Commit Graph

71052 Commits

Author SHA1 Message Date
Bernd Kuhls
881fbdb674 package/{mesa3d, mesa3d-headers}: bump version to 23.3.5
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2024-February/000748.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-03 10:14:12 +01:00
Fabrice Fontaine
dbe037dc99 package/freerdp: security bump to version 2.11.5
- Fix CVE-2024-22211
- Update Upstream tag in patches

https://github.com/FreeRDP/FreeRDP/blob/2.11.5/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 12:01:23 +01:00
Fabrice Fontaine
0694cef47b package/cpio: fix tar.bz2 hash
Commit b0306d94b2 forgot to update
cpio-2.13.tar.bz2 to cpio-2.14.tar.bz2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 12:00:58 +01:00
Fabrice Fontaine
3ffb716da3 package/libpsl: fix legal info
Commit 863131cad9 forgot to update hash of
COPYING (update in year with:
80c17cc237)

Fixes:
 - http://autobuild.buildroot.org/results/2b09ca88a08fdba8ca75153688ed5dd9362c7520

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 11:59:22 +01:00
Peter Korsgaard
75e7c7ba8c package/{glibc, localedef}: security bump to version glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0
Fixes the following security issues:

CVE-2023-6246: syslog: Fix heap buffer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD

CVE-2023-6779: syslog: Heap buffer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD

CVE-2023-6780: syslog: Integer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD

For details, see the Qualys advisory:
https://www.openwall.com/lists/oss-security/2024/01/30/6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 11:58:51 +01:00
Peter Korsgaard
62b767fd3e package/glibc: add CVE ignore for CVE-2023-4806
Commit 8519de517e (package/{glibc, localedef}: security bump to version
glibc-2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701) correctly mentioned
CVE-2023-4806 in the commit message, but forgot to add an ignore for it.

Fix that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 11:58:42 +01:00
Peter Korsgaard
d932f84d9f package/syslog-ng: needs pcre2, not pcre
Syslog-ng-uses pcre2 instead of pcre since 4.3.0 with:
cb6de08dc9

No autobuilder failures, as pcre2 is implicitly available through libglib2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-31 21:24:34 +01:00
Sébastien Szymanski
f24e85238f docs/manual/contribute.txt: fix typo
"who sponsored who sponsored" -> "who sponsored"

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-31 21:23:18 +01:00
Fabrice Fontaine
ef5d3327a1 package/lynx: fix openssl static build
Use LDFLAGS instead of LIBS to fix the following openssl static build
failure raised because lynx filters out duplicates (i.e. -lz) in
CF_ADD_LIBS:

configure:12958: checking for inet_ntoa
configure:12995: /home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX  -static conftest.c -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lssl -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lz -pthread -lcrypto -lz -pthread  >&5
configure:12998: $? = 0
configure:13001: test -s conftest
configure:13004: $? = 0
configure:13014: result: yes
configure:13095: checking for gethostbyname
configure:13151: result: yes
configure:13232: checking for strcasecmp
configure:13288: result: yes
configure:13401: checking for inet_aton function
configure:13443: /home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX  -static conftest.c  -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lssl -lz -pthread -lcrypto >&5

[...]

/home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H  -DLOCALEDIR=\"/usr/share/locale\" -I. -I.. -Ichrtrans -I./chrtrans -I.. -I../src -I.././WWW/Library/Implementation    -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX -I/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include -I/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/openssl  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static  -Wl,-rpath,/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -Wl,-rpath,/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib   -L/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib -static -o lynx  LYebcdic.o LYClean.o LYShowInfo.o LYEdit.o L
 YStrings.o LYMail.o HTAlert.o GridText.o LYGetFile.o LYMain.o LYMainLoop.o LYCurses.o LYBookmark.o LYmktime.o LYUtils.o LYOptions.o LYReadCFG.o LYSearch.o LYHistory.o LYForms.o LYPrint.o LYrcFile.o LYDownload.o LYNews.o LYKeymap.o HTML.o HTFWriter.o HTInit.o DefaultStyle.o LYUpload.o LYLeaks.o LYexit.o LYJump.o LYList.o LYCgi.o LYTraversal.o LYEditmap.o LYCharSets.o LYCharUtils.o LYMap.o LYCookie.o LYStyle.o LYHash.o LYPrettySrc.o TRSTable.o parsdate.o UCdomap.o UCAux.o UCAuto.o  LYSession.o LYLocal.o  .././WWW/Library/Implementation/libwww.a -lz -static -lncurses -lssl -lcrypto -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -pthread
/home/autobuild/autobuild/instance-7/output-1/host/lib/gcc/x86_64-buildroot-linux-uclibc/11.4.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(libcrypto-lib-c_zlib.o): in function `zlib_oneshot_expand_block':
c_zlib.c:(.text+0xb8b): undefined reference to `uncompress'

Patching aclocal.m4 is not possible as autoreconf fails due to missing
AC_DIVERT_HELP macro.

