Commit Graph

55664 Commits

Author SHA1 Message Date
Thomas Petazzoni
67768e97b0 support/scripts/pkg-stats: drop unused --cpeid option
The --cpeid option was mistakenly introduced by commit
92e7089a8c ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-31 12:03:11 +01:00
Thomas Petazzoni
cad5a69f83 support/scripts/pkg-stats: drop unused cpeid_name() function
The cpeid_name() function is not used anywhere, drop it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-31 12:03:00 +01:00
Thomas Petazzoni
68364a4b58 support/scripts/pkg-stats: fix the status reporting of CVEs
Since commit bd665d182c
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.

This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-31 12:02:42 +01:00
Thomas Petazzoni
7f83ad7467 support/scripts/pkg-stats: improvements in is_status_*() methods
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.

Introduced similar methods for the error and na status, which will be
used in following commits.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-31 12:02:41 +01:00
Gilles Talis
92bb7938ab package/xapian: bump to version 1.4.18
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:29:45 +01:00
Gilles Talis
35ea1dd30c package/opusfile: bump to version 0.12
also set the indentation to 2 spaces in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:29:39 +01:00
Gilles Talis
5159f65660 package/leptonica: bump to version 1.80.0
Also added 2 spaces indentation in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:29:28 +01:00
Gilles Talis
c126bb9c7d package/faad2: bump to version 2.10.0
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:29:20 +01:00
Gilles Talis
3af209f74d DEVELOPERS: add Gilles Talis for opusfile
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:27:49 +01:00
Gilles Talis
bf8f72c043 DEVELOPERS: Add Gilles Talis for faad2
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:27:43 +01:00
Bernd Kuhls
fd0796a27a package/{mesa3d, mesa3d-headers}: bump version to 20.3.4
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-January/000618.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-31 11:27:30 +01:00
Fabrice Fontaine
e35cacf050 package/libgpgme: bump to version 1.15.1
Update indentation in hash file (two spaces)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;h=f6c2b0d3c53b3a62ca71a2a85b2d9764cda359c0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:19:52 +01:00
Fabrice Fontaine
6b79c8fb05 package/libgpgme: add CPE variables
cpe:2.3🅰️gnupg:gpgme is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agpgme

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:19:45 +01:00
Fabrice Fontaine
2312e99499 package/mutt: add gpgme optional dependency
gpgme is supported since 2005 and
4bb5db92a8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:18:53 +01:00
Fabrice Fontaine
b96a732c76 package/vde2: add CPE variables
cpe:2.3🅰️vde_project:vde is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avde_project%3Avde

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:16:22 +01:00
Fabrice Fontaine
a2a165eb49 package/haproxy: bump to version 2.2.8
https://www.mail-archive.com/haproxy@formilux.org/msg39408.html
https://www.mail-archive.com/haproxy@formilux.org/msg39470.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:15:10 +01:00
Fabrice Fontaine
11fc8ce9f3 package/logrotate: use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:14:57 +01:00
Fabrice Fontaine
70acf563aa package/bitcoin: add CPE variables
cpe:2.3🅰️bitcoin:bitcoin_core is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abitcoin%3Abitcoin_core

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 17:02:35 +01:00
Fabrice Fontaine
f2050d050b package/bitcoin: security bump to version 0.21.0
Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.0.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 17:02:08 +01:00
Fabrice Fontaine
1b18d9104f package/socat: security bump to version 1.7.4.1
Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not	checked for integer overflow. This could lead to heap based
buffer overflow, assuming the attacker could provide this parameter.

- Update indentation in hash file (two spaces)
- Update hash of README file due to minor updates:
  https://repo.or.cz/socat.git/commit/b145170837d75bd7a1a5803283910ab075d47bea
  https://repo.or.cz/socat.git/commit/0a115feadc3102f17e0a8a1a985319af0295f704

http://www.dest-unreach.org/socat/doc/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:41:50 +01:00
Geoffrey Le Gourriérec
1f50a44371 package/uclibc: Patch with updated kernel time definitions
Building uclibc 1.0.37 for SuperH architecture with linux-headers 5.10.7
fails at libpthread level due to missing time-related data structures,
usually defined by the kernel. Make uclibc correctly define those types.

