Commit Graph

55987 Commits

Author SHA1 Message Date
Fabrice Fontaine
01024f5612 package/stunnel: add STUNNEL_CPE_ID_VENDOR
cpe:2.3🅰️stunnel:stunnel is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Astunnel%3Astunnel

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-04 08:05:14 +01:00
Fabrice Fontaine
0b4e8e430d package/sane-backends: set SANE_BACKENDS_CPE_ID_VALID
cpe:2.3🅰️sane-backends_project:sane-backends is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asane-backends_project%3Asane-backends

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-04 08:05:00 +01:00
Fabrice Fontaine
cac588d79a package/suricata: bump to version 6.0.2
This release is a bug fix release, fixing numerous important issues:
https://suricata-ids.org/2021/03/02/suricata-6-0-2-and-5-0-6-released/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 15:01:51 +01:00
Fabrice Fontaine
57cb108af0 package/libhtp: bump to version 0.5.37
https://github.com/OISF/libhtp/releases/tag/0.5.37

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 15:01:44 +01:00
Fabrice Fontaine
ff18652b42 package/libebml: security bump to version 1.4.2
Fix CVE-2021-3405: A flaw was found in libebml before 1.4.2. A heap
overflow bug exists in the implementation of EbmlString::ReadData and
EbmlUnicodeString::ReadData in libebml.

https://github.com/Matroska-Org/libebml/blob/release-1.4.2/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:44:16 +01:00
Fabrice Fontaine
fc151128a9 package/elfutils: set ELFUTILS_CPE_ID_VALID
cpe:2.3🅰️elfutils_project:elfutils is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aelfutils_project%3Aelfutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:42:46 +01:00
Fabrice Fontaine
20455e4767 package/prosody: add PROSODY_CPE_ID_VENDOR
cpe:2.3🅰️prosody:prosody is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprosody%3Aprosody

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:42:33 +01:00
Fabrice Fontaine
608632bfe8 package/netatalk: set NETATALK_CPE_ID_VALID
cpe:2.3🅰️netatalk_project:netatalk is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetatalk_project%3Anetatalk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:42:21 +01:00
Fabrice Fontaine
e1d4b088fb package/liburiparser: add CPE variables
cpe:2.3🅰️uriparser_project:uriparser is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Auriparser_project%3Auriparser

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:42:00 +01:00
Fabrice Fontaine
e44dcbd953 package/pango: add PANGO_CPE_ID_VENDOR
cpe:2.3🅰️pango:pango is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apango%3Apango

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:41:52 +01:00
Fabrice Fontaine
94a331ed1e package/jq: set JQ_CPE_ID_VALID
cpe:2.3🅰️jq_project:jq is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajq_project%3Ajq

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:41:37 +01:00
Fabrice Fontaine
04b9f65f11 package/libseccomp: set LIBSECCOMP_CPE_ID_VALID
cpe:2.3🅰️libseccomp_project:libseccomp is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibseccomp_project%3Alibseccomp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:41:28 +01:00
Fabrice Fontaine
8cdab4fc4a package/rpm: add RPM_CPE_ID_VENDOR
cpe:2.3🅰️rpm:rpm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arpm%3Arpm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:41:09 +01:00
Fabrice Fontaine
88053c3bae package/live555: add CPE variables
cpe:2.3🅰️live555:streaming_media is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alive555%3Astreaming_media

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:40:57 +01:00
Fabrice Fontaine
1032d583f8 package/irssi: add IRSSI_CPE_ID_VENDOR
cpe:2.3🅰️irssi:irssi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Airssi%3Airssi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:40:15 +01:00
Fabrice Fontaine
70c0ebf293 package/mpg123: add MPG123_CPE_ID_VENDOR
cpe:2.3🅰️mpg123:mpg123 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ampg123%3Ampg123

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:39:38 +01:00
Fabrice Fontaine
266b935349 package/libmodplug: add LIBMODPLUG_CPE_ID_VENDOR
cpe:2.3🅰️konstanty_bialkowski:libmodplug is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akonstanty_bialkowski%3Alibmodplug

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 13:39:29 +01:00
Yann E. MORIN
6cfb4ad7f7 Revert "package/libopenssl: fix build on riscv32"
This reverts commit 2bb26c1a1d.

