Matthew Weber
ec2b44efbf
support/scripts/pkg-stats: fix flake8 E741 ambiguous variable name
...
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c2ebfe7d78
2021-05-20 11:24:54 +02:00
Petr Vorel
11f488c9f1
package/libtirpc: bump version to 1.3.2
...
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6e780387b4
2021-05-20 11:05:14 +02:00
Fabrice Fontaine
1690ddde4d
package/docker-engine: devicemapper driver does not need liblvm2app
...
lvm2 app library is not needed to build devicemapper filesystem driver
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: tweak title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 378e9f4b11
2021-05-20 10:48:48 +02:00
Vineet Gupta
f62509fe1e
lmbench: lat_rpc: fix stray pointer
...
| # ./lat_rpc -S localhost
| potentially unexpected fatal signal 11.
| Path: /lmbench/bin/arc64/lat_rpc
| CPU: 0 PID: 62 Comm: lat_rpc Not tainted 5.6.0-00224-g8e1b159f529e #39
| Invalid Read @ 0x00000001 by insn @ 0x2011f110
| @off 0x6c110 in [/lib/libc-2.32.so] VMA: 0x200b3000 to 0x201b8000
| ECR: 0x00050100 EFA: 0x00000001 ERET: 0x2011f110
| STAT32: 0x80081082 [IE U ] BTA: 0x2011b87c
| SP: 0x5fffefe8 FP: 0x00000000 BLK: 0x20103242
| r00: 0x00000001 r01: 0x00000002 r02: 0x00000001
| r03: 0x20101eb0 r04: 0x00000001 r05: 0x00000001
| r06: 0x00000000 r07: 0x00000000 r08: 0x00000001
| r09: 0x2019d8b0 r10: 0x20039fc4 r11: 0x5ffff0f0
| r12: 0x2019d6d0 r13: 0x2019d748 r14: 0x5ffff588
| r15: 0x00000000 r16: 0x00000000 r17: 0x5ffff708
| r18: 0x20039fc0 r19: 0xffffffff r20: 0x201ba010
| r21: 0x00000000 r22: 0x00000000 r23: 0x20039fc0
| r24: 0x00000bd0 r25: 0x00000073
Segmentation fault
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e1137c06a0
2021-05-20 10:40:53 +02:00
Vineet Gupta
ff50cfb100
lmbench: memsize: increase delay for slow FPGAs
...
otherwise memsize bails out and erroneously reports 1 MB
NOK
----
| />/lmbench/bin/arc/memsize 16
|
| 1
OK
----
| />/lmbench/bin/arc/memsize 16
| 2MB OK3MB OK4MB OK5MB OK6MB OK7MB OK8MB OK9MB OK10MB OK11MB OK12MB OK13MB OK14MB OK15MB OK16MB OK
| 16
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2f6d7b6333
2021-05-20 10:40:36 +02:00
Peter Korsgaard
e553ad9de2
package/intel-microcode: security bump to version 20210216
...
Fixes the following security issues:
- CVE-2020-8696: Description: Improper removal of sensitive information
before storage or transfer in some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local
access
- CVE-2020-8698: Description: Improper isolation of shared resources in some
Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
License file updated with the new year, so change hash accordingly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e87d5f643b
2021-05-19 21:56:46 +02:00
Titouan Christophe
725eb18497
package/redis: security bump to v6.0.13
...
From the release notes:
================================================================================
Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.
See https://github.com/redis/redis/blob/6.0.13/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-19 21:56:07 +02:00
Fabrice Fontaine
590cdd6624
package/tpm2-tss: add CPE variables
...
cpe:2.3🅰️ tpm2_software_stack_project:tpm2_software_stack is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atpm2_software_stack_project%3Atpm2_software_stack
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 020149e4cd
2021-05-19 21:51:07 +02:00
Fabrice Fontaine
dd71a0ffd8
package/weston: add WESTON_CPE_ID_VENDOR
...
cpe:2.3🅰️ wayland:weston is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Aweston
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bbfc6f546e
2021-05-19 21:51:07 +02:00
Fabrice Fontaine
722ab35b07
package/libuv: add LIBUV_CPE_ID_VENDOR
...
cpe:2.3🅰️ libuv:libuv is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibuv%3Alibuv
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 442b21f8cb
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
77a5779758
package/libusb: add LIBUSB_CPE_ID_VENDOR
...
cpe:2.3🅰️ libusb:libusb is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibusb%3Alibusb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f7b2865949
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
79cc4df058
package/libsamplerate: add LIBSAMPLERATE_CPE_ID_VENDOR
...
cpe:2.3🅰️ libsamplerate_project:libsamplerate is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsamplerate_project%3Alibsamplerate
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7a899d67e8
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
1545853d54
package/librelp: add LIBRELP_CPE_ID_VENDOR
...
cpe:2.3🅰️ rsyslog:librelp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arsyslog%3Alibrelp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 10f8934c59
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
aef648849d
package/liboping: add LIBOPING_CPE_ID_VENDOR
...
