buildroot.git
3 years agosupport/scripts/pkg-stats: verified CPE has a known id but not version
Matthew Weber [Wed, 19 May 2021 02:46:36 +0000 (21:46 -0500)]
support/scripts/pkg-stats: verified CPE has a known id but not version

Currently a verified CPE reports the following if versions are not found
 cpe:2.3:a:qemu:qemu:5.2.0:*:*:*:*:*:*:*
 CPE identifier unknown in CPE database (Search)

This patch clarifies the report to state the 'version' is unknown instead
of the 'identifier'.

Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nbd: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 07:01:28 +0000 (09:01 +0200)]
package/nbd: add CPE variables

cpe:2.3:a:network_block_device_project:network_block_device is a valid
CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetwork_block_device_project%3Anetwork_block_device

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/nasm: add CPE variables
Fabrice Fontaine [Wed, 19 May 2021 06:49:08 +0000 (08:49 +0200)]
package/nasm: add CPE variables

cpe:2.3:a:nasm:netwide_assembler is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anasm%3Anetwide_assembler

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/musl: add MUSL_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 06:40:44 +0000 (08:40 +0200)]
package/musl: add MUSL_CPE_ID_VENDOR

cpe:2.3:a:musl-libc:musl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amusl-libc%3Amusl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bird: add BIRD_CPE_ID_VENDOR
Fabrice Fontaine [Wed, 19 May 2021 06:00:54 +0000 (08:00 +0200)]
package/bird: add BIRD_CPE_ID_VENDOR

cpe:2.3:a:nic:bird is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anic%3Abird

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: remove pkg-stats data on clean
Yann E. MORIN [Tue, 18 May 2021 20:28:17 +0000 (22:28 +0200)]
Makefile: remove pkg-stats data on clean

Like commit 1f187371d002 for cpe-updates data, also remove pkg-stats
data on clean.

Unlike the rest, those are not nicely located in a directory of their
own, and have no variable name associated with them, so we just need
to repeat their names in the clean rule.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/environment-setup: Fix incorrect order of the `sed` expressions
Mircea GLIGA [Sun, 16 May 2021 14:19:49 +0000 (17:19 +0300)]
package/environment-setup: Fix incorrect order of the `sed` expressions

Order of the `sed` expressions is important; when this was commited
to master, the order of the expressions from the original patch [1] was
changed, rendering the second expression to noop.

This made all the environment variables from the script to contain
absolute paths: long absolute paths makes verbose builds difficult
to read/follow.
We can take advantage of the fact that the PATH is updated and we
don't have to use absolute paths.

Fixed by reordering the `sed` expresions:
* first update the path of the binaries: e.g. 's%$(HOST_DIR)/bin/%%g'
* only then update remaining paths: e.g. 's%$(HOST_DIR)%\$$SDK_PATH%g'

[1] https://patchwork.ozlabs.org/project/buildroot/patch/20201027140140.47982-1-matthew.weber@rockwellcollins.com/

Signed-off-by: Mircea GLIGA <mgliga@bitdefender.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/x11r7/xlib_libX11: security bump version to 1.7.1
Bernd Kuhls [Tue, 18 May 2021 15:26:00 +0000 (17:26 +0200)]
package/x11r7/xlib_libX11: security bump version to 1.7.1

Fixes CVE-2021-31535:
https://lists.x.org/archives/xorg-announce/2021-May/003088.html

Release notes:
https://lists.x.org/archives/xorg-announce/2021-May/003089.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/xterm: security bump version to 367
Bernd Kuhls [Tue, 18 May 2021 15:31:12 +0000 (17:31 +0200)]
package/xterm: security bump version to 367

Fixes CVE-2021-27135:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agosupport/testing: test_hardening disable PIC/PIE
Romain Naour [Thu, 13 May 2021 16:22:45 +0000 (18:22 +0200)]
support/testing: test_hardening disable PIC/PIE

Since [1], PIC/PIE is enabled by default but the TestRelroPartial
test expect implicitely PIC/PIE being disabled.

Disable PIC/PIE from the config fragment provided by
TestRelroPartial.