There was some negative feedback from Arnd Bergmann on that patch:
    5b5e2985f3 (commitcomment-44782859)

    The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
    whenever time_t is 64-bit wide on a 32-bit architecture, while
    __NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
    same width as 'long'.

    Checking whether __NR_io_getevents is defined is wrong for all
    architectures other than riscv

And in light of the above, indeed the patch does not look so correct
after all.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-03 11:15:29 +01:00
Yann E. MORIN
2bb26c1a1d package/libopenssl: fix build on riscv32
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.

Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves.

Backport a patch from the upstream openssl development branch that will
eventually be openssl 3.0, but has not yet been backported to the 1.1.1
stable branch.

Fixes:
    http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
    ...
    http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-02 23:55:46 +01:00
Peter Korsgaard
a0aff89ed2 support/scripts/gen-bootlin-toolchains: correct xtensa-lx60 toolchain dependencies
Fixes:
http://autobuild.buildroot.net/results/011/0111c2ed54618daaeedfc66b0ea04eda00a7e855/
http://autobuild.buildroot.net/results/e53/e53e3880b63a23fa3b3e6d34664d40d5ddbdff89/
..

As listed in the br_fragment file of the toolchain, this is built for a
little-endian "custom" xtensa variant rather than the (big-endian) fsf one:

BR2_xtensa=y
BR2_XTENSA_CUSTOM=y

So update the dependencies in the script and regenerate Config.in.options /
toolchain test.  Also fixup the autobuild config snippet to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-02 23:52:49 +01:00
Peter Korsgaard
9ada4eb2f1 package/wpa_supplicant: add upstream 2021-1 security fix
Fixes the following security issue:

- wpa_supplicant P2P provision discovery processing vulnerability (no CVE
  yet)

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

For more details, see the advisory:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: actually add the patch URL to the patch list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 23:11:25 +01:00
Fabrice Fontaine
b33f74823e package/kismet: server needs wchar
kismet embeds its own copy of fmt since version 2019-04-R1 so add a
dependency on wchar to avoid the following build failure when building
the server:

./fmt/core.h:1245:1:
 std::wstring vformat(wstring_view format_str, wformat_args args);
 ^~~
./fmt/core.h:1266:13: error: 'wstring' in namespace 'std' does not name a type
 inline std::wstring format(wstring_view format_str, const Args & ... args) {
             ^~~~~~~
./fmt/core.h:1266:8: note: 'std::wstring' is defined in header '<string>'; did you forget to '#include <string>'?

Fixes:
 - http://autobuild.buildroot.org/results/f19b3d080514a799a1c75b38ff5f7ae4e8d2628d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-02 22:04:19 +01:00
Fabrice Fontaine
e0a2912440 package/perl: link with -lintl if needed
Link with TARGET_NLS_LIBS if needed to avoid the following build failure
with perl in version 5.32:

/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-gcc -lm -Wl,-E -o perl perlmain.o libperl.a  -lm -lcrypt -lpthread -ldl
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: libperl.a(locale.o): in function `S_emulate_setlocale':
/home/buildroot/autobuild/instance-3/output-1/build/perl-5.32.1/locale.c:1182: undefined reference to `libintl_textdomain'

An upstream issue has been opened in:
https://github.com/Perl/perl5/issues/18467

Fixes:
 - http://autobuild.buildroot.org/results/9df8d8d28006845b4f927548f8856dfa8f79802b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:59:50 +01:00
Waldemar Brodkorb
563ecafd22 uclibc-ng-test: update to latest
Fixes:
http://autobuild.buildroot.net/results/877879987f7adea0fa239e879b056c248968b1e9
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:51:41 +01:00
Fabrice Fontaine
10e65c92fe package/bustle: fix static build
Commit 436cb9308a wrongly removed --static
from pcap-config call

Fixes:
 - http://autobuild.buildroot.org/results/b5d8d8d8452342373c2446613ba3051c20a97c03

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-02 21:49:47 +01:00
Fabrice Fontaine
de43a9775d package/python-pyyaml: security bump to version 5.4.1
Fix CVE-2020-14343: A vulnerability was discovered in the PyYAML library
in versions before 5.4, where it is susceptible to arbitrary code
execution when it processes untrusted YAML files through the full_load
method or with the FullLoader loader. Applications that use the library
to process untrusted input may be vulnerable to this flaw. This flaw
allows an attacker to execute arbitrary code on the system by abusing
the python/object/new constructor. This flaw is due to an incomplete fix
for CVE-2020-1747.

