Commit Graph

57830 Commits

Author SHA1 Message Date
Michael Nosthoff
5d4dc98c58 package/systemd: fix homed dependency warning
Fixes:

showing "enable home daemon"
and "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12"
when BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12

introduced by fa62b5165c

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:07:26 +02:00
James Hilliard
56fd68b688 package/libdrm: fix man page disabling option
Commit 841c695468 (libdrm: change to meson build system) converted the
autotools --disable-manpages to the neson -Dmanpages=false. However, the
actual option is 'man-pages':

    WARNING: Unknown options: "manpages"

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: tweak commit log as per Peter's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 09:05:26 +02:00
Fabrice Fontaine
6333d5d1dc package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR
cpe:2.3🅰️libcgroup_project:libcgroup is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcgroup_project%3Alibcgroup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 08:58:43 +02:00
Fabrice Fontaine
d917e92c9b package/libcgroup: bump to version 0.42.2
Drop patch (already in version)

https://github.com/libcgroup/libcgroup/releases/tag/v0.42.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-17 08:58:42 +02:00
Bernd Kuhls
51761e0f93 package/x11r7/xserver_xorg-server: remove unused configure option --disable-xsdl
Upstream removed this configure option:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=52bc6d944946e66ea2cc685feaeea40bb496ea83

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:37 +02:00
Bernd Kuhls
974448aed3 package/x11r7/xserver_xorg-server: remove optional support for tslib
Upstream removed support for tslib:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=5c7ed785e3bdb9f0fbf8fbfdc93b5fdd2b2c7dbf

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:36 +02:00
Bernd Kuhls
553a123526 package/x11r7/xserver_xorg-server: remove evdev input drivers for kdrive
Upstream removed the evdev driver for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=27819950e4158326e0f83a30f2e8968b932625ef

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:34 +02:00
Bernd Kuhls
2779de195f package/x11r7/xserver_xorg-server: remove xfbdev
Upstream removed the kdrive framebuffer device server:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=feed7e3f982a7ac14f6fe85ed2e1ec4a83700841

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:33 +02:00
Bernd Kuhls
eea0da855b package/x11r7/xserver_xorg-server: remove non-evdev input drivers for kdrive
Upstream removed support for non-evdev input drivers for kdrive:
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=e7b8b7b131d8283c96ed0aff4593ab41441b5d3b

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:32 +02:00
Bernd Kuhls
d12c8c43fd package/x11r7/xserver_xorg-server: security bump version to 1.20.11
Fixes CVE-2021-3472:
https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003081.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:34:31 +02:00
Einar Jon Gunnarsson
c45accd295 package/modem-manager: add support for introspection
Enable introspection when GObject Introspection is enabled.

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Acked-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr: drop config option, rely on GOI package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:07:01 +02:00
Einar Jon Gunnarsson
87ba7be02f package/yavta: bump to latest version
Add hash file
Convert to meson build
Use https instead of http and git

Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
[yann.morin.1998@free.fr: also switch repo to https]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-15 23:01:50 +02:00
Arnout Vandecappelle (Essensium/Mind)
148e8c92b9 package/Config.in: change postgresql condition
The condition around postgis was added to make a sort of submenu of the
postgresql extensions under postgresql itself. However, such a condition
should be on BR2_PACKAGE_POSTGRESQL, not on its suboption
BR2_PACKAGE_POSTGRESQL_FULL.

Change the condition in package/Config.in to BR2_PACKAGE_POSTGRESQL, and
move the BR2_PACKAGE_POSTGRESQL_FULL condition to
package/postgis/Config.in.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 22:27:47 +02:00
Maxim Kochetkov
fceec33568 package/protozero: new package
Minimalistic protocol buffer decoder and encoder in C++.
Designed for high performance. Suitable for writing zero copy
parsers and encoders with minimal need for run-time allocation
of memory.