A previous patch in buildroot [1] fixed the symptom by tampering with
linux-headers inclusions, but analysis [2] done in collaboration with
Linux folks concluded that the issue lied in (voluntary) include guard
"preemption" in uclibc kernel_types.h.
However, kernel_types.h was not up to date with relevant 64-bit time
data structures, so defining those here was needed.

The present uclibc patch was mailed to uclibc-ng mailing list and got
a positive response; I am not able to give a link to the discussion,
as it has not appeared yet [3] (perhaps I'm not looking at the right
place ?)
So until the patch is merged upstream and we bump uclibc version, keep
our patch here.

[1] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/
[3] https://mailman.uclibc-ng.org/pipermail/devel/2021-January/thread.html

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:39:08 +01:00
Geoffrey Le Gourriérec
fbbcacff7d board/qemu/sh4*: Remove linux-headers patch
Previous patch about time data structures [1] provided a dirty fix
that did not solve the real issue.

After discussing with Linux folks on the SuperH mailing list [2],
the patch was deemed unnecessary, as the problem lied in uclibc.

[1] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:38:58 +01:00
Fabrice Fontaine
ca1afcb217 package/ply: needs headers >= 4.14
ply uses BPF_JLT is available only since kernel 4.14 with:
92b31a9af7

Fixes:
 - http://autobuild.buildroot.org/results/632187ceb7ca5e2dc5a3e5185860ddb874b4274c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:32:30 +01:00
Fabrice Fontaine
8f8606f2aa package/wayland: add WAYLAND_CPE_ID_VENDOR
cpe:2.3🅰️wayland:wayland is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Awayland

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:29:56 +01:00
Fabrice Fontaine
048dac0758 package/sox: add CPE variables
cpe:2.3🅰️sound_exchange_project:sound_exchange is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asound_exchange_project%3Asound_exchange

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:29:19 +01:00
Fabrice Fontaine
eebf13ab96 package/libgeos: disable benchmarks
Fixes:
 - http://autobuild.buildroot.org/results/790450f7541d690cdef3917d7056759cb9b403c5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 13:27:59 +01:00
Fabrice Fontaine
8713001aad package/dhcpcd: fix build with nds32
Fix build failure with dhcpcd due to SECCOMP_AUDIT_ARCH which is used
since version 9.3.0 and
a926ee6d8f

Fixes:
 - http://autobuild.buildroot.org/results/af8ba07ea0c12ab8cd24d528ef98db05521f3d36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:41:58 +01:00
Fabrice Fontaine
ea238f53eb package/spice: set SPICE_CPE_ID_VALID
cpe:2.3🅰️spice_project:spice is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aspice_project%3Aspice

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:39:05 +01:00
Fabrice Fontaine
767f7567e3 package/pinentry: bump to version 1.1.1
- add efl optional dependency which is available since
  http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=948105b7a34ec9a9e5479d376b7c86bafee50a01
- Update indentation in hash file (two spaces)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c8b5195ace7bb3ffb1420ae479ac39d65b0fa17c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:38:39 +01:00
Jianhui Zhao
d8efcd2ab2 package/rtty: bump version to 7.3.0
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:37:37 +01:00
Bernd Kuhls
a55a3f27f1 package/libgcrypt: security bump version to 1.9.1
Removed patch which was applied upstream.