[1] 810ba387bec3c5b6904e8893fb4cb6f9d3717466

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661757

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agosupport/scripts/pkg-stats: fix flake8 E741 ambiguous variable name
Matthew Weber [Tue, 18 May 2021 18:21:53 +0000 (13:21 -0500)]
support/scripts/pkg-stats: fix flake8 E741 ambiguous variable name

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/rocksdb: bump to version 6.20.3
Fabrice Fontaine [Sat, 8 May 2021 09:54:08 +0000 (11:54 +0200)]
package/rocksdb: bump to version 6.20.3

- Refresh first patch
- Add BR2_PACKAGE_ROCKSDB_ARCH_SUPPORTS due to toku_time.h which has
  been added in version 6.16.3 by
  https://github.com/facebook/rocksdb/commit/98236fb10ecdbe6e7e8ef5cfb11e1f11dcb72f84
  and contains the following blob:

 #if defined(__x86_64__) || defined(__i386__)
  uint32_t lo, hi;
  __asm__ __volatile__("rdtsc" : "=a"(lo), "=d"(hi));
  return (uint64_t)hi << 32 | lo;
 #elif defined(__aarch64__)
  uint64_t result;
  __asm __volatile__("mrs %[rt], cntvct_el0" : [ rt ] "=r"(result));
  return result;
 #elif defined(__powerpc__)
  return __ppc_get_timebase();
 #else
 #error No timer implementation for this platform
 #endif

- Also drop second patch and disable build on powerpc as it seems that
  upstream is not really testing powerpc (patch not merged after more
  than one year + build failure with uclibc/musl only fixed on ppc64:
  https://github.com/facebook/rocksdb/commit/24b7ebee80ab282e073fd541d5b807d4a0bbbfab)

- Update hash of README.md (change not related to license:
  https://github.com/facebook/rocksdb/commit/f4ade82ad29790b1e0d99188e0b26e5b805c7243)

As a side effect, this will remove the autobuilder failures on arm,
powerpc and m68k

https://github.com/facebook/rocksdb/blob/v6.20.3/HISTORY.md

Fixes:
 - http://autobuild.buildroot.org/results/059ebe270e6e7c23e40060c4cf0112c4cd72b0e7
 - http://autobuild.buildroot.org/results/f007412f29ab2e03a6904e2f548e77654abde6de
 - http://autobuild.buildroot.org/results/83505f78fcb4d925779177411d830bea127b6800

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/libdrm: bump version to 2.4.106
Bernd Kuhls [Tue, 18 May 2021 04:46:26 +0000 (06:46 +0200)]
package/libdrm: bump version to 2.4.106

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/rpi: fix defconfigs after upstream rebased
Yann E. MORIN [Tue, 18 May 2021 14:50:03 +0000 (16:50 +0200)]
configs/rpi: fix defconfigs after upstream rebased

Branches in the Rappberry Pi linux repository are often rebased, which
means that commits that are not reachable from a reference (tag,branch)
will eventually get garbage-collected.

This is probably what hapenned with the commit we are curently
referencing in our defconfig files.

Swith to using the current HEAD of the rpi-5.10.y brnch, in lieue of the
previous one.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/testing: test_glxinfo load X11 modules in the right order
Romain Naour [Thu, 13 May 2021 14:11:49 +0000 (16:11 +0200)]
support/testing: test_glxinfo load X11 modules in the right order

From [1]
"Xorg does not implement real dynamic linking and requires that its
modules get loaded in the right order."

From /var/log/Xorg.0.0.log:
 (II) LoadModule: "modesetting"
 (II) Loading /usr/lib/xorg/modules/drivers/modesetting_drv.so
 (EE) Failed to load /usr/lib/xorg/modules/drivers/modesetting_drv.so: /usr/lib/xorg/modules/drivers/modesetting_drv.so: undefined symbol: shadowRemove

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661899

[1] https://forums.gentoo.org/viewtopic-p-8245578.html#8245578

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/testing: test_glxinfo: switch to Gallium swrast
Romain Naour [Thu, 13 May 2021 14:11:48 +0000 (16:11 +0200)]
support/testing: test_glxinfo: switch to Gallium swrast

Since the mesa3d bump to version 21.0.3 [1], the
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST option is not supported anymore
since the mesa DRI swrast driver has been removed upstream

So, switch to Gallium swrast.

[1]15a2f9b819806d38a7d8172a20f80130b1d60e63

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gerbera: fix build with -Os and gcc 9 or 10
Fabrice Fontaine [Thu, 13 May 2021 11:46:33 +0000 (13:46 +0200)]
package/gerbera: fix build with -Os and gcc 9 or 10

For an unknown reason, gerbera fails to build with -Os and gcc 9 or 10
since bump to version 1.8.0 in commit 8974596836945eada8e162844fb87f88adec9100:

[100%] Linking CXX executable gerbera
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-gnu/10.2.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: liblibgerbera.a(content_manager.cc.o): in function `ContentManager::_rescanDirectory(std::shared_ptr<AutoscanDirectory>&, int, std::shared_ptr<GenericTask> const&)':
content_manager.cc:(.text+0xb53b): undefined reference to `std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>::swap(std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>&)'
collect2: error: ld returned 1 exit status

