Gilles Talis
a67fbb0c98
package/webp: bump to version 1.2.0
...
Also fixed indentation in hash file
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:04:18 +01:00
Fabrice Fontaine
58fc4b5085
package/sox: fix static build with id3tag
...
This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e
Fixes:
- http://autobuild.buildroot.org/results/73efdacf237e3d567fa66f3b3f68e624f5e35bc7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:56:05 +01:00
Fabrice Fontaine
5a0315f7d4
package/tpm2-pkcs11: add p11-kit optional dependency
...
Fixes:
- http://autobuild.buildroot.org/results/fee607da7226a92cceab2bbfd4c5d031016dfa3d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:55:09 +01:00
Francois Perrad
78ad95ae4b
package/lua-http: bump to version 0.4
...
diff LICENSE.md
- Copyright (c) 2015-2019 Daurnimator
+ Copyright (c) 2015-2021 Daurnimator
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:53:10 +01:00
Bernd Kuhls
f62efbcf17
package/libblockdev: bump version to 2.25
...
Release notes:
https://github.com/storaged-project/libblockdev/blob/2.x-branch/NEWS.rst
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:43:29 +01:00
Bernd Kuhls
d51f520bca
package/libbytesize: bump version to 2.5
...
Release notes:
https://github.com/storaged-project/libbytesize/releases/tag/2.4
https://github.com/storaged-project/libbytesize/releases/tag/2.5
Removed patch which was applied upstream:
f2b6600f54
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:43:18 +01:00
Bernd Kuhls
3e6469f1f9
package/libabseil-cpp: bump version to 20200923.3
...
Release notes:
https://github.com/abseil/abseil-cpp/releases/tag/20200923.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:42:50 +01:00
Fabrice Fontaine
9c33272d95
package/openrc: set OPENRC_CPE_ID_VALID
...
cpe:2.3🅰️ openrc_project:openrc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenrc_project%3Aopenrc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:41:06 +01:00
Fabrice Fontaine
483fc9dbd9
package/jsoncpp: set JSONCPP_CPE_ID_VALID
...
cpe:2.3🅰️ jsoncpp_project:jsoncpp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajsoncpp_project%3Ajsoncpp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:40:21 +01:00
Fabrice Fontaine
1cc809874c
package/unbound: add UNBOUND_CPE_ID_VENDOR
...
cpe:2.3🅰️ nlnetlabs:unbound is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aunbound
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:40:01 +01:00
Fabrice Fontaine
2e843bfa39
package/mariadb: set MARIADB_CPE_ID_VENDOR
...
cpe:2.3🅰️ mariadb:mariadb is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amariadb%3Amariadb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:38:57 +01:00
Fabrice Fontaine
2124fc7e15
package/gnuplot: set GNUPLOT_CPE_ID_VALID
...
cpe:2.3🅰️ gnuplot_project:gnuplot is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnuplot_project%3Agnuplot
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:38:30 +01:00
Yann E. MORIN
e4c284e6b9
package/pkg-utils: escape \ in generated legal-info
...
In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).
For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).
However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:
File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Invalid \escape: line 1 column 608554 (char 608553)
We fix that be globally escaping \ in our json output, in the generic
sanitising macro.
[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:32:40 +01:00
Fabrice Fontaine
3658c1362b
package/cryptopp: add CPE variables
...
cpe:2.3🅰️ cryptopp:crypto\+\+ is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Acryptopp%3Acrypto%5C%2B%5C%2B
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:30:43 +01:00
Fabrice Fontaine
2bf6bbc180
package/slirp: add CPE variables
...
cpe:2.3🅰️ libslirp_project:libslirp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibslirp_project%3Alibslirp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:30:27 +01:00
Jianhui Zhao
c3009cb497
package/rtty: bump version to 7.3.2
...
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:30:16 +01:00
Fabrice Fontaine
59e890df27
package/redis: add REDIS_CPE_ID_VENDOR
...
cpe:2.3🅰️ redislabs:redis is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredislabs%3Aredis
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:30:03 +01:00
Peter Korsgaard
0886898da2
package/mosquitto: bump version to 2.0.7
...
