Peter Korsgaard [Sat, 6 Mar 2021 21:16:45 +0000 (22:16 +0100)]
Update for 2021.02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Mar 2021 15:56:07 +0000 (16:56 +0100)]
package/quagga: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
fd5ee2b52a3cfaec268fafd3ffe4c30e51465c7e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Mar 2021 16:14:50 +0000 (17:14 +0100)]
package/wolfssl: security bump to version 4.7.0
Fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL before
4.7.0 does not cease processing for certain anomalous peer behavior
(sending an
ED22519, ED448, ECC, or RSA signature without the
corresponding certificate). The client side is affected because
man-in-the-middle attackers can impersonate TLS 1.3 servers.
https://github.com/wolfSSL/wolfssl/releases/tag/v4.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 6 Mar 2021 17:46:48 +0000 (18:46 +0100)]
package/libjpeg: fix LIBJPEG_SITE
Commit
b83184de674a (package/libjpeg: switch to s.b.o. as source site)
improperly added a trailing slash '/' at the end of LIBJPEG_SITE,
causing builds to fail:
package/libjpeg/libjpeg.mk:35: *** LIBJPEG_SITE (http://sources.buildroot.org/libjpeg/) cannot have a trailing slash. Stop.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Fri, 5 Mar 2021 22:27:44 +0000 (23:27 +0100)]
package: drop _CPE_ID_VALID, use _CPE_ID_VENDOR
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 5 Mar 2021 22:27:43 +0000 (23:27 +0100)]
package/sudo: cleanup the CPE_ID variables
The CPE variables are derived from the package upstream values, so they
must be set from the package values, not the other way around.
Also drop CPE_ID_VALID as it is implied as soon as at least one CPE
variable is set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 5 Mar 2021 22:27:42 +0000 (23:27 +0100)]
docs/manual: do not expose CPE_ID_VALID as package-settable
FOO_CPE_ID_VALID is an internal implementation detail. Packages should
really define an actual CPE_ID variable to trigger their full CPE_ID
definition.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: completely drop any mention of _CPE_ID_VALID in the manual]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Fri, 5 Mar 2021 15:15:29 +0000 (16:15 +0100)]
package/belle-sip: fix build failure due to gcc bug 99410
The belle-sip package exhibits gcc bug 99410 when built for the Nios2
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_99410=y.
Fixes:
http://autobuild.buildroot.net/results/
71f26fd81db8e9b19b3f18f3f3cefd9c768f094f/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Fri, 5 Mar 2021 15:15:28 +0000 (16:15 +0100)]
toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_99410
belle-sip package fails to build for the Nios2 architecture with
optimization enabled with gcc < 8.x:
http://autobuild.buildroot.net/results/
71f26fd81db8e9b19b3f18f3f3cefd9c768f094f/
It's been reported upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99410
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Fri, 5 Mar 2021 09:11:02 +0000 (10:11 +0100)]
package/asterisk: fix build failure due to gcc bug 93847
The asterisk package exhibits gcc bug 93847 when built for the Nios2
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_93847=y.
Fixes:
http://autobuild.buildroot.net/results/
24c0a6ca3b272711a1e6ceaa033925182d0d49c4
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Fri, 5 Mar 2021 09:11:01 +0000 (10:11 +0100)]
package/asterisk: remove default -O3 optimization flag
Actually asterisk package gets built with -O3 cflag since it's defaulted
into its sources, but it's not what we want, so let's empty its OPTIMIZE
Makefile variable letting Buildroot CFLAGS to take place instead.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Fri, 5 Mar 2021 13:48:38 +0000 (14:48 +0100)]
package/openblas: respect the optimization level specified by Buildroot
openblas internally sets -O2, after the flags being passed by Buildroot
(e.g. -Os).
Patch openblas to let the Buildroot-specified flag survive.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Fri, 5 Mar 2021 13:48:37 +0000 (14:48 +0100)]
package/openblas: strip any optimization flag where needed
openblas strips off -O1-O3 for certain source files, but forgets to handle
-Os, -Og and -O. This means that the intended effect of 'no optimization' is
not always reached.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Fri, 5 Mar 2021 13:48:36 +0000 (14:48 +0100)]
package/openblas: fix build failure due to forced FFLAGS
Buildroot specifies a value for FFLAGS on the make command-line.