Update hash of LICENSE file (update in year:
58d0cb7ee0)

https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:49:10 +01:00
Gwenhael Goavec-Merou
6b714a9c3b package/gnuradio: fix qtgui build when gr-analog is not set
gr-qtgui examples needs to have gr-analog enabled, without this dependency
compile crash with:

In file included from
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.cc:22:
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/build.make:67:
gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/display_qt.cc.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from
/somewhere/gnuradio/build/gr-qtgui/examples/c++/moc_display_qt.cpp:10:
/somewhere/gnuradio/build/gr-qtgui/examples/c++/../../../../gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

GR_ANALOG is not an explicit dependency of GR_QTGUI, so disable c++ examples if
user has not selected this option.

[backported from 7470a7a3771dd90defb826b464dfe62977cb1eb6]

Fixes:
- http://autobuild.buildroot.net/results/fde670499289f3d7d47379eebccf6e0f92c6d200/

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-02 21:44:20 +01:00
Fabrice Fontaine
40fa7a825d package/python-pyyaml: add CPE variables
cpe:2.3🅰️pyyaml:pyyaml is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyyaml%3Apyyaml

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:52 +01:00
Fabrice Fontaine
b07a3c4fc0 package/dovecot-pigeonhole: add CPE variables
cpe:2.3🅰️dovecot:pigeonhole is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adovecot%3Apigeonhole

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:50 +01:00
Fabrice Fontaine
2ed095025c package/giflib: set GIFLIB_CPE_ID_VALID
cpe:2.3🅰️giflib_project:giflib is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agiflib_project%3Agiflib

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:49 +01:00
Fabrice Fontaine
258373d19e package/nmap: add NMAP_CPE_ID_VENDOR
cpe:2.3🅰️nmap:nmap is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anmap%3Anmap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:48 +01:00
Fabrice Fontaine
0263f25517 package/ruby: add RUBY_CPE_ID_VENDOR
cpe:2.3🅰️ruby-lang:ruby is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aruby-lang%3Aruby

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:47 +01:00
Fabrice Fontaine
2ce188de98 package/gd: add CPE variables
cpe:2.3🅰️libgd:libgd is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibgd%3Alibgd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:45 +01:00
Fabrice Fontaine
77047841dc package/libfribidi: add CPE variables
cpe:2.3🅰️gnu:fribidi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Afribidi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:44 +01:00
Fabrice Fontaine
f0feed4e47 package/jpeg-turbo: add CPE variables
cpe:2.3🅰️libjpeg-turbo:libjpeg-turbo is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibjpeg-turbo%3Alibjpeg-turbo

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:43 +01:00
Fabrice Fontaine
fea76b1e90 package/tiff: add CPE variables
cpe:2.3🅰️libtiff:libtiff is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtiff%3Alibtiff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:42 +01:00
Fabrice Fontaine
d94ac06d0d package/rabbitmq-c: set RABBITMQ_C_CPE_ID_VALID
cpe:2.3🅰️rabbitmq-c_project:rabbitmq-c is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arabbitmq-c_project%3Arabbitmq-c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:40 +01:00
Fabrice Fontaine
d12f7f839d package/libpam-tacplus: add CPE variables
cpe:2.3🅰️pam_tacplus_project:pam_tacplus is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apam_tacplus_project%3Apam_tacplus

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:39 +01:00
Fabrice Fontaine
bbb31dac92 package/e2fsprogs: set E2FSPROGS_CPE_ID_VALID
cpe:2.3🅰️e2fsprogs_project:e2fsprogs is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ae2fsprogs_project%3Ae2fsprogs

