Commit Graph

56865 Commits

Author SHA1 Message Date
Fabrice Fontaine
24729c8971 package/python-py: add CPE variables
cpe:2.3🅰️pytest:py is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apytest%3Apy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:33:42 +02:00
Fabrice Fontaine
4e53f3fc63 package/python-aiohttp: add CPE variables
cpe:2.3🅰️aiohttp_project:aiohttp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaiohttp_project%3Aaiohttp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:31:12 +02:00
Fabrice Fontaine
c845523fe2 package/python-pip: add CPE variables
cpe:2.3🅰️pypa:pip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apypa%3Apip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:30:26 +02:00
Fabrice Fontaine
51cb6cfad4 package/python-pillow: add CPE variables
cpe:2.3🅰️python:pillow is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Apillow

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:29:18 +02:00
Fabrice Fontaine
398c3ca43e package/python-ipython: add CPE variables
cpe:2.3🅰️ipython:ipython is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aipython%3Aipython

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:29:08 +02:00
Fabrice Fontaine
d32bf2d6eb package/python-psutil: add CPE variables
cpe:2.3🅰️psutil_project:psutil is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apsutil_project%3Apsutil

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:28:28 +02:00
Peter Korsgaard
a14ce17ca6 package/python3: security bump to version 3.9.4
Fixes the following security issues:

- bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module
  which could be abused to read arbitrary files on the disk (directory
  traversal vulnerability).  Moreover, even source code of Python modules
  can contain sensitive data like passwords.  Vulnerability reported by
  David Schwörer.

- bpo-43285: ftplib no longer trusts the IP address value returned from the
  server in response to the PASV command by default.  This prevents a
  malicious FTP server from using the response to probe IPv4 address and
  port combinations on the client network.

  Code that requires the former vulnerable behavior may set a
  trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to
  True to re-enable it.

- bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and
  gc.get_referents().  Patch by Pablo Galindo.

Note: 3.9.3 was recalled due to introducing unintentional ABI
incompatibility, and fixes re-released as 3.9.4:

https://www.python.org/downloads/release/python-394/

Add host-autoreconf-archive, as it is needed for autoreconf since:
064bc07f24

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:28:12 +02:00
Fabrice Fontaine
e1cdaeb454 package/python-ecdsa: bump to version 0.16.1
Update indentation in hash file (two spaces)

https://github.com/tlsfuzzer/python-ecdsa/blob/python-ecdsa-0.16.1/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:34:10 +02:00
Fabrice Fontaine
fcba0aec7b package/python-paramiko: bump to version 2.7.2
Update indentation in hash file (two spaces)

https://github.com/paramiko/paramiko/blob/2.7.2/sites/www/changelog.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix LICENSE hash]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:33:19 +02:00
Fabrice Fontaine
57eaa13382 package/boinc: bump to version 7.16.16
Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:30:12 +02:00
Fabrice Fontaine
f15bfa10ba package/ncmpc: bump to version 0.45
https://github.com/MusicPlayerDaemon/ncmpc/blob/v0.45/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:29:59 +02:00
Fabrice Fontaine
f06e88d009 package/whois: bump to version 5.5.9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:25:28 +02:00
Fabrice Fontaine
97b98d9fe8 package/python-yatl: bump to version 20210326.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:25:06 +02:00
Fabrice Fontaine
7f268154a0 package/python-jedi: bump to version 0.18.0
python 2 support has been dropped since version 0.18.0 and
d67dfba7f5

Add django-stubs license file (MIT)

https://github.com/davidhalter/jedi/blob/v0.18.0/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:22:55 +02:00
Fabrice Fontaine
cf3ce0e01f package/python-parso: bump to version 0.8.2
python 2 support has been dropped since versio 0.8.0 and
b601ade90b

https://github.com/davidhalter/parso/blob/v0.8.2/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:22:44 +02:00
Fabrice Fontaine
c1e6c33390 package/libgee: bump to version 0.20.4
https://gitlab.gnome.org/GNOME/libgee/-/blob/0.20.4/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:21:16 +02:00
Francois Perrad
2dd3a9f7cd package/enchant: bump to version 2.2.15
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:20:55 +02:00
Fabrice Fontaine
56ef730f40 package/libmaxminddb: bump to version 1.5.2
https://github.com/maxmind/libmaxminddb/blob/1.5.2/Changes.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:20:40 +02:00
Fabrice Fontaine
3962408c30 package/lcms2: bump to version 2.12
Update hash of COPYING (word wrap:
48a1b9a1ca)

https://littlecms.com/blog/2021/02/06/lcms2-2.12

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:19:56 +02:00
Fabrice Fontaine
241ab7cb3f package/scapy: add CPE variables
cpe:2.3🅰️scapy:scapy is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ascapy%3Ascapy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:19:38 +02:00
Fabrice Fontaine
398103fbdd package/haproxy: bump to version 2.2.13
http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:18:16 +02:00
Fabrice Fontaine
1175f46044 package/python-networkx: add CPE variables
cpe:2.3🅰️python:networkx is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Anetworkx

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:16:44 +02:00
Fabrice Fontaine
f07f208e14 package/python-tornado: add CPE variables
cpe:2.3🅰️tornadoweb:tornado is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atornadoweb%3Atornado

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:16:23 +02:00
Fabrice Fontaine
4fcc47d5ad package/python-pyro: add CPE variables
cpe:2.3🅰️pyro_project:pyro is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyro_project%3Apyro

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:16:08 +02:00
Fabrice Fontaine
165f60a092 package/python-jinja2: add CPE variables
cpe:2.3🅰️pocoo:jinja2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apocoo%3Ajinja2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:15:42 +02:00
Fabrice Fontaine
497981ff34 package/janus-gateway: add CPE variables
cpe:2.3🅰️meetecho:janus is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ameetecho%3Ajanus