While the openblas makefiles allowed this principle for the most part by
using 'override FFLAGS += ....', the make.inc file generated for the shipped
'lapack' sources just used a 'FFLAGS = ...' statement, whose value is then
eclipsed by the command-line FFLAGS.
This meant that -fPIC may be passed to the link step but not to all relevant
source files, causing relocation failures.
Fixes: http://autobuild.buildroot.net/results/d530db0f37e1e0462e3af1e1787e15f94ff21884/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Mar 2021 14:35:12 +0000 (15:35 +0100)]
package/libeXosip2: fix build with libressl
Build with libressl is broken since version 5.1.0 and
https://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=
d7488b7bbf59870192372384ef338a44be23e888
For an unknown reason, we only have one autobuilder failure with version
5.2.0
Fixes:
- http://autobuild.buildroot.org/results/
89d8d4ba99d6dcc1618cf6b5302c124a92d75be9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sat, 6 Mar 2021 11:23:07 +0000 (12:23 +0100)]
package/rust-bin: add i586 download hash
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13576
ERROR: No hash found for rust-std-1.48.0-i586-unknown-linux-gnu.tar.xz
Reported-by: ingineru_de_sistem@yahoo.com
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Giulio Benetti [Fri, 5 Mar 2021 16:00:05 +0000 (17:00 +0100)]
package/libgeos: disable package while building for Nios II
This package fails to build with Nios II up to gcc version 10.x and no
work around has been found. So let's disable it whil building for Nios
II.
Fixes:
http://autobuild.buildroot.net/results/
a05fdf1958f93a206c5c66c7f636b6650683626d
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Mar 2021 09:53:11 +0000 (10:53 +0100)]
package/expat: update CPE variables
libexpat:expat has been replaced by libexpat_project:libexpat:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibexpat_project%3Alibexpat
<cpe-item name="cpe:/a:libexpat:expat:2.2.10" deprecated="true" deprecation_date="2021-01-25T15:44:50.537Z">
<title xml:lang="en-US">libexpat Expat 2.2.10</title>
<reference href="https://github.com/libexpat/libexpat/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libexpat:expat:2.2.10:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libexpat_project:libexpat:2.2.10:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 6 Mar 2021 09:41:36 +0000 (10:41 +0100)]
package/libmodsecurity: add CPE variables
cpe:2.3:a:trustwave:modsecurity is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atrustwave%3Amodsecurity
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon [Sat, 6 Mar 2021 08:54:32 +0000 (10:54 +0200)]
package/python{3}-pyyaml: switch to setuptools
Since version 5.4.0 pyyaml uses setuptools (see
https://github.com/yaml/pyyaml/blob/master/CHANGES)
Fixes:
- http://autobuild.buildroot.net/results/
bc36ae51a1e4d70c5fd2a3eb4b458aba4220f2dc
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 6 Mar 2021 09:04:46 +0000 (10:04 +0100)]
package/libjpeg: switch to s.b.o. as source site
Fixes #13581
The tarball for version 9d, released 2020-01-12, has been silently
replaced upstream (a unicode BOM was removed from a few files),
causing hash mismatch.
This means that all our versions since 2020.02 will fail the hash
check, and fallback to using s.b.o. so we can't update the copy we
have on s.b.o.
As a consequence, we can't update the hash in master (soon 2021.02)
otherwise it would not match what we have on s.b.o.
This means that users will see hash mismatch by default, which is not
very nice. Although we can't do anything for all previous releases,
we can still try to paper over the problem for the future ones, like
2021.02, by switching the upstream to be s.b.o.