This build failure is only raised by autobuilders since 2024 for an
unknown reason.

Fixes:
 - http://autobuild.buildroot.org/results/6d4119b54fc6b6111a03f81e131e83bae0d844d1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-31 21:21:18 +01:00
Bernd Kuhls
459620aa98 package/intel-gmmlib: bump version to 22.3.17
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:16:29 +01:00
Bernd Kuhls
adf323fc45 package/{mesa3d, mesa3d-headers}: bump version to 23.3.4
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2024-January/000745.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:16:13 +01:00
Bernd Kuhls
44292dabc0 {linux, linux-headers}: bump 4.19.x / 5.{4, 10, 15}.x / 6.{1, 6}.x series
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:15:16 +01:00
Bernd Kuhls
8b83d96145 package/kodi-pvr-mythtv: bump version to 20.5.10-Nexus
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:15:09 +01:00
Julien Olivain
c7c6778d2a package/opencsd: bump to version 1.5.1
For change log, see:
https://github.com/Linaro/OpenCSD/blob/v1.5.1/README.md?plain=1#L316

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:13:53 +01:00
Kieran Bingham
6f96d2d315 package/libcamera: bump to version 0.2.0
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:12:28 +01:00
Francois Perrad
41839480c4 package/libgtk3: bump to version 3.24.41
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:11:01 +01:00
Adrian Perez de Castro
863131cad9 package/libpsl: bump to version 0.21.5
The main changes are improvements to the Meson build system, including
a fix for a build issue related to iconv:

  https://github.com/rockdaboot/libpsl/releases/tag/0.21.3
  https://github.com/rockdaboot/libpsl/releases/tag/0.21.4
  https://github.com/rockdaboot/libpsl/releases/tag/0.21.5

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:06:19 +01:00
Robert Marko
b0fabbd2aa package/mdio-tools: bump version to 1.3.1
[v1.3.1] - 2023-12-02
---------------------

Fixes mvls to work with kernels 6.2 and onwards.

- mdio: Multiple registers can now be dumped at once, via the generic
  dump operation.

- mvls: Relax the driver matching to accept the strings used in
  kernels 6.2 and newer.

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:04:58 +01:00
Fabrice Fontaine
2953cd2644 package/joe: add JOE_CPE_ID_VENDOR
cpe:2.3🅰️joseph_allen:joe is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/5F530947-2060-4842-92B9-5BC61D9C5430

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 22:56:49 +01:00
David Barbion
1dfa4c56fe package/dhcpcd: bump to version 10.0.5
This version contains a fix for aarch64 based systems.
On such systems, dhcpcd would crash without setting any IP addresses.
See 6a36f96740
and https://github.com/NetworkConfiguration/dhcpcd/issues/260 for more
details.

Signed-off-by: David Barbion <davidb@230ruedubac.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 22:56:33 +01:00
Julien Olivain
e784eb8538 package/z3: bump to version 4.12.5
For change log since 4.12.4, see:
https://github.com/Z3Prover/z3/blob/z3-4.12.5/RELEASE_NOTES.md#version-4125

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 09:26:27 +01:00
Ismael Luceno
50ba0b0a40 package/axel: bump version to 2.17.12
Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 09:26:13 +01:00
Abilio Marques
8f403f0137 package/micropython-lib: merge with, and install as part of micropython
Until now, micropython-lib was a package that installed v1.9.3, which is
more than 6 years old. This was acceptable since micropython never made
any other official release of the library until v1.20.

Meanwhile, the libraries underwent a reorganization, and they are now
available in a directory structure that cannot be copied directly into
the target. This might explain why v1.9.3 is still present in the
current day buildroot (which comes with micropython v1.22).

As part of the changes made by the micropython project, the libraries
are now released together with the interpreter. They are cloned as a
submodule into the lib/micropython-lib directory, and are present in the
release tarball.

This commit introduces an auxiliary script to collect those libraries
and reorder them into a structure that can then be copied into
/usr/lib/micropython. The script utilizes a module from the tools
directory of the micropython repo.

The helper script is kept as simple as possible, and makes use of
existing micropython tools (used to process manifests) to discover the
list of packages available in micropython-lib. The hope is that by
relying on them, any future changes in directory structure will be
covered by the official "manifestfile.py" tool.

It is to be noted that, even though the manifestfile.py script/module is
part of the micropython package, it is actually written for CPython, and
is not expected to even work when using micropython as an interpreter.
This we do not need to introduce host-micropython to use that tool, and
microython already depends on host-python3 for other parts of the build.

