Commit Graph

58011 Commits

Author SHA1 Message Date
Bernd Kuhls
3854a8f43c package/kodi-visualisation-starburst: bump version to 19.0.0-Matrix
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:25 +02:00
Bernd Kuhls
4dc17c41a4 package/kodi-visualisation-spectrum: bump version to 19.0.0-Matrix
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:25 +02:00
Bernd Kuhls
3d1c4190fb package/kodi-inputstream-adaptive: bump version to 2.6.20-Matrix
Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L18

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
05c66eed36 package/kodi-pvr-wmc: bump version to 6.1.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.wmc/blob/Matrix/pvr.wmc/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
bbf4d0e71c package/kodi-pvr-vdr-vnsi: bump version to 8.2.3-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vdr.vnsi/blob/Matrix/pvr.vdr.vnsi/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
e85444190c package/kodi-pvr-vbox: bump version to 8.1.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vbox/blob/Matrix/pvr.vbox/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
7fbbcd7bcc package/kodi-pvr-stalker: bump version to 7.1.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.stalker/blob/Matrix/pvr.stalker/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
ad232adc9a package/kodi-pvr-pctv: bump version to 6.1.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.pctv/blob/Matrix/pvr.pctv/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
ae6ee78198 package/kodi-pvr-njoy: bump version to 7.1.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.njoy/blob/Matrix/pvr.njoy/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
63935aef6f package/kodi-pvr-nextpvr: bump version to 8.2.5-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.nextpvr/blob/Matrix/pvr.nextpvr/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
1d7fdf2f3c package/kodi-pvr-mediaportal-tvserver: bump version to 8.2.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.mediaportal.tvserver/blob/Matrix/pvr.mediaportal.tvserver/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:24 +02:00
Bernd Kuhls
ac686cfa14 package/kodi-pvr-hdhomerun: bump version to 7.1.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.hdhomerun/blob/Matrix/pvr.hdhomerun/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:23 +02:00
Bernd Kuhls
d47902c546 package/kodi-pvr-dvblink: bump version to 9.1.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.dvblink/blob/Matrix/pvr.dvblink/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:23 +02:00
Bernd Kuhls
238d37a920 package/kodi-pvr-argustv: bump version to 7.1.2-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.argustv/blob/Matrix/pvr.argustv/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 12:24:23 +02:00
Fabrice Fontaine
b2857786f1 package/nfs-utils: needs uuid
Build of nfs-utils without uuid is broken since bump to version 2.5.4 in
commit 0ce30de72f: the --enable-uuid
option is now ill-named, it now only checks for libblkid:
    http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=c5528f40f9db5061e06dcf1f9b7fce5185b376c6

Cleaning this up is upstream's role, though.

Fixes:
 - http://autobuild.buildroot.org/results/510b3425943f2e31b024c99b3552419a80c2f9f3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-18 12:15:46 +02:00
Fabrice Fontaine
948e71689a package/dovecot: ignore CVE-2016-4983
CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm,
which is part of the Red Hat packaging and not part of upstream dovecot

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-18 09:52:00 +02:00
Fabrice Fontaine
46273a8eb9 package/libuci: ignore CVE-2019-15513
CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-18 09:44:57 +02:00
Fabrice Fontaine
9852113fcd package/libuci: add LIBUCI_CPE_ID_VENDOR
cpe:2.3🅰️openwrt:libuci is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenwrt%3Alibuci

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-18 09:42:59 +02:00
Peter Seiderer
6202ba67b7 package/qt5base: fix another gcc-11 compile failure
- add upstream patch fixing gcc-11 compile failure (missing
  limits include)

Fixes:

  In file included from ../../../include/QtCore/5.15.2/QtCore/private/qoffsetstringarray_p.h:1,
                   from ../../dbus/qdbuserror.cpp:44:
  ../../../src/corelib/tools/qoffsetstringarray_p.h:70:22: error: ‘numeric_limits’ is not a member of ‘std’
     70 |         Last <= std::numeric_limits<quint8>::max(),
        |                      ^~~~~~~~~~~~~~
  ../../../src/corelib/tools/qoffsetstringarray_p.h:70:43: error: wrong number of template arguments (1, should be 3)
     70 |         Last <= std::numeric_limits<quint8>::max(),
        |                                           ^

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-18 09:32:43 +02:00
Fabrice Fontaine
74adec4f3a package/