Fabrice Fontaine [Tue, 6 Apr 2021 21:01:34 +0000 (23:01 +0200)]
package/attr: bump to version 2.5.1
Drop second patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 6 Apr 2021 20:56:08 +0000 (22:56 +0200)]
package/acl: bump to version 2.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 6 Apr 2021 20:45:01 +0000 (22:45 +0200)]
package/acl: add ACL_CPE_ID_VENDOR
cpe:2.3:a:acl_project:acl is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aacl_project%3Aacl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 6 Apr 2021 20:28:05 +0000 (22:28 +0200)]
package/openldap: bump to version 2.4.58
Drop fifth patch (already in version)
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 6 Apr 2021 17:05:08 +0000 (19:05 +0200)]
package/bridge-utils: bump to version 1.7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 6 Apr 2021 16:03:43 +0000 (18:03 +0200)]
package/x11r7/xlib_libXaw: bump version to 1.0.14
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003077.html
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 6 Apr 2021 16:03:42 +0000 (18:03 +0200)]
package/x11r7/xlib_libXres: bump version to 1.2.1
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003078.html
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Tue, 6 Apr 2021 16:03:41 +0000 (18:03 +0200)]
package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003079.html
Updated license hash due to upstream commit:
https://cgit.freedesktop.org/xorg/driver/xf86-input-libinput/commit/?id=
2bbc4727a12471e3699e2803404a013656066a94
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 10:25:50 +0000 (12:25 +0200)]
package/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR
cpe:2.3:a:python-markdown2_project:python-markdown2 is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-markdown2_project%3Apython-markdown2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Mon, 5 Apr 2021 10:26:14 +0000 (12:26 +0200)]
package/quickjs: bump to version 2021-03-27
- remove patch (merged upstream)
- file LICENSE added
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 9 Apr 2021 16:56:42 +0000 (18:56 +0200)]
package/network-manager-openvpn: bump to version 1.8.14
Update indentation in hash file (two spaces)
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/1.8.14/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Wed, 7 Apr 2021 17:31:25 +0000 (19:31 +0200)]
package/{mesa3d, mesa3d-headers}: bump version to 21.0.2
Release notes:
21.0.0: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000622.html
21.0.1: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000624.html
21.0.2: https://lists.freedesktop.org/archives/mesa-announce/2021-April/000625.html
DRI swrast driver was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=
435de835cd639d1b9bb96f81fc224771dc90af6d
OSMesa classic support was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=
ee802372180a2b4460cc7abb53438e45c6b6f1e4
To avoid any conflict, and to show that the new OSMesa is Gallium-based,
we name the new option with a _GALLIUM suffix, even though this is now
the only OSMesa implementation left.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- rename the new option s/$/_GALLIUM/
- don't drop the the old (pre-classic) legacy option
- slightly reword the OSMesa help entry
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Tue, 6 Apr 2021 15:42:35 +0000 (17:42 +0200)]
package/tor: do not install systemd service file
Upstream removed the sample service file for use with systemd:
https://gitweb.torproject.org/tor.git/commit/contrib?h=maint-0.4.5&id=
915af1a65bc217fa33490876199bb69f760bea23
Fixes:
http://autobuild.buildroot.net/results/b80/
b807f19283528b9f0d0c46250b660ea84695679c/
http://autobuild.buildroot.net/results/de4/
de4f1a99b1c524b81579ee804156e26d3f8babe7/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 16:40:52 +0000 (18:40 +0200)]
package/iwd: bump to version 1.13
iwd fails to build since bump of ell to version 0.39 in commit
9988ca9eadb90cbf10d150b420f4d1f5eb38482c:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/9.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: src/ie.o: in function `ie_parse_data_rates':
ie.c:(.text+0x23ac): undefined reference to `minsize'
This is fixed by
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=
17cf4da72613e80d08d51401399d02683ba8664b
Use official iwd tarball which will contain ell/useful.h header
https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=1.13
Fixes:
- http://autobuild.buildroot.org/results/
44e243530cbcec1c88511bb22f5e8e4655c43824
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:47 +0000 (23:40 +0000)]
package/s6-rc: bump to version 0.5.2.1
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:40 +0000 (23:40 +0000)]
package/s6-networking: bump to version 2.4.1.0
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:33 +0000 (23:40 +0000)]
package/s6-dns: bump to version 2.3.5.0
Update license hash due to year change.
