Fabrice Fontaine [Sun, 31 Jan 2021 13:31:59 +0000 (14:31 +0100)]
package/intel-mediadriver: drop unrecognized options
BUILD_ALONG_WITH_CMRTLIB has been dropped since version 18.2.0 and
https://github.com/intel/media-driver/commit/
c3e13c175d12790ab70c4de3521e47f62be780de
RUN_TEST_SUITE is also unrecognized (only MEDIA_RUN_TEST_SUITE is
recognized)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 13:31:58 +0000 (14:31 +0100)]
package/intel-mediadriver: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
d5ab36026a66a4f371fb6ef6c9ecf43e9617d119
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Sat, 30 Jan 2021 10:19:15 +0000 (11:19 +0100)]
board/minnowboard: grub.cfg: disable eudev network interface renaming
So the normal DHCP-on-eth0 logic works for the graphical defconfig where
eudev is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Sat, 30 Jan 2021 10:19:14 +0000 (11:19 +0100)]
configs/minnowboard_max-graphical_defconfig: bump kernel to 5.10.11
To match minnowboard_max_defconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Sat, 30 Jan 2021 10:19:13 +0000 (11:19 +0100)]
configs/minnowboard_max_defconfig: bump kernel to 5.10.11
Explicitly enable PCI support in the kernel after commit
eb01d42a77785 (PCI:
consolidate PCI config entry in drivers/pci) and change to GPT partitions /
root=PARTLABEL to find the rootfs instead of hardcoding /dev/mmcblk2p2 as
the mmc probing order has changed since commit
21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4).
This has the additional advantage that the same image will work when written
to a USB drive instead of a microsd.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 19:47:22 +0000 (20:47 +0100)]
package/libgeos: depends on wchar
libgeos unconditionally uses wstring which raises the following build
failure:
In file included from /srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.cpp:40:
/srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.h:72:34: error: 'wstring' does not name a type; did you mean 'stdin'?
string convertToMultiByte(const wstring& wideStr) const;
^~~~~~~
stdin
Fixes:
- http://autobuild.buildroot.org/results/
e97d03848d9bbf1845b994f391679a1dbf49f61e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Giulio Benetti [Sun, 31 Jan 2021 17:58:12 +0000 (18:58 +0100)]
package/sunxi-mali-mainline-driver: bump version
Bump version and drop local patches already merged upstream. Add Linux
option needed by Linux version >= 4.20 package documentation and to .mk
file that automatically adds it to Linux config when building.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:51:54 +0000 (14:51 +0100)]
package/vsftpd: set VSFTPD_CPE_ID_VALID
cpe:2.3:a:vsftpd_project:vsftpd is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avsftpd_project%3Avsftpd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:50:38 +0000 (14:50 +0100)]
package/vdr: add VDR_CPE_ID_VENDOR
cpe:2.3:a:tvdr:vdr is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atvdr%3Avdr
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:49:37 +0000 (14:49 +0100)]
package/squid: add SQUID_CPE_ID_VENDOR
cpe:2.3:a:squid-cache:squid is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asquid-cache%3Asquid
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 12:54:57 +0000 (13:54 +0100)]
package/leptonica: fix legal info
Commit
5159f656608cb1a136c0fed8372ffe8ec3a75b33 forgot to update hash of
leptonica-license.txt which changed due to an update in year:
https://github.com/DanBloomberg/leptonica/commit/
