Commit Graph

57326 Commits

Author SHA1 Message Date
Peter Korsgaard
cebf2b91b3 package/dhcp: security bump to version 4.4.2-P1
Fixes the following security issue:

- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
  exploit a common vulnerability shared by dhcpd and dhclient

For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217

Update the LICENSE hash for a change of copyright years.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-31 22:29:04 +02:00
Yann E. MORIN
fe3cb7978a docs: move the IRC channel away from Freenode
Due to the recent events at Frenode [0], the channel has become a bit
unreliable (much spammed), and users have started to move away already,
as quite a few other projects have moved their IRC presence away from
Freenode.

There are a few alternatives. The first to spring to mind, is the new
Libera.Chat network [1], managed by the previous Freenode staff, so we
could expect quite a good experience there. However, it is a very young
network. The second well known alternative is the long-established OFTC,
which has been very reliable in its 20 years of existence.

So, let's move to OFTC, just because it has a track-record of robustness
(which Libera.Chat still has to build, for being young).

Note: there are a lot of other IRC networks, some very good too, but we
probably would be much off-topic on most of them.

[0] https://lwn.net/Articles/856543/
[1] https://libera.chat/
[2] https://www.oftc.net/

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Matthew Weber <matthew.weber@collins.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Acked-By: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 22:16:23 +02:00
Fabrice Fontaine
fb25c95a0b package/strace: xtensa needs headers >= 5.0
xtensa support needs user_pt_regs since version 5.6 and
2429c69961

However user_pt_regs is only available since kernel 5.0 and
06fbac8e89

Fixes:
 - http://autobuild.buildroot.org/results/c6c4fb3b9098c5fc5dbe4415e2a9757fc775b746

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 22:05:19 +02:00
Fabrice Fontaine
c3ba90d69a package/pkg-meson: always set b_pie to false
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:

/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'

To fix this build failure, always set b_pie to false as PIE will be
enabled by toolchain/toolchain-wrapper.mk if needed

Fixes:
 - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 21:00:06 +02:00
Yann E. MORIN
bfceec6b5f Revert "package/pkg-meson: handle b_pie"
This reverts commit a8a147f604.

That commit incorrectly made use of BR2_TOOLCHAIN_SUPPORTS_PIE, when it
should have been using BR2_PIC_PIE.

Besides, another attempt is pending, that unconditionally disables it as
it will be set by the toolchain wrapper already.

For both reasons, revert rather than switch over to BR2_PIC_PIE.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 11:16:35 +02:00
Fabrice Fontaine
a8a147f604 package/pkg-meson: handle b_pie
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:

/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'

Fixes:
 - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 11:10:00 +02:00
Fabrice Fontaine
4fce8cd4ae package/pipewire: alsa needs ucm
alsa unconditionally uses ucm since version 0.3.7 and
1612f5e4d2
which will result in the following build failure since commit
a6d88d3ba5:

../spa/plugins/alsa/acp/alsa-ucm.h:26:10: fatal error: alsa/use-case.h: No such file or directory
   26 | #include <alsa/use-case.h>
      |          ^~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/ef53534daf84397b4e22392f2a6be2c335819ab5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 10:28:04 +02:00
Peter Korsgaard
ab9ceea782 package/nginx: add upstream CVE-2021-23017 security fix
Fixes the following vulnerability:

- CVE-2021-23017: 1-byte memory overwrite in resolver

For more details, see the advisories:
https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://www.openwall.com/lists/oss-security/2021/05/25/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-28 14:36:39 +02:00
Peter Korsgaard
eae15d62c6 package/libcurl: security bump to version 7.77.0
Fixes the following security issues:

- CVE-2021-22897: schannel cipher selection surprise
  https://curl.se/docs/CVE-2021-22897.html

- CVE-2021-22898: TELNET stack contents disclosure
  https://curl.se/docs/CVE-2021-22898.html

- CVE-2021-22901: TLS session caching disaster
  https://curl.se/docs/CVE-2021-22901.html

Unconditionally disable the ldap(s) options.  These require external
libraries, but the options were ignored if the needed libraries weren't
available. This is now changed to be a fatal error since

dae382a1a1

Additionally, add a post-7.77.0 upstream patch to fix compilation with
bearssl.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-28 14:19:33 +02:00
Peter Korsgaard
1f1d220419 docs/website: update for 2021.05-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 23:41:23 +02:00
Fabrice Fontaine
8d7ac28707 package/gdb: fix gdbserver build with m68k and uclibc
Allow to build gdbserver with m68k and uclibc. This patch is not needed
for version above 9.2 because build_gdbserver as been
moved to its own file since
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=919adfe8409211c726c1d05b47ca59890ee648f1

This new file (gdbserver/configure.srv) does not seem to be affected by
this issue

Fixes:
 - http://autobuild.buildroot.org/results/f4d6d9d8418c0da48a3db4ad5a82e19bd16eae34

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:25:02 +02:00
Fabrice Fontaine
34a387b5f6 package/mpv: security bump to version 0.33.1
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.

