Commit Graph

63844 Commits

Author SHA1 Message Date
Dario Binacchi
f414afe53d package/uuu: bump to version 1.4.224
It requires the host-zstd package.

The hash of README.md changed due to changes unrelated to the license
terms:

-- `sudo apt-get install libusb-1.0-0-dev libbz2-dev pkg-config cmake libssl-dev g++`
+- `sudo apt-get install libusb-1.0-0-dev libbz2-dev libzstd-dev pkg-config cmake libssl-dev g++`

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-06 08:51:18 +02:00
Marcus Folkesson
dedc1b71d9 package/libostree: bump to version 2022.4
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-05 22:17:12 +02:00
Quentin Schulz
bba4dad9aa package/libcamera: strip symbols before signing IPA libs
Open-Source IPA shlibs need to be signed in order to be runnable within
the same process, otherwise they are deemed Closed-Source and run in
another process and communicate over IPC.

The shlib installed on the target should be the same as the one signed
by libcamera during package creation otherwise the signature won't match
the shlib.

Buildroot sanitizes RPATH in a post build process. meson gets rid of
rpath while installing so we don't need to do it manually.

Buildroot may strip symbols, so we need to do the same before signing.

Signing the IPA shlibs is done by the meson install target, so we need
to strip the IPA shlibs, so after the build but before the install,
which a post-build hooks fits the best.

Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: slight rewording of commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 21:50:44 +02:00
Fabrice Fontaine
7d58c41394 package/uuu: add host-openssl dependency
Fix the following build failure raised since the addition of the package
in commit 776385d645:

CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
OPENSSL_CRYPTO_LIBRARY (ADVANCED)
    linked by target "uuu" in directory /home/buildroot/autobuild/instance-0/output-1/build/host-uuu-1.4.193/uuu
OPENSSL_SSL_LIBRARY (ADVANCED)
    linked by target "uuu" in directory /home/buildroot/autobuild/instance-0/output-1/build/host-uuu-1.4.193/uuu

Fixes:
 - http://autobuild.buildroot.org/results/2f05bc67112a59eba8f59ff707e43d76e41dbad1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 18:54:06 +02:00
Fabrice Fontaine
026f35d9e7 package/libopenssl: security bump to version 1.1.1p
The c_rehash script allows command injection (CVE-2022-2068)
============================================================

Severity: Moderate

In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.

When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the
shell.

This script is distributed by some operating systems in a manner where
it is automatically executed.  On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

https://www.openssl.org/news/secadv/20220621.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 18:53:11 +02:00
Baruch Siach
a0b8eee635 package/iptables: fix build with musl libc
Add upstream patch fixing collision of struct ethhdr definition with
kernel headers.

Add another upstream patch to remove undefined u_int16_t type build
breakage.

Fixes:
http://autobuild.buildroot.net/results/2a449752ee51eed8b8d569a52eb69f635e0369cd/
http://autobuild.buildroot.net/results/23e97f88259850ecb12f2444365b34fa6fac8211/
http://autobuild.buildroot.net/results/b8e3809d469c949a755808b7132717b0325ebafa/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 18:50:23 +02:00
Yegor Yefremov
a49d70a3f2 package/python-setuptools-scm: add missing runtime dependency
Since version 7.0.4 python-setuptools-scm requires
host-python-typing-extensions package.

Fixes:
http://autobuild.buildroot.net/results/a4a52da24032222860ad6abe89bf66839cc2e812/
http://autobuild.buildroot.net/results/2b381cd32671db4aa0b281ece5569667bae0f923/
http://autobuild.buildroot.net/results/a3c5208224cc7825152d9a27b64fd82fb000a259/

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[yann.morin.1998@free.fr: split long line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 17:53:07 +02:00
Quentin Schulz
44eda2602a boot/optee-os: fix typo in help message of BR2_TARGET_OPTEE_OS_CUSTOM_TARBALL
The custom tarball option should be given a URL pointing to an OP-TEE OS
tarball and not a "kernel" one.