With this commit, micropython-lib is installed (optionally) as part
of micropython, and thus a separate package is no longer needed. The
original config variable name was retained as it fits with the
micropython package "namespace", and thus this is backward compatible
and no legacy handling is needed.

This commit also ensures that the libraries in micropython-lib will
be updated together with newer versions of micropython in the future.

Signed-off-by: Abilio Marques <abiliojr@gmail.com>
[yann.morin.1998@free.fr:
  - use if-block in Config.in
  - simplify PYTHONPATH
  - fix check-package
  - reword and reorder parts of the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-29 21:38:53 +01:00
Bernd Kuhls
2fbeacf91f package/tor: Fix build with libressl >= 3.8.1
Fixes:
http://autobuild.buildroot.net/results/85c/85cde3bcd12fb5adafb94c85d5fa636e1b5b9068/

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: fix Upstream tag]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 18:46:07 +01:00
Fabrice Fontaine
c3cf06e0a8 package/frr: security bump to version 8.5.4
Fix CVE-2023-38802, CVE-2023-41360, CVE-2023-46752, CVE-2023-46753,
CVE-2023-47234 and CVE-2023-47235

https://frrouting.org/security/
https://frrouting.org/release/8.5.4/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 17:39:30 +01:00
Fabrice Fontaine
b80705800a package/x11r7/xserver_xorg-server: add CPE variables
cpe:2.3🅰️x.org:xorg-server is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/79A86C02-31A5-4F25-8CA6-7C4A8CD92B7B

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 17:37:34 +01:00
Francois Perrad
46d4f5c751 package/perl-posix-strftime-compiler: bump to version 0.46
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:34 +01:00
Francois Perrad
a1f9433885 package/perl-plack: bump to version 1.0051
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:30 +01:00
Francois Perrad
f32f348f65 package/perl-net-dns: bump to version 1.42
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:26 +01:00
Francois Perrad
b8c49ec261 package/perl-mozilla-ca: bump to version 20231213
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:22 +01:00
Francois Perrad
3e3701531f package/perl-mojolicious: bump to version 9.35
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:18 +01:00
Francois Perrad
402fe6ae46 package/perl-math-int64: bump to version 0.57
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:14 +01:00
Francois Perrad
588897736e package/perl-lwp-protocol-https: bump to version 6.12
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:10 +01:00
Francois Perrad
2ca657b77f package/perl-devel-stacktrace: bump to version 2.05
diff LICENSE:
    -This software is Copyright (c) 2000 - 2019 by David Rolsky.
    +This software is Copyright (c) 2000 - 2024 by David Rolsky.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:06 +01:00
Francois Perrad
0faa9037fc package/perl-date-manip: bump to version 6.94
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:02 +01:00
Francois Perrad
43a520ff42 package/perl-cookie-baker: bump to version 0.12
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:47:58 +01:00
Bernd Kuhls
c4c09a8fd2 package/linux-firmware: bump version to 20240115
Updated WHENCE hash due to various new entries for new blobs.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:41:49 +01:00
Peter Korsgaard
c55c1263ab package/gstreamer1-editing-services: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:34:01 +01:00
Peter Korsgaard
9f342e4a67 package/gst-omx: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:57 +01:00
Peter Korsgaard
6f28c463cf package/gst1-vaapi: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:53 +01:00
Peter Korsgaard
88a6cfefbf package/gst1-rtsp-server: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:49 +01:00
Peter Korsgaard
d948714037 package/gst1-python: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:45 +01:00
Peter Korsgaard
db9b4f3b0c package/gst1-libav: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:41 +01:00
Peter Korsgaard
74c32bfa5d package/gst1-devtools: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:37 +01:00
Peter Korsgaard
ca65df3da2 package/gst1-plugins-ugly: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:33 +01:00
Peter Korsgaard
3ee1148b00 package/gst1-plugins-bad: security bump to version 1.22.9
Fixes the following security issue:

CVE-2024-0444: Heap-based buffer overflow in the AV1 codec parser when
handling certain malformed streams before GStreamer 1.22.9

https://gstreamer.freedesktop.org/security/sa-2024-0001.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:29 +01:00
Peter Korsgaard
3407703f2c package/gst1-plugins-good: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:25 +01:00
Peter Korsgaard
6b7db1bf64 package/gst1-plugins-base: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:21 +01:00
Peter Korsgaard
e81d29d551 package/gstreamer1: bump to version 1.22.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:17 +01:00
Peter Korsgaard
0c7fd35947 package/darkhttpd: security bump to version 1.15
Fixes the following security issues:

CVE-2024-23770: Local Leak of Authentication Parameter in Process List

CVE-2024-23771: Basic Auth Timing Attack

https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html

Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.

Also change the license logic to use the dedicated COPYING file available
since 1.14:

a8ae2b1de0

This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:15:44 +01:00