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:15:08 +02:00
Fabrice Fontaine
66b7d2ce1c package/python-docker: add CPE variables
cpe:2.3🅰️docker:docker-py is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker-py

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:14:13 +02:00
Fabrice Fontaine
4783e5fd8c package/python-decorator: add CPE variables
cpe:2.3🅰️python:decorator is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Adecorator

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:14:05 +02:00
Fabrice Fontaine
09bd087911 package/python-bsdiff4: add CPE variables
cpe:2.3🅰️pypi:bsdiff4 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apypi%3Absdiff4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:13:57 +02:00
Peter Korsgaard
6b595091c7 docs/website: update for 2020.02.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 14:03:54 +02:00
Peter Korsgaard
d81ac2e40f Update for 2020.02.12
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a6bd98fa8)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 14:01:20 +02:00
Fabrice Fontaine
b3ba0f1d2f package/coreutils: fix build without threads
Build of coreutils without threads is broken since bump to version 8.32
in commit b4a0f9fb0e

Fixes:
 - http://autobuild.buildroot.org/results/8d00bdabef73daa2a1d1f4c6e183dda447a82134

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - do an actual backport of patch 0002
  - add upstream status for patch 0003
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 12:22:23 +02:00
Peter Korsgaard
cb81c441e3 docs/website: update for 2020.11.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 12:16:27 +02:00
Peter Korsgaard
20cc2c13d7 Update for 2020.11.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f748088fa6)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 12:13:08 +02:00
Fabrice Fontaine
f2720836b7 package/expat: bump to version 2.3.0
https://github.com/libexpat/libexpat/blob/R_2_3_0/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:50:29 +02:00
Fabrice Fontaine
f684bc46ca package/python-web2py: add CPE variables
cpe:2.3🅰️web2py:web2py is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aweb2py%3Aweb2py

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:41:57 +02:00
Fabrice Fontaine
558bb6c8c1 package/python-sqlalchemy: add CPE variables
cpe:2.3🅰️sqlalchemy:sqlalchemy is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asqlalchemy%3Asqlalchemy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:41:55 +02:00
Fabrice Fontaine
86db0c3bae package/python-validators: add CPE variables
cpe:2.3🅰️validators_project:validators is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avalidators_project%3Avalidators

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:41:54 +02:00
Fabrice Fontaine
4dcd1dcf67 package/python-m2crypto: add CPE variables
cpe:2.3🅰️m2crypto_project:m2crypto is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Am2crypto_project%3Am2crypto

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:41:53 +02:00
Peter Korsgaard
03c2a81231 package/python-pygments: security bump to version 2.7.4
Fixes the following security issues:

- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
  2.7.3 may lead to denial of service when performing syntax highlighting of
  a Standard ML (SML) source file, as demonstrated by input that only
  contains the "exception" keyword

- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
  programming languages rely heavily on regular expressions.  Some of the
  regular expressions have exponential or cubic worst-case complexity and
  are vulnerable to ReDoS.  By crafting malicious input, an attacker can
  cause a denial of service

Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:

Version 2.6
-----------
(released March 8, 2020)

- Running Pygments on Python 2.x is no longer supported.
  (The Python 2 lexer still exists.)

Adjust the license hash for a change of copyright years:
a590ac5ea7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-05 11:06:44 +02:00
Fabrice Fontaine
94fa503d7b package/libvips: bump to version 8.10.6
Update indentation in hash file (two spaces)

https://github.com/libvips/libvips/blob/v8.10.6/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-05 11:04:31 +02:00
Bernd Kuhls
39232a0ffb package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.58
Release notes:
http://www.bluez.org/release-of-bluez-5-58-and-5-57/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-05 11:00:47 +02:00
Bernd Kuhls
9988ca9ead package/ell: bump version to 0.39
Changelog:
https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog

Needed for bluez5_utils bump to 5.58:
http://www.bluez.org/release-of-bluez-5-58-and-5-57/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-05 11:00:14 +02:00
Bernd Kuhls
d38d99c77d package/samba4: AD DC support needs ADS
Needed due to upstream commit:
607c9ab307

Fixes:
http://autobuild.buildroot.net/results/b3f/b3fe797408b9041de37433602b3a47211818e44b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-05 10:54:46 +02:00
Fabrice Fontaine
9496ed58bc package/python-enum34: add CPE variables
cpe:2.3🅰️python:enum34 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Aenum34

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:30:14 +02:00
Fabrice Fontaine
c0747ee4f4 package/python-ecdsa: add PYTHON_ECDSA_CPE_ID_VENDOR
cpe:2.3🅰️python-ecdsa_project:python-ecdsa is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-ecdsa_project%3Apython-ecdsa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:29:41 +02:00
Fabrice Fontaine
536a5017f7 package/python-pyjwt: add CPE variables
cpe:2.3🅰️pyjwt_project:pyjwt is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyjwt_project%3Apyjwt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:29:26 +02:00
Fabrice Fontaine
c16848b938 package/python-pyopenssl: add CPE variables
cpe:2.3🅰️pyopenssl:pyopenssl is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apyopenssl%3Apyopenssl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:29:06 +02:00
Fabrice Fontaine
d2eaa6a81c package/python-cryptography: add CPE variables
cpe:2.3🅰️cryptography_project:cryptography is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptography_project%3Acryptography

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:28:34 +02:00
Fabrice Fontaine
78da0a0ea3 package/python-paramiko: drop python-pyasn1 dependency
python-pyasn1 is truly optional since version 2.5.0 and
a31818c285

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 09:27:16 +02:00