Refer to the change set described for s6-networking in the announcement:
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:19 +0000 (23:40 +0000)]
package/s6-linux-utils: bump to version 2.5.1.4
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:13 +0000 (23:40 +0000)]
package/s6-portable-utils: bump to version 2.2.3.1
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:40:06 +0000 (23:40 +0000)]
package/s6: bump to version 2.10.0.2
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:39:52 +0000 (23:39 +0000)]
package/execline: Fix license hash after bump to version 2.8.0.0
Updated license hash due to year change.
Commit
bf66772c9b089dfcd67e1abbe04d7db52562310a was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 23:39:52 +0000 (23:39 +0000)]
package/skalibs: Fix license hash after bump to version 2.10.0.2
Updated license hash due to year change.
Commit
4d5587cb56224b2b28f53b0202fb14b2ab32d5fb was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Seiderer [Tue, 6 Apr 2021 21:48:40 +0000 (23:48 +0200)]
package/valgrind: fix musl compile
The file musl.supp is missing from the download source package, add a
patch deviated from reduced upstream commit ([1]) re-adding the missing file.
Fixes:
- http://autobuild.buildroot.net/results/
b106be44d6e7d82a4e3ad16c995366a46d39ee3c
make[1]: *** No rule to make target 'musl.supp', needed by 'default.supp'. Stop.
[1] https://sourceware.org/git/?p=valgrind.git;a=patch;h=
f4d98ff79d5a79102b777ea7e23002d9f7326489
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 22:47:28 +0000 (22:47 +0000)]
DEVELOPERS: Add Dick Olsson for all skarnet and s6 packages
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bernd Kuhls [Wed, 7 Apr 2021 06:44:28 +0000 (08:44 +0200)]
package/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix
Release notes:
https://github.com/kodi-pvr/pvr.iptvsimple/releases/tag/7.6.0-Matrix
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Wed, 7 Apr 2021 13:54:23 +0000 (15:54 +0200)]
package/avahi: ignore CVE-2021-26720
CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.
https://security-tracker.debian.org/tracker/CVE-2021-26720
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 17:57:20 +0000 (17:57 +0000)]
package/execline: bump to version 2.8.0.0
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dick Olsson [Tue, 6 Apr 2021 17:57:13 +0000 (17:57 +0000)]
package/skalibs: bump to version 2.10.0.2
- Drop patch that has been included upstream
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Wed, 7 Apr 2021 11:37:12 +0000 (13:37 +0200)]
docs/website: update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 7 Apr 2021 10:18:44 +0000 (12:18 +0200)]
Update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
bb10b0dfe690a77e137395ad91290d799bf018c5)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 7 Apr 2021 07:12:20 +0000 (09:12 +0200)]
package/nodejs: security bump to version 12.22.1
Fixes the following security issues:
CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.
https://github.com/advisories/GHSA-c4w7-xm78-47vh
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 6 Apr 2021 20:48:31 +0000 (22:48 +0200)]
package/python-django: security bump to version 3.0.14
Fixes the following security issue:
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.
For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 6 Apr 2021 13:11:59 +0000 (15:11 +0200)]
package/busybox: add upstream gunzip security fix
Fixes the following security issue:
- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
the error bit on the huft_build result pointer, with a resultant invalid
free or segmentation fault, via malformed gzip data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 6 Apr 2021 20:10:58 +0000 (22:10 +0200)]
package/check: bump to version 0.15.2
https://github.com/libcheck/check/releases/tag/0.15.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 18:29:11 +0000 (20:29 +0200)]
package/rabbitmq-c: bump to version 0.11.0
Update indentation in hash file (two spaces)
https://github.com/alanxz/rabbitmq-c/releases/tag/v0.11.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 18:39:27 +0000 (20:39 +0200)]
package/libupnp: security bump to version 1.14.5
Non-recursive version of ixmlNode_free() avoids stack overflow
attack. Fixes CVE-2021-28302.