https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 17:22:04 +02:00
Fabrice Fontaine
9dad1ef144 package/paho-mqtt-c: security bump to version 1.3.9
Old security issue not fixed:
https://github.com/eclipse/paho.mqtt.c/issues/1084

https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 17:21:48 +02:00
Fabrice Fontaine
d72350e62a package/boost: disable logs with riscv32
boost logs can't be built with riscv32 because it unconditionally uses
__NR_futex:

libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()':
libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope
   38 | #define BOOST_LOG_SYS_FUTEX __NR_futex
      |                             ^~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-27 09:44:54 +02:00
Adrian Perez de Castro
97b2511edb package/webkitgtk: disable gamepad support
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the
gamepad API, which requires libmanette, a library that is not yet
available in Buildroot.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 22:24:06 +02:00
Fabrice Fontaine
8258081602 package/pifmrds: always link with -lm
Commit 888546e527 wrongly removed linking
with -lm resulting in the following build failure:

/home/buildroot/autobuild/run/instance-3/output-1/host/bin/arm-linux-gnueabihf-gcc  -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -L/home/buildroot/autobuild/run/instance-3/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/lib -lsndfile
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-linux-gnueabihf/7.3.1/../../../../arm-linux-gnueabihf/bin/ld: fm_mpx.o: undefined reference to symbol 'cos@@GLIBC_2.4'
/home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/lib/libm.so.6: error adding symbols: DSO missing from command line

Fixes:
 - http://autobuild.buildroot.org/results/b2a6e6fd77bf9071ce9f75fed1811be9ffe5366d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 21:29:59 +02:00
Fabrice Fontaine
52b875d3ac package/libopenh264: fix mips32 build
Fix build failure with mips32 which is raised since the addition of
bootlin toolchains

Fixes:
 - http://autobuild.buildroot.org/results/cba3e9d0fd061cc3a92cb732bcdc2c7b66dbf6cb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 21:27:42 +02:00
Fabrice Fontaine
4f79b1cb93 package/python-bluezero: select dbus
Build is broken since commit
8bdc5e7c4d because BR2_PACKAGE_DBUS_PYTHON
is selected without selecting BR2_PACKAGE_DBUS

Fixes:
 - http://autobuild.buildroot.org/results/378dd714940440b8f9db763479ae929e90e33b80

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 22:19:44 +02:00
Yann E. MORIN
0905720202 Revert "package/{protobuf, python-protobuf}: bump to version 3.17"
This reverts commit 92332d31d5, which was
incorrectly applied to master instead of next.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 15:59:48 +02:00
Michael Nosthoff
92332d31d5 package/{protobuf, python-protobuf}: bump to version 3.17
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 15:57:06 +02:00
Matthew Weber
4e55bc8a4d utils/genrandconfig: drop hardening Config enables
Since 810ba387be, some form of these options are enable
by default. Specifically:

- Kept FORTIFY level 2 option as the default is now level 1.
- Removed all SSP options as the default now uses the best
  option based on toolchain support.
- Similar to SSP, for RELRO, the default now uses the best
  option based on toolchain support.
- Completely drop PIC PIE as it defaults =y

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 15:29:26 +02:00
Yann E. MORIN
cb1134bb79 package/libffi: drop superfluous CPE_ID_VERSION
The default for FOO_CPE_ID_VERSION is to default to FOO_VERSION, so drop
this superfluous definition.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Reviewed-by: Matthew Weber <Matthew.Weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 15:27:49 +02:00
Fabrice Fontaine
888546e527 package/pifmrds: use pkg-config
Use pkg-config to retrieve libsndfile dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 14:01:05 +02:00
Fabrice Fontaine
5022410324 package/php-imagick: add CPE variables
cpe:2.3🅰️php:imagick is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aphp%3Aimagick

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 13:40:35 +02:00
Fabrice Fontaine
20e20555c8 package/libmspack: add CPE variables
cpe:2.3🅰️kyzer:libmspack is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️kyzer:libmspack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 13:40:32 +02:00
Fabrice Fontaine
0aae08ee3d package/perl: add PERL_CPE_ID_VENDOR
cpe:2.3🅰️perl:perl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aperl%3Aperl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 13:40:30 +02:00
Fabrice Fontaine
5c81ffaffc package/findutils: add FINDUTILS_CPE_ID_VENDOR
cpe:2.3🅰️gnu:findutils is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Afindutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 13:40:28 +02:00
Fabrice Fontaine
e4625ae8d5 package/python-pillow: security bump to version 8.2.0
- Fix numerous CVEs:
  https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
- Update license to HPND:
  81078e8a0d

https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:50:56 +02:00
Fabrice Fontaine
a1f3e99f0e package/python-pillow: add webpmux support
webpmux is an optional dependency since version 2.2.0 and
b4735f7829