A similar build failure has been reported as gcc bug 91067:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91067

But this bug has been fixed since gcc 9.3 and 10.1 and build failures
are raised with gcc 10.2

To fix this build failure, set optimisation to -O2 if needed

Fixes:
 - http://autobuild.buildroot.org/results/a4ee8ad7ff93939716673b611c7cc3f68dafa3d0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/pipewire: fix build with uclibc-ng
Fabrice Fontaine [Tue, 4 May 2021 21:10:16 +0000 (23:10 +0200)]
package/pipewire: fix build with uclibc-ng

Build fails with uclibc-ng since bump to version 0.3.26 in commit
a6d88d3ba5e30e11f4d726f341bc56c1be7c71c9

Fixes:
 - http://autobuild.buildroot.org/results/a45f0ee009d90cef867dee4b1093225610fa10df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/cutelyst: fix linking with -latomic
Fabrice Fontaine [Mon, 17 May 2021 19:40:08 +0000 (21:40 +0200)]
package/cutelyst: fix linking with -latomic

Build is broken since commit 7333207eaf2900076185cba6641c6406d61c235e
because upstream overrides CMAKE_EXE_LINKER_FLAGS when building with
jemalloc:
https://github.com/cutelyst/cutelyst/commit/7d73eba273be365f15f1ffcb3d3ee7f1d44e10fb

Fixes:
 - http://autobuild.buildroot.org/results/ba9bccaae2cad487a66b6eb9851fc206c32d7c82

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libtirpc: bump version to 1.3.2
Petr Vorel [Mon, 17 May 2021 17:43:40 +0000 (19:43 +0200)]
package/libtirpc: bump version to 1.3.2

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoConfig.in.lgeacy: fix udisks lvm2 help
Fabrice Fontaine [Mon, 17 May 2021 21:18:57 +0000 (23:18 +0200)]
Config.in.lgeacy: fix udisks lvm2 help

Remove spurious "was removed"

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoConfig.in.legacy: update iostat title
Fabrice Fontaine [Mon, 17 May 2021 21:18:56 +0000 (23:18 +0200)]
Config.in.legacy: update iostat title

Specify that iostat 'package' has been removed to be consistent with
other entries

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: remove cpe-updates on clean
Yann E. MORIN [Sun, 16 May 2021 12:42:37 +0000 (14:42 +0200)]
Makefile: remove cpe-updates on clean

Commit fd7312940aef (Makefile: add new missing-cpe target) added the
rule to generate a set of files to update the NVD.

For an in-tree build, 'make clean' remove the output directory, so
those files are removed. But for an out-of-tree build, the output
directory is not removed, so those files still linger around after a
clean.

Explicitly remove them on clean, to cater for both cases.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: drop BR2_PACKAGE_LVM2_APP_LIBRARY
Fabrice Fontaine [Mon, 17 May 2021 17:06:09 +0000 (19:06 +0200)]
package/lvm2: drop BR2_PACKAGE_LVM2_APP_LIBRARY

The application library (liblvm2app) has been dropped since version
2.03.00 and
https://github.com/lvmteam/lvm2/commit/0d22b58172808f050abeacdb5d6a7b7132b91a8c

It should be noted that lvm2 support must be dropped from udisks until
a bump to at least version 2.7.0 and
https://github.com/storaged-project/udisks/commit/4c0709a893be49a0db5b2839e4766621e2c1bb98

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - slightly expand help text for legacy BR2_PACKAGE_UDISKS_LVM2
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/docker-engine: devicemapper driver does not need liblvm2app
Fabrice Fontaine [Mon, 17 May 2021 17:06:08 +0000 (19:06 +0200)]
package/docker-engine: devicemapper driver does not need liblvm2app

lvm2 app library is not needed to build devicemapper filesystem driver

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: tweak title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agolmbench: lat_rpc: fix stray pointer
Vineet Gupta [Mon, 10 May 2021 18:00:49 +0000 (11:00 -0700)]
lmbench: lat_rpc: fix stray pointer

