Commit Graph

57830 Commits

Author SHA1 Message Date
Matt Weber
444d71e123 package/openresolv: add _CPE_ID_VENDOR
cpe:2.3🅰️openresolv_project:openresolv:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️openresolv_project:openresolv

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:23:13 +02:00
Matt Weber
c15daccf1e package/make: add _CPE_ID_VENDOR
cpe:2.3🅰️gnu:make:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️gnu:make

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:23:13 +02:00
Matt Weber
56d54119b1 package/libnl: add _CPE_ID_VENDOR
cpe:2.3🅰️libnl_project:libnl:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️libnl_project:libnl

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:30 +02:00
Matt Weber
4baccb9c5b package/libdaemon: add _CPE_ID_VENDOR
cpe:2.3🅰️libdaemon_project:libdaemon:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️libdaemon_project:libdaemon

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
74637c6e6f package/libcap: add _CPE_ID_VENDOR
cpe:2.3🅰️libcap_project:libcap:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️libcap_project:libcap

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
c24fc9042a package/json-for-modern-cpp: add _CPE_ID_VENDOR
cpe:2.3🅰️json-for-modern-cpp_project:json-for-modern-cpp:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️json-for-modern-cpp_project:json-for-modern-cpp

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:move up, right after license]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
5ba5e631fa package/iputils: add _CPE_ID_VENDOR
cpe:2.3🅰️iputils_project:iputils:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️iputils_project:iputils

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
9cf7caa186 package/iproute2: add _CPE_ID_VENDOR
cpe:2.3🅰️iproute2_project:iproute2:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️iproute2_project:iproute2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
3712e1dee7 package/gperf: add _CPE_ID_VENDOR and _CPE_ID_PRODUCT
cpe:2.3🅰️gperftools_project:gperftools:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️gperftools_project:gperftools

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
12bd427340 package/cmake: add _CPE_ID_VENDOR
cpe:2.3🅰️cmake_project:cmake:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️cmake_project:cmake

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
ad9f909ea6 package/cgroupfs-mount: add _CPE_ID_VENDOR
cpe:2.3🅰️cgroupfs-mount_project:cgroupfs-mount:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️cgroupfs-mount_project:cgroupfs-mount

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
fc6a829abe package/c-periphery: add _CPE_ID_VENDOR
cpe:2.3🅰️c-periphery_project:c-periphery:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️c-periphery_project:c-periphery

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Matt Weber
2de8724d54 package/automake: add _CPE_ID_VENDOR
cpe:2.3🅰️gnu:automake:* is a valid CPE identifier for this package:

 https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aautomake

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 23:22:29 +02:00
Maxim Kochetkov
990b14768c package/timescaledb: bump version to 2.1.1
Release notes: https://github.com/timescale/timescaledb/releases/tag/2.1.1

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 23:13:34 +02:00
Thomas Petazzoni
3887e8c095 boot/at91bootstrap: add legal information
The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 23:00:55 +02:00
Grzegorz Blach
85d912cb9d package/python-falcon: bump to version 3.0.0
Depends on BR2_PACKAGE_PYTHON3

The hash of the license file has changed because a short license file
was replaced by the complete text of the Apache 2.0 license. The
license itself remains the same.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:47:42 +02:00
Peter Seiderer
99362e8d17 package/gstreamer1/gst1-interpipe: bump version to 1.1.4
Changelog:

  - fix for memory leak in set of listen-to property

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:19:58 +02:00
Fabrice Fontaine
e55af2ff9e package/exfatprogs: bump to version 1.1.0
https://github.com/exfatprogs/exfatprogs/releases/tag/1.1.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:18:54 +02:00
Fabrice Fontaine
a4c38ae470 package/uboot-tools: security bump to version 2021.04
- Fix CVE-2021-27097: The boot loader in Das U-Boot before 2021.04-rc2
  mishandles a modified FIT.
- Fix CVE-2021-27138: The boot loader in Das U-Boot before 2021.04-rc2
  mishandles use of unit addresses in a FIT.

