Commit Graph

55849 Commits

Author SHA1 Message Date
Titouan Christophe
ccfb9e87f8 package/waf: bump to v2.0.22
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-09 19:31:03 +01:00
Peter Korsgaard
9974d88362 package/intel-microcode: security bump to version 20201118
Fixes the following security issues:

- CVE-2020-8694: Insufficient access control in the Linux kernel driver for
  some Intel(R) Processors may allow an authenticated user to potentially
  enable information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

- CVE-2020-8695: Observable discrepancy in the RAPL interface for some
  Intel(R) Processors may allow a privileged user to potentially enable
  information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

- CVE-2020-8698: Improper removal of sensitive information before storage or
  transfer in some Intel(R) Processors may allow an authenticated user to
  potentially enable information disclosure via local access.

  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-02-09 19:20:27 +01:00
Heiko Thiery
a8e524d274 package/connman: bump version to 1.39
Drop patches that are upstream now and fix hash file indentation.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-09 11:26:03 +01:00
Fabrice Fontaine
24401221d2 package/bison: add BISON_CPE_ID_VENDOR
cpe:2.3🅰️gnu:bison is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abison

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-09 10:54:33 +01:00
Fabrice Fontaine
49f70aaf3b package/c-icap: set C_ICAP_CPE_ID_VALID
cpe:2.3🅰️c-icap_project:c-icap is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ac-icap_project%3Ac-icap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-09 10:54:25 +01:00
Pieter Ronsijn
30a4dd20f3 package/exfat(-utils): change license to GPL-2.0+
The license is specified in https://github.com/relan/exfat/blob/master/COPYING and indicates GPL-2.0+
The license changed from from GPL-3.0+ to GPL-2.0+ in 2013 but was never updated in buildroot.

48573fff5d

Signed-off-by: Pieter Ronsijn <pieterronsijn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:43:13 +01:00
Bernd Kuhls
03b0e40a31 package/fetchmail: bump version to 6.4.16
Release notes:
https://sourceforge.net/p/fetchmail/mailman/message/37215482/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:15:26 +01:00
Fabrice Fontaine
2133651ddd package/c-icap: bump to version 0.5.7
https://sourceforge.net/p/c-icap/news/2020/10/the-c-icap-057-is-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:14:49 +01:00
Fabrice Fontaine
d10f4656cf package/bluez5_utils: add CPE variables
cpe:2.3🅰️bluez:bluez is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abluez%3Abluez

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: fix s/BLUEZ5_CPE/BLUEZ5_UTILS_CPE/ typo]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:14:01 +01:00
Fabrice Fontaine
7d9dde68b3 package/berkeleydb: add CPE variables
cpe:2.3🅰️oracle:berkeley_db is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aoracle%3Aberkeley_db

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:11:57 +01:00
Peter Korsgaard
c699ad1474 package/python: clarify that this refers to the deprecated 2.7 series
Python 2.7 is EOL, so people should use the python3 package instead if
possible.  Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:10:41 +01:00
Peter Korsgaard
cf1dd7e007 package/connman: add upstream security fixes for CVE-2021-2667{5, 6}
Fixes the following security issues:

- CVE-2021-26675: Remote (adjacent network) code execution flaw
- CVE-2021-26676: Remote stack information leak

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/02/08/2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:08:00 +01:00
Peter Korsgaard
4b8331fd6a CHANGES: update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 22:06:08 +01:00
Fabrice Fontaine
a03a9c51d5 package/at-spi2-atk: add AT_SPI2_ATK_CPE_ID_VENDOR
cpe:2.3🅰️gnome:at-spi2-atk is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Aat-spi2-atk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:27:25 +01:00
Peter Korsgaard
2107f7a75b configs/avenger96_defconfig: add support for Arrow Avenger96 board
Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:25:00 +01:00
Baruch Siach
25e09fdb9e package/memtester: fix compile and link flags
The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.

Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:24:38 +01:00
Fabrice Fontaine
f39b2b3d75 package/x11r7/xlib_libXrandr: add CPE variables
cpe:2.3🅰️x.org:libxrandr is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrandr

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:23:35 +01:00
Heiko Thiery
dc1b3bed17 package/connman: set CONNMAN_CPE_ID_VENDOR
cpe:2.3🅰️intel:connman is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/702658?namingFormat=2.3&orderBy=CPEURI&keyword=connman&status=FINAL

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:23:20 +01:00
Heiko Thiery
ff727b6124 configs/kontron_smarc_sal28_defconfig: use Python 3.x for U-Boot build
New U-Boot versions need Python 3.x for pylibfdt.

Fixes:
 - https://gitlab.com/buildroot.org/buildroot/-/jobs/1006924823

Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:22:34 +01:00
Fabrice Fontaine
c74f82f160 package/brotli: add BROTLI_CPE_ID_VENDOR
cpe:2.3🅰️google:brotli is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Abrotli

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:22:08 +01:00
Fabrice Fontaine
8d93a30066 package/audiofile: drop package
The audiofile package is affected by multiple CVEs and is not maintained
anymore (no release since 2013):

  https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3🅰️audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:18:42 +01:00
Fabrice Fontaine
4c69951791 package/avahi: add AVAHI_CPE_ID_VENDOR
cpe:2.3🅰️avahi:avahi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aavahi%3Aavahi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:14:59 +01:00
Fabrice Fontaine
8d0d7efa7a package/augeas: add AUGEAS_CPE_ID_VENDOR
cpe:2.3🅰️augeas:augeas is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaugeas%3Aaugeas

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 16:14:50 +01:00
Fabrice Fontaine
b4158a9554 package/x11r7/xlib_libXi: add CPE variables
cpe:2.3🅰️x.org:libxi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:36:58 +01:00
Fabrice Fontaine
aebaa74e15 package/x11r7/xlib_libXvMC: add CPE variables
cpe:2.3🅰️x.org:libxvmc is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxvmc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:36:41 +01:00
Bernd Kuhls
540450e8dd package/libsigsegv: bump version to 2.13
Removed patches applied upstream:

0001-Improve-support-for-Linux-RISC-V.patch
671b2528b5

0002-m4-stack-direction-RISC-V-stack-grows-downward.patch
fd0e3d99d1

0003-Improve-support-for-Linux-nds32.patch
0004-m4-stack-direction-NDS32-stack-grows-downward.patch
51a03192a3

Reformatted hashes.