Also a number of other bugfixes:
https://github.com/pupnp/pupnp/blob/release-1.14.5/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 18:47:59 +0000 (20:47 +0200)]
package/python-iptables: bump to version 1.0.0
- Drop patches (already in version)
- Update indentation in hash file (two spaces)
https://github.com/ldx/python-iptables/compare/v0.14.0...v1.0.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 19:55:49 +0000 (21:55 +0200)]
package/python-zope-interface: bump to version 5.3.0
- Update indentation in hash file (two spaces)
- Update URL in Config.in as current URL returns 404 Not Found
https://github.com/zopefoundation/zope.interface/blob/5.3.0/CHANGES.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 20:04:31 +0000 (22:04 +0200)]
package/python-websocket-client: bump to version 0.58
- Update hash of LICENSE (license switched back to LGPL-2.1+:
https://github.com/websocket-client/websocket-client/commit/
6eaed48d49ea6a1a792b152a477bf9026f0c29b4)
- Update indentation in hash file (two spaces)
https://github.com/websocket-client/websocket-client/blob/v0.58.0/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 6 Apr 2021 20:09:10 +0000 (22:09 +0200)]
package/fail2ban: bump to version 0.11.2
https://github.com/fail2ban/fail2ban/blob/0.11.2/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tian Yuanhao [Sat, 3 Apr 2021 02:23:16 +0000 (19:23 -0700)]
package/wpa_supplicant: handle CONFIG_CTRL_IFACE carefully
When BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE is not set and
BR2_PACKAGE_WPA_SUPPLICANT_DBUS=y, CONFIG_CTRL_IFACE_DBUS_NEW will be
enabled by 's/^#\(CONFIG_CTRL_IFACE_DBUS_NEW\)/\1/' first, and then
disabled by 's/^\(CONFIG_CTRL_IFACE\)/#\1/'.
CONFIG_CTRL_IFACE_DBUS_NEW does not depend on CONFIG_CTRL_IFACE, except
for using it as a prefix. Fix this wrong behavior by adding '\>' after
CONFIG_CTRL_IFACE.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Tested-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Francois Perrad [Tue, 6 Apr 2021 10:38:17 +0000 (12:38 +0200)]
configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Tue, 6 Apr 2021 11:16:13 +0000 (13:16 +0200)]
package/mosquitto: security bump to v2.0.10
Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.
CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred, most likely
resulting in a segfault. This will be updated with the CVE number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
See the announcement: https://mosquitto.org/blog/2021/04/version-2-0-10-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:55 +0000 (22:21 +0200)]
boot/shim: re-enable on ARM32
shim 15.4 builds just fine on ARM32.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:54 +0000 (22:21 +0200)]
boot/shim: bump to version 15.4
- Use the tarball provided by upstream developers instead of the one
generated by Github. Indeed
https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
usual, please use the shim-15.4.tar.bz2 tarball, rather than the
other two archives github automatically produces."
- The tarball now includes the gnu-efi code, so we no longer need to
select gnu-efi and have it as a build dependency. We continue to use
BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
architectures that have gnu-efi support. We also drop the
EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
needs to be searched in STAGING_DIR.
- Drop all four patches, which were backports from upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:53 +0000 (22:21 +0200)]
boot/shim: fix build issues with gcc 9.x
Backport a set of upstream patches to fix:
MokManager.c: In function ‘write_back_mok_list’:
MokManager.c:1081:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1081 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
| ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1103 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~
MokManager.c: In function ‘delete_cert’:
MokManager.c:1144:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1144 | if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_hash_in_list’:
MokManager.c:1195:20: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1195 | if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_keys’:
MokManager.c:1359:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1359 | if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 5 Apr 2021 20:21:52 +0000 (22:21 +0200)]
boot/shim: fix build issue due to gnu-efi
shim fails to build with:
console.c:448:5: error: ‘EFI_WARN_UNKOWN_GLYPH’ undeclared here (not in a function); did you mean ‘EFI_WARN_UNKNOWN_GLYPH’?
448 | { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"},
| ^~~~~~~~~~~~~~~~~~~~~
| EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....