8193d341dd56aff5fcbbaab8832e7b38f2fede0a
Fixes:
- http://autobuild.buildroot.org/results/
1644512ca52eed1b69d65d3ca145ec0d253888a8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 12:54:56 +0000 (13:54 +0100)]
package/leptonica: add LEPTONICA_CPE_ID_VENDOR
cpe:2.3:a:leptonica:leptonica is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aleptonica%3Aleptonica
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 19:41:25 +0000 (20:41 +0100)]
package/leptonica: add libwebp{demux, mux} optional dependency
leptonica optionally depends on webp/demux.h and webp/mux.h since
version 1.79.0:
https://github.com/DanBloomberg/leptonica/commit/
a7c5bcdf04062aad3655642bdb853561a1c49733
https://github.com/DanBloomberg/leptonica/commit/
0ce4b9cc0845b198583d51f0a0df277de8f8c5fa
Fixes:
- http://autobuild.buildroot.org/results/
1f8531e1651e82a1e93707ccb205d0e7a3cae1a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 31 Jan 2021 12:56:01 +0000 (13:56 +0100)]
package/faad2: add CPE variables
cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2 is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaudiocoding%3Afreeware_advanced_audio_decoder_2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sun, 31 Jan 2021 15:42:12 +0000 (16:42 +0100)]
package/ser2net: bump version to 4.3.2
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sun, 31 Jan 2021 15:42:10 +0000 (16:42 +0100)]
package/gensio: bump version to 2.2.3
Drop upstream patch that is in new version.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sat, 30 Jan 2021 21:40:32 +0000 (22:40 +0100)]
package/netopeer2: bump version to 1.1.53
Remove patch applied upstream.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sat, 30 Jan 2021 21:40:31 +0000 (22:40 +0100)]
package/sysrepo: bump version to 1.4.104
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sat, 30 Jan 2021 21:40:29 +0000 (22:40 +0100)]
package/libnetconf2: bump version to 1.1.36
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Sat, 30 Jan 2021 21:40:27 +0000 (22:40 +0100)]
package/libyang: bump to version 1.0.215
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 28 Jan 2021 07:04:35 +0000 (08:04 +0100)]
package/gdk-pixbuf: link with lintl if needed
Fixes:
- http://autobuild.buildroot.org/results/
4dc94dadbc17e06a214478644f29877fe205f93d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 7 Jan 2021 13:39:42 +0000 (14:39 +0100)]
support/scripts/pkg-stats: fix flake8 warnings
Fixes:
support/scripts/pkg-stats:148:17: E741 ambiguous variable name 'l'
support/scripts/pkg-stats:379:9: E741 ambiguous variable name 'l'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 7 Jan 2021 13:39:41 +0000 (14:39 +0100)]
support/scripts/pkg-stats: drop unused --cpeid option
The --cpeid option was mistakenly introduced by commit
92e7089a8ca9f7dba5a5d690b7f768352cd6b983 ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 7 Jan 2021 13:39:40 +0000 (14:39 +0100)]
support/scripts/pkg-stats: drop unused cpeid_name() function
The cpeid_name() function is not used anywhere, drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 7 Jan 2021 13:39:39 +0000 (14:39 +0100)]
support/scripts/pkg-stats: fix the status reporting of CVEs
Since commit
bd665d182c8131d2deafa39be0f3d89adb43643f
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.
This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 7 Jan 2021 13:39:38 +0000 (14:39 +0100)]
support/scripts/pkg-stats: improvements in is_status_*() methods
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.
