
package/postgis/Config.in.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Maxim Kochetkov [Thu, 15 Apr 2021 15:03:54 +0000 (18:03 +0300)]
package/protozero: new package
Minimalistic protocol buffer decoder and encoder in C++.
Designed for high performance. Suitable for writing zero copy
parsers and encoders with minimal need for run-time allocation
of memory.
Low-level: this is designed to be a building block for writing
a very customized decoder for a stable protobuf schema. If your
protobuf schema is changing frequently or lazy decoding is not
critical for your application then this approach offers
no value: just use the C++ API that can be generated with
the Google Protobufs protoc program.
https://github.com/mapbox/protozero
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Wed, 14 Apr 2021 21:44:39 +0000 (23:44 +0200)]
package/genext2fs: bump to version 1.5.0
- Retrieve latest version from github
- Drop patch (already in version)
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13741
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Wed, 14 Apr 2021 21:26:08 +0000 (23:26 +0200)]
package/quickjs: disable on nios2
quickjs unconditionally uses FE_{DOWN,UP}WARD and so fails to build on
nios2 since its addition in commit
5d50793659acb95050c110d5fc05399df20ce30b
Fixes:
- http://autobuild.buildroot.org/results/
69e280a7f478d1b16be989c7bd559f766053134b
- http://autobuild.buildroot.org/results/
f2c3ef7e3bbe30ac24710288336adabebd8b83a6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Wed, 14 Apr 2021 21:00:47 +0000 (23:00 +0200)]
package/postgis: add POSTGIS_CPE_ID_VENDOR
cpe:2.3:a:postgis:postgis is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apostgis%3Apostgis
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Wed, 14 Apr 2021 20:10:42 +0000 (22:10 +0200)]
package/postgis: add optional pcre dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Wed, 14 Apr 2021 20:10:41 +0000 (22:10 +0200)]
package/postgis: add optional json-c dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Wed, 14 Apr 2021 20:10:40 +0000 (22:10 +0200)]
package/postgis: disable protobuf support
- needs protobuf-c (not protobuf)
- protobuf-c configure tests are not cross-compile capable, even with
ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
POSTGIS_DEPENDENCIES += protobuf-c
POSTGIS_CONF_OPTS += --with-protobuf
POSTGIS_CONF_ENV += \
ac_cv_lib_protobuf_c_protobuf_c_message_init=yes \
ac_cv_lib_protobuf_c_protobuf_c_version=yes
else
POSTGIS_CONF_OPTS += --without-protobuf
endif
configure aborts with:
checking for PROTOBUFC... yes
checking protobuf-c/protobuf-c.h usability... yes
checking protobuf-c/protobuf-c.h presence... yes
checking for protobuf-c/protobuf-c.h... yes
checking for protobuf_c_message_init in -lprotobuf-c... (cached) yes
checking for protobuf_c_version in -lprotobuf-c... (cached) yes
checking protobuf-c version... configure: error: in `.../build/postgis-3.1.1':
configure: error: cannot run test program while cross compiling
Fixes:
- http://autobuild.buildroot.net/results/
8b95086b5e0876d0a4e41330446e767e4abd3729
checking for PROTOBUFC... no
libprotobuf-c not found in pkg-config
checking protobuf-c/protobuf-c.h usability... no
checking protobuf-c/protobuf-c.h presence... no
checking for protobuf-c/protobuf-c.h... no
configure: error: unable to find protobuf-c/protobuf-c.h using CPPFLAGS. You can disable MVT and Geobuf support using --without-protobuf
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
José Luis Salvador Rufo [Wed, 17 Mar 2021 09:52:30 +0000 (10:52 +0100)]
package/zfs: new package
OpenZFS is an advanced file system and volume manager which was originally
developed for Solaris and is now maintained by the OpenZFS community. This
repository contains the code for running OpenZFS on Linux and FreeBSD.
