Thomas De Schampheleire [Thu, 11 Feb 2021 10:40:01 +0000 (11:40 +0100)]
package/protobuf: remove target version of 'protoc'
The tool 'protoc' and its associated library libprotoc.so are only
needed during development, to convert a protocol buffer definition in the
associated code for a specific code language.
Buildroot does not officially support creating a development environment on
target, so remove these files to reduce disk usage by more than 1.5 MB
(stripped, uncompressed).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 11 Feb 2021 13:23:11 +0000 (14:23 +0100)]
configs/avenger96_defconfig: linux build needs host-openssl
Fixes the gitlab build:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
1019385566/
HOSTCC scripts/extract-cert
scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Thu, 11 Feb 2021 19:43:56 +0000 (20:43 +0100)]
package/kodi-inputstream-adaptive: update project URL
Reference: https://github.com/xbmc/repo-binary-addons/pull/143
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Heiko Thiery [Sat, 6 Feb 2021 10:57:35 +0000 (11:57 +0100)]
package/netopeer2: cleanup shm files after installation
On install step the host tool syrepoctl is used to install some YANG
modules. Unfortunatly syrepoctl creates some files in /dev/shm folder and
does not cleanup afterwards. This files can be incompatible depending on
the used sysrepo version. This causes autobuilder failures when updating
the package [1].
To make sure we can remove this leftovers of sysrepoctl we specify a
build specific SYSREPO_SHM_PREFIX. With this the files can deleted safely
after installation is completed. This also ensures that concurrent
parallel builds will not affected mutualy.
The prfix must be unique between concurrent builds, so we use the build
directory ($(CONFIG_DIR)) to discriminate builds. It must also be unique
between top-level parallel package builds, so we also use the name of
the current package to discriminate.
Fixes:
[1] http://autobuild.buildroot.net/results/
6e559c4f98b7ed93d7b5af638264e907492a6532/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Co-Developed-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- also use the package name as discriminant
- expand commit log accordingly
- rename the variable to start with the package name
- explain why we clean up before as well
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Heiko Thiery [Sat, 6 Feb 2021 10:57:37 +0000 (11:57 +0100)]
package/netopeer2: add dependency to host-sysrepo
The sysrepoctl executable from the host-sysrepo package is used to
install YANG modules during installation. So add the dependency here.
Also make sure we use this executable by setting the make environment
variable SYSREPOCTL_EXECUTABLE. Otherwise a system wide installed
sysrepoctl would be used that is not what we want.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Christian Stewart [Wed, 10 Feb 2021 23:52:03 +0000 (15:52 -0800)]
package/docker-cli: bump to version 20.10.3
Client fixes:
- Check contexts before importing them to reduce risk of extracted files escaping context store
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Wed, 10 Feb 2021 23:52:02 +0000 (15:52 -0800)]
package/docker-engine: security bump to version 20.10.3
Security fixes:
- CVE-2021-21285 Prevent an invalid image from crashing docker daemon
- CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
- Ensure AppArmor and SELinux profiles are applied when building with BuildKit
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Wed, 10 Feb 2021 23:25:46 +0000 (15:25 -0800)]
package/go: bump to version 1.15.8
go1.15.8 (released 2021/02/04) includes fixes to the compiler, linker, runtime,
the go command, and the net/http package.
https://golang.org/doc/go1.15
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 10 Feb 2021 08:01:35 +0000 (09:01 +0100)]
utils/getdeveloperlib.py: reduce Cc: list based on package infras
When a developer has package/pkg-<infra>.mk assigned to him/her in the
DEVELOPERS file, this has 3 implications:
(1) Patches adding new packages using this infrastructure are Cc'ed
to this developer. This is done by the analyze_patch() function,
which matches the regexp r"^\+\$\(eval
\$\((host-)?([^-]*)-package\)\)$" in the patch, i.e where an
added line contains a reference to the infra maintained by the
developer.
(2) Patches touching the package/pkg-<infra>.mk file itself are Cc'ed
to this developer.
(3) Any patch touching a package using this infra are also Cc'ed to
this developer.