Low-level: this is designed to be a building block for writing
a very customized decoder for a stable protobuf schema. If your
protobuf schema is changing frequently or lazy decoding is not
critical for your application then this approach offers
no value: just use the C++ API that can be generated with
the Google Protobufs protoc program.

https://github.com/mapbox/protozero

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:48:15 +02:00
Fabrice Fontaine
51d55fc132 package/genext2fs: bump to version 1.5.0
- Retrieve latest version from github
- Drop patch (already in version)

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13741

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:08:17 +02:00
Fabrice Fontaine
b147af911a package/quickjs: disable on nios2
quickjs unconditionally uses FE_{DOWN,UP}WARD and so fails to build on
nios2 since its addition in commit
5d50793659

Fixes:
 - http://autobuild.buildroot.org/results/69e280a7f478d1b16be989c7bd559f766053134b
 - http://autobuild.buildroot.org/results/f2c3ef7e3bbe30ac24710288336adabebd8b83a6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:07:35 +02:00
Fabrice Fontaine
0efb6e0cae package/postgis: add POSTGIS_CPE_ID_VENDOR
cpe:2.3🅰️postgis:postgis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apostgis%3Apostgis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:04:19 +02:00
Peter Seiderer
ee60021d54 package/postgis: add optional pcre dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:04:02 +02:00
Peter Seiderer
b4e7fd305a package/postgis: add optional json-c dependency
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:03:48 +02:00
Peter Seiderer
782948e499 package/postgis: disable protobuf support
- needs protobuf-c (not protobuf)
- protobuf-c configure tests are not cross-compile capable, even with

  ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
  POSTGIS_DEPENDENCIES += protobuf-c
  POSTGIS_CONF_OPTS += --with-protobuf
  POSTGIS_CONF_ENV += \
  	ac_cv_lib_protobuf_c_protobuf_c_message_init=yes \
  	ac_cv_lib_protobuf_c_protobuf_c_version=yes
  else
  POSTGIS_CONF_OPTS += --without-protobuf
  endif

  configure aborts with:

  checking for PROTOBUFC... yes
  checking protobuf-c/protobuf-c.h usability... yes
  checking protobuf-c/protobuf-c.h presence... yes
  checking for protobuf-c/protobuf-c.h... yes
  checking for protobuf_c_message_init in -lprotobuf-c... (cached) yes
  checking for protobuf_c_version in -lprotobuf-c... (cached) yes
  checking protobuf-c version... configure: error: in `.../build/postgis-3.1.1':
  configure: error: cannot run test program while cross compiling

Fixes:

  - http://autobuild.buildroot.net/results/8b95086b5e0876d0a4e41330446e767e4abd3729

  checking for PROTOBUFC... no
  libprotobuf-c not found in pkg-config
  checking protobuf-c/protobuf-c.h usability... no
  checking protobuf-c/protobuf-c.h presence... no
  checking for protobuf-c/protobuf-c.h... no
  configure: error: unable to find protobuf-c/protobuf-c.h using CPPFLAGS. You can disable MVT and Geobuf support using --without-protobuf

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-15 21:03:29 +02:00
José Luis Salvador Rufo
4470bc9914 package/zfs: new package
OpenZFS is an advanced file system and volume manager which was originally
developed for Solaris and is now maintained by the OpenZFS community. This
repository contains the code for running OpenZFS on Linux and FreeBSD.

http://zfsonlinux.org/

Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
[me:
  - fix test case on how to use a pre-built toolchain
  - reorder the test case config
  - add test case with glibc
  - drop superflous test timeout override
  - only select libtirpc when C library lacks native RPC
  - drop unused ZFS_MODULES variable
  - drop ZFS_CPE_ID_PREFIX and ZFS_AUTORECONF_OPTS which are defaults
  - drop NLS options, already set in a generic manner
  - drop incomplete/improper sysvinit support
  - some cosmetics
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-13 23:08:17 +02:00
Fabrice Fontaine
11e899f2b3 package/freerdp: fix build with gcc 4.8
Build is broken with gcc 4.8 since bump to version 2.3.1 in commit
01e78811db due to
5b2f35747b

Fixes:
 - http://autobuild.buildroot.org/results/e8e7d43d6183bb6de7bd2c2b300dbdb89f2052d8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-13 21:18:56 +02:00
Fabrice Fontaine
511fbda0be package/systemd: fix /etc/resolv.conf link on per-package build
Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13271

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-13 21:11:48 +02:00
Maxim Kochetkov
9bb1034455 package/postgis: new package
PostGIS is a spatial database extender for PostgreSQL object-relational
database. It adds support for geographic objects allowing location
queries to be run in SQL.