- Update second patch
- Drop fourth patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:18:38 +02:00
Fabrice Fontaine
ed653df573 package/nettle: security bump to version 3.7.2
Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2,
where several Nettle signature verification functions (GOST DSA, EDDSA &
ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply
function being called with out-of-range scalers, possibly resulting in
incorrect results. This flaw allows an attacker to force an invalid
signature, causing an assertion failure or possible validation. The
highest threat to this vulnerability is to confidentiality, integrity,
as well as system availability.

https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-20 22:18:20 +02:00
Fabio Estevam
769d053f65 configs/imx6-sabresd: bump U-Boot and kernel versions
Bump to U-Boot 2021.04 and kernel 5.10.25 versions.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:33:31 +02:00
Fabio Estevam
bd62da59b9 boot/uboot: bump to version 2021.04
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:31:49 +02:00
Fabrice Fontaine
34764dcfac package/python-botocore: drop docutils dependency
docutils is not a dependency since version 1.18.0 and
dd24dd1b2e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:29:41 +02:00
Fabrice Fontaine
32c10f256b package/fmt: add FMT_CPE_ID_VENDOR
cpe:2.3🅰️fmt:fmt is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afmt%3Afmt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-20 21:24:58 +02:00
Alexander Egorenkov
55a7382564 package/multipath-tools: bump to version 0.8.6
https://github.com/opensvc/multipath-tools/releases/tag/0.8.6

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:12 +02:00
Jörg Krause
40ebac416b package/libnpupnp: bump to version 4.1.3
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:06 +02:00
Jörg Krause
ec15f89be9 package/mpd: bump to version 0.22.6
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:45:02 +02:00
Alexander Dahl
3ce7afbe50 package/dnsmasq: security bump to 2.85
CVE-2021-3448 applies.  See announcement for details.

Link: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014962.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:29:48 +02:00
Ramon Fried
18c3d44a0a package/bitwise: bump version to 0.42
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:29:15 +02:00
Fabrice Fontaine
b27fca6482 package/yavta: disable -Werror
Fix build failure which is raised since bump to latest version in commit
87ba7be02f

Fixes:
 - http://autobuild.buildroot.org/results/d5b4f69f46cef4dd11410fe48d21372cb883ae4a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:28:25 +02:00
Michael Walle
bd82bedfd1 package/linux-serial-test: bump version
Give this package some love and update to the newest version. There are
no released versions, though. Therefore, use the latest commit.

Notable changes:
 - RS485 support fixes and features
 - internal loopback support

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:21:26 +02:00
Sam Voss
4732b78221 package/rsyslog: install default service file
As of v8.2008 rsyslog no longer provides a default service file, and now
suggests using the platform suggested defaults. For Buildroot, install
the Debian service file which has been added in the same version,
however is not included in the official release.

Upstream commit which adds this service file:
cfd07503ba

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 23:21:04 +02:00
Jörg Krause
53f5dd3115 package/spdlog: bump to version 1.8.5
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:54:46 +02:00
Jörg Krause
8974596836 package/gerbera: bump to version 1.8.0
Also recreate config.xml by building and running Gerbera using:

```
~/buildroot/output/target/usr/bin/gerbera --create-config > package/gerbera/config.xml

```

Note, that Gerbera sets the `<home>` parameter now to the runtime user's home by
default when generating the script. This is not appropriate when running Gerbera
on an embedded Linux system as we usually do not have multiple users or even
users at all. Therefore, we set the home directory to /var/lib/gerbera`.