Sigh... :-(
Reported-by: Nick Shaforostov <mshaforostov@airmusictech.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Vetter [Fri, 5 Mar 2021 15:49:13 +0000 (16:49 +0100)]
package/jasper: bump version to 2.0.26
Changes:
* Fix JP2 decoder bug that can cause a null pointer dereference for
some invalid CDEF boxes. (#268)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 4 Mar 2021 20:04:30 +0000 (21:04 +0100)]
package/kismet: fix uclibc build
Fixes:
- http://autobuild.buildroot.org/results/
1c2885d75219aabadbb66ab66fe0dc4b4346ff1e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 11:30:05 +0000 (12:30 +0100)]
package/dhcpcd: fix build on m68k
Fixes:
- http://autobuild.buildroot.org/results/
56301b566e210f06ac581e04ad1ec2ca3f9b7103
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 15:00:54 +0000 (16:00 +0100)]
package/libshout: disable tools
This will fix static build of libshout in version 2.4.5 with openssl
(tools were added by
https://gitlab.xiph.org/xiph/icecast-libshout/-/commit/
34a535bdbb7d8bb4545d2bd71ba29a212e83041e)
Fixes:
- http://autobuild.buildroot.net/results/a6b/
a6b7df5d4b4bccbfe54f3173365e88d849ed0e30/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 15:32:53 +0000 (16:32 +0100)]
package/sdl2: update SDL2_CPE_ID_PRODUCT
libsdl:sdl has been replaced by libsdl:simple_directmedia_layer:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asimple_directmedia_layer
<cpe-item name="cpe:/a:libsdl:sdl:2.0.12" deprecated="true" deprecation_date="2021-02-08T18:56:07.243Z">
<reference href="https://www.libsdl.org/release/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl:2.0.12:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.12:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 15:32:03 +0000 (16:32 +0100)]
package/sdl: add CPE variables
cpe:2.3:a:libsdl:simple_directmedia_layer is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 15:19:09 +0000 (16:19 +0100)]
package/sdl_image: add SDL_IMAGE_CPE_ID_VENDOR
cpe:2.3:a:libsdl:sdl_image is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl_image
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 15:14:54 +0000 (16:14 +0100)]
package/sdl2_image: add SDL2_IMAGE_CPE_ID_PRODUCT
cpe:2.3:a:libsdl:sdl_image is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl2_image
Indeed, cpe:2.3:a:libsdl:sdl2_image contains a single CPE entry for
version 2.0.4, all the other entries have been deprecated in favor of
cpe:2.3:a:libsdl:sdl_image:
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.3" deprecated="true" deprecation_date="2020-07-28T15:42:37.767Z">
<reference href="https://www.libsdl.org/projects/SDL_image/">Product</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.3:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.3:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.4">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.5" deprecated="true" deprecation_date="2020-07-28T15:42:40.500Z">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.5:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.5:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>:
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 11:14:24 +0000 (12:14 +0100)]
package/python-werkzeug: add CPE variables
cpe:2.3:a:palletsprojects:werkzeug is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apalletsprojects%3Awerkzeug
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 11:13:41 +0000 (12:13 +0100)]
package/python-twisted: add CPE variables
cpe:2.3:a:twistedmatrix:twisted is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atwistedmatrix%3Atwisted
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:53:04 +0000 (10:53 +0100)]
package/lzo: set LZO_CPE_ID_VALID
cpe:2.3:a:lzo_project:lzo is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alzo_project%3Alzo
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:52:34 +0000 (10:52 +0100)]
package/python-simplejson: add CPE variables
cpe:2.3:a:simplejson_project:simplejson is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asimplejson_project%3Asimplejson
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:52:02 +0000 (10:52 +0100)]
package/flac: set FLAC_CPE_ID_VALID
cpe:2.3:a:flac_project:flac is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aflac_project%3Aflac
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:51:28 +0000 (10:51 +0100)]
package/libyaml: add LIBYAML_CPE_ID_VENDOR
cpe:2.3:a:pyyaml:libyaml is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyyaml%3Alibyaml
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:50:54 +0000 (10:50 +0100)]
package/libevent: set LIBEVENT_CPE_ID_VALID
cpe:2.3:a:libevent_project:libevent is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibevent_project%3Alibevent
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:50:24 +0000 (10:50 +0100)]
package/poppler: add POPPLER_CPE_ID_VENDOR