Backport upstream commit
d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 20:36:31 +0000 (22:36 +0200)]
package/python-colorlog: bump to version 4.8.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 20:37:03 +0000 (22:37 +0200)]
package/python-simplelogging: bump to version 0.11.0
Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 19:52:57 +0000 (21:52 +0200)]
package/python-toml: bump to version 0.10.2
- Update hash of LICENSE (update in year and author added:
https://github.com/uiri/toml/commit/
a86fc1fbd650a19eba313c3f642c9e2c679dc8d6)
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 19:43:36 +0000 (21:43 +0200)]
package/hidapi: bump to version 0.10.1
- Drop patch (already in version)
- Update indentation in hash file (two spaces)
https://github.com/libusb/hidapi/releases/tag/hidapi-0.10.0
https://github.com/libusb/hidapi/releases/tag/hidapi-0.10.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 5 Apr 2021 19:17:53 +0000 (21:17 +0200)]
package/xen: add upstream xsa-36{0, 4, 8} security fixes
Fixes the following security issues:
- CVE-2021-3308: IRQ vector leak on x86
https://xenbits.xenproject.org/xsa/advisory-360.html
- CVE-2021-26933: arm: The cache may not be cleaned for newly allocated
scrubbed pages
https://xenbits.xenproject.org/xsa/advisory-364.html
- CVE-2021-28687: HVM soft-reset crashes toolstack
https://xenbits.xenproject.org/xsa/advisory-368.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 19:32:18 +0000 (21:32 +0200)]
package/janus-gateway: bump to version 0.10.10
https://github.com/meetecho/janus-gateway/blob/v0.10.10/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 19:14:18 +0000 (21:14 +0200)]
package/python-iso8601: bump to version 0.1.14
https://github.com/micktwomey/pyiso8601/releases/tag/0.1.14
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Mon, 5 Apr 2021 18:52:30 +0000 (20:52 +0200)]
boot/grub2: ignore the last 3 remaining CVEs
An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:
* CVE-2020-14372 is already fixed by a patch we have in our patch
stack for grub2
* CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
not affect grub2 upstream, nor grub2 with the stack of patches we
have in Buildroot
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 18:32:44 +0000 (20:32 +0200)]
package/libfreeglut: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
48c11cfc19784cc9c3ba5c6ba3d91ddae192734e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 17:30:27 +0000 (19:30 +0200)]
package/python-py: security bump to version 1.10.0
Fix CVE-2020-29651: A denial of service via regular expression in the
py.path.svnwc component of py (aka python-py) through 1.9.0 could be
used by attackers to cause a compute-time denial of service attack by
supplying malicious input to the blame functionality.
Add py/_vendored_packages/iniconfig-1.1.1.dist-info/LICENSE (MIT) which
has been added with
https://github.com/pytest-dev/py/commit/
94cf44fd41d957eb50773d3e4fb54e931836779e
https://github.com/pytest-dev/py/blob/1.10.0/CHANGELOG.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 17:30:26 +0000 (19:30 +0200)]
package/python-py: add CPE variables
cpe:2.3:a:pytest:py is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apytest%3Apy
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 17:12:18 +0000 (19:12 +0200)]
package/python-aiohttp: add CPE variables
cpe:2.3:a:aiohttp_project:aiohttp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaiohttp_project%3Aaiohttp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 16:59:48 +0000 (18:59 +0200)]
package/python-pip: add CPE variables
cpe:2.3:a:pypa:pip is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apypa%3Apip
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 16:33:06 +0000 (18:33 +0200)]
package/python-pillow: add CPE variables
cpe:2.3:a:python:pillow is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Apillow
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 16:25:04 +0000 (18:25 +0200)]
package/python-ipython: add CPE variables
cpe:2.3:a:ipython:ipython is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aipython%3Aipython
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 16:45:36 +0000 (18:45 +0200)]
package/python-psutil: add CPE variables
cpe:2.3:a:psutil_project:psutil is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apsutil_project%3Apsutil
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 5 Apr 2021 15:29:54 +0000 (17:29 +0200)]
package/python3: security bump to version 3.9.4
Fixes the following security issues:
- bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module
which could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability reported by
David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value returned from the
server in response to the PASV command by default. This prevents a
malicious FTP server from using the response to probe IPv4 address and
port combinations on the client network.