| # ./lat_rpc -S localhost
| potentially unexpected fatal signal 11.
| Path: /lmbench/bin/arc64/lat_rpc
| CPU: 0 PID: 62 Comm: lat_rpc Not tainted 5.6.0-00224-g8e1b159f529e #39
| Invalid Read @ 0x00000001 by insn @ 0x2011f110
|   @off 0x6c110 in [/lib/libc-2.32.so]  VMA: 0x200b3000 to 0x201b8000
| ECR: 0x00050100 EFA: 0x00000001 ERET: 0x2011f110
| STAT32: 0x80081082 [IE U     ]   BTA: 0x2011b87c
|  SP: 0x5fffefe8  FP: 0x00000000 BLK: 0x20103242
| r00: 0x00000001 r01: 0x00000002 r02: 0x00000001
| r03: 0x20101eb0 r04: 0x00000001 r05: 0x00000001
| r06: 0x00000000 r07: 0x00000000 r08: 0x00000001
| r09: 0x2019d8b0 r10: 0x20039fc4 r11: 0x5ffff0f0
| r12: 0x2019d6d0 r13: 0x2019d748 r14: 0x5ffff588
| r15: 0x00000000 r16: 0x00000000 r17: 0x5ffff708
| r18: 0x20039fc0 r19: 0xffffffff r20: 0x201ba010
| r21: 0x00000000 r22: 0x00000000 r23: 0x20039fc0
| r24: 0x00000bd0 r25: 0x00000073
Segmentation fault

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agolmbench: memsize: increase delay for slow FPGAs
Vineet Gupta [Mon, 10 May 2021 18:00:47 +0000 (11:00 -0700)]
lmbench: memsize: increase delay for slow FPGAs

otherwise memsize bails out and erroneously reports 1 MB

NOK
----
| />/lmbench/bin/arc/memsize 16
|
| 1

OK
----
| />/lmbench/bin/arc/memsize 16
| 2MB OK3MB OK4MB OK5MB OK6MB OK7MB OK8MB OK9MB OK10MB OK11MB OK12MB OK13MB OK14MB OK15MB OK16MB OK
| 16

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mesa3d-headers: remove spurious empty line
Arnout Vandecappelle (Essensium/Mind) [Mon, 17 May 2021 19:18:58 +0000 (21:18 +0200)]
package/mesa3d-headers: remove spurious empty line

Detected by check-package

Fixes: 7fa481437e71484aa7064398e69aa63cdabb86b2
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
3 years agopackage/intel-microcode: security bump to version 20210216
Peter Korsgaard [Mon, 17 May 2021 17:38:30 +0000 (19:38 +0200)]
package/intel-microcode: security bump to version 20210216

Fixes the following security issues:

- CVE-2020-8696: Description: Improper removal of sensitive information
  before storage or transfer in some Intel(R) Processors may allow an
  authenticated user to potentially enable information disclosure via local
  access

- CVE-2020-8698: Description: Improper isolation of shared resources in some
  Intel(R) Processors may allow an authenticated user to potentially enable
  information disclosure via local access

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html

License file updated with the new year, so change hash accordingly.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/redis: security bump to v6.2.3
Titouan Christophe [Mon, 17 May 2021 13:05:39 +0000 (15:05 +0200)]
package/redis: security bump to v6.2.3

From the release notes:
================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================

Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.

Read more on https://github.com/redis/redis/blob/6.2.3/00-RELEASENOTES

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: drop BR2_PACKAGE_LVM2_LVMETAD
Fabrice Fontaine [Sun, 16 May 2021 20:27:22 +0000 (22:27 +0200)]
package/lvm2: drop BR2_PACKAGE_LVM2_LVMETAD

lvmetad has been dropped since version 2.03.00 and
https://github.com/lvmteam/lvm2/commit/117160b27e510dceb1ed6acf995115c040acd88d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tpm2-tss: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 17:11:01 +0000 (19:11 +0200)]
package/tpm2-tss: add CPE variables

cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atpm2_software_stack_project%3Atpm2_software_stack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/weston: add WESTON_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:10:34 +0000 (19:10 +0200)]
package/weston: add WESTON_CPE_ID_VENDOR

cpe:2.3:a:wayland:weston is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Aweston

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libuv: add LIBUV_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:10:04 +0000 (19:10 +0200)]
package/libuv: add LIBUV_CPE_ID_VENDOR

cpe:2.3:a:libuv:libuv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibuv%3Alibuv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libusb: add LIBUSB_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:09:40 +0000 (19:09 +0200)]
package/libusb: add LIBUSB_CPE_ID_VENDOR

cpe:2.3:a:libusb:libusb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibusb%3Alibusb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libsamplerate: add LIBSAMPLERATE_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:09:10 +0000 (19:09 +0200)]
package/libsamplerate: add LIBSAMPLERATE_CPE_ID_VENDOR

cpe:2.3:a:libsamplerate_project:libsamplerate is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsamplerate_project%3Alibsamplerate

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/librelp: add LIBRELP_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:08:42 +0000 (19:08 +0200)]
package/librelp: add LIBRELP_CPE_ID_VENDOR

cpe:2.3:a:rsyslog:librelp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arsyslog%3Alibrelp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/liboping: add LIBOPING_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:08:05 +0000 (19:08 +0200)]
package/liboping: add LIBOPING_CPE_ID_VENDOR

cpe:2.3:a:noping:liboping is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anoping%3Aliboping