Introduced similar methods for the error and na status, which will be
used in following commits.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:57 +0000 (10:50 +0100)]
package/xapian: bump to version 1.4.18
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:56 +0000 (10:50 +0100)]
package/opusfile: bump to version 0.12
also set the indentation to 2 spaces in hash file
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:55 +0000 (10:50 +0100)]
package/leptonica: bump to version 1.80.0
Also added 2 spaces indentation in hash file
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:54 +0000 (10:50 +0100)]
package/faad2: bump to version 2.10.0
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:53 +0000 (10:50 +0100)]
DEVELOPERS: add Gilles Talis for opusfile
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 31 Jan 2021 09:50:52 +0000 (10:50 +0100)]
DEVELOPERS: Add Gilles Talis for faad2
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 30 Jan 2021 16:59:57 +0000 (17:59 +0100)]
package/{mesa3d, mesa3d-headers}: bump version to 20.3.4
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-January/000618.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 22:15:07 +0000 (23:15 +0100)]
package/libgpgme: bump to version 1.15.1
Update indentation in hash file (two spaces)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;h=
f6c2b0d3c53b3a62ca71a2a85b2d9764cda359c0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 22:15:06 +0000 (23:15 +0100)]
package/libgpgme: add CPE variables
cpe:2.3:a:gnupg:gpgme is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agpgme
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:42:44 +0000 (14:42 +0100)]
package/mutt: add gpgme optional dependency
gpgme is supported since 2005 and
https://gitlab.com/muttmua/mutt/-/commit/
4bb5db92a89158cc45c3480f2be62d0b435c9a4e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:48:35 +0000 (14:48 +0100)]
package/vde2: add CPE variables
cpe:2.3:a:vde_project:vde is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avde_project%3Avde
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 16:35:28 +0000 (17:35 +0100)]
package/haproxy: bump to version 2.2.8
https://www.mail-archive.com/haproxy@formilux.org/msg39408.html
https://www.mail-archive.com/haproxy@formilux.org/msg39470.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 15:48:14 +0000 (16:48 +0100)]
package/logrotate: use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:31:15 +0000 (14:31 +0100)]
package/bitcoin: add CPE variables
cpe:2.3:a:bitcoin:bitcoin_core is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abitcoin%3Abitcoin_core
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 13:31:14 +0000 (14:31 +0100)]
package/bitcoin: security bump to version 0.21.0
Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/
20200202085526.35742-1-james.hilliard1@gmail.com
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.0.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 27 Jan 2021 21:44:56 +0000 (22:44 +0100)]
package/socat: security bump to version 1.7.4.1
Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based
buffer overflow, assuming the attacker could provide this parameter.
- Update indentation in hash file (two spaces)
- Update hash of README file due to minor updates:
https://repo.or.cz/socat.git/commit/
b145170837d75bd7a1a5803283910ab075d47bea
https://repo.or.cz/socat.git/commit/
0a115feadc3102f17e0a8a1a985319af0295f704
http://www.dest-unreach.org/socat/doc/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Geoffrey Le Gourriérec [Wed, 27 Jan 2021 11:56:48 +0000 (12:56 +0100)]
package/uclibc: Patch with updated kernel time definitions
Building uclibc 1.0.37 for SuperH architecture with linux-headers 5.10.7
fails at libpthread level due to missing time-related data structures,
usually defined by the kernel. Make uclibc correctly define those types.
A previous patch in buildroot [1] fixed the symptom by tampering with
linux-headers inclusions, but analysis [2] done in collaboration with
Linux folks concluded that the issue lied in (voluntary) include guard
"preemption" in uclibc kernel_types.h.
However, kernel_types.h was not up to date with relevant 64-bit time
data structures, so defining those here was needed.
The present uclibc patch was mailed to uclibc-ng mailing list and got
a positive response; I am not able to give a link to the discussion,
as it has not appeared yet [3] (perhaps I'm not looking at the right
place ?)
So until the patch is merged upstream and we bump uclibc version, keep
our patch here.
[1] https://git.buildroot.net/buildroot/commit/?id=
742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/
20210123165652.10884-1-geoffrey.legourrierec@gmail.com/
[3] https://mailman.uclibc-ng.org/pipermail/devel/2021-January/thread.html
Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Geoffrey Le Gourriérec [Wed, 27 Jan 2021 11:56:47 +0000 (12:56 +0100)]
board/qemu/sh4*: Remove linux-headers patch
Previous patch about time data structures [1] provided a dirty fix
that did not solve the real issue.
After discussing with Linux folks on the SuperH mailing list [2],
the patch was deemed unnecessary, as the problem lied in uclibc.
