Commit Graph

56729 Commits

Author SHA1 Message Date
Julien Olivain
7e02d2e762 package/fluidsynth: bump to version 2.2.0
For change log since v2.1.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.6
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.7
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.8
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.0

./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:15:19 +02:00
Bernd Kuhls
d69f1f7b32 package/libdrm: bump version to 2.4.105
Removed patch 0001, committed upstream:
https://cgit.freedesktop.org/mesa/drm/commit/?id=52f05d3d896480ee5431dcd444f53bb2a8e41cce

Renumbered remaining patch.

Updated license hash due to upstream commits:
https://cgit.freedesktop.org/mesa/drm/log/xf86drm.c

Release notes:
https://lists.freedesktop.org/archives/dri-devel/2021-April/302515.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:12:27 +02:00
John Keeping
eb8824ddc0 package/kexec: bump to version 2.0.21
https://lists.infradead.org/pipermail/kexec/2020-December/021835.html

Both patches were backports and are included in the 2.0.21 release so
they are deleted.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:09:47 +02:00
Bernd Kuhls
e243ec75f3 package/ffmpeg: bump version to 4.4
Remove wavpack-related patch and configure options due to upstream
removal of wavpack support:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=45070eec4c089b06947f07e25cdb1bc8b2102553

Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;;hb=refs/heads/release/4.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:53:50 +02:00
Bernd Kuhls
25135631d2 package/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Upstream added a dependency to xz:
8f19dac9a5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:46:18 +02:00
Bernd Kuhls
a70e5a708f package/kodi-inputstream-ffmpegdirect: bump version to 1.20.1-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:45:55 +02:00
Francois Perrad
8b65b4d60d configs/mx6cubox: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:40 +02:00
Fabrice Fontaine
b1ce058e45 package/attr: bump to version 2.5.1
Drop second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:18 +02:00
Fabrice Fontaine
a28e511cd7 package/acl: bump to version 2.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:48 +02:00
Fabrice Fontaine
678edb144b package/acl: add ACL_CPE_ID_VENDOR
cpe:2.3🅰️acl_project:acl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aacl_project%3Aacl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:02 +02:00
Fabrice Fontaine
1feedcd845 package/openldap: bump to version 2.4.58
Drop fifth patch (already in version)

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:20:13 +02:00
Fabrice Fontaine
5f2d38df4f package/bridge-utils: bump to version 1.7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:19:34 +02:00
Bernd Kuhls
ad259f06cc package/x11r7/xlib_libXaw: bump version to 1.0.14
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003077.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:18:05 +02:00
Bernd Kuhls
248fdccce4 package/x11r7/xlib_libXres: bump version to 1.2.1
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003078.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:56 +02:00
Bernd Kuhls
cff9e4bab0 package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003079.html

Updated license hash due to upstream commit:
https://cgit.freedesktop.org/xorg/driver/xf86-input-libinput/commit/?id=2bbc4727a12471e3699e2803404a013656066a94

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:44 +02:00
Fabrice Fontaine
aaa96d7887 package/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR
cpe:2.3🅰️python-markdown2_project:python-markdown2 is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-markdown2_project%3Apython-markdown2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:15:56 +02:00
Francois Perrad
22bb5c4e63 package/quickjs: bump to version 2021-03-27
- remove patch (merged upstream)
- file LICENSE added

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:14:18 +02:00
Fabrice Fontaine
24e26793bc package/network-manager-openvpn: bump to version 1.8.14
Update indentation in hash file (two spaces)

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/1.8.14/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:13:11 +02:00
Bernd Kuhls
15a2f9b819 package/{mesa3d, mesa3d-headers}: bump version to 21.0.2
Release notes:
21.0.0: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000622.html
21.0.1: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000624.html
21.0.2: https://lists.freedesktop.org/archives/mesa-announce/2021-April/000625.html

DRI swrast driver was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=435de835cd639d1b9bb96f81fc224771dc90af6d

OSMesa classic support was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=ee802372180a2b4460cc7abb53438e45c6b6f1e4