cpe:2.3:a:freedesktop:poppler is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Apoppler
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:49:57 +0000 (10:49 +0100)]
package/erlang: add CPE variables
cpe:2.3:a:erlang:erlang\/otp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aerlang%3Aerlang%5C%2Fotp&status=FINAL
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:49:17 +0000 (10:49 +0100)]
package/libsrtp: add LIBSRTP_CPE_ID_VENDOR
cpe:2.3:a:cisco:libsrtp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acisco%3Alibsrtp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:48:24 +0000 (10:48 +0100)]
package/imlib2: add IMLIB2_CPE_ID_VENDOR
cpe:2.3:a:enlightenment:imlib2 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aimlib2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:46:55 +0000 (10:46 +0100)]
package/dosfstools: set DOSFSTOOLS_CPE_ID_VALID
cpe:2.3:a:dosfstools_project:dosfstools is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adosfstools_project%3Adosfstools
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:46:24 +0000 (10:46 +0100)]
package/fontconfig: set FONTCONFIG_CPE_ID_VALID
cpe:2.3:a:fontconfig_project:fontconfig is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afontconfig_project%3Afontconfig
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:45:48 +0000 (10:45 +0100)]
package/libopenh264: add CPE variables
cpe:2.3:a:cisco:openh264 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acisco%3Aopenh264
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 09:45:09 +0000 (10:45 +0100)]
package/libpng: set LIBPNG_CPE_ID_VENDOR
cpe:2.3:a:libpng:libpng is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibpng%3Alibpng
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 5 Mar 2021 05:56:31 +0000 (06:56 +0100)]
package/dovecot-pigeonhole: bump version to 0.5.14
Release notes:
https://dovecot.org/pipermail/dovecot-news/2021-March/000456.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 5 Mar 2021 05:56:30 +0000 (06:56 +0100)]
package/dovecot: bump version to 2.3.14
Release notes:
https://dovecot.org/pipermail/dovecot-news/2021-March/000455.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 5 Mar 2021 10:15:42 +0000 (11:15 +0100)]
package/dhcpcd: disable privsep on older kernels
Commit
e5594f7239547672c08058b77f8098d2c080bebc fixed privsep for sh,
or1k, microblaze, xtensa, arc, nds32 and nios2, but failed to take into
account that the audit functionality is only available in recent kernels
on those architectures.
Pass the --disable-privsep configure option if the kernel is too old in
those architectures.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Yann E. MORIN [Wed, 3 Mar 2021 18:16:34 +0000 (19:16 +0100)]
package/libopenssl does not support riscv32
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
We initially carried that patch with
2bb26c1a1d24 (package/libopenssl:
fix build on riscv32).
However, as Arnd Bergmann puts it [0]:
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).
As such, we've reverted
2bb26c1a1d24 with
6cfb4ad7f76a.
This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.
Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.
When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).
While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.
Fixes:
http://autobuild.buildroot.org/results/eb9/
eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/
07e413b24ba8adc9558c80267ce16dda339bf032/
[0] https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-
44782859
[1] https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-
47826509
[2] https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-
47830530
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Arnout Vandecappelle (Essensium/Mind) [Thu, 4 Mar 2021 20:18:15 +0000 (21:18 +0100)]
package/dhcpcd: cherry-pick upstream arch-specific privsep fixes
dhcpcd includes privsep-linux.c which contains platform-specific
definitions for the seccomp fixes. A lot of our architectures were not
supported yet in the 9.4.0 release, but are supported now thanks to
Fabrice Fontaine.
Cherry-pick those patches. All of them affect the same code, but they
are cherry-picked individually to keep the correspondence with upstream.
Slight adjustments had to be made but there were no merge conflicts.
Fixes:
- http://autobuild.buildroot.org/results/
9ed863b3ba5e6e0587a48e619395e5bdb7e9c557
- http://autobuild.buildroot.org/results/
affd2f094084c4f53a324830539d07050b83587e
- http://autobuild.buildroot.org/results/
67f39606054930d307ddd0eb7743f06316d41544
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Thu, 4 Mar 2021 13:08:46 +0000 (14:08 +0100)]
package/gnuchess: security bump to version 6.2.7
Fix CVE-2019-15767: In GNU Chess 6.2.5, there is a stack-based buffer
overflow in the cmd_load function in frontend/cmd.cc via a crafted chess
position in an EPD file.