[1] https://git.buildroot.net/buildroot/commit/?id=
742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/
20210123165652.10884-1-geoffrey.legourrierec@gmail.com/
Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 26 Jan 2021 19:16:08 +0000 (20:16 +0100)]
package/ply: needs headers >= 4.14
ply uses BPF_JLT is available only since kernel 4.14 with:
https://github.com/torvalds/linux/commit/
92b31a9af73b3a3fc801899335d6c47966351830
Fixes:
- http://autobuild.buildroot.org/results/
632187ceb7ca5e2dc5a3e5185860ddb874b4274c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 19:56:03 +0000 (20:56 +0100)]
package/wayland: add WAYLAND_CPE_ID_VENDOR
cpe:2.3:a:wayland:wayland is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Awayland
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 17:21:22 +0000 (18:21 +0100)]
package/sox: add CPE variables
cpe:2.3:a:sound_exchange_project:sound_exchange is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asound_exchange_project%3Asound_exchange
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 30 Jan 2021 10:23:48 +0000 (11:23 +0100)]
package/libgeos: disable benchmarks
Fixes:
- http://autobuild.buildroot.org/results/
790450f7541d690cdef3917d7056759cb9b403c5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 29 Jan 2021 21:36:08 +0000 (22:36 +0100)]
package/dhcpcd: fix build with nds32
Fix build failure with dhcpcd due to SECCOMP_AUDIT_ARCH which is used
since version 9.3.0 and
https://github.com/rsmarples/dhcpcd/commit/
a926ee6d8f4eb2f04e01d72664893e3cb95fceca
Fixes:
- http://autobuild.buildroot.org/results/
af8ba07ea0c12ab8cd24d528ef98db05521f3d36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 29 Jan 2021 21:48:48 +0000 (22:48 +0100)]
package/spice: set SPICE_CPE_ID_VALID
cpe:2.3:a:spice_project:spice is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aspice_project%3Aspice
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 29 Jan 2021 17:44:54 +0000 (18:44 +0100)]
package/pinentry: bump to version 1.1.1
- add efl optional dependency which is available since
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=
948105b7a34ec9a9e5479d376b7c86bafee50a01
- Update indentation in hash file (two spaces)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=
c8b5195ace7bb3ffb1420ae479ac39d65b0fa17c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jianhui Zhao [Fri, 29 Jan 2021 16:23:46 +0000 (00:23 +0800)]
package/rtty: bump version to 7.3.0
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 29 Jan 2021 12:18:31 +0000 (13:18 +0100)]
package/libgcrypt: security bump version to 1.9.1
Removed patch which was applied upstream.
Release notes:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 29 Jan 2021 10:12:39 +0000 (11:12 +0100)]
{linux, linux-headers}: bump 4.19.x / 5.{4, 10}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Nosthoff [Fri, 29 Jan 2021 08:37:01 +0000 (09:37 +0100)]
package/spdlog: bump to version 1.8.2
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gwenhael Goavec-Merou [Fri, 29 Jan 2021 08:00:41 +0000 (09:00 +0100)]
package/python-remi: bump to version 2020.11.20
Add runtime dependencies to pythonX-ssl and python-setuptools.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 29 Jan 2021 07:11:00 +0000 (08:11 +0100)]
package/pinentry: drop unrecognized option
Drop --with-x option which is not recognized:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --disable-static, --enable-shared, --with-x
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tian Yuanhao [Fri, 29 Jan 2021 05:43:50 +0000 (13:43 +0800)]
package/ttyd: bump to version 1.6.3
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 26 Jan 2021 19:40:24 +0000 (20:40 +0100)]
package/dhcpcd: bump to version 9.4.0
Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 26 Jan 2021 20:04:51 +0000 (21:04 +0100)]
package/x11r7/xlib_libXt: bump version to 1.2.1
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 26 Jan 2021 20:04:50 +0000 (21:04 +0100)]
package/xutil_util-macros: bump version to 1.19.3
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 26 Jan 2021 19:42:40 +0000 (20:42 +0100)]
package/sqlite: bump version to 3.34.1
Updated SQLITE_SITE.