http://zfsonlinux.org/
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
[me:
- fix test case on how to use a pre-built toolchain
- reorder the test case config
- add test case with glibc
- drop superflous test timeout override
- only select libtirpc when C library lacks native RPC
- drop unused ZFS_MODULES variable
- drop ZFS_CPE_ID_PREFIX and ZFS_AUTORECONF_OPTS which are defaults
- drop NLS options, already set in a generic manner
- drop incomplete/improper sysvinit support
- some cosmetics
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 8 Apr 2021 16:54:45 +0000 (18:54 +0200)]
package/freerdp: fix build with gcc 4.8
Build is broken with gcc 4.8 since bump to version 2.3.1 in commit
01e78811db25c34d506138994efd981e4ab60caf due to
https://github.com/FreeRDP/FreeRDP/commit/
5b2f35747bb37b09b1803b99ca2b1cb248b5bb16
Fixes:
- http://autobuild.buildroot.org/results/
e8e7d43d6183bb6de7bd2c2b300dbdb89f2052d8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 11 Apr 2021 19:46:02 +0000 (21:46 +0200)]
package/systemd: fix /etc/resolv.conf link on per-package build
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13271
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Maxim Kochetkov [Thu, 8 Apr 2021 06:28:30 +0000 (09:28 +0300)]
package/postgis: new package
PostGIS is a spatial database extender for PostgreSQL object-relational
database. It adds support for geographic objects allowing location
queries to be run in SQL.
On microblazeel with the bootlin toolchain, the build fails with an ICE:
during RTL pass: reload
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
128 | }
| ^
Since it's unlikely that postgis will ever be used on a microblaze,
simply disable it.
https://postgis.net/
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- Move postgresql dependency to package/Config.in, to satisfy
alphabetical ordering in the menu while keeping it below postgresql.
- Add dependency on !microblaze.
- Add comment for dependencies.
- Add positive version of --with-raster and --with-protobuf to
_CONF_OPTS.
- Expand BSD to BSD-2-Clause.
]
Fabrice Fontaine [Tue, 6 Apr 2021 20:38:08 +0000 (22:38 +0200)]
package/python-hiredis: fix build with gcc 4.8
Build fails with gcc 4.8 since bump to version 2.0.0 in commit
69405d89596988b5b7d25886b7f9c07efad70741
Fixes:
- http://autobuild.buildroot.org/results/
04cbcddf6d83ebad8c98400754f9445375e9e489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Fri, 9 Apr 2021 21:09:21 +0000 (23:09 +0200)]
package/docker-engine: add CPE variables
cpe:2.3:a:docker:docker is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 9 Apr 2021 21:09:20 +0000 (23:09 +0200)]
package/docker-cli: add CPE variables
cpe:2.3:a:docker:docker is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sun, 11 Apr 2021 09:47:38 +0000 (11:47 +0200)]
package/mpc: bump to version 1.2.1
Since version 1.2.0, mpc requires mpfr 4.1.0.
See https://gitlab.inria.fr/mpc/mpc/-/commit/
bc3541daa63fb6f53a5ca422766ef420e3663f6a
Update indentation in hash file (two spaces).
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sun, 11 Apr 2021 09:47:37 +0000 (11:47 +0200)]
package/mpfr: bump to version 4.1.0
See: https://www.mpfr.org/mpfr-4.1.0/
Update indentation in hash file (two spaces).
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Romain Naour [Sun, 11 Apr 2021 09:47:36 +0000 (11:47 +0200)]
package/gcc: bump to version 10.3
Remove upstream patch
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=
5aeabae7f0cdd8dd3a01103b68b2e7a66a71c685
Rebase the patch: Revert "re PR target/92095 (internal error with -O1 -mcpu=niagara2 -fPIE)"
Add the link to the bug report.