Point (3) causes a significant amount of patches to be sent to
developers who have package/pkg-generic.mk and
package/pkg-autotools.mk assigned to them in the DEVELOPERS
file. Basically, all patches touching generic or autotools packages
get CC'ed to such developers, which causes a massive amount of patches
to be received.
So this patch adjusts the getdeveloperlib.py to drop point (3), but
preserves point (1) and (2). Indeed, it makes sense to be Cc'ed on new
package additions (to make a review that they use the package
infrastructure correctly), and it makes sense to be Cc'ed on patches
that touch the infrastructure code itself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Tue, 9 Feb 2021 20:39:12 +0000 (21:39 +0100)]
package/ngircd: add NGIRCD_CPE_ID_VENDOR
cpe:2.3:a:barton:ngircd is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abarton%3Angircd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:58:21 +0000 (14:58 +0100)]
package/shadowsocks-libev: add SHADOWSOCKS_LIBEV_CPE_ID_VENDOR
cpe:2.3:a:shadowsocks:shadowsocks-libev is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ashadowsocks%3Ashadowsocks-libev
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:42:36 +0000 (21:42 +0100)]
package/tinydtls: add TINYDTLS_CPE_ID_VENDOR
cpe:2.3:a:eclipse:tinydtls is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aeclipse%3Atinydtls
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:45:53 +0000 (21:45 +0100)]
package/upx: set UPX_CPE_ID_VALID
cpe:2.3:a:upx_project:upx is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aupx_project%3Aupx
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:58:45 +0000 (21:58 +0100)]
package/matio: set MATIO_CPE_ID_VALID
cpe:2.3:a:matio_project:matio is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amatio_project%3Amatio
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:28:45 +0000 (21:28 +0100)]
package/libvncserver: set LIBVNCSERVER_CPE_ID_VALID
cpe:2.3:a:libvncserver_project:libvncserver is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibvncserver_project%3Alibvncserver
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:51:27 +0000 (21:51 +0100)]
package/glib-networking: add GLIB_NETWORKING_CPE_ID_VENDOR
cpe:2.3:a:gnome:glib-networking is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Aglib-networking
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:48:27 +0000 (21:48 +0100)]
package/nghttp2: add NGHTTP2_CPE_ID_VENDOR
cpe:2.3:a:nghttp2:nghttp2 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anghttp2%3Anghttp2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 9 Feb 2021 21:55:10 +0000 (22:55 +0100)]
Update for 2021.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:39:13 +0000 (21:39 +0100)]
package/ngircd: bump to version 26.1
https://github.com/ngircd/ngircd/releases/tag/rel-26.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gwenhael Goavec-Merou [Mon, 8 Feb 2021 15:19:15 +0000 (16:19 +0100)]
package/gnuradio: add gr-uhd option
GNURadio has a block to use USRP, through UHD, to receive or transmit RF
signals.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gwenhael Goavec-Merou [Mon, 8 Feb 2021 15:19:14 +0000 (16:19 +0100)]
package/uhd: add missing support
Complete uhd package with the rest of USRP, octoclock and python support.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:07:57 +0000 (21:07 +0100)]
package/libostree: libfuse is optional, not mandatory
libfuse is optional since its addition in version 2016.2 with
https://github.com/ostreedev/ostree/commit/
e9ccdd2d007801ef25cc7283188942d791889c27
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:09:24 +0000 (21:09 +0100)]
package/attr: set ATTR_CPE_ID_VALID
cpe:2.3:a:attr_project:attr is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aattr_project%3Aattr
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 9 Feb 2021 20:27:19 +0000 (21:27 +0100)]
package/freerdp: add FREERDP_CPE_ID_VENDOR
cpe:2.3:a:freerdp:freerdp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreerdp%3Afreerdp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Tue, 9 Feb 2021 10:05:46 +0000 (11:05 +0100)]
package/waf: bump to v2.0.22
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Tue, 9 Feb 2021 16:36:40 +0000 (17:36 +0100)]
package/intel-microcode: security bump to version
20201118
Fixes the following security issues:
- CVE-2020-8694: Insufficient access control in the Linux kernel driver for
some Intel(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
- CVE-2020-8695: Observable discrepancy in the RAPL interface for some
Intel(R) Processors may allow a privileged user to potentially enable
information disclosure via local access.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
- CVE-2020-8698: Improper removal of sensitive information before storage or
transfer in some Intel(R) Processors may allow an authenticated user to
potentially enable information disclosure via local access.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Heiko Thiery [Tue, 9 Feb 2021 07:45:24 +0000 (08:45 +0100)]
package/connman: bump version to 1.39
Drop patches that are upstream now and fix hash file indentation.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:10:38 +0000 (21:10 +0100)]
package/bison: add BISON_CPE_ID_VENDOR
cpe:2.3:a:gnu:bison is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abison
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:05:19 +0000 (21:05 +0100)]
package/c-icap: set C_ICAP_CPE_ID_VALID
cpe:2.3:a:c-icap_project:c-icap is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ac-icap_project%3Ac-icap
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pieter Ronsijn [Thu, 4 Feb 2021 21:57:22 +0000 (22:57 +0100)]
package/exfat(-utils): change license to GPL-2.0+
The license is specified in https://github.com/relan/exfat/blob/master/COPYING and indicates GPL-2.0+
The license changed from from GPL-3.0+ to GPL-2.0+ in 2013 but was never updated in buildroot.