Release notes: https://github.com/roswell/libsigsegv/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:35:05 +01:00
Fabrice Fontaine
5b126c4b53 package/gnupg: add CPE variables
cpe:2.3🅰️gnupg:gnupg is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agnupg

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:34:40 +01:00
Bernd Kuhls
c32cbb9392 package/libshout: bump version to 2.4.5
Added sha512 hash provided by upstream, reformatted hashes.

Changelog:
https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:32:43 +01:00
Bernd Kuhls
a3fc78e5a6 package/libgsm: bump version to 1.0.19
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:32:26 +01:00
Bernd Kuhls
d291df03c1 package/msmtp: bump version to 1.8.14
Release notes:
https://github.com/marlam/msmtp-mirror/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:32:09 +01:00
Bernd Kuhls
dac714e19c package/libgsasl: bump version to 1.10.0
Added hashes provided by upstream, updated license hash due to various
upstream commits:
https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=history;f=README

Release notes:
https://lists.gnu.org/archive/html/help-gsasl/2021-01/msg00007.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:31:04 +01:00
Bernd Kuhls
0aebae39d6 package/libgphoto2: bump version to 2.5.26
Removed md5 hash, reformatted remaining hashes.
Added optional support for libcurl available since version 2.5.24.

Release notes: https://github.com/gphoto/libgphoto2/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:29:05 +01:00
Fabrice Fontaine
e8a8fefbe7 package/libraw: add LIBRAW_CPE_ID_VENDOR
cpe:2.3🅰️libraw:libraw is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibraw%3Alibraw

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:28:57 +01:00
Fabrice Fontaine
5276b2f924 package/memcached: add MEMCACHED_CPE_ID_VENDOR
cpe:2.3🅰️memcached:memcached is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amemcached%3Amemcached

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-08 08:28:50 +01:00
Bernd Kuhls
4f83d83a00 package/libgpg-error: bump version to 1.41
Release notes:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:22:14 +01:00
Fabrice Fontaine
c9234992cd package/libass: set LIBASS_CPE_ID_VALID
cpe:2.3🅰️libass_project:libass is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibass_project%3Alibass

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:21:31 +01:00
Bernd Kuhls
d35b99292b package/liberation: bump version to 2.1.2
Changelog:
https://github.com/liberationfonts/liberation-fonts/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:21:20 +01:00
Bernd Kuhls
88cfa4ad07 package/libedit: bump version to 20191231-3.1
Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:21:11 +01:00
Bernd Kuhls
75db1845cd package/ccid: bump version to 1.4.34
Release notes:
http://lists.infradead.org/pipermail/pcsclite-muscle/2021-January/001170.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:14:36 +01:00
Bernd Kuhls
ef6778f2e4 package/pigz: bump version to 2.6
Updated license hash due to various commits bumping the version number:
https://github.com/madler/pigz/commits/master/README

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:14:21 +01:00
Bernd Kuhls
9bbe3f42ac package/libdvbsi: bump version to 0.3.9
Switched _SITE to github, removed md5 hash, reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:07:02 +01:00
Fabrice Fontaine
ec587440de package/x11r7/xlib_libX11: add CPE variables
cpe:2.3🅰️x.org:libx11 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibx11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:06:43 +01:00
Fabrice Fontaine
8d25106c80 package/x11r7/xlib_libXrender: add CPE variables
cpe:2.3🅰️x.org:libxrender is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxrender

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:06:14 +01:00
Fabrice Fontaine
fb22acf42a package/x11r7/xlib_libXv: add CPE variables
cpe:2.3🅰️x.org:libxv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:05:57 +01:00
Fabrice Fontaine
e7061feda0 package/cryptsetup: set CRYPTSETUP_CPE_ID_VALID
cpe:2.3🅰️cryptsetup_project:cryptsetup is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acryptsetup_project%3Acryptsetup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:05:39 +01:00
Bernd Kuhls
0567c8a429 package/libfastjson: bump version to 0.99.9
Changelog: https://github.com/rsyslog/libfastjson/blob/master/ChangeLog

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:05:08 +01:00
Fabrice Fontaine
46451e6cdd package/mosquitto: add MOSQUITTO_CPE_ID_VENDOR
cpe:2.3🅰️eclipse:mosquitto is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aeclipse%3Amosquitto

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:04:40 +01:00
Gilles Talis
a67fbb0c98 package/webp: bump to version 1.2.0
Also fixed indentation in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 23:04:18 +01:00
Fabrice Fontaine
58fc4b5085 package/sox: fix static build with id3tag
This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e

Fixes:
 - http://autobuild.buildroot.org/results/73efdacf237e3d567fa66f3b3f68e624f5e35bc7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:56:05 +01:00
Fabrice Fontaine
5a0315f7d4 package/tpm2-pkcs11: add p11-kit optional dependency
Fixes:
 - http://autobuild.buildroot.org/results/fee607da7226a92cceab2bbfd4c5d031016dfa3d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:55:09 +01:00