cpe:2.3🅰️ noping:liboping is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anoping%3Aliboping
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c3e5a675dd
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
92ebf149fa
package/libmodbus: add LIBMODBUS_CPE_ID_VENDOR
...
cpe:2.3🅰️ libmodbus:libmodbus is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibmodbus%3Alibmodbus
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8910dc505a
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
e9126f22db
package/libmms: add LIBMMS_CPE_ID_VENDOR
...
cpe:2.3🅰️ libmms_project:libmms is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibmms_project%3Alibmms
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c91b3c3ce2
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
00f7f922c0
package/libldns: add CPE variables
...
cpe:2.3🅰️ nlnetlabs:ldns is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anlnetlabs%3Aldns
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c2bc364c08
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
5df3620cf0
package/kodi: add CPE variables
...
cpe:2.3🅰️ kodi:kodi is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akodi%3Akodi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c5e9b02251
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
7bcfdd676b
package/keepalived: add KEEPALIVED_CPE_ID_VENDOR
...
cpe:2.3🅰️ keepalived:keepalived is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akeepalived%3Akeepalived
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 00cb0f00fa
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
f0c0b27d47
package/grpc: add GRPC_CPE_ID_VENDOR
...
cpe:2.3🅰️ grpc:grpc is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agrpc%3Agrpc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ea77594f3f
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
86a31b1053
package/frr: add CPE variables
...
cpe:2.3🅰️ linuxfoundation:free_range_routing is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxfoundation%3Afree_range_routing
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c4c11c2e1a
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
96e8d83503
package/fluidsynth: add FLUIDSYNTH_CPE_ID_VENDOR
...
cpe:2.3🅰️ fluidsynth:fluidsynth is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afluidsynth%3Afluidsynth
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 13bca2271d
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
16e2240820
package/exempi: add EXEMPI_CPE_ID_VENDOR
...
cpe:2.3🅰️ exempi_project:exempi is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aexempi_project%3Aexempi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c98e315838
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
0146dd8ba0
package/enscript: add ENSCRIPT_CPE_ID_VENDOR
...
cpe:2.3🅰️ gnu:enscript is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aenscript
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2ad812a0b3
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
646c83cf5a
package/enlightenment: add ENLIGHTENMENT_CPE_ID_VENDOR
...
cpe:2.3🅰️ enlightenment:enlightenment is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aenlightenment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e7b8832a5e
2021-05-19 21:51:06 +02:00
Fabrice Fontaine
be9602b604
package/terminology: add TERMINOLOGY_CPE_ID_VENDOR
...
cpe:2.3🅰️ enlightenment:terminology is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aenlightenment%3Aterminology
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 05bffd0613
2021-05-19 21:51:06 +02:00
Arnout Vandecappelle (Essensium/Mind)
ec602113a6
package/mesa3d-headers: remove spurious empty line
...
Detected by check-package
Fixes: 7fa481437edfb045af5b
2021-05-19 18:10:09 +02:00
Fabrice Fontaine
1ce7c314c2
package/libidn: add LIBIDN_CPE_ID_VENDOR
...
cpe:2.3🅰️ gnu:libidn is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8391f7d189
2021-05-19 17:40:06 +02:00
Fabrice Fontaine
bbb314eb55
package/libidn2: add LIBIDN2_CPE_ID_VENDOR
...
cpe:2.3🅰️ gnu:libidn2 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibidn2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 981850b353
2021-05-19 17:40:01 +02:00
Fabrice Fontaine
e6f62aaa98
package/tinyproxy: add TINYPROXY_CPE_ID_VENDOR
...
cpe:2.3🅰️ tinyproxy_project:tinyproxy is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyproxy_project%3Atinyproxy
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ba91be05c2
2021-05-19 17:39:27 +02:00
Fabrice Fontaine
23a2451933
package/tinyxml2: add TINYXML2_CPE_ID_VENDOR
...
cpe:2.3🅰️ tinyxml2_project:tinyxml2 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atinyxml2_project%3Atinyxml2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c00a99c292
2021-05-19 17:39:19 +02:00
Fabrice Fontaine
0ed1c31c82
package/tini: add TINI_CPE_ID_VENDOR
...
cpe:2.3🅰️ tini_project:tini is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atini_project%3Atini
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5b074ef1f3
2021-05-19 17:39:13 +02:00
Fabrice Fontaine
54cb9e1fa6
package/tclap: add TCLAP_CPE_ID_VENDOR
...
cpe:2.3🅰️ tclap_project:tclap is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atclap_project%3Atclap
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1ffd14f28a
2021-05-19 17:36:37 +02:00
Fabrice Fontaine
322c96467a
package/thermald: add THERMALD_CPE_ID_VENDOR
...
cpe:2.3🅰️ intel:thermald is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aintel%3Athermald
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4e48f5da05
2021-05-19 17:36:30 +02:00
Fabrice Fontaine
8d42350eb7
package/taglib: add TAGLIB_CPE_ID_VENDOR
...