Update indentation in hash file (two spaces)
https://lists.gnu.org/archive/html/info-gnu-chess/2020-04/msg00000.html
https://lists.gnu.org/archive/html/info-gnu-chess/2020-05/msg00000.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 15:58:01 +0000 (16:58 +0100)]
package/sox: fix static build with magic
This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e
Fixes:
- http://autobuild.buildroot.org/results/
d96f27cd96926060046e2e1115777f5bceda3741
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Thu, 4 Mar 2021 12:29:25 +0000 (13:29 +0100)]
package/kismet: fix build when time_t is defined as long long
On some platforms time_t is defined as long long. At the moment, the
compilation of sqlite3_column_as<time_t>(...) fails on these systems
because the appropriate getter is not defined
Fixes:
- http://autobuild.buildroot.org/results/
3a76afdbd8b564579bfb08a4d75b438dbd73ac2e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Thu, 4 Mar 2021 11:30:39 +0000 (12:30 +0100)]
package/libminiupnpc: add CPE variables
cpe:2.3:a:miniupnp_project:miniupnpc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminiupnpc
Split the _VERSION into the traditional major/minor separation, even
though it is not strictly speaking major/minor. This allows re-using for
the CPE versioning.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- inverse the split: rather than defining _VERSION based on the CPE
values, split the _VERSION and use that to define the CPE variables
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 13:08:45 +0000 (14:08 +0100)]
package/gnuchess: add CPE variables
cpe:2.3:a:gnu:chess is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Achess
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:28:55 +0000 (12:28 +0100)]
package/systemd: add SYSTEMD_CPE_ID_VENDOR
cpe:2.3:a:freedesktop:systemd is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Asystemd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:35:41 +0000 (12:35 +0100)]
package/rabbitmq-server: add CPE variables
cpe:2.3:a:pivotal_software:rabbitmq is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apivotal_software%3Arabbitmq
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:34:54 +0000 (12:34 +0100)]
package/harfbuzz: set HARFBUZZ_CPE_ID_VALID
cpe:2.3:a:harfbuzz_project:harfbuzz is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aharfbuzz_project%3Aharfbuzz
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:34:10 +0000 (12:34 +0100)]
package/icu: add CPE variables
cpe:2.3:a:icu-project:international_components_for_unicode is a valid
CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aicu-project%3Ainternational_components_for_unicode
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:26:44 +0000 (12:26 +0100)]
package/heimdal: set HEIMDAL_CPE_ID_VALID
cpe:2.3:a:heimdal_project:heimdal is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aheimdal_project%3Aheimdal
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:31:48 +0000 (12:31 +0100)]
package/minicom: set MINICOM_CPE_ID_VALID
cpe:2.3:a:minicom_project:minicom is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminicom_project%3Aminicom
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:31:13 +0000 (12:31 +0100)]
package/rtmpdump: set RTMPDUMP_CPE_ID_VALID
cpe:2.3:a:rtmpdump_project:rtmpdump is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Artmpdump_project%3Artmpdump
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:29:41 +0000 (12:29 +0100)]
package/libmicrohttpd: add LIBMICROHTTPD_CPE_ID_VENDOR
cpe:2.3:a:gnu:libmicrohttpd is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibmicrohttpd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:27:26 +0000 (12:27 +0100)]
package/libosip2: add CPE variables
cpe:2.3:a:gnu:osip is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aosip
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:26:11 +0000 (12:26 +0100)]
package/iucode-tool: set IUCODE_TOOL_CPE_ID_VALID
cpe:2.3:a:iucode-tool_project:iucode-tool is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aiucode-tool_project%3Aiucode-tool
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:25:21 +0000 (12:25 +0100)]
package/lame: set LAME_CPE_ID_VALID
cpe:2.3:a:lame_project:lame is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alame_project%3Alame
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 3 Mar 2021 15:32:03 +0000 (16:32 +0100)]
package/apr-util: add CPE variables
cpe:2.3:a:apache:portable_runtime_utility is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Aportable_runtime_utility
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Thu, 4 Mar 2021 11:42:02 +0000 (12:42 +0100)]
package/libstrophe: fix tarball hash
Fix hash added by commit
28c7ff0bdb602e75d2891818ff87fe7fd4ed0015:
https://patchwork.ozlabs.org/project/buildroot/patch/
20210104101054.5392-1-jubalh@iodoru.org
Says Michael:
> ERROR: libstrophe-0.10.1.tar.gz has wrong sha256 hash:
> ERROR: expected:
4918c47029ecdea2deab4b0f9336ca4a8bb12c28b72b2cec397d98664b94c771
> ERROR: got :
5bf0bbc555cb6059008f1b748370d4d2ee1e1fabd3eeab68475263556405ba39
> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
I'm sorry about that. We had some disagreement at JasPer and we removed
an existing tag and created the same tag on a different commit. Thus
generating a different tarball under the same tag..