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: move into existing webp conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:49:36 +02:00
Fabrice Fontaine
e1e0e275c6 package/python-pillow: add xcb support
libxcb is an optional dependency since version 7.1.0 and
3c39e6fcf6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:30:35 +02:00
Fabrice Fontaine
9e21579c13 package/python-pillow: add lcms2 support
lcms2 is an optional dependency since version 2.3.0 and
6d9f349140

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:30:33 +02:00
Fabrice Fontaine
990d0c1cd2 package/expat: security bump to version 2.4.1
Fix CVE-2013-0340 "Billion Laughs":
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/

https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:24:55 +02:00
Fabrice Fontaine
1eb1a24e9f package/qemu: fix build with latest binutils
Fixes:
 - http://autobuild.buildroot.org/results/c0881df995093036eb7579d870efcae3feb323aa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:16:46 +02:00
Fabrice Fontaine
65c9ebcd90 package/libnids: drop LIBNIDS_IGNORE_CVES
NVD database has been updated:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3🅰️libnids_project:libnids:1.24:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 20:03:34 +02:00
Fabrice Fontaine
5dfb873acf package/mini-snmpd: add CPE variables
cpe:2.3🅰️minisnmpd_project:minisnmpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminisnmpd_project%3Aminisnmpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:49:55 +02:00
Fabrice Fontaine
84c07e1f51 package/minissdpd: add MINISSDPD_CPE_ID_VENDOR
cpe:2.3🅰️miniupnp_project:minissdpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminissdpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:49:53 +02:00
Fabrice Fontaine
cb140cd040 package/minidlna: add CPE variables
cpe:2.3🅰️readymedia_project:readymedia is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Areadymedia_project%3Areadymedia

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:49:51 +02:00
Fabrice Fontaine
425339dcdf package/minizip: add MINIZIP_CPE_ID_VENDOR
cpe:2.3🅰️minizip_project:minizip is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminizip_project%3Aminizip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix typo MINZIP -> MINIZIP]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:49:23 +02:00
Fabrice Fontaine
22c5e1f847 package/netsurf: add NETSURF_CPE_ID_VENDOR
cpe:2.3🅰️netsurf-browser:netsurf is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetsurf-browser%3Anetsurf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:48:44 +02:00
Fabrice Fontaine
4919a9c17f package/opencv3: add CPE variables
cpe:2.3🅰️opencv:opencv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopencv%3Aopencv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:48:41 +02:00
Fabrice Fontaine
bd5dabce4c package/oprofile: add OPROFILE_CPE_ID_VENDOR
cpe:2.3🅰️maynard_johnson:oprofile is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amaynard_johnson%3Aoprofile

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:48:39 +02:00
Fabrice Fontaine
3ab5ec3fbc package/libnids: add LIBNIDS_CPE_ID_VENDOR
cpe:2.3🅰️libnids_project:libnids is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibnids_project%3Alibnids

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 19:48:37 +02:00
Fabrice Fontaine
02656c30c9 package/pipewire: needs dynamic library
Since bump to version 0.3.26 in commit
a6d88d3ba5, pipewire needs dynamic library
support for at least spa plugins (which can be disabled) and spa tools
(which can't be disabled)

Fixes:
 - http://autobuild.buildroot.org/results/ea05fa6ca39b1ac55e301e5c11d3a62080d36e9e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 14:27:59 +02:00
Bernd Kuhls
648ff342db package/hwloc: add optional dependencies to udev, libxml2, ncurses & numactl
udev:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L626

libxml2:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L1273

ncurses:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L340

numactl:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L419

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: drop unconditional --disable-libxml2]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 14:13:19 +02:00
Fabrice Fontaine
77d1a1be54 package/p7zip: add P7ZIP_CPE_ID_VENDOR
cpe:2.3🅰️7-zip:p7zip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3A7-zip%3Ap7zip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 13:47:21 +02:00
Fabrice Fontaine
c95d3d8ab8 package/libical: add LIBICAL_CPE_ID_VENDOR
cpe:2.3🅰️libical_project:libical is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibical_project%3Alibical

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 13:47:19 +02:00
Fabrice Fontaine
81009e31d9 package/shellinabox: add SHELLINABOX_CPE_ID_VENDOR
cpe:2.3🅰️shellinabox_project:shellinabox is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ashellinabox_project%3Ashellinabox

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 13:47:17 +02:00
Fabrice Fontaine
b3c332853e package/blktrace: add BLKTRACE_CPE_ID_VENDOR
cpe:2.3🅰️blktrace_project:blktrace is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ablktrace_project%3Ablktrace

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 13:47:14 +02:00
Peter Korsgaard
ecb55c43ce package/lz4: add upstream security fix for CVE-2021-3520
Fixes a potential memory corruption with negative memmove() size.  For
details, see (NVD not yet updated):

https://security-tracker.debian.org/tracker/CVE-2021-3520

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-23 13:45:59 +02:00
Fabrice Fontaine
d642381049 package/imagemagick: security bump to version 7.0.11-13
Fix CVE-2021-20309 to CVE-2021-20313

https://github.com/ImageMagick/ImageMagick/blob/7.0.11-13/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-23 11:39:39 +02:00