Fixes: 9c79b369d6 "boot/optee-os: add support for custom tarball URL"
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-04 17:41:00 +02:00
Thomas Petazzoni
91562c9045 DEVELOPERS: drop Gaël Portay
Gaël Portay is apparently no longer at Collabora:

<gael.portay@collabora.com>: host mail.collabora.co.uk[46.235.227.172] said:
    550 5.1.1 <gael.portay@collabora.com>: Recipient address rejected: User
    unknown in local recipient table (in reply to RCPT TO command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-04 09:50:43 +02:00
Fabrice Fontaine
faeebe0858 package/watchdogd: install to staging
Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=14881

The package provides a library and a .pc file, so install it into staging as
well.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:55:24 +02:00
Fabrice Fontaine
017dbc770c package/glog: bump to version 0.6.0
https://github.com/google/glog/releases/tag/v0.6.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:54:31 +02:00
Fabrice Fontaine
df91a970b6 package/ghostscript: security bump to version 9.56.1
Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.

Drop patch (already in version)

https://www.ghostscript.com/doc/9.56.0/News.htm
https://www.ghostscript.com/doc/9.56.1/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:54:05 +02:00
Fabrice Fontaine
17f568f399 package/vim: security bump to version 9.0.0008
- Fix CVE-2022-2124, CVE-2022-2125, CVE-2022-2126 and CVE-2022-2129
- Update hash of README.txt (version updated with
  eb49041875)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:53:17 +02:00
Fabrice Fontaine
a336b731af package/gtest: bump to version 1.12
https://github.com/google/googletest/releases/tag/release-1.12.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:53:10 +02:00
James Hilliard
bf46a455bf package/weston: bump to version 10.0.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:50:41 +02:00
Fabrice Fontaine
7186fdb51f package/sshfs: bump to version 3.7.3
https://github.com/libfuse/sshfs/blob/sshfs-3.7.3/ChangeLog.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:49:54 +02:00
James Hilliard
e2f743f38f package/python-weasyprint: bump to version 55.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:49:08 +02:00
James Hilliard
7cb07eef97 package/python-setuptools-scm: bump to version 7.0.3
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:59 +02:00
James Hilliard
f9ee963562 package/python-pyparsing: bump to version 3.0.9
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:50 +02:00
James Hilliard
ae879f6300 package/python-setuptools: bump to version 62.6.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:41 +02:00
James Hilliard
700a1f26b0 package/python-pypa-build: bump to version 0.8.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:34 +02:00
James Hilliard
83548c33fa package/python-pillow: bump to version 9.1.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:27 +02:00
James Hilliard
06ac43e7cc package/python-pycryptodomex: bump to version 3.15.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:20 +02:00
James Hilliard
5b022b1081 package/python-cssutils: bump to version 2.4.2
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:48:11 +02:00
Bernd Kuhls
9df9f06ace package/vdr: bump version to 2.6.1
Changelog: https://github.com/vdr-projects/vdr/blob/master/HISTORY

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 10:05:55 +02:00
Bernd Kuhls
59c623fad6 package/sqlite: bump version to 3.39.0
Release notes: https://sqlite.org/releaselog/3_39_0.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 09:58:19 +02:00
Bernd Kuhls
ad54a80465 package/pure-ftpd: bump version to 1.0.51
Changelog: https://github.com/jedisct1/pure-ftpd/blob/master/ChangeLog

Updated copyright hash due to copyright year bump:
cf1a9705c6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 09:56:39 +02:00
Bernd Kuhls
214ea2207f package/intel-gmmlib: bump version to 22.1.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 09:56:31 +02:00
Bernd Kuhls
b034109dd6 package/libcurl: security bump to version 7.84.0
Fixes the following security issues:

- CVE-2022-32205: Set-Cookie denial of service
  https://curl.se/docs/CVE-2022-32205.html

- CVE-2022-32206: HTTP compression denial of service
  https://curl.se/docs/CVE-2022-32206.html

- CVE-2022-32207: Unpreserved file permissions
  https://curl.se/docs/CVE-2022-32207.html

- CVE-2022-32208: FTP-KRB bad message verification
  https://curl.se/docs/CVE-2022-32208.html

Changelog: https://curl.se/changes.html

Upstream removed configure option --enable-hidden-symbols:
0c2d3118aa

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 09:52:08 +02:00
Neal Frager
da7b674d91 configs/zynqmp_kria_xxx_defconfig: uboot dp pll patch
This patch fixes the DP audio and video PLL configurations for the zynqmp-sm-k26-revA som.
It needs to be applied for both the kv260 and kr260 starter kits.