To avoid any conflict, and to show that the new OSMesa is Gallium-based,
we name the new option with a _GALLIUM suffix, even though this is now
the only OSMesa implementation left.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
  - rename the new option s/$/_GALLIUM/
  - don't drop the the old (pre-classic) legacy option
  - slightly reword the OSMesa help entry
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-07 23:24:25 +02:00
Bernd Kuhls
acd317d907 package/tor: do not install systemd service file
Upstream removed the sample service file for use with systemd:
https://gitweb.torproject.org/tor.git/commit/contrib?h=maint-0.4.5&id=915af1a65bc217fa33490876199bb69f760bea23

Fixes:
http://autobuild.buildroot.net/results/b80/b807f19283528b9f0d0c46250b660ea84695679c/
http://autobuild.buildroot.net/results/de4/de4f1a99b1c524b81579ee804156e26d3f8babe7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:27:05 +02:00
Fabrice Fontaine
552ba842b7 package/iwd: bump to version 1.13
iwd fails to build since bump of ell to version 0.39 in commit
9988ca9ead:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/9.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: src/ie.o: in function `ie_parse_data_rates':
ie.c:(.text+0x23ac): undefined reference to `minsize'

This is fixed by
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=17cf4da72613e80d08d51401399d02683ba8664b

Use official iwd tarball which will contain ell/useful.h header

https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=1.13

Fixes:
 - http://autobuild.buildroot.org/results/44e243530cbcec1c88511bb22f5e8e4655c43824

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:23:02 +02:00
Dick Olsson
09d3f13053 package/s6-rc: bump to version 0.5.2.1
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:50 +02:00
Dick Olsson
e88edae046 package/s6-networking: bump to version 2.4.1.0
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:29 +02:00
Dick Olsson
b14b2844f7 package/s6-dns: bump to version 2.3.5.0
Update license hash due to year change.

Refer to the change set described for s6-networking in the announcement:
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:16:20 +02:00
Dick Olsson
6d49b14165 package/s6-linux-utils: bump to version 2.5.1.4
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:15:15 +02:00
Dick Olsson
4376edb2d0 package/s6-portable-utils: bump to version 2.2.3.1
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:14:42 +02:00
Dick Olsson
7f552c710f package/s6: bump to version 2.10.0.2
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:54 +02:00
Dick Olsson
86f7634baf package/execline: Fix license hash after bump to version 2.8.0.0
Updated license hash due to year change.

Commit bf66772c9b was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:03 +02:00
Dick Olsson
965bf9e0ca package/skalibs: Fix license hash after bump to version 2.10.0.2
Updated license hash due to year change.

Commit 4d5587cb56 was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:11:26 +02:00
Peter Seiderer
097da083b1 package/valgrind: fix musl compile
The file musl.supp is missing from the download source package, add a
patch deviated from reduced upstream commit ([1]) re-adding the missing file.

Fixes:

  - http://autobuild.buildroot.net/results/b106be44d6e7d82a4e3ad16c995366a46d39ee3c

  make[1]: *** No rule to make target 'musl.supp', needed by 'default.supp'.  Stop.

[1] https://sourceware.org/git/?p=valgrind.git;a=patch;h=f4d98ff79d5a79102b777ea7e23002d9f7326489

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:07:37 +02:00
Dick Olsson
39763ca74e DEVELOPERS: Add Dick Olsson for all skarnet and s6 packages
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:46:30 +02:00
Bernd Kuhls
47b1bbd2f4 package/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix
Release notes:
https://github.com/kodi-pvr/pvr.iptvsimple/releases/tag/7.6.0-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:43:30 +02:00
Peter Korsgaard
3eadd76740 package/avahi: ignore CVE-2021-26720
CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.

https://security-tracker.debian.org/tracker/CVE-2021-26720

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:14 +02:00
Dick Olsson
bf66772c9b package/execline: bump to version 2.8.0.0
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Dick Olsson
4d5587cb56 package/skalibs: bump to version 2.10.0.2
- Drop patch that has been included upstream