Release notes:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:31:20 +01:00
Peter Korsgaard
1c61297ec0 {linux, linux-headers}: bump 4.19.x / 5.{4, 10}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:31:09 +01:00
Michael Nosthoff
62f9d440ab package/spdlog: bump to version 1.8.2
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:30:42 +01:00
Gwenhael Goavec-Merou
c36367e909 package/python-remi: bump to version 2020.11.20
Add runtime dependencies to pythonX-ssl and python-setuptools.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 11:28:05 +01:00
Fabrice Fontaine
7b7c0c6b78 package/pinentry: drop unrecognized option
Drop --with-x option which is not recognized:

configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --disable-static, --enable-shared, --with-x

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:39:53 +01:00
Tian Yuanhao
12a30d8014 package/ttyd: bump to version 1.6.3
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:37:51 +01:00
Fabrice Fontaine
0d2bfb42a5 package/dhcpcd: bump to version 9.4.0
Drop patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:36:57 +01:00
Bernd Kuhls
d637d3cf06 package/x11r7/xlib_libXt: bump version to 1.2.1
Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:36:29 +01:00
Bernd Kuhls
d5a7158e12 package/xutil_util-macros: bump version to 1.19.3
Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:36:20 +01:00
Bernd Kuhls
d4a48e1cb7 package/sqlite: bump version to 3.34.1
Updated SQLITE_SITE.

Release notes: https://www.sqlite.org/releaselog/3_34_1.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:35:21 +01:00
Fabrice Fontaine
033f81c317 package/open62541: force Release build
Force Release build to remove -Werror and avoid the following build
failure:

/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors

Fixes:
 - http://autobuild.buildroot.org/results/24b429ce0ae2b33e72bb6a0f523c3906e539a4fd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:33:53 +01:00
Peter Korsgaard
8a6b0b5696 package/glibc: security bump for additional post-2.32.x fixes
Fixes the following security issue:

- CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
  combining characters

For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
https://www.openwall.com/lists/oss-security/2021/01/27/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:32:24 +01:00
Fabrice Fontaine
1181d6f422 package/runc: add CPE variables
cpe:2.3🅰️linuxfoundation:runc is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxfoundation%3Arunc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:31:04 +01:00
Peter Korsgaard
c1413cd94c package/mutt: add security fixes from Ubuntu for CVE-2021-3181
Fixes the following security issue:

- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
  cause a denial of service (mailbox unavailability) by sending email
  messages with sequences of semicolon characters in RFC822 address fields
  (aka terminators of empty groups).  A small email message from the
  attacker can cause large memory consumption, and the victim may then be
  unable to see email messages from other persons.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:30:02 +01:00
Fabrice Fontaine
1fe19f1478 package/gdk-pixbuf: fix license
Commit a7b51ed301 forgot to update hash of
COPYING which now contains LGPL-2.1+

Here is an extract of
0a8882b1a1:

"The vast majority of GdkPixbuf is released under the terms of the GNU
Lesser General Public License, version 2.1 or later.

The following files are released under the terms of the GNU Library
General Public License, version 2 or later:
[...]
The aggregate license of the GdkPixbuf project is the Lesser GPL v2.1 or
later."

Fixes:
 - http://autobuild.buildroot.org/results/292306061216471c258a89e61b54c0d05c757321

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:28:46 +01:00
Baruch Siach
70e0546a4e package/chrony: fix build with kernel headers older than 3.15
Add a patch to make renameat2 system call reference conditional.

Fixes:
http://autobuild.buildroot.net/results/bb6/bb638ed011aea379c7f780187dafe2615753e2ae/
http://autobuild.buildroot.net/results/5ef/5ef11bace60950b35b4a593d734a20df088c79aa/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:28:05 +01:00
Michael Nosthoff
7c3df4fc49 package/grpc: bump to version 1.35.0
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:27:36 +01:00
Vadym Kochan
e0d4fbb2ed package/logrotate: bump to 3.18.0 version
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.

Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:26:34 +01:00
Baruch Siach
e551fe76e2 package/stress-ng: bump to version 0.12.02
Use https for download to save redirect.

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:25:34 +01:00
Fabrice Fontaine
158ea5244c package/socat: add SOCAT_CPE_ID_VENDOR
cpe:2.3🅰️dest-unreach:socat is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adest-unreach%3Asocat

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-28 17:54:17 +01:00