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 21:37:38 +01:00
Fabrice Fontaine
173eabf3b6 package/bootstrap: add BOOTSRAP_CPE_ID_VENDOR
cpe:2.3🅰️getbootstrap:bootstrap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agetbootstrap%3Abootstrap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 14:01:05 +01:00
Fabrice Fontaine
b84a4ed139 package/libsndfile: set LIBSNDFILE_CPE_ID_VALID
cpe:2.3🅰️libsndfile_project:libsndfile is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsndfile_project%3Alibsndfile

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 14:01:04 +01:00
Fabrice Fontaine
1b0a7c6a91 package/bubblewwrap: add BUBBLEWRAP_CPE_ID_VENDOR
cpe:2.3🅰️projectatomic:bubblewrap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprojectatomic%3Abubblewrap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 14:00:33 +01:00
Fabrice Fontaine
bc418e0174 package/rdesktop: add RDESKTOP_CPE_ID_VENDOR
cpe:2.3🅰️rdesktop:rdesktop is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ardesktop%3Ardesktop

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-02 14:00:15 +01:00
Titouan Christophe
cbd5f7e3a9 package/redis: security bump to v6.0.12
From the release notes:
(https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)

================================================================================
Redis 6.0.11     Released Mon Feb 22 16:13:23 IST 2021
================================================================================

Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
otherwise.

Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

================================================================================
Redis 6.0.12     Released Mon Mar  1 17:29:52 IST 2021
================================================================================

Upgrade urgency: LOW, fixes a compilation issue.

Bug fixes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-02 09:34:22 +01:00
Peter Korsgaard
f6e9e22ac9 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 10}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-02 08:54:44 +01:00
Fabrice Fontaine
dd6bcc0916 package/gstreamer1/gst1-plugins-bad: add sctp option
sctp unconditionnally uses __sync_*_4 intrinsics in
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/blob/master/ext/sctp/usrsctp/usrsctplib/user_atomic.h

As a result, this will raise the following build failure with bootlin
sparc toolchain:

/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ext/sctp/usrsctp/libusrsctp-static.a(usrsctplib_user_socket.c.o): in function `usrsctp_conninput':
user_socket.c:(.text+0x3004): undefined reference to `__sync_fetch_and_add_4'

sctp uses an internal version of usrsctp (which is not available in
buildroot) and is available since version 1.15.1:
e2f06326ea

Fixes:
 - http://autobuild.buildroot.org/results/981b11ae9746d1eef40c1797398c4f6c16f005bd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-01 23:55:09 +01:00
Francois Perrad
9aba85e3f5 package/prosody: security bump to 0.11.8
From the release notes:
https://blog.prosody.im/prosody-0.11.8-released/

This release also fixes a security issue, where channel binding, which
connects the authentication layer (i.e.  SASL) with the security layer (i.e.
TLS) to detect man-in-the-middle attacks, could be used on connections
encrypted with TLS 1.3, despite the holy texts declaring this undefined.

https://issues.prosody.im/1542

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: mark as security bump, expand commit text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-01 23:21:54 +01:00
Yann E. MORIN
3673b0c7e2 configs: rename a bunch of friendlyarm boards
We have defconfigs for quite a few friendlyarm boards, but the
naming for the defconfigs for those boards is inconsistent: some
start with 'friendlyarm_' while others don't.

Although the number of boards starting with 'friendlyarm_' is
less than those which do not, we still choose to rename the
boards so all have the 'friendlyarm_' prefix.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Chakra Divi <chakra@openedev.com>
Cc: Davide Viti <zinosat@gmail.com>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-01 22:53:35 +01:00
Peter Seiderer
955d6c099b package/util-linux: disable runuser for the host build
runuser allows running commands as another user, but needs to run as
root to be able to setuid(). But Buildroot does not require running as
root, and so runuser can't be used.

Incientally, that fixes host build in case unsuitable libs are found on
the system:
    http://lists.busybox.net/pipermail/buildroot/2021-February/304261.html

Reported-by: GA K <guyarkam@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - expand the commit log with a more fundamental explanation that
    runuser can't be used anyway
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-01 22:35:51 +01:00
Fabrice Fontaine
9598b7a00b package/tpm2-pkcs11: needs threads
tpm2-pkcs11 fails to build without threads since its addition with
commit 42db2c7236

Fixes:
 - http://autobuild.buildroot.org/results/8218776da34cc4a20663ae6737ad7727b12d8cd2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-01 22:34:22 +01:00