As this directory is not created when installing Gerbera to the target,
it is created by the start script.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:54:27 +02:00
Francois Perrad
d72152ad8e package/luarocks: improve detection of license files
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:51:43 +02:00
Francois Perrad
2ff52ae939 package/luarocks: bump to version 3.7.0
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:45:20 +02:00
Jörg Krause
718b6c224a package/luv: bump to version 1.40.0-0
Also fix spacing to use 2 spaces in the hash file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:45:06 +02:00
Maxim Kochetkov
75d1a5a046 DEVELOPERS: add Maxim Kochetkov for postgis
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:44:11 +02:00
Fabrice Fontaine
4a48f2c180 package/oniguruma: bump to version 6.9.7.1
Update hash of COPYING (update in year:
56255e8b3e)

https://github.com/kkos/oniguruma/blob/v6.9.7.1/HISTORY

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:35:43 +02:00
Giulio Benetti
59fedf02df package/libnss: bump version to 3.64
Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.64_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:34:39 +02:00
Fabrice Fontaine
4b4d98e2c5 package/domoticz: drop boost date-time dependency
boost date-time is not a dependency since version 4.9700 and
a3eacbc987

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:33:55 +02:00
Fabrice Fontaine
8a46b41b4a package/domoticz: drop first patch
Patch not needed since commit 37f197f863
which bumped host-cmake dependency from 3.10 to 3.15

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:33:34 +02:00
Michael Nosthoff
8d51ee7c79 package/libgpiod: bump to version 1.6.3
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:46 +02:00
Bernd Kuhls
5dd2b7d774 package/meson: bump version to 0.57.2
Release notes: https://groups.google.com/g/mesonbuild/c/3YR_iOkh7co

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:28 +02:00
Michael Nosthoff
efd762feaa package/grpc: bump to version 1.37.0
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:26:25 +02:00
Bernd Kuhls
cffe295259 package/libcurl: bump version to 7.76.1
Bugfix release.  For details, see the changelog:
https://curl.se/changes.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-19 22:23:55 +02:00
Fabrice Fontaine
5a9504831f package/m4: fix build with glibc 2.34
m4 fails to build with glibc 2.34 because SIGSTKSZ is now a run-time
variable since
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6c57d320484988e87e446e2e60ce42816bf51d53

So backport an upstream patch from gnulib, see:
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00015.html

An other option would have been to apply patch from
https://lists.gnu.org/archive/html/bug-m4/2021-03/msg00024.html
but no feedback was received on this patch

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13721

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-19 22:18:27 +02:00
Thomas Petazzoni
d06bf96097 support/scripts/cve.py: use proper CPE ID version when available
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-04-18 18:20:27 +02:00
Sergio Prado
5e37992132 package/tio: disable for sparc and sparc64 architectures
tio fails to build on sparc and sparc64 architectures with a
redefinition of 'struct termio' error, with no proper fix or workaround
for now. See discussions in [1] and [2] and picocom source code in [3].

[1] http://patchwork.ozlabs.org/project/buildroot/patch/20191227204520.1500501-1-fontaine.fabrice@gmail.com/
[2] http://patchwork.ozlabs.org/project/buildroot/patch/20200511142602.46170-1-vadim4j@gmail.com/
[3] https://github.com/npat-efault/picocom/blob/master/termbits2.h#L37

So let's disable it for now on sparc and sparc64 architectures.

Fixes:
http://autobuild.buildroot.org/results/e041dde522e2a774f528d4377f67ca0a8a99461c
http://autobuild.buildroot.org/results/6e1f9fe47e8b2cfdf5effcb7bbc697189f54ff2c
http://autobuild.buildroot.org/results/49708fe6f404fea6761f102af854e98d6a1d43c1
Many more...

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:32:32 +02:00
Peter Korsgaard
f31227e628 support/scripts/cve.py: use fast ijson backend if available on old ijson versions
ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:

time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html

Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total

To
93,53s user 2,00s system 98% cpu 1:36,65 total

E.G. almost 2x as fast.

As a workaround, detect when the python backend is used and try to use a
more efficient one instead.  Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.

The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:14:40 +02:00