Release notes: https://www.sqlite.org/releaselog/3_34_1.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 19:46:19 +0000 (20:46 +0100)]
package/open62541: force Release build
Force Release build to remove -Werror and avoid the following build
failure:
/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/
24b429ce0ae2b33e72bb6a0f523c3906e539a4fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 28 Jan 2021 21:35:08 +0000 (22:35 +0100)]
package/glibc: security bump for additional post-2.32.x fixes
Fixes the following security issue:
- CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
combining characters
For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
https://www.openwall.com/lists/oss-security/2021/01/27/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 19:53:24 +0000 (20:53 +0100)]
package/runc: add CPE variables
cpe:2.3:a:linuxfoundation:runc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxfoundation%3Arunc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 28 Jan 2021 20:49:40 +0000 (21:49 +0100)]
package/mutt: add security fixes from Ubuntu for CVE-2021-3181
Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 28 Jan 2021 06:56:31 +0000 (07:56 +0100)]
package/gdk-pixbuf: fix license
Commit
a7b51ed3013c919b293deb95299e33363fb9df70 forgot to update hash of
COPYING which now contains LGPL-2.1+
Here is an extract of
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/
0a8882b1a1f5234f7de2177e41f9cb584b6d61f8:
"The vast majority of GdkPixbuf is released under the terms of the GNU
Lesser General Public License, version 2.1 or later.
The following files are released under the terms of the GNU Library
General Public License, version 2 or later:
[...]
The aggregate license of the GdkPixbuf project is the Lesser GPL v2.1 or
later."
Fixes:
- http://autobuild.buildroot.org/results/
292306061216471c258a89e61b54c0d05c757321
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 28 Jan 2021 14:43:36 +0000 (16:43 +0200)]
package/chrony: fix build with kernel headers older than 3.15
Add a patch to make renameat2 system call reference conditional.
Fixes:
http://autobuild.buildroot.net/results/bb6/
bb638ed011aea379c7f780187dafe2615753e2ae/
http://autobuild.buildroot.net/results/5ef/
5ef11bace60950b35b4a593d734a20df088c79aa/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Nosthoff [Thu, 28 Jan 2021 14:48:25 +0000 (15:48 +0100)]
package/grpc: bump to version 1.35.0
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vadym Kochan [Thu, 28 Jan 2021 15:26:34 +0000 (17:26 +0200)]
package/logrotate: bump to 3.18.0 version
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Thu, 28 Jan 2021 14:44:23 +0000 (16:44 +0200)]
package/stress-ng: bump to version 0.12.02
Use https for download to save redirect.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 27 Jan 2021 21:44:55 +0000 (22:44 +0100)]
package/socat: add SOCAT_CPE_ID_VENDOR
cpe:2.3:a:dest-unreach:socat is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adest-unreach%3Asocat
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 21:36:56 +0000 (22:36 +0100)]
package/webp: add CPE variables
cpe:2.3:a:webmproject:libwebp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awebmproject%3Alibwebp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 21:15:39 +0000 (22:15 +0100)]
package/wine: add WINE_CPE_ID_VENDOR
cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 21:08:45 +0000 (22:08 +0100)]
package/wpewebkit: add CPE variables
cpe:2.3:a:wpewebkit:wpe_webkit is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awpewebkit%3Awpe_webkit
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 20:54:33 +0000 (21:54 +0100)]
package/x265: add X265_CPE_ID_VENDOR
cpe:2.3:a:multicorewareinc:x265 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amulticorewareinc%3Ax265
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 20:44:03 +0000 (21:44 +0100)]
package/xapian: add CPE variables
cpe:2.3:a:xapian:xapian-core is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Axapian%3Axapian-core
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Baruch Siach [Thu, 28 Jan 2021 12:33:38 +0000 (14:33 +0200)]
package/uboot-tools: drop redundant parentheses
Commit
d8db91fc6fa ("package/uboot-tools: resolve host uboot env/script
error") introduced closing parentheses that is not matched and not
needed.