On microblazeel with the bootlin toolchain, the build fails with an ICE:

  during RTL pass: reload
  .../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
  .../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
  128 | }
      | ^

Since it's unlikely that postgis will ever be used on a microblaze,
simply disable it.

https://postgis.net/

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
 - Move postgresql dependency to package/Config.in, to satisfy
   alphabetical ordering in the menu while keeping it below postgresql.
 - Add dependency on !microblaze.
 - Add comment for dependencies.
 - Add positive version of --with-raster and --with-protobuf to
   _CONF_OPTS.
 - Expand BSD to BSD-2-Clause.
]
2021-04-12 23:07:54 +02:00
Fabrice Fontaine
079e5582a3 package/python-hiredis: fix build with gcc 4.8
Build fails with gcc 4.8 since bump to version 2.0.0 in commit
69405d8959

Fixes:
 -  http://autobuild.buildroot.org/results/04cbcddf6d83ebad8c98400754f9445375e9e489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-12 22:25:13 +02:00
Peter Korsgaard
b59ebb66f3 package/docker-engine: add CPE variables
cpe:2.3🅰️docker:docker is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:38:33 +02:00
Peter Korsgaard
b0b37310b7 package/docker-cli: add CPE variables
cpe:2.3🅰️docker:docker is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adocker%3Adocker

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:38:30 +02:00
Romain Naour
9620f6b054 package/mpc: bump to version 1.2.1
Since version 1.2.0, mpc requires mpfr 4.1.0.

See bc3541daa6

Update indentation in hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:36:30 +02:00
Romain Naour
aba23a012b package/mpfr: bump to version 4.1.0
See: https://www.mpfr.org/mpfr-4.1.0/

Update indentation in hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:35:38 +02:00
Romain Naour
81b0170a59 package/gcc: bump to version 10.3
Remove upstream patch
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5aeabae7f0cdd8dd3a01103b68b2e7a66a71c685

Rebase the patch: Revert "re PR target/92095 (internal error with -O1 -mcpu=niagara2 -fPIE)"
Add the link to the bug report.

Tested with toolchain-builder:
https://gitlab.com/kubu93/toolchains-builder/-/pipelines/284176939

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:33:36 +02:00
Bernd Kuhls
d592118ba4 package/kodi-inputstream-adaptive: bump version to 2.6.13
Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:24:25 +02:00
Fabrice Fontaine
66e1ababd5 package/python-packaging: bump to version 20.9
python-six is not a dependency since version 20.5 and
39a70cce69

https://github.com/pypa/packaging/blob/20.9/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:20:42 +02:00
Fabrice Fontaine
4cd04b401c package/igmpproxy: bump to version 0.3
- Update indention in hash file (two spaces)
- Use official tarball

https://github.com/pali/igmpproxy/releases/tag/0.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:17:02 +02:00
Fabrice Fontaine
92689f59cb package/cppzmq: bump to version 4.7.1
https://github.com/zeromq/cppzmq/releases/tag/v4.7.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:15:27 +02:00
Fabrice Fontaine
0bc4a7ea6d package/python-aioconsole: bump to version 0.3.1
https://github.com/vxgmichel/aioconsole/releases/tag/v0.3.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 21:14:43 +02:00
Sergio Prado
8453641c8c package/snort: bump version to 2.9.17.1
This is a bug fix release:

https://www.snort.org/downloads/snort/release_notes_2.9.17.1.txt

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:15:37 +02:00
Sergio Prado
a363384cff package/libgdiplus: bump version to 6.0.5
Remove patches applied upstream.