https://github.com/relan/exfat/commit/
48573fff5d070863e3279769e8a95d5c15a5c77d
Signed-off-by: Pieter Ronsijn <pieterronsijn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 8 Feb 2021 18:53:21 +0000 (19:53 +0100)]
package/fetchmail: bump version to 6.4.16
Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/
37215482/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:05:18 +0000 (21:05 +0100)]
package/c-icap: bump to version 0.5.7
https://sourceforge.net/p/c-icap/news/2020/10/the-c-icap-057-is-released
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:08:25 +0000 (21:08 +0100)]
package/bluez5_utils: add CPE variables
cpe:2.3:a:bluez:bluez is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abluez%3Abluez
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix s/BLUEZ5_CPE/BLUEZ5_UTILS_CPE/ typo]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 20:06:58 +0000 (21:06 +0100)]
package/berkeleydb: add CPE variables
cpe:2.3:a:oracle:berkeley_db is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoracle%3Aberkeley_db
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 8 Feb 2021 13:24:11 +0000 (14:24 +0100)]
package/python: clarify that this refers to the deprecated 2.7 series
Python 2.7 is EOL, so people should use the python3 package instead if
possible. Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 8 Feb 2021 09:39:21 +0000 (10:39 +0100)]
package/connman: add upstream security fixes for CVE-2021-2667{5, 6}
Fixes the following security issues:
- CVE-2021-26675: Remote (adjacent network) code execution flaw
- CVE-2021-26676: Remote stack information leak
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/02/08/2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 8 Feb 2021 21:05:36 +0000 (22:05 +0100)]
CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 20:39:34 +0000 (21:39 +0100)]
package/at-spi2-atk: add AT_SPI2_ATK_CPE_ID_VENDOR
cpe:2.3:a:gnome:at-spi2-atk is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Aat-spi2-atk
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 7 Feb 2021 21:52:27 +0000 (22:52 +0100)]
configs/avenger96_defconfig: add support for Arrow Avenger96 board
Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Mon, 8 Feb 2021 09:04:34 +0000 (11:04 +0200)]
package/memtester: fix compile and link flags
The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.
Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 8 Feb 2021 07:46:35 +0000 (08:46 +0100)]
package/x11r7/xlib_libXrandr: add CPE variables
cpe:2.3:a:x.org:libxrandr is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrandr
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Heiko Thiery [Mon, 8 Feb 2021 10:10:35 +0000 (11:10 +0100)]
package/connman: set CONNMAN_CPE_ID_VENDOR
cpe:2.3:a:intel:connman is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/702658?namingFormat=2.3&orderBy=CPEURI&keyword=connman&status=FINAL
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Heiko Thiery [Mon, 8 Feb 2021 08:04:50 +0000 (09:04 +0100)]
configs/kontron_smarc_sal28_defconfig: use Python 3.x for U-Boot build
New U-Boot versions need Python 3.x for pylibfdt.