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libmodbus: add LIBMODBUS_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:07:32 +0000 (19:07 +0200)]
package/libmodbus: add LIBMODBUS_CPE_ID_VENDOR

cpe:2.3:a:libmodbus:libmodbus is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibmodbus%3Alibmodbus

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libmms: add LIBMMS_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 17:06:55 +0000 (19:06 +0200)]
package/libmms: add LIBMMS_CPE_ID_VENDOR

cpe:2.3:a:libmms_project:libmms is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibmms_project%3Alibmms

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libldns: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 11:25:04 +0000 (13:25 +0200)]
package/libldns: add CPE variables

cpe:2.3:a:nlnetlabs:ldns is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aldns

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/kodi: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 11:05:36 +0000 (13:05 +0200)]
package/kodi: add CPE variables

cpe:2.3:a:kodi:kodi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akodi%3Akodi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/keepalived: add KEEPALIVED_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:55:28 +0000 (12:55 +0200)]
package/keepalived: add KEEPALIVED_CPE_ID_VENDOR

cpe:2.3:a:keepalived:keepalived is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akeepalived%3Akeepalived

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/grpc: add GRPC_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:50:26 +0000 (12:50 +0200)]
package/grpc: add GRPC_CPE_ID_VENDOR

cpe:2.3:a:grpc:grpc is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agrpc%3Agrpc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/frr: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 10:44:02 +0000 (12:44 +0200)]
package/frr: add CPE variables

cpe:2.3:a:linuxfoundation:free_range_routing is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxfoundation%3Afree_range_routing

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/fluidsynth: add FLUIDSYNTH_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:38:23 +0000 (12:38 +0200)]
package/fluidsynth: add FLUIDSYNTH_CPE_ID_VENDOR

cpe:2.3:a:fluidsynth:fluidsynth is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afluidsynth%3Afluidsynth

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/exempi: add EXEMPI_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:32:52 +0000 (12:32 +0200)]
package/exempi: add EXEMPI_CPE_ID_VENDOR

cpe:2.3:a:exempi_project:exempi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aexempi_project%3Aexempi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/enscript: add ENSCRIPT_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:23:33 +0000 (12:23 +0200)]
package/enscript: add ENSCRIPT_CPE_ID_VENDOR

cpe:2.3:a:gnu:enscript is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aenscript

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/enlightenment: add ENLIGHTENMENT_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:19:58 +0000 (12:19 +0200)]
package/enlightenment: add ENLIGHTENMENT_CPE_ID_VENDOR

cpe:2.3:a:enlightenment:enlightenment is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aenlightenment

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/terminology: add TERMINOLOGY_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 10:17:02 +0000 (12:17 +0200)]
package/terminology: add TERMINOLOGY_CPE_ID_VENDOR

cpe:2.3:a:enlightenment:terminology is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aterminology

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libidn: add LIBIDN_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:52:01 +0000 (10:52 +0200)]
package/libidn: add LIBIDN_CPE_ID_VENDOR

cpe:2.3:a:gnu:libidn is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libidn2: add LIBIDN2_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:50:22 +0000 (10:50 +0200)]
package/libidn2: add LIBIDN2_CPE_ID_VENDOR

cpe:2.3:a:gnu:libidn2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tinyproxy: add TINYPROXY_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:44:53 +0000 (10:44 +0200)]
package/tinyproxy: add TINYPROXY_CPE_ID_VENDOR

cpe:2.3:a:tinyproxy_project:tinyproxy is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyproxy_project%3Atinyproxy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tinyxml2: add TINYXML2_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:36:41 +0000 (10:36 +0200)]
package/tinyxml2: add TINYXML2_CPE_ID_VENDOR

cpe:2.3:a:tinyxml2_project:tinyxml2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyxml2_project%3Atinyxml2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tini: add TINI_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:32:57 +0000 (10:32 +0200)]
package/tini: add TINI_CPE_ID_VENDOR

cpe:2.3:a:tini_project:tini is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atini_project%3Atini

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/tclap: add TCLAP_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:20:22 +0000 (10:20 +0200)]
package/tclap: add TCLAP_CPE_ID_VENDOR

cpe:2.3:a:tclap_project:tclap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atclap_project%3Atclap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/thermald: add THERMALD_CPE_ID_VENDOR
Fabrice Fontaine [Sun, 16 May 2021 08:12:52 +0000 (10:12 +0200)]
package/thermald: add THERMALD_CPE_ID_VENDOR

cpe:2.3:a:intel:thermald is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aintel%3Athermald