Tested with toolchain-builder:
https://gitlab.com/kubu93/toolchains-builder/-/pipelines/
284176939
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 11 Apr 2021 18:21:07 +0000 (20:21 +0200)]
package/kodi-inputstream-adaptive: bump version to 2.6.13
Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 10 Apr 2021 12:40:49 +0000 (14:40 +0200)]
package/python-packaging: bump to version 20.9
python-six is not a dependency since version 20.5 and
https://github.com/pypa/packaging/commit/
39a70cce69d9b08cc4d02b225114d556d5b59ada
https://github.com/pypa/packaging/blob/20.9/CHANGELOG.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 10 Apr 2021 12:14:51 +0000 (14:14 +0200)]
package/igmpproxy: bump to version 0.3
- Update indention in hash file (two spaces)
- Use official tarball
https://github.com/pali/igmpproxy/releases/tag/0.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 10 Apr 2021 12:03:55 +0000 (14:03 +0200)]
package/cppzmq: bump to version 4.7.1
https://github.com/zeromq/cppzmq/releases/tag/v4.7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 10 Apr 2021 11:53:57 +0000 (13:53 +0200)]
package/python-aioconsole: bump to version 0.3.1
https://github.com/vxgmichel/aioconsole/releases/tag/v0.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Sat, 10 Apr 2021 18:44:44 +0000 (15:44 -0300)]
package/snort: bump version to 2.9.17.1
This is a bug fix release:
https://www.snort.org/downloads/snort/release_notes_2.9.17.1.txt
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergio Prado [Sat, 10 Apr 2021 18:22:19 +0000 (15:22 -0300)]
package/libgdiplus: bump version to 6.0.5
Remove patches applied upstream.
Add patch to not build unit tests by default (patch sent upstream):
https://github.com/mono/libgdiplus/pull/701
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 10 Apr 2021 19:03:41 +0000 (21:03 +0200)]
package/kodi-inputstream-ffmpegdirect: bump version to 1.21.0-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 11 Apr 2021 08:15:28 +0000 (10:15 +0200)]
package/bridge-utils: fix build on musl
Build on musl is broken since bump to version 1.7.1 in commit
5f2d38df4f85f7999cf6d00da089991cba93fee6
Fixes:
- http://autobuild.buildroot.org/results/
0f080ff6913595ee2732b93206e5001c837c1bcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 11 Apr 2021 15:36:22 +0000 (17:36 +0200)]
package/readline: add Signed-off-by and renumber patch
Add Signed-off-by and while at it, renumber it
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13731
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 11 Apr 2021 16:20:52 +0000 (18:20 +0200)]
package/kodi-pvr-vuplus: bump version to 7.4.3-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 10 Apr 2021 08:12:52 +0000 (10:12 +0200)]
package/i2c-tools: add upstream post-4.2 i2ctransfer fix
i2c-tools 4.2 contained an invalid check, leading to verbose false-positive
warning messages when the variable length ({r,w}?) option is used:
https://www.spinics.net/lists/linux-i2c/msg50032.html
https://www.spinics.net/lists/linux-i2c/msg50253.html
Unfortunately upstream does not make bugfix releases, instead opting to list
such bugfixes on the wiki:
https://i2c.wiki.kernel.org/index.php/I2C_Tools
So add the patch here.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 9 Apr 2021 20:41:06 +0000 (22:41 +0200)]
package/clamav: security bump to version 0.103.2
Fixes the following security issues:
- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
0.103.1 and prior on Windows only.
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
and 0.103.1 only.
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
Affects 0.103.0 and 0.103.1 only.
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
0.103.1 and prior.
- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
parsing of malformed png files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:22:21 +0000 (00:22 +0200)]
package/isl: bump to version 0.23
Update indentation in hash file (two spaces)
https://repo.or.cz/isl.git/blob/
8cec80451ea4f2f225629527b99ee2dc54ac2cad:/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:24:45 +0000 (00:24 +0200)]
package/python-httplib2: add CPE variables
cpe:2.3:a:httplib2_project:httplib2 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahttplib2_project%3Ahttplib2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:24:44 +0000 (00:24 +0200)]
package/python-httplib2: security bump to version 0.19.1
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
for Python. In httplib2 before version 0.19.0, a malicious server
which responds with long series of "\xa0" characters in the
"www-authenticate" header may cause Denial of Service (CPU burn while
parsing header) of the httplib2 client accessing said server. This is
fixed in version 0.19.0 which contains a new implementation of auth
headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
controlling unescaped part of uri for `httplib2.Http.request()` could
change request headers and body, send additional hidden requests to
same server. This vulnerability impacts software that uses httplib2
with uri constructed by string concatenation, as opposed to proper
urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
https://github.com/httplib2/httplib2/commit/
bd9ee252c8f099608019709e22c0d705e98d26bc
https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:43:56 +0000 (00:43 +0200)]
package/python-zeroconf: bump to version 0.29.0
Update indentation in hash file (two spaces)
https://github.com/jstasiak/python-zeroconf/tree/0.29.0#changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:36:40 +0000 (00:36 +0200)]
package/python-pyelftools: bump to version 0.27
Update indentation in hash file (two spaces)
https://github.com/eliben/pyelftools/blob/v0.27/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 22:29:22 +0000 (00:29 +0200)]
package/sysdig: add SYSDIG_CPE_ID_VENDOR
cpe:2.3:a:sysdig:sysdig is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysdig%3Asysdig
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 16:43:19 +0000 (18:43 +0200)]
package/network-manager: bump to version 1.22.16
Notice: This fixes a security issue, but in code not used in Buildroot:
ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).
Update indentation in hash file (two spaces)
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 2 Apr 2021 06:09:39 +0000 (08:09 +0200)]
package/x11r7/xdriver_xf86-video-ati: add missing dependency
Fix the following build failure which is raised since commit
a3aac6d84713db7e6d2683eabf965eae21ce48bf:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON
Depends on [n]: BR2_PACKAGE_MESA3D [=y] && (BR2_i386 [=n] || BR2_x86_64 [=n])
Selected by [y]:
- BR2_PACKAGE_XDRIVER_XF86_VIDEO_ATI [=y] && BR2_PACKAGE_XORG7 [=y] && BR2_PACKAGE_XSERVER_XORG_SERVER_MODULAR [=y] && BR2_PACKAGE_MESA3D [=y]
Fixes:
- http://autobuild.buildroot.org/results/
36773085f933ab2ee558f53a6c0ae5365077ad5e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Julien Olivain [Wed, 7 Apr 2021 12:21:18 +0000 (14:21 +0200)]
package/fluidsynth: bump to version 2.2.0
For change log since v2.1.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.6
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.7
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.8
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.0
./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 7 Apr 2021 14:48:30 +0000 (16:48 +0200)]
package/libdrm: bump version to 2.4.105
Removed patch 0001, committed upstream:
https://cgit.freedesktop.org/mesa/drm/commit/?id=
52f05d3d896480ee5431dcd444f53bb2a8e41cce
Renumbered remaining patch.
Updated license hash due to upstream commits:
https://cgit.freedesktop.org/mesa/drm/log/xf86drm.c
Release notes:
https://lists.freedesktop.org/archives/dri-devel/2021-April/302515.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
John Keeping [Thu, 8 Apr 2021 15:01:57 +0000 (16:01 +0100)]
package/kexec: bump to version 2.0.21
https://lists.infradead.org/pipermail/kexec/2020-December/021835.html
Both patches were backports and are included in the 2.0.21 release so
they are deleted.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 9 Apr 2021 20:20:22 +0000 (22:20 +0200)]
package/ffmpeg: bump version to 4.4
Remove wavpack-related patch and configure options due to upstream
removal of wavpack support:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=
45070eec4c089b06947f07e25cdb1bc8b2102553
Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;;hb=refs/heads/release/4.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 9 Apr 2021 18:21:47 +0000 (20:21 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt
Upstream added a dependency to xz:
https://github.com/kodi-pvr/pvr.iptvsimple/commit/
8f19dac9a5f394d44a16fcfa4235ea8c11e9cc96
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>