Add patch to not build unit tests by default (patch sent upstream):

https://github.com/mono/libgdiplus/pull/701

Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:11:52 +02:00
Bernd Kuhls
dd3c1bafb8 package/kodi-inputstream-ffmpegdirect: bump version to 1.21.0-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:06:42 +02:00
Fabrice Fontaine
aa75b053ba package/bridge-utils: fix build on musl
Build on musl is broken since bump to version 1.7.1 in commit
5f2d38df4f

Fixes:
 - http://autobuild.buildroot.org/results/0f080ff6913595ee2732b93206e5001c837c1bcc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:04:41 +02:00
Fabrice Fontaine
575c60ff9a package/readline: add Signed-off-by and renumber patch
Add Signed-off-by and while at it, renumber it

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13731

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:04:11 +02:00
Bernd Kuhls
4eceaa242b package/kodi-pvr-vuplus: bump version to 7.4.3-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:03:19 +02:00
Peter Korsgaard
535c65594c package/i2c-tools: add upstream post-4.2 i2ctransfer fix
i2c-tools 4.2 contained an invalid check, leading to verbose false-positive
warning messages when the variable length ({r,w}?) option is used:

https://www.spinics.net/lists/linux-i2c/msg50032.html
https://www.spinics.net/lists/linux-i2c/msg50253.html

Unfortunately upstream does not make bugfix releases, instead opting to list
such bugfixes on the wiki:

https://i2c.wiki.kernel.org/index.php/I2C_Tools

So add the patch here.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 11:36:55 +02:00
Peter Korsgaard
7aee27c2b9 package/clamav: security bump to version 0.103.2
Fixes the following security issues:

- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

- CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

- CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
  Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
  parsing of malformed png files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 18:39:56 +02:00
Fabrice Fontaine
68c7be9c28 package/isl: bump to version 0.23
Update indentation in hash file (two spaces)

https://repo.or.cz/isl.git/blob/8cec80451ea4f2f225629527b99ee2dc54ac2cad:/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:31:27 +02:00
Fabrice Fontaine
44deddbf82 package/python-httplib2: add CPE variables
cpe:2.3🅰️httplib2_project:httplib2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahttplib2_project%3Ahttplib2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:30:09 +02:00
Fabrice Fontaine
2050b4869d package/python-httplib2: security bump to version 0.19.1
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
  for Python. In httplib2 before version 0.19.0, a malicious server
  which responds with long series of "\xa0" characters in the
  "www-authenticate" header may cause Denial of Service (CPU burn while
  parsing header) of the httplib2 client accessing said server. This is
  fixed in version 0.19.0 which contains a new implementation of auth
  headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
  controlling unescaped part of uri for `httplib2.Http.request()` could
  change request headers and body, send additional hidden requests to
  same server. This vulnerability impacts software that uses httplib2
  with uri constructed by string concatenation, as opposed to proper
  urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
  bd9ee252c8

https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:23 +02:00
Fabrice Fontaine
b27d514c7d package/python-zeroconf: bump to version 0.29.0
Update indentation in hash file (two spaces)

https://github.com/jstasiak/python-zeroconf/tree/0.29.0#changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:10 +02:00
Fabrice Fontaine
f90056070b package/python-pyelftools: bump to version 0.27
Update indentation in hash file (two spaces)

https://github.com/eliben/pyelftools/blob/v0.27/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:57 +02:00
Fabrice Fontaine
16770c8cb9 package/sysdig: add SYSDIG_CPE_ID_VENDOR
cpe:2.3🅰️sysdig:sysdig is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysdig%3Asysdig

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:41 +02:00
Fabrice Fontaine
6db751e1e1 package/network-manager: bump to version 1.22.16
Notice: This fixes a security issue, but in code not used in Buildroot:

ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).

Update indentation in hash file (two spaces)

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:29:05 +02:00