Fixes:
http://autobuild.buildroot.net/results/a65/
a65fcc581f56ef70154f83e80f12d64f2e0f856a/
http://autobuild.buildroot.net/results/39a/
39aabb9d8afcdead1d620e081d2cd43ee2d61fbc/
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sergey Matyukevich [Wed, 27 Jan 2021 06:05:20 +0000 (09:05 +0300)]
configs/orangepi_zero_plus2_defconfig: bump BSP versions
Bump Linux to 5.10.10 and U-Boot to 2020.10. In the new kernel sunxi-mmc
driver has been switched to asynchronous probe. As a result, mmc indexes
can be shuffled breaking board boot. Add patch that pins mmc indexes to
their original ordered values.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergey Matyukevich [Wed, 27 Jan 2021 06:05:19 +0000 (09:05 +0300)]
configs/orangepi_zero_defconfig: bump BSP versions
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sergey Matyukevich [Wed, 27 Jan 2021 06:05:18 +0000 (09:05 +0300)]
configs/linksprite_pcduino: bump BSP versions
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 27 Jan 2021 06:33:42 +0000 (07:33 +0100)]
package/gerbera: needs gcc >= 8
std::filesystem is required since version 1.5.0:
https://github.com/gerbera/gerbera/issues/849
Fixes:
- http://autobuild.buildroot.org/results/
759c875ee8ab0447cd735c22f89fa127cb8c427c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas De Schampheleire [Wed, 27 Jan 2021 09:16:59 +0000 (10:16 +0100)]
package/collectd: add option to enable UBI counters
The 'ubi' collectd plugin was added in 5.11.0.
Add options in Buildroot to enable it.
Based on code by Bart De Vos.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 19:25:36 +0000 (20:25 +0100)]
package/libiec61850: add LIBIEC61850_CPE_ID_VENDOR
cpe:2.3:a:mz-automation:libiec61850 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amz-automation%3Alibiec61850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 26 Jan 2021 19:25:35 +0000 (20:25 +0100)]
package/libiec61850: drop BUILD_EXAMPLES=OFF
BUILD_EXAMPLES=OFF is already passed by cmake-infrastructure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Maxim Kochetkov [Mon, 25 Jan 2021 07:40:58 +0000 (10:40 +0300)]
package/timescaledb: Fix build with Postgresql 13
Add missed patch for PG13 build.
Fixes;
http://autobuild.buildroot.org/results/0e5/
0e534ed0a5206856fad7272008b12205811f098a/build-end.log
Fixes: 5cff0c8a2d1c ("package/timescaledb: bump to version 2.0.0")
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr: add reference to autobuilder failure]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 27 Jan 2021 19:58:38 +0000 (20:58 +0100)]
package/libuhttpd: bump to version 3.9.0
Fix build without dlopen thanks to
https://github.com/zhaojh329/libuhttpd/commit/
117ae812a4eb114f46f4d9dfd395618c74836710
https://github.com/zhaojh329/libuhttpd/releases/tag/v3.9.0
Fixes:
- http://autobuild.buildroot.org/results/
3d14502c87ecee5b1eeeec3f85b8d6b659d61bbc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 27 Jan 2021 20:24:07 +0000 (21:24 +0100)]
package/strongswan: bump to version 5.9.1
https://wiki.strongswan.org/versions/79
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Eldar Gasanov [Wed, 27 Jan 2021 07:48:36 +0000 (10:48 +0300)]
package/xtables-addons: bump version to 3.13
Use https://inai.de/files/xtables-addons to download source code
Signed-off-by: Eldar Gasanov <eldargasanov2@gmail.com>
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
[Peter: also update Config.in URL]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 27 Jan 2021 19:55:53 +0000 (20:55 +0100)]
package/gdk-pixbuf: bump to version 2.42.2
- Switch to meson-package
- Drop GDK_PIXBUF_DISABLE_TESTS as it is not needed anymore (meson
doesn't build tests when cross-commpiling)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jianhui Zhao [Wed, 27 Jan 2021 14:02:09 +0000 (22:02 +0800)]
package/rtty: bump version to 7.2.3
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 27 Jan 2021 20:51:52 +0000 (21:51 +0100)]
package/sudo: drop unneeded autoreconf
Commit
4fea71ac785cc (package/sudo: security bump to version 1.9.5p2)
removed the patch, but forgot to remove the now unneeded autoreconf. Fix