The Linux DP driver expects the DP to be using the following PLL config:
  - DP video PLL should use the VPLL (0x0)
  - DP audio PLL should use the RPLL (0x3)
  - DP system time clock PLL should use RPLL (0x3)

Register 0xFD1A0070 configures the DP video PLL.
Register 0xFD1A0074 configures the DP audio PLL.
Register 0xFD1A007C configures the DP system time clock PLL.

This patch was build and run tested on a zynqmp-kria-kv260 target board.

Upstream-Status: submitted (https://lore.kernel.org/all/fa7e9abc419c9d7648405d1c62367dbe701d09b8.1652709736.git.michal.simek@amd.com/)
This patch will be removed from buildroot in a future release when no longer necessary.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-01 17:02:15 +02:00
Neal Frager
d488c94630 configs/zynqmp_kria_kv260_defconfig: build atf with uart1 console
This patch fixes an ATF issue by building the ATF for uart1 instead
of uart0 for the Kria KV260 Starter Kit.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-01 16:59:30 +02:00
Neal Frager
0017c3daa8 board/zynqmp/kria/readme.txt: improve documentation for qspi programming
This patch improves the documentation for kria k26 som qspi programming.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
[Peter: drop trailing spaces]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-01 16:27:30 +02:00
Bernd Kuhls
23e1e04d54 package/tor: fix LibreSSL build
Fixes:
http://autobuild.buildroot.net/results/71e/71e03ee8f6e6e5a235556b85a360cbad23a22897/
http://autobuild.buildroot.net/results/4a9/4a93bea0b83eca133ace3e3cfd2b5cb60b691d6e/
http://autobuild.buildroot.net/results/6b8/6b8ab9c5253586426b33d2cba20e7f9f992dbee9/
http://autobuild.buildroot.net/results/8a9/8a9c19878c2d599de6aa3bb3a849b1701f50a829/

and many others

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:08:16 +02:00
Federico Pellegrin
8aa0ef41cb package/kexec: bump to version 2.0.24
https://www.spinics.net/lists/kexec/msg28922.html

Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:07:11 +02:00
Fabrice Fontaine
5b1a438995 package/proxychains-ng: bump to version 4.16
Drop patch (already in version)

https://github.com/rofl0r/proxychains-ng/releases/tag/v4.16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:06:38 +02:00
Fabrice Fontaine
3f7afc40e1 DEVELOPERS: fix email of Dario Binacchi
Fix email typo added by commit 776385d645

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:05:25 +02:00
Fabrice Fontaine
4bb0008aa5 package/uuu: use official tarball
Use official tarball and so drop UUU_SET_VERSION

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:05:09 +02:00
Fabrice Fontaine
e62db6c7cc package/upower: bump to version 0.99.19
- Switch site to get latest release
- Switch to meson-package (autotools dropped since version 0.99.14)
- libusb is not a dependency since
  64582256a8
- Update indentation in hash file (two spaces)

https://gitlab.freedesktop.org/upower/upower/-/blob/v0.99.19/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: also update thermald dependencies]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 08:03:41 +02:00
Fabrice Fontaine
ecf85b4ef5 package/udpcast: bump to version 20211207
https://udpcast.linux.lu/mailman3/hyperkitty/list/udpcast@udpcast.linux.lu/thread/SC6JCO6PGT3ELHQWRCO4PAIGGDDCKFMI

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 07:57:05 +02:00
Fabrice Fontaine
428e9d74c4 package/libminiupnpc: bump to version 2.2.3
Update hash of license file (update in year)

http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.2.3.tar.gz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 07:55:58 +02:00
Леонид Юрьев (Leonid Yuriev)
c099842544 package/libmdbx: bump version to 0.11.8
This is stable bugfix release of libmdbx.
The project's website now is on https://libmdbx.dqdkfa.ru/

Release notes for v0.11.8 https://gitflic.ru/project/erthink/libmdbx/release/06268038-39ff-4270-9be8-9f26d5543015