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/
1006924823
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 12:57:37 +0000 (13:57 +0100)]
package/brotli: add BROTLI_CPE_ID_VENDOR
cpe:2.3:a:google:brotli is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Abrotli
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 20:27:18 +0000 (21:27 +0100)]
package/audiofile: drop package
The audiofile package is affected by multiple CVEs and is not maintained
anymore (no release since 2013):
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 20:35:15 +0000 (21:35 +0100)]
package/avahi: add AVAHI_CPE_ID_VENDOR
cpe:2.3:a:avahi:avahi is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aavahi%3Aavahi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 20:31:18 +0000 (21:31 +0100)]
package/augeas: add AUGEAS_CPE_ID_VENDOR
cpe:2.3:a:augeas:augeas is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaugeas%3Aaugeas
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:34:37 +0000 (14:34 +0100)]
package/x11r7/xlib_libXi: add CPE variables
cpe:2.3:a:x.org:libxi is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:52:26 +0000 (14:52 +0100)]
package/x11r7/xlib_libXvMC: add CPE variables
cpe:2.3:a:x.org:libxvmc is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxvmc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 13:16:16 +0000 (14:16 +0100)]
package/libsigsegv: bump version to 2.13
Removed patches applied upstream:
0001-Improve-support-for-Linux-RISC-V.patch
https://github.com/roswell/libsigsegv/commit/
671b2528b55c57eda1a8fe5872ff1ef61014235f
0002-m4-stack-direction-RISC-V-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/
fd0e3d99d109b46d73ef37f38a23076f5acd1053
0003-Improve-support-for-Linux-nds32.patch
0004-m4-stack-direction-NDS32-stack-grows-downward.patch
https://github.com/roswell/libsigsegv/commit/
51a03192a3e024931309bdf11a9c055985de0ddf
Reformatted hashes.
Release notes: https://github.com/roswell/libsigsegv/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:03:28 +0000 (14:03 +0100)]
package/gnupg: add CPE variables
cpe:2.3:a:gnupg:gnupg is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agnupg
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 13:06:01 +0000 (14:06 +0100)]
package/libshout: bump version to 2.4.5
Added sha512 hash provided by upstream, reformatted hashes.
Changelog:
https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:58:18 +0000 (13:58 +0100)]
package/libgsm: bump version to 1.0.19
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:52:45 +0000 (13:52 +0100)]
package/msmtp: bump version to 1.8.14
Release notes:
https://github.com/marlam/msmtp-mirror/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:52:44 +0000 (13:52 +0100)]
package/libgsasl: bump version to 1.10.0
Added hashes provided by upstream, updated license hash due to various
upstream commits:
https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=history;f=README
Release notes:
https://lists.gnu.org/archive/html/help-gsasl/2021-01/msg00007.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:43:04 +0000 (13:43 +0100)]
package/libgphoto2: bump version to 2.5.26
Removed md5 hash, reformatted remaining hashes.
Added optional support for libcurl available since version 2.5.24.
Release notes: https://github.com/gphoto/libgphoto2/blob/master/NEWS
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 12:39:19 +0000 (13:39 +0100)]
package/libraw: add LIBRAW_CPE_ID_VENDOR
cpe:2.3:a:libraw:libraw is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibraw%3Alibraw
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 12:31:54 +0000 (13:31 +0100)]
package/memcached: add MEMCACHED_CPE_ID_VENDOR
cpe:2.3:a:memcached:memcached is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amemcached%3Amemcached
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:29:12 +0000 (13:29 +0100)]
package/libgpg-error: bump version to 1.41
Release notes:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 12:26:55 +0000 (13:26 +0100)]
package/libass: set LIBASS_CPE_ID_VALID
cpe:2.3:a:libass_project:libass is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibass_project%3Alibass
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:17:53 +0000 (13:17 +0100)]
package/liberation: bump version to 2.1.2
Changelog:
https://github.com/liberationfonts/liberation-fonts/blob/master/ChangeLog
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:14:08 +0000 (13:14 +0100)]
package/libedit: bump version to
20191231-3.1
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:02:31 +0000 (13:02 +0100)]
package/ccid: bump version to 1.4.34
Release notes:
http://lists.infradead.org/pipermail/pcsclite-muscle/2021-January/001170.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 11:56:37 +0000 (12:56 +0100)]