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/taglib: add TAGLIB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 22:05:10 +0000 (00:05 +0200)]
package/taglib: add TAGLIB_CPE_ID_VENDOR

cpe:2.3:a:taglib:taglib is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ataglib%3Ataglib

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/qpdf: add QPDF_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 21:54:06 +0000 (23:54 +0200)]
package/qpdf: add QPDF_CPE_ID_VENDOR

cpe:2.3:a:qpdf_project:qpdf is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aqpdf_project%3Aqpdf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mesa3d{,-headers}: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 21:41:42 +0000 (23:41 +0200)]
package/mesa3d{,-headers}: add CPE variables

cpe:2.3:a:mesa3d:mesa is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amesa3d%3Amesa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add to mesa3d-headers too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/lvm2: add LVM2_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 21:36:06 +0000 (23:36 +0200)]
package/lvm2: add LVM2_CPE_ID_VENDOR

cpe:2.3:a:redhat:lvm2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Alvm2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: add column reporting ignored CVEs
Matt Weber [Thu, 22 Apr 2021 19:45:57 +0000 (14:45 -0500)]
support/scripts/pkg-stats: add column reporting ignored CVEs

When doing analysis it is helpful to be able to view what CVE have
been patched / diagnosed to not apply to Buildroot. This exposes
that list to the reporting and prevents a step where you have to
dig into the .mk's of a pkg to check for sure what has been
ignored.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: only set background if there are ignored CVEs]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/pkg-stats: add CPE searching links
Matt Weber [Thu, 22 Apr 2021 19:45:56 +0000 (14:45 -0500)]
support/scripts/pkg-stats: add CPE searching links

For cases of a CPE having a unknown version or when there hasn't
been a CPE verified, proposed a search criteria to help the
user research an update.

(libcurl has NIST dict entries but not this version)
  cpe:2.3:a:haxx:libcurl:7.76.1:*:*:*:*:*:*:*
  CPE identifier unknown in CPE database (Search)

(jitterentropy-library package doesn't have any NIST dict entries)
  no verified CPE identifier (Search)

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: fix flake8 issues]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoMakefile: add new missing-cpe target
Thomas Petazzoni [Sun, 31 Jan 2021 13:38:18 +0000 (14:38 +0100)]
Makefile: add new missing-cpe target

It invokes the recently introduced gen-missing-cpe script.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agosupport/scripts/gen-missing-cpe: add new script
Matt Weber [Sun, 31 Jan 2021 13:38:17 +0000 (14:38 +0100)]
support/scripts/gen-missing-cpe: add new script

This script queries the list of CPE IDs for the packages of the
current configuration (based on the "make show-info" output), and:

 - for CPE IDs that do not have any matching entry in the CPE
   database, it emits a warning

 - for CPE IDs that do have a matching entry, but not with the same
   version, it generates a snippet of XML that can be used to propose
   an updated version to NIST.

Ref: NIST has a group email (cpe_dictionary@nist.gov) used to
recieve these version update and new entry xml files.  They do
process the XML and provide feedback. In some cases they will
propose back something different where the vendor or version is
slightly different.

Limitations
 - Currently any use of non-number version identifiers isn't
   supported by NIST as they use ranges to determine impact
   of a CVE
 - Any Linux version from a non-upstream is also not supported
   without manually adjusting the information as the custom
   kernel will more then likely not match the upstream version
   used in the dictionary

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - codestyles as spotted by Arnout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jquery-validation: security bump to version 1.19.3
Fabrice Fontaine [Sun, 16 May 2021 09:34:22 +0000 (11:34 +0200)]
package/jquery-validation: security bump to version 1.19.3

Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).

Update hash of README.md due to changes not related to license

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jquery-validation: add CPE variables
Fabrice Fontaine [Sun, 16 May 2021 09:34:21 +0000 (11:34 +0200)]
package/jquery-validation: add CPE variables

cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/bullet: needs wchar
Fabrice Fontaine [Fri, 14 May 2021 21:18:01 +0000 (23:18 +0200)]
package/bullet: needs wchar

bullet needs wchar since bump to version 3.09 in commit
28b4947ed8f53c4edfbf8fef9304dc76480c01ca:

/home/giuliobenetti/autobuild/run/instance-0/output-1/build/bullet-3.09/examples/ThirdPartyLibs/Gwen/Structures.h:42:14: error: 'wstring' in namespace 'std' does not name a type
   42 | typedef std::wstring UnicodeString;
      |              ^~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/2b1158970fc45e9ebd4be4d726352166ed417a1f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoRevert "package/libbluray: add optional support for libudfread"
Yann E. MORIN [Sun, 16 May 2021 09:14:29 +0000 (11:14 +0200)]
Revert "package/libbluray: add optional support for libudfread"

This reverts commit 7aa9b9041d29547114d29f963d567fe421cccb1b.

libbluray before 1.3.0 does not properly detect libudfread, because it
checks for the incorrect name (it asks pkg-config for udfread instead of
libudfread). So, even with the dependency, it would miss it.