I thought I only did the buildroot update after this, but maybe I
remember wrong.
While at it, also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/
2f13af96eee20176ccb37ad32ec1472b4c9d6208
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: quote Michael's explanations]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 3 Mar 2021 15:16:07 +0000 (16:16 +0100)]
package/rpcbind: set RPCBIND_CPE_ID_VALID
cpe:2.3:a:rpcbind_project:rpcbind is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arpcbind_project%3Arpcbind
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 15:13:15 +0000 (16:13 +0100)]
package/transmission: add TRANSMISSION_CPE_ID_VENDOR
cpe:2.3:a:transmissionbt:transmission is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atransmissionbt%3Atransmission
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 15:02:44 +0000 (16:02 +0100)]
package/rsync: add RSYNC_CPE_ID_VENDOR
cpe:2.3:a:samba:rsync is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asamba%3Arsync
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 15:04:43 +0000 (16:04 +0100)]
package/librsync: set LIBRSYNC_CPE_ID_VALID
cpe:2.3:a:librsync_project:librsync is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibrsync_project%3Alibrsync
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:57:56 +0000 (15:57 +0100)]
package/librsvg: add LIBRSVG_CPE_ID_VENDOR
cpe:2.3:a:gnome:librsvg is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Alibrsvg
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:54:07 +0000 (15:54 +0100)]
package/libpjsip: add CPE variables
cpe:2.3:a:pjsip:pjsip is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apjsip%3Apjsip
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Michael Vetter [Wed, 3 Mar 2021 14:49:59 +0000 (15:49 +0100)]
package/libstrophe: bump to version 0.10.1
Changes:
* Fixed compilation error when LibreSSL is used
* Fixed crash when NULL is provided as password
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:44:25 +0000 (15:44 +0100)]
package/neon: add NEON_CPE_ID_VENDOR
cpe:2.3:a:webdav:neon is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awebdav%3Aneon
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:43:44 +0000 (15:43 +0100)]
package/sdl2_image: add SDL2_IMAGE_CPE_ID_VENDOR
cpe:2.3:a:libsdl:sdl2_image is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl2_image
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:43:13 +0000 (15:43 +0100)]
package/procps-ng: set PROCPS_NG_CPE_ID_VALID
cpe:2.3:a:procps-ng_project:procps-ng is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprocps-ng_project%3Aprocps-ng
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:42:33 +0000 (15:42 +0100)]
package/libvorbis: add LIBVORBIS_CPE_ID_VENDOR
cpe:2.3:a:xiph.org:libvorbis is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Axiph.org%3Alibvorbis
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:41:36 +0000 (15:41 +0100)]
package/libconfuse: set LIBCONFUSE_CPE_ID_VALID
cpe:2.3:a:libconfuse_project:libconfuse is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibconfuse_project%3Alibconfuse
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 14:41:01 +0000 (15:41 +0100)]
package/libsoup: add LIBSOUP_CPE_ID_VENDOR
cpe:2.3:a:gnome:libsoup is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Alibsoup
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:25:38 +0000 (10:25 +0100)]
package/stunnel: add STUNNEL_CPE_ID_VENDOR
cpe:2.3:a:stunnel:stunnel is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Astunnel%3Astunnel
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:22:35 +0000 (10:22 +0100)]
package/sane-backends: set SANE_BACKENDS_CPE_ID_VALID
cpe:2.3:a:sane-backends_project:sane-backends is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asane-backends_project%3Asane-backends
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 2 Mar 2021 13:18:33 +0000 (14:18 +0100)]
package/suricata: bump to version 6.0.2
This release is a bug fix release, fixing numerous important issues:
https://suricata-ids.org/2021/03/02/suricata-6-0-2-and-5-0-6-released/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 2 Mar 2021 13:18:32 +0000 (14:18 +0100)]
package/libhtp: bump to version 0.5.37
https://github.com/OISF/libhtp/releases/tag/0.5.37
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 10:10:39 +0000 (11:10 +0100)]
package/libebml: security bump to version 1.4.2
Fix CVE-2021-3405: A flaw was found in libebml before 1.4.2. A heap
overflow bug exists in the implementation of EbmlString::ReadData and
EbmlUnicodeString::ReadData in libebml.