Code that requires the former vulnerable behavior may set a
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to
True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and
gc.get_referents(). Patch by Pablo Galindo.
Note: 3.9.3 was recalled due to introducing unintentional ABI
incompatibility, and fixes re-released as 3.9.4:
https://www.python.org/downloads/release/python-394/
Add host-autoreconf-archive, as it is needed for autoreconf since:
https://github.com/python/cpython/commit/
064bc07f241dceec2fc577cbf5c31fa6d63fe320
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 14:45:21 +0000 (16:45 +0200)]
package/python-ecdsa: bump to version 0.16.1
Update indentation in hash file (two spaces)
https://github.com/tlsfuzzer/python-ecdsa/blob/python-ecdsa-0.16.1/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 14:47:08 +0000 (16:47 +0200)]
package/python-paramiko: bump to version 2.7.2
Update indentation in hash file (two spaces)
https://github.com/paramiko/paramiko/blob/2.7.2/sites/www/changelog.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix LICENSE hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:59:30 +0000 (15:59 +0200)]
package/boinc: bump to version 7.16.16
Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:52:33 +0000 (15:52 +0200)]
package/ncmpc: bump to version 0.45
https://github.com/MusicPlayerDaemon/ncmpc/blob/v0.45/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 14:03:10 +0000 (16:03 +0200)]
package/whois: bump to version 5.5.9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:40:30 +0000 (15:40 +0200)]
package/python-yatl: bump to version
20210326.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:36:12 +0000 (15:36 +0200)]
package/python-jedi: bump to version 0.18.0
python 2 support has been dropped since version 0.18.0 and
https://github.com/davidhalter/jedi/commit/
d67dfba7f5a65d5ee064d37e1fb894a25b39bdab
Add django-stubs license file (MIT)
https://github.com/davidhalter/jedi/blob/v0.18.0/CHANGELOG.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:36:11 +0000 (15:36 +0200)]
package/python-parso: bump to version 0.8.2
python 2 support has been dropped since versio 0.8.0 and
https://github.com/davidhalter/parso/commit/
b601ade90b5e5d89cf1e56a00997d6e32588e930
https://github.com/davidhalter/parso/blob/v0.8.2/CHANGELOG.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:14:24 +0000 (15:14 +0200)]
package/libgee: bump to version 0.20.4
https://gitlab.gnome.org/GNOME/libgee/-/blob/0.20.4/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Mon, 5 Apr 2021 13:08:06 +0000 (15:08 +0200)]
package/enchant: bump to version 2.2.15
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:04:58 +0000 (15:04 +0200)]
package/libmaxminddb: bump to version 1.5.2
https://github.com/maxmind/libmaxminddb/blob/1.5.2/Changes.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 09:53:16 +0000 (11:53 +0200)]
package/lcms2: bump to version 2.12
Update hash of COPYING (word wrap:
https://github.com/mm2/Little-CMS/commit/
48a1b9a1cae31b6ae001cd1963ab0170b9bebb34)
https://littlecms.com/blog/2021/02/06/lcms2-2.12
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 10:12:22 +0000 (12:12 +0200)]
package/scapy: add CPE variables
cpe:2.3:a:scapy:scapy is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ascapy%3Ascapy
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 13:53:21 +0000 (15:53 +0200)]
package/haproxy: bump to version 2.2.13
http://www.haproxy.org/download/2.2/src/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:33:28 +0000 (13:33 +0200)]
package/python-networkx: add CPE variables
cpe:2.3:a:python:networkx is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Anetworkx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:28:45 +0000 (13:28 +0200)]
package/python-tornado: add CPE variables
cpe:2.3:a:tornadoweb:tornado is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atornadoweb%3Atornado
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:24:07 +0000 (13:24 +0200)]
package/python-pyro: add CPE variables
cpe:2.3:a:pyro_project:pyro is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyro_project%3Apyro
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:14:59 +0000 (13:14 +0200)]
package/python-jinja2: add CPE variables
cpe:2.3:a:pocoo:jinja2 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apocoo%3Ajinja2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:07:15 +0000 (13:07 +0200)]
package/janus-gateway: add CPE variables
cpe:2.3:a:meetecho:janus is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ameetecho%3Ajanus
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 11:00:36 +0000 (13:00 +0200)]
package/python-docker: add CPE variables