cpe:2.3🅰️ taglib:taglib is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ataglib%3Ataglib
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eecf0e55d3
2021-05-19 17:35:48 +02:00
Fabrice Fontaine
83225c36a0
package/qpdf: add QPDF_CPE_ID_VENDOR
...
cpe:2.3🅰️ qpdf_project:qpdf is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aqpdf_project%3Aqpdf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2774a21025
2021-05-19 17:35:43 +02:00
Fabrice Fontaine
e2008668d0
package/mesa3d{,-headers}: add CPE variables
...
cpe:2.3🅰️ mesa3d:mesa is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amesa3d%3Amesa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add to mesa3d-headers too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7fa481437e
2021-05-19 15:56:51 +02:00
Fabrice Fontaine
7d21104577
package/lvm2: add LVM2_CPE_ID_VENDOR
...
cpe:2.3🅰️ redhat:lvm2 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Alvm2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d70da0be78
2021-05-19 15:56:46 +02:00
Fabrice Fontaine
783215a499
package/jquery-validation: security bump to version 1.19.3
...
Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).
Update hash of README.md due to changes not related to license
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ae79f0f403
2021-05-19 09:33:42 +02:00
Fabrice Fontaine
76cfcb6fe5
package/jquery-validation: add CPE variables
...
cpe:2.3🅰️ jqueryvalidation:jquery_validation is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a5ff2a2828
2021-05-19 09:33:32 +02:00
Peter Korsgaard
c25dd7eda5
{linux, linux-headers}: bump 5.{4, 10, 11, 12}.x series
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ab6dbf1c9f
2021-05-17 23:35:15 +02:00
Fabrice Fontaine
d8e9f7a663
package/dmalloc: fix static build
...
Build of dmalloc is broken since commit
19ec872f16http://autobuild.buildroot.org/results/62c9c6aebca60649bd6f635125507bf10d63fc05
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 68b5b3fbf0
2021-05-17 23:33:02 +02:00
Fabrice Fontaine
07af28fa68
package/openssh: security bump to version 8.6p1
...
Security
========
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
An attacker who had sucessfully exploited the low-privilege
process could use this to escape OpenSSH's sandboxing and attack
the high-privilege process. Exploitation of this weakness is
highly unlikely in practice as the LogVerbose option is not
enabled by default and is typically only used for debugging. No
vulnerabilities in the low-privilege process are currently known
to exist.
https://www.openssh.com/txt/release-8.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 12916827e0
2021-05-17 23:31:58 +02:00
Fabrice Fontaine
cf15bd789c
package/refpolicy: fix REFPOLICY_CPE_ID_VENDOR
...
cpe:2.3🅰️ selinuxproject:refpolicy is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aselinuxproject%3Arefpolicy
Indeed, cpe:2.3🅰️ tresys:refpolicy has been deprecated since April 21th:
<cpe-item name="cpe:/a:tresys:refpolicy:2.20180701" deprecated="true" deprecation_date="2021-04-21T16:55:43.710Z">
<title xml:lang="en-US">Tresys refpolicy 2.20180701</title>
<reference href="https://github.com/TresysTechnology/refpolicy ">Product</reference>
<cpe-23:cpe23-item name="cpe:2.3🅰️ tresys:refpolicy:2.20180701:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️ selinuxproject:refpolicy:2.20180701:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bf1925cb97
2021-05-17 23:28:38 +02:00
Fabrice Fontaine
d3e83e9aca
package/python-autobahn: add CPE variables
...
cpe:2.3🅰️ crossbar:autobahn is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acrossbar%3Aautobahn
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 28b19ccb48
2021-05-17 23:28:33 +02:00
Fabrice Fontaine
73fb529563
package/python-tqdm: add CPE variables
...
cpe:2.3🅰️ tqdm_project:tqdm is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atqdm_project%3Atqdm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca6fab6ef9
2021-05-17 23:27:52 +02:00
Fabrice Fontaine
1c2113c95a
package/python-requests: add CPE variables
...
cpe:2.3🅰️ python:requests is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Arequests
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6c5cf37880
2021-05-17 23:27:46 +02:00
Fabrice Fontaine
cd647bfb8d
package/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDOR
...
cpe:2.3🅰️ python-engineio_project:python-engineio is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-engineio_project%3Apython-engineio
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 901689bfcc
2021-05-17 23:27:19 +02:00
Fabrice Fontaine
56b1f4b885
package/python-keyring: add CPE variables
...
cpe:2.3🅰️ python:keyring is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Akeyring
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 14614d63f7
2021-05-17 23:27:12 +02:00
Fabrice Fontaine
a6f4494217
package/gstreamer1/gstreamer1: add CPE variables
...
cpe:2.3🅰️ gstreamer_project:gstreamer is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agstreamer
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 38fb1ad2a0
2021-05-17 23:26:19 +02:00