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Peter Korsgaard
168bb8c336 docs/website: update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:37:12 +02:00
Peter Korsgaard
a74cb089cb Update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb10b0dfe6)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:34:27 +02:00
Peter Korsgaard
0918d2bf2d package/nodejs: security bump to version 12.22.1
Fixes the following security issues:

CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)

This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.

https://github.com/advisories/GHSA-c4w7-xm78-47vh

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 11:21:12 +02:00
Peter Korsgaard
cb5bfd63d9 package/python-django: security bump to version 3.0.14
Fixes the following security issue:

CVE-2021-28658: Potential directory-traversal via uploaded files

MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

Built-in upload handlers were not affected by this vulnerability.

For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 09:26:25 +02:00
Peter Korsgaard
0f4ec05ed0 package/busybox: add upstream gunzip security fix
Fixes the following security issue:

- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
  the error bit on the huft_build result pointer, with a resultant invalid
  free or segmentation fault, via malformed gzip data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 09:26:16 +02:00
Fabrice Fontaine
d043f5775a package/check: bump to version 0.15.2
https://github.com/libcheck/check/releases/tag/0.15.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:35:36 +02:00
Fabrice Fontaine
049ae2d7a6 package/rabbitmq-c: bump to version 0.11.0
Update indentation in hash file (two spaces)

https://github.com/alanxz/rabbitmq-c/releases/tag/v0.11.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:32:36 +02:00
Fabrice Fontaine
c9d339c3d1 package/libupnp: security bump to version 1.14.5
Non-recursive version of ixmlNode_free() avoids stack overflow
attack. Fixes CVE-2021-28302.

Also a number of other bugfixes:
https://github.com/pupnp/pupnp/blob/release-1.14.5/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:31:31 +02:00
Fabrice Fontaine
042c2ccde2 package/python-iptables: bump to version 1.0.0
- Drop patches (already in version)
- Update indentation in hash file (two spaces)

https://github.com/ldx/python-iptables/compare/v0.14.0...v1.0.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:28:19 +02:00
Fabrice Fontaine
7133276bdf package/python-zope-interface: bump to version 5.3.0
- Update indentation in hash file (two spaces)
- Update URL in Config.in as current URL returns 404 Not Found

https://github.com/zopefoundation/zope.interface/blob/5.3.0/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:27:42 +02:00
Fabrice Fontaine
1e44b1b838 package/python-websocket-client: bump to version 0.58
- Update hash of LICENSE (license switched back to LGPL-2.1+:
  6eaed48d49)
- Update indentation in hash file (two spaces)

https://github.com/websocket-client/websocket-client/blob/v0.58.0/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:22:09 +02:00
Fabrice Fontaine
2f1cf2eb83 package/fail2ban: bump to version 0.11.2
https://github.com/fail2ban/fail2ban/blob/0.11.2/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:21:44 +02:00
Tian Yuanhao
da80fd4156 package/wpa_supplicant: handle CONFIG_CTRL_IFACE carefully
When BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE is not set and
BR2_PACKAGE_WPA_SUPPLICANT_DBUS=y, CONFIG_CTRL_IFACE_DBUS_NEW will be
enabled by 's/^#\(CONFIG_CTRL_IFACE_DBUS_NEW\)/\1/' first, and then
disabled by 's/^\(CONFIG_CTRL_IFACE\)/#\1/'.

CONFIG_CTRL_IFACE_DBUS_NEW does not depend on CONFIG_CTRL_IFACE, except
for using it as a prefix. Fix this wrong behavior by adding '\>' after
CONFIG_CTRL_IFACE.

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Tested-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-06 22:06:00 +02:00
Francois Perrad
008bd0afef configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 13:20:07 +02:00
Titouan Christophe
c32bb6ce1b package/mosquitto: security bump to v2.0.10
Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.

CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred, most likely
resulting in a segfault. This will be updated with the CVE number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.

See the announcement: https://mosquitto.org/blog/2021/04/version-2-0-10-released/

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 13:19:55 +02:00