package/pigz: bump version to 2.6
Updated license hash due to various commits bumping the version number:
https://github.com/madler/pigz/commits/master/README
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:09:31 +0000 (13:09 +0100)]
package/libdvbsi: bump version to 0.3.9
Switched _SITE to github, removed md5 hash, reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:13:02 +0000 (14:13 +0100)]
package/x11r7/xlib_libX11: add CPE variables
cpe:2.3:a:x.org:libx11 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibx11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:45:10 +0000 (14:45 +0100)]
package/x11r7/xlib_libXrender: add CPE variables
cpe:2.3:a:x.org:libxrender is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrender
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:47:50 +0000 (14:47 +0100)]
package/x11r7/xlib_libXv: add CPE variables
cpe:2.3:a:x.org:libxv is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxv
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 12:35:51 +0000 (13:35 +0100)]
package/cryptsetup: set CRYPTSETUP_CPE_ID_VALID
cpe:2.3:a:cryptsetup_project:cryptsetup is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptsetup_project%3Acryptsetup
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 7 Feb 2021 12:21:06 +0000 (13:21 +0100)]
package/libfastjson: bump version to 0.99.9
Changelog: https://github.com/rsyslog/libfastjson/blob/master/ChangeLog
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 13:07:46 +0000 (14:07 +0100)]
package/mosquitto: add MOSQUITTO_CPE_ID_VENDOR
cpe:2.3:a:eclipse:mosquitto is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aeclipse%3Amosquitto
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gilles Talis [Sun, 7 Feb 2021 10:48:36 +0000 (11:48 +0100)]
package/webp: bump to version 1.2.0
Also fixed indentation in hash file
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 10:30:56 +0000 (11:30 +0100)]
package/sox: fix static build with id3tag
This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e
Fixes:
- http://autobuild.buildroot.org/results/
73efdacf237e3d567fa66f3b3f68e624f5e35bc7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 7 Feb 2021 09:19:29 +0000 (10:19 +0100)]
package/tpm2-pkcs11: add p11-kit optional dependency
Fixes:
- http://autobuild.buildroot.org/results/
fee607da7226a92cceab2bbfd4c5d031016dfa3d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad [Sat, 6 Feb 2021 11:36:40 +0000 (12:36 +0100)]
package/lua-http: bump to version 0.4
diff LICENSE.md
- Copyright (c) 2015-2019 Daurnimator
+ Copyright (c) 2015-2021 Daurnimator
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 19:03:59 +0000 (20:03 +0100)]
package/libblockdev: bump version to 2.25
Release notes:
https://github.com/storaged-project/libblockdev/blob/2.x-branch/NEWS.rst
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 19:03:58 +0000 (20:03 +0100)]
package/libbytesize: bump version to 2.5
Release notes:
https://github.com/storaged-project/libbytesize/releases/tag/2.4
https://github.com/storaged-project/libbytesize/releases/tag/2.5
Removed patch which was applied upstream:
https://github.com/storaged-project/libbytesize/commit/
f2b6600f5483fc68c46d596d578be10546f5ac43
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 18:43:45 +0000 (19:43 +0100)]
package/libabseil-cpp: bump version to
20200923.3
Release notes:
https://github.com/abseil/abseil-cpp/releases/tag/
20200923.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:14:15 +0000 (17:14 +0100)]
package/openrc: set OPENRC_CPE_ID_VALID
cpe:2.3:a:openrc_project:openrc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenrc_project%3Aopenrc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:54:53 +0000 (17:54 +0100)]
package/jsoncpp: set JSONCPP_CPE_ID_VALID
cpe:2.3:a:jsoncpp_project:jsoncpp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajsoncpp_project%3Ajsoncpp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 15:50:11 +0000 (16:50 +0100)]
package/unbound: add UNBOUND_CPE_ID_VENDOR
cpe:2.3:a:nlnetlabs:unbound is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aunbound
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:04:30 +0000 (17:04 +0100)]
package/mariadb: set MARIADB_CPE_ID_VENDOR
cpe:2.3:a:mariadb:mariadb is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amariadb%3Amariadb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 15:59:52 +0000 (16:59 +0100)]
package/gnuplot: set GNUPLOT_CPE_ID_VALID
cpe:2.3:a:gnuplot_project:gnuplot is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnuplot_project%3Agnuplot
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 6 Feb 2021 08:51:02 +0000 (09:51 +0100)]
package/pkg-utils: escape \ in generated legal-info
In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).