The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md

Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:46:41 +02:00
Yegor Yefremov
b1fe952835 package/libusb: bump to version 1.0.26
Remove upstreamed patches.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Peter: drop _AUTORECONF]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:42:46 +02:00
Fabrice Fontaine
9b7f8da96b package/sudo: bump to version 1.9.11p2
License file renamed and year updated with
0ed92e6165
d02ba52fa4

https://www.sudo.ws/releases/stable/#1.9.11p2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:40:26 +02:00
Fabrice Fontaine
22a333f91e package/spice-protocol: bump to version 0.14.4
https://gitlab.freedesktop.org/spice/spice-protocol/-/blob/v0.14.4/CHANGELOG.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:39:59 +02:00
Fabrice Fontaine
4cdbec6e6e package/python-pylru: bump to version 1.2.1
Update indentation in hash file (two spaces)

https://github.com/jlhutch/pylru/compare/v1.2.0...v1.2.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:38:23 +02:00
Fabrice Fontaine
e5189a09d7 package/rabbitmq-server: replace RABBITMQ_SERVER_CPE_ID_VENDOR
pivotal_software has been replaced by vmware in March 2022:

 <cpe-item name="cpe:/a:pivotal_software:rabbitmq:3.7.28" deprecated="true" deprecation_date="2022-03-17T14:05:30.170Z">
      <reference href="https://www.rabbitmq.com/">Product</reference>
      <reference href="https://github.com/rabbitmq/rabbitmq-server/releases">Change Log</reference>
    <cpe-23:cpe23-item name="cpe:2.3🅰️pivotal_software:rabbitmq:3.7.28:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3🅰️vmware:rabbitmq:3.7.28:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avmware%3Arabbitmq

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:37:49 +02:00
Fabrice Fontaine
3bd30f4a13 package/nginx: replace NGINX_CPE_ID_VENDOR
nginx has been replaced by f5 since February 2022:

<cpe-item name="cpe:/a:nginx:nginx:1.18.0" deprecated="true" deprecation_date="2022-02-22T19:26:32.967Z">
      <reference href="https://nginx.org/en/CHANGES-1.18">Change Log</reference>
    <cpe-23:cpe23-item name="cpe:2.3🅰️nginx:nginx:1.18.0:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3🅰️f5:nginx:1.18.0:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Af5%3Anginx

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:35:03 +02:00
Fabrice Fontaine
a143c012ef package/systemd: replace SYSTEMD_CPE_ID_VENDOR
freedesktop has been replaced by systemd_project since January 2022:

<cpe-item name="cpe:/a:freedesktop:systemd:247:rc1" deprecated="true" deprecation_date="2022-01-28T19:09:42.747Z">
    <title xml:lang="en-US">freedesktop systemd 247 Release Candidate 1</title>
      <reference href="https://github.com/systemd/systemd/releases">Change Log</reference>
    <cpe-23:cpe23-item name="cpe:2.3🅰️freedesktop:systemd:247:rc1:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3🅰️systemd_project:systemd:247:rc1:*:*:*:*:*:*" type="NAME_CORRECTION"/>

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asystemd_project%3Asystemd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:34:40 +02:00
Fabrice Fontaine
cc66cf922b package/tcpreplay: security bump to version 4.4.1
- Fix CVE-2021-45386: tcpreplay 4.3.4 has a Reachable Assertion in
  add_tree_ipv6() at tree.c
- Fix CVE-2021-45387: tcpreplay 4.3.4 has a Reachable Assertion in
  add_tree_ipv4() at tree.c.

https://github.com/appneta/tcpreplay/blob/v4.4.1/docs/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:34:31 +02:00
Fabrice Fontaine
77bf0a1e63 package/tcpreplay: replace TCPREPLAY_CPE_ID_VENDOR
tcpreplay has been replaced by broadcom since April 2022:

<cpe-item name="cpe:/a:tcpreplay:tcpreplay:4.3.1" deprecated="true" deprecation_date="2022-04-02T03:29:17.303Z">
    <title xml:lang="en-US">tcpreplay 4.3.1</title>
      <reference href="http://tcpreplay.synfin.net/wiki/Download">Vendor</reference>
      <reference href="https://sourceforge.net/projects/tcpreplay/">Product</reference>
    <cpe-23:cpe23-item name="cpe:2.3🅰️tcpreplay:tcpreplay:4.3.1:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3🅰️broadcom:tcpreplay:4.3.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abroadcom%3Atcpreplay

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:33:56 +02:00