Includes a number of bugfixes. For details, see the announcement:
https://mosquitto.org/blog/2021/02/version-2-0-7-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:29:45 +01:00
Fabrice Fontaine
023644d193
package/python-flask-cors: bump to version 3.0.10
...
https://github.com/corydolphin/flask-cors/releases/tag/3.0.10
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:29:14 +01:00
Fabrice Fontaine
cab1f73025
package/libkrb5: add CPE variables
...
cpe:2.3🅰️ mit:kerberos_5 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amit%3Akerberos_5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:28:37 +01:00
Thomas Petazzoni
194da6a782
package/binutils: bump 2.36.x series to 2.36.1
...
Release notes:
We are very sorry to have to report that a problem was found with the
GNU Binutils 2.36 release. It turns out that it contained a small
portion of code that was not covered by an FSF copyright assignment.
So we have created a replacement release - 2.36.1 - with that code
removed.
In addition we found that a fix for a theoretical security
vulnerability[1] was itself broken and could result in the archiver
program "ar" misbehaving. So we have chosen to revert the fix from
the 2.36.1 release whilst the problem is properly resolved.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:27:32 +01:00
Fabrice Fontaine
3265a4ce84
package/oniguruma: set ONIGURUMA_CPE_ID_VALID
...
cpe:2.3🅰️ oniguruma_project:oniguruma is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoniguruma_project%3Aoniguruma
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:27:12 +01:00
Fabrice Fontaine
cfc54b3d70
package/freetype: add FREETYPE_CPE_ID_VENDOR
...
cpe:2.3🅰️ freetype:freetype is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreetype%3Afreetype
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:26:36 +01:00
Bernd Kuhls
975b7c68cb
package/libcoap: bump version
...
Reformatted hashes, updated license hash due to copyright year bump:
12fd8a25f7
Release notes:
https://sourceforge.net/p/libcoap/mailman/message/36801445/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:26:15 +01:00
Bernd Kuhls
2cacda2591
package/{apparmor, libapparmor}: bump version to 3.0.1
...
Release notes:
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1
Removed patches which were applied upstream, updated _SITE.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:24:49 +01:00
Bernd Kuhls
3b973385ac
package/libcli: bump version to 1.10.4
...
Removed whitespace and updated project URL in Config.in.
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:23:42 +01:00
Bernd Kuhls
dec9741a8f
package/libcap: bump version to 2.48
...
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:23:33 +01:00
Bartosz Bilas
f786969f2a
package/rauc: package/rauc: bump version to 1.5.1
...
Removed patch applied upstream.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:21:34 +01:00
Bernd Kuhls
b2dad74686
{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
...
Stick to 4.4.255 / 4.4.255 even though .256 is ready, as the wraparound of
the minor version may cause problems:
https://lkml.org/lkml/2021/2/5/747
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.256
https://lkml.org/lkml/2021/2/5/862
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.256
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: stick to 4.{4,9}.255]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:12:16 +01:00
Petr Vorel
b6573f1131
package/iputils: update path for tftpd
...
tftpd has been installed into /usr/sbin in 20210202
(in upstream commit 8d1420f tftpd: install into sbindir).
Thus remove hook which expected it in /usr/bin and tried to move it into
/usr/sbin.
Fixes:
- http://autobuild.buildroot.net/results/3d142a705f07d496b1342e04094cd03ce7d92994
- http://autobuild.buildroot.net/results/dae643b2d23d74b5f91225d00e85c350861a0e8a
- http://autobuild.buildroot.net/results/dcfcb082bc188e7f990e280c3fd5d971f32cc048
Fixes: ea422f9950
("package/iputils: bump version to 20210202")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-06 23:00:34 +01:00
Leonid Yuriev
fc7067df24
package/libmdbx: bump version to 0.9.3
...
Release notes: https://github.com/erthink/libmdbx/releases/tag/v0.9.3
Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-06 18:50:52 +01:00
Fabrice Fontaine
811846df48
package/htop: add lm-sensors optional dependency
...
lm-sensors is an optional dependency (enabled by default) since version
3.0.3 and
1b225cd7a0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-06 18:50:21 +01:00
Yair Ben-Avraham
42db2c7236
package/tpm2-pkcs11: new package
...
A PKCS#11 interface for TPM2 hardware
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[Peter: add openssl dependency, drop tpm2-tools, unconditionally pass -std=gnu99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-06 18:25:13 +01:00
Fabrice Fontaine
47132eed6d
package/tmux: bump to version 3.1c
...