For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).
However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:
File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Invalid \escape: line 1 column 608554 (char 608553)
We fix that be globally escaping \ in our json output, in the generic
sanitising macro.
[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 15:43:48 +0000 (16:43 +0100)]
package/cryptopp: add CPE variables
cpe:2.3:a:cryptopp:crypto\+\+ is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Acryptopp%3Acrypto%5C%2B%5C%2B
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:11:22 +0000 (17:11 +0100)]
package/slirp: add CPE variables
cpe:2.3:a:libslirp_project:libslirp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibslirp_project%3Alibslirp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jianhui Zhao [Sat, 6 Feb 2021 14:33:59 +0000 (22:33 +0800)]
package/rtty: bump version to 7.3.2
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:29:37 +0000 (17:29 +0100)]
package/redis: add REDIS_CPE_ID_VENDOR
cpe:2.3:a:redislabs:redis is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredislabs%3Aredis
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 6 Feb 2021 16:31:39 +0000 (17:31 +0100)]
package/mosquitto: bump version to 2.0.7
Includes a number of bugfixes. For details, see the announcement:
https://mosquitto.org/blog/2021/02/version-2-0-7-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 09:59:39 +0000 (10:59 +0100)]
package/python-flask-cors: bump to version 3.0.10
https://github.com/corydolphin/flask-cors/releases/tag/3.0.10
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:20:05 +0000 (17:20 +0100)]
package/libkrb5: add CPE variables
cpe:2.3:a:mit:kerberos_5 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amit%3Akerberos_5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 6 Feb 2021 20:11:19 +0000 (21:11 +0100)]
package/binutils: bump 2.36.x series to 2.36.1
Release notes:
We are very sorry to have to report that a problem was found with the
GNU Binutils 2.36 release. It turns out that it contained a small
portion of code that was not covered by an FSF copyright assignment.
So we have created a replacement release - 2.36.1 - with that code
removed.
In addition we found that a fix for a theoretical security
vulnerability[1] was itself broken and could result in the archiver
program "ar" misbehaving. So we have chosen to revert the fix from
the 2.36.1 release whilst the problem is properly resolved.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:58:07 +0000 (17:58 +0100)]
package/oniguruma: set ONIGURUMA_CPE_ID_VALID
cpe:2.3:a:oniguruma_project:oniguruma is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoniguruma_project%3Aoniguruma
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Feb 2021 16:51:15 +0000 (17:51 +0100)]
package/freetype: add FREETYPE_CPE_ID_VENDOR
cpe:2.3:a:freetype:freetype is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreetype%3Afreetype
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 19:19:50 +0000 (20:19 +0100)]
package/libcoap: bump version
Reformatted hashes, updated license hash due to copyright year bump:
https://github.com/obgm/libcoap/commit/
12fd8a25f708aa45a20f61e363f127b934633668
Release notes:
https://sourceforge.net/p/libcoap/mailman/message/
36801445/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 18:54:09 +0000 (19:54 +0100)]
package/{apparmor, libapparmor}: bump version to 3.0.1
Release notes:
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1
Removed patches which were applied upstream, updated _SITE.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 19:15:25 +0000 (20:15 +0100)]
package/libcli: bump version to 1.10.4
Removed whitespace and updated project URL in Config.in.
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 19:07:21 +0000 (20:07 +0100)]
package/libcap: bump version to 2.48
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bartosz Bilas [Sat, 6 Feb 2021 18:53:24 +0000 (19:53 +0100)]
package/rauc: package/rauc: bump version to 1.5.1
Removed patch applied upstream.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 6 Feb 2021 11:53:19 +0000 (12:53 +0100)]
{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Stick to 4.4.255 / 4.4.255 even though .256 is ready, as the wraparound of
the minor version may cause problems:
https://lkml.org/lkml/2021/2/5/747
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.256
https://lkml.org/lkml/2021/2/5/862
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.256
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: stick to 4.{4,9}.255]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>