that.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Kalpesh Panchal [Tue, 26 Jan 2021 13:14:37 +0000 (07:14 -0600)]
package/uboot-tools: resolve host uboot env/script error
The host build of uboot-tools can occur early in the build process and may
require the creation of BINARIES_DIR before generation of an enabled envimage
and/or boot script binary. So to resolve this in proper way, separated the
build and installation part of uboot env/script in their respective commands.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Christian Stewart [Wed, 27 Jan 2021 14:26:28 +0000 (06:26 -0800)]
package/sudo: security bump to version 1.9.5p2
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 26 Jan 2021 17:54:56 +0000 (18:54 +0100)]
package/spdlog: support dynamic library
spdlog can install a shared library since version 1.4.0 and
https://github.com/gabime/spdlog/commit/
45a18a61c633564311e51f5cbed2748e9cb70e2f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 25 Jan 2021 22:45:25 +0000 (23:45 +0100)]
package/nettle: set NETTLE_CPE_ID_VALID
cpe:2.3:a:nettle_project:nettle is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anettle_project%3Anettle
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 25 Jan 2021 22:43:05 +0000 (23:43 +0100)]
package/trousers: add TROUSERS_CPE_ID_VENDOR
cpe:2.3:a:trustedcomputinggroup:trousers is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atrustedcomputinggroup%3Atrousers
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 25 Jan 2021 22:42:19 +0000 (23:42 +0100)]
package/beecrypt: set BEECRYPT_CPE_ID_VALID
cpe:2.3:a:beecrypt_project:beecrypt is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abeecrypt_project%3Abeecrypt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 25 Jan 2021 21:50:55 +0000 (22:50 +0100)]
package/sdl2: add CPE variables
cpe:2.3:a:libsdl:sdl is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas De Schampheleire [Tue, 19 Jan 2021 17:17:41 +0000 (18:17 +0100)]
package/opentracing-cpp: fix build if clang-tidy is installed on the host
opentracing-cpp fails to build if clang-tidy is installed:
...
-- clang-tidy found: /usr/lib/llvm/11/bin/clang-tidy
-- Configuring done
-- Generating done
...
[ 25%] Building CXX object CMakeFiles/opentracing.dir/src/propagation.cpp.o
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:3:11: warning: '__llvm_libc' needs to be the outermost namespace [llvmlibc-implementation-in-namespace]
namespace opentracing {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:11:3: warning: use '= default' to define a trivial default constructor [hicpp-use-equals-default,modernize-use-equals-default]
PropagationErrorCategory() {}
^ ~~
= default;
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const char* name() const noexcept override {
~~~~~~~~~~~ ^
auto -> const char*
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: method 'name' can be made static [readability-convert-member-functions-to-static]
const char* name() const noexcept override {
^ ~~~~~~
static
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:17:24: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::error_condition default_error_condition(int code) const
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:37:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::string message(int code) const override {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:58:28: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const std::error_category& propagation_error_category() {
^
226 warnings and 1 error generated.
Error while processing .../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp.
Suppressed 218 warnings (218 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
Found compiler error(s).
make[3]: *** [CMakeFiles/opentracing.dir/build.make:83: CMakeFiles/opentracing.dir/src/propagation.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs....
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/dynamic_load.cpp:4:
Disable the 'ENABLE_LINTING' option to avoid this influence.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>