- Drop patch (already in version)
- Update hash of COPYING (examples directory removed:
e722ba38e3
)
- Update indentation in hash file (two spaces)
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:52:32 +01:00
Fabrice Fontaine
76c53c8877
package/p11-kit: set P11_KIT_CPE_ID_VALID
...
cpe:2.3🅰️ p11-kit_project:p11-kit is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ap11-kit_project%3Ap11-kit
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:51:29 +01:00
Fabrice Fontaine
1338f9c49b
package/nodejs: add CPE variables
...
cpe:2.3🅰️ nodejs:node.js is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anodejs%3Anode.js
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:51:28 +01:00
Fabrice Fontaine
6710d6e3ca
package/tmux: set TMUX_CPE_ID_VALID
...
cpe:2.3🅰️ tmux_project:tmux is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atmux_project%3Atmux
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:51:26 +01:00
Fabrice Fontaine
b2ef0347c5
package/asterisk: add CPE variables
...
cpe:2.3🅰️ asterisk:open_source is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aasterisk%3Aopen_source
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:51:25 +01:00
Fabrice Fontaine
53e7998dee
package/raptor: add CPE variables
...
cpe:2.3🅰️ librdf:raptor_rdf_syntax_library is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibrdf%3Araptor_rdf_syntax_library
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:51:24 +01:00
Fabrice Fontaine
bcfe7db6e6
package/atftp: set ATFTP_CPE_ID_VALID
...
cpe:2.3🅰️ atftp_project:atftp is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aatftp_project%3Aatftp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:45:33 +01:00
Fabrice Fontaine
41cf0ec8e8
package/atftp: bump to version 0.7.4
...
- Drop patches (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
https://sourceforge.net/p/atftp/code/ci/v0.7.4/tree/Changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-06 14:45:32 +01:00
Peter Korsgaard
5405b29570
package/python3: add upstream security fix for CVE-2021-3177
...
Fixes the following security issue:
- CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in
PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
in certain Python applications that accept floating-point numbers as
untrusted input, as demonstrated by a 1e300 argument to
c_double.from_param. This occurs because sprintf is used unsafely.
For details, see the advisory:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-06 10:51:45 +01:00
Stefan Sørensen
87bef17922
package/netsnmp: bump version to 5.9
...
- Rebased patches 1 and 4
- Dropped upstreamed patches 5 and 6
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr:
- update patches 1-2 with actual backports, as noticed by Stefan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-05 23:22:04 +01:00
Fabrice Fontaine
55565f18e1
package/python-bottle: add CPE variables
...
cpe:2.3🅰️ bottlepy:bottle is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abottlepy%3Abottle
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-05 22:42:23 +01:00
Fabrice Fontaine
dbc9a8a02a
package/python-flask-cors: add CPE variables
...
cpe:2.3🅰️ flask-cors_project:flask-cors is a valid CPE identifier for
this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aflask-cors_project%3Aflask-cors
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-05 20:38:16 +01:00
Fabrice Fontaine
28df31e8dc
package/makedumpfile: fix build on sparc64
...
Fix the following build failure on sparc64:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: /tmp/ccylTux8.o: in function `find_kaslr_offsets':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/makedumpfile-1.6.8/makedumpfile.c:4017: undefined reference to `get_kaslr_offset'
Even if this build failure is only raised with version 1.6.8,
get_kaslr_offset was also undeclared on sparc64 in version 1.6.7
Fixes:
- http://autobuild.buildroot.org/results/1421f54f7599bba62c0a4bd5c65ce21c8cc7ee1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-05 19:38:20 +01:00
Asaf Kahlon
5e2422d12a
package/libfuse3: bump version to 3.10.2
...
Remove patch (already on upstream).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-05 19:36:48 +01:00
Stefan Sørensen
74e1fd6c42
package/libpwquality: bump version to 1.4.4
...
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-05 14:03:28 +01:00
Peter Korsgaard
5b36e91fda
package/atftp: add security fix for CVE-2020-6097
...
Fixed the following security issue:
- CVE-2020-6097: An exploitable denial of service vulnerability exists in
the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A
specially crafted sequence of RRQ-Multicast requests trigger an assert()
call resulting in denial-of-service. An attacker can send a sequence of
malicious packets to trigger this vulnerability.
For more details, see the report:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-05 13:48:16 +01:00
Maxim Kochetkov
b5aab68465
package/timescaledb: bump version to 2.0.1
...
Release notes: https://github.com/timescale/timescaledb/releases/tag/2.0.1
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-05 13:47:18 +01:00