cpe:2.3:a:docker:docker-py is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker-py
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 10:49:03 +0000 (12:49 +0200)]
package/python-decorator: add CPE variables
cpe:2.3:a:python:decorator is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Adecorator
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 10:37:45 +0000 (12:37 +0200)]
package/python-bsdiff4: add CPE variables
cpe:2.3:a:pypi:bsdiff4 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apypi%3Absdiff4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 5 Apr 2021 12:03:54 +0000 (14:03 +0200)]
docs/website: update for 2020.02.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 5 Apr 2021 10:36:40 +0000 (12:36 +0200)]
Update for 2020.02.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
1a6bd98fa87996f50f42a27857a9e9f029cc83e0)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 4 Apr 2021 19:19:44 +0000 (21:19 +0200)]
package/coreutils: fix build without threads
Build of coreutils without threads is broken since bump to version 8.32
in commit
b4a0f9fb0e45aded46eb7259e25a1113eabf93c0
Fixes:
- http://autobuild.buildroot.org/results/
8d00bdabef73daa2a1d1f4c6e183dda447a82134
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- do an actual backport of patch 0002
- add upstream status for patch 0003
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Mon, 5 Apr 2021 10:16:27 +0000 (12:16 +0200)]
docs/website: update for 2020.11.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 5 Apr 2021 09:13:57 +0000 (11:13 +0200)]
Update for 2020.11.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
f748088fa65b6862f943ed28e669db4b0f52c679)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 5 Apr 2021 09:44:02 +0000 (11:44 +0200)]
package/expat: bump to version 2.3.0
https://github.com/libexpat/libexpat/blob/R_2_3_0/expat/Changes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 5 Apr 2021 09:38:49 +0000 (11:38 +0200)]
package/python-web2py: add CPE variables
cpe:2.3:a:web2py:web2py is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aweb2py%3Aweb2py
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 5 Apr 2021 09:31:50 +0000 (11:31 +0200)]
package/python-sqlalchemy: add CPE variables
cpe:2.3:a:sqlalchemy:sqlalchemy is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asqlalchemy%3Asqlalchemy
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 5 Apr 2021 09:31:11 +0000 (11:31 +0200)]
package/python-validators: add CPE variables
cpe:2.3:a:validators_project:validators is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avalidators_project%3Avalidators
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 5 Apr 2021 09:30:25 +0000 (11:30 +0200)]
package/python-m2crypto: add CPE variables
cpe:2.3:a:m2crypto_project:m2crypto is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Am2crypto_project%3Am2crypto
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sun, 4 Apr 2021 18:59:07 +0000 (20:59 +0200)]
package/python-pygments: security bump to version 2.7.4
Fixes the following security issues:
- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
2.7.3 may lead to denial of service when performing syntax highlighting of
a Standard ML (SML) source file, as demonstrated by input that only
contains the "exception" keyword
- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming languages rely heavily on regular expressions. Some of the
regular expressions have exponential or cubic worst-case complexity and
are vulnerable to ReDoS. By crafting malicious input, an attacker can
cause a denial of service
Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:
Version 2.6
-----------
(released March 8, 2020)
- Running Pygments on Python 2.x is no longer supported.
(The Python 2 lexer still exists.)
Adjust the license hash for a change of copyright years:
https://github.com/pygments/pygments/commit/
a590ac5ea7c00a41e253834306bfa19e38349c0b
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 4 Apr 2021 16:35:32 +0000 (18:35 +0200)]
package/libvips: bump to version 8.10.6
Update indentation in hash file (two spaces)
https://github.com/libvips/libvips/blob/v8.10.6/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 4 Apr 2021 17:48:58 +0000 (19:48 +0200)]
package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.58
Release notes:
http://www.bluez.org/release-of-bluez-5-58-and-5-57/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 4 Apr 2021 17:48:57 +0000 (19:48 +0200)]
package/ell: bump version to 0.39
Changelog:
https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog
Needed for bluez5_utils bump to 5.58:
http://www.bluez.org/release-of-bluez-5-58-and-5-57/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>