https://github.com/Matroska-Org/libebml/blob/release-1.4.2/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:30:44 +0000 (10:30 +0100)]
package/elfutils: set ELFUTILS_CPE_ID_VALID
cpe:2.3:a:elfutils_project:elfutils is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aelfutils_project%3Aelfutils
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:29:57 +0000 (10:29 +0100)]
package/prosody: add PROSODY_CPE_ID_VENDOR
cpe:2.3:a:prosody:prosody is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprosody%3Aprosody
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:29:19 +0000 (10:29 +0100)]
package/netatalk: set NETATALK_CPE_ID_VALID
cpe:2.3:a:netatalk_project:netatalk is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetatalk_project%3Anetatalk
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:27:49 +0000 (10:27 +0100)]
package/liburiparser: add CPE variables
cpe:2.3:a:uriparser_project:uriparser is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Auriparser_project%3Auriparser
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:27:15 +0000 (10:27 +0100)]
package/pango: add PANGO_CPE_ID_VENDOR
cpe:2.3:a:pango:pango is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apango%3Apango
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:26:40 +0000 (10:26 +0100)]
package/jq: set JQ_CPE_ID_VALID
cpe:2.3:a:jq_project:jq is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajq_project%3Ajq
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:26:13 +0000 (10:26 +0100)]
package/libseccomp: set LIBSECCOMP_CPE_ID_VALID
cpe:2.3:a:libseccomp_project:libseccomp is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibseccomp_project%3Alibseccomp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:25:08 +0000 (10:25 +0100)]
package/rpm: add RPM_CPE_ID_VENDOR
cpe:2.3:a:rpm:rpm is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arpm%3Arpm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:24:28 +0000 (10:24 +0100)]
package/live555: add CPE variables
cpe:2.3:a:live555:streaming_media is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alive555%3Astreaming_media
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:22:03 +0000 (10:22 +0100)]
package/irssi: add IRSSI_CPE_ID_VENDOR
cpe:2.3:a:irssi:irssi is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Airssi%3Airssi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:21:25 +0000 (10:21 +0100)]
package/mpg123: add MPG123_CPE_ID_VENDOR
cpe:2.3:a:mpg123:mpg123 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ampg123%3Ampg123
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Wed, 3 Mar 2021 09:20:45 +0000 (10:20 +0100)]
package/libmodplug: add LIBMODPLUG_CPE_ID_VENDOR
cpe:2.3:a:konstanty_bialkowski:libmodplug is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akonstanty_bialkowski%3Alibmodplug
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 3 Mar 2021 10:15:29 +0000 (11:15 +0100)]
Revert "package/libopenssl: fix build on riscv32"
This reverts commit
2bb26c1a1d24cdbb946bc2a77680dbc8f9c0d537.
There was some negative feedback from Arnd Bergmann on that patch:
https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-
44782859
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And in light of the above, indeed the patch does not look so correct
after all.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann E. MORIN [Tue, 2 Mar 2021 21:51:47 +0000 (22:51 +0100)]
package/libopenssl: fix build on riscv32
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves.
Backport a patch from the upstream openssl development branch that will
eventually be openssl 3.0, but has not yet been backported to the 1.1.1
stable branch.
Fixes:
http://autobuild.buildroot.org/results/eb9/
eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/
07e413b24ba8adc9558c80267ce16dda339bf032/
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Tue, 2 Mar 2021 21:15:51 +0000 (22:15 +0100)]
support/scripts/gen-bootlin-toolchains: correct xtensa-lx60 toolchain dependencies
Fixes:
http://autobuild.buildroot.net/results/011/
0111c2ed54618daaeedfc66b0ea04eda00a7e855/
http://autobuild.buildroot.net/results/e53/
e53e3880b63a23fa3b3e6d34664d40d5ddbdff89/
..
As listed in the br_fragment file of the toolchain, this is built for a
little-endian "custom" xtensa variant rather than the (big-endian) fsf one:
BR2_xtensa=y
BR2_XTENSA_CUSTOM=y
So update the dependencies in the script and regenerate Config.in.options /
toolchain test. Also fixup the autobuild config snippet to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>