Reported-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/libbluray: add optional support for libudfread
Bernd Kuhls [Sat, 15 May 2021 07:01:41 +0000 (09:01 +0200)]
package/libbluray: add optional support for libudfread

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years ago{linux, linux-headers}: bump 5.{4, 10, 11, 12}.x series
Peter Korsgaard [Sat, 15 May 2021 12:09:22 +0000 (14:09 +0200)]
{linux, linux-headers}: bump 5.{4, 10, 11, 12}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/dmalloc: fix static build
Fabrice Fontaine [Sat, 15 May 2021 15:17:30 +0000 (17:17 +0200)]
package/dmalloc: fix static build

Build of dmalloc is broken since commit
19ec872f169a851b48ba04d22432b7c0939847d4 because --enable-shlib is
unconditionally set

Fixes:
 - http://autobuild.buildroot.org/results/62c9c6aebca60649bd6f635125507bf10d63fc05

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/openssh: security bump to version 8.6p1
Fabrice Fontaine [Sat, 15 May 2021 12:10:35 +0000 (14:10 +0200)]
package/openssh: security bump to version 8.6p1

Security
========

 * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
   option was enabled with a set of patterns that activated logging
   in code that runs in the low-privilege sandboxed sshd process, the
   log messages were constructed in such a way that printf(3) format
   strings could effectively be specified the low-privilege code.

   An attacker who had sucessfully exploited the low-privilege
   process could use this to escape OpenSSH's sandboxing and attack
   the high-privilege process. Exploitation of this weakness is
   highly unlikely in practice as the LogVerbose option is not
   enabled by default and is typically only used for debugging. No
   vulnerabilities in the low-privilege process are currently known
   to exist.

https://www.openssh.com/txt/release-8.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoboard/qemu/s390x: disable SSP when needed
Fabrice Fontaine [Sun, 9 May 2021 13:06:34 +0000 (15:06 +0200)]
board/qemu/s390x: disable SSP when needed

Fix build failure raised since commit
810ba387bec3c5b6904e8893fb4cb6f9d3717466 by disabling SSP when needed

Fixes:
 - https://gitlab.com/kubu93/buildroot/-/jobs/1247043361

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/mender-grubenv: fix installing on non-efi platforms
Adam Duskett [Thu, 13 May 2021 02:00:52 +0000 (19:00 -0700)]
package/mender-grubenv: fix installing on non-efi platforms

Currently, mender-grubenv unconditionally installs files from the
$(TARGET_DIR)/boot/EFI directory to the $(BINARIES_DIR)/efi-part.
This fails on systems that are not building grub against EFI.

Add a check in mender-grubenv.mk to ensure the files are copied to the correct
location if EFI is not selected.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/refpolicy: fix REFPOLICY_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 11:25:27 +0000 (13:25 +0200)]
package/refpolicy: fix REFPOLICY_CPE_ID_VENDOR

cpe:2.3:a:selinuxproject:refpolicy is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aselinuxproject%3Arefpolicy

Indeed, cpe:2.3:a:tresys:refpolicy has been deprecated since April 21th:

  <cpe-item name="cpe:/a:tresys:refpolicy:2.20180701" deprecated="true" deprecation_date="2021-04-21T16:55:43.710Z">
    <title xml:lang="en-US">Tresys refpolicy 2.20180701</title>
      <reference href="https://github.com/TresysTechnology/refpolicy">Product</reference>
    <cpe-23:cpe23-item name="cpe:2.3:a:tresys:refpolicy:2.20180701:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3:a:selinuxproject:refpolicy:2.20180701:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-autobahn: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 11:48:12 +0000 (13:48 +0200)]
package/python-autobahn: add CPE variables

cpe:2.3:a:crossbar:autobahn is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acrossbar%3Aautobahn

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-tqdm: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 11:34:56 +0000 (13:34 +0200)]
package/python-tqdm: add CPE variables

cpe:2.3:a:tqdm_project:tqdm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atqdm_project%3Atqdm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-requests: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 10:33:55 +0000 (12:33 +0200)]
package/python-requests: add CPE variables

cpe:2.3:a:python:requests is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Arequests

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 10:24:06 +0000 (12:24 +0200)]
package/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDOR

cpe:2.3:a:python-engineio_project:python-engineio is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-engineio_project%3Apython-engineio

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/python-keyring: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 10:08:48 +0000 (12:08 +0200)]
package/python-keyring: add CPE variables

cpe:2.3:a:python:keyring is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Akeyring

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gstreamer1: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:54:25 +0000 (11:54 +0200)]
package/gstreamer1/gstreamer1: add CPE variables

cpe:2.3:a:gstreamer_project:gstreamer is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agstreamer

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gst1-rtsp-server: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:11:18 +0000 (11:11 +0200)]
package/gstreamer1/gst1-rtsp-server: add CPE variables

cpe:2.3:a:gstreamer_project:gst-rtsp-server is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agst-rtsp-server

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/gstreamer1/gst1-plugins-bad: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 09:01:47 +0000 (11:01 +0200)]
package/gstreamer1/gst1-plugins-bad: add CPE variables

cpe:2.3:a:freedesktop:gst-plugins-bad is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Agst-plugins-bad

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/udisks: add UDISKS_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 08:54:38 +0000 (10:54 +0200)]
package/udisks: add UDISKS_CPE_ID_VENDOR

cpe:2.3:a:freedesktop:udisks is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Audisks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agoconfigs/beaglev: enable host jh71xx-tools
Thomas Petazzoni [Fri, 14 May 2021 22:03:16 +0000 (00:03 +0200)]
configs/beaglev: enable host jh71xx-tools

This host utility is useful to recover the bootloader.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/jh71xx-tools: new package
Thomas Petazzoni [Fri, 14 May 2021 22:03:15 +0000 (00:03 +0200)]
package/jh71xx-tools: new package

Add jh71xx-tools as a new host package, it includes a tool that allows
to recover the bootloader of JH71xx-based platforms, such as the
BeagleV.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
  - fix alphabetical order, spotted by Bin
  - use LICENSE as license file, update license hash accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/libxcb: add LIBXCB_CPE_ID_VENDOR
Fabrice Fontaine [Sat, 15 May 2021 08:34:53 +0000 (10:34 +0200)]
package/x11r7/libxcb: add LIBXCB_CPE_ID_VENDOR

cpe:2.3:a:x:libxcb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libdmx: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:29:43 +0000 (10:29 +0200)]
package/x11r7/xlib_libdmx: add CPE variables

cpe:2.3:a:x:libdmx is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibdmx

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXxf86vm: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:26:04 +0000 (10:26 +0200)]
package/x11r7/xlib_libXxf86vm: add CPE variables

cpe:2.3:a:x:libxxf86vm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86vm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXxf86dga: add CPE variables
Fabrice Fontaine [Sat, 15 May 2021 08:23:04 +0000 (10:23 +0200)]
package/x11r7/xlib_libXxf86dga: add CPE variables

cpe:2.3:a:x:libxxf86dga is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86dga

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/libXres: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:21:47 +0000 (00:21 +0200)]
package/x11r7/libXres: add CPE variables

cpe:2.3:a:x:libxres is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxres

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXpm: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:17:31 +0000 (00:17 +0200)]
package/x11r7/xlib_libXpm: add CPE variables

cpe:2.3:a:libxpm_project:libxpm is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibxpm_project%3Alibxpm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libFS: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:11:14 +0000 (00:11 +0200)]
package/x11r7/xlib_libFS: add CPE variables

cpe:2.3:a:x:libfs is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibfs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libICE: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:06:16 +0000 (00:06 +0200)]
package/x11r7/xlib_libICE: add CPE variables

cpe:2.3:a:freedesktop:libice is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Alibice

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXt: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 22:02:12 +0000 (00:02 +0200)]
package/x11r7/xlib_libXt: add CPE variables

cpe:2.3:a:x:libxt is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXtst: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:59:20 +0000 (23:59 +0200)]
package/x11r7/xlib_libXtst: add CPE variables

cpe:2.3:a:x:libxtst is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxtst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXcursor: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:55:18 +0000 (23:55 +0200)]
package/x11r7/xlib_libXcursor: add CPE variables

cpe:2.3:a:x:libxcursor is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcursor

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXdmcp: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:51:32 +0000 (23:51 +0200)]
package/x11r7/xlib_libXdmcp: add CPE variables

cpe:2.3:a:x.org:libxdmcp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxdmcp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
3 years agopackage/x11r7/xlib_libXext: add CPE variables
Fabrice Fontaine [Fri, 14 May 2021 21:48:12 +0000 (23:48 +0200)]
package/x11r7/xlib_libXext: add CPE variables

cpe:2.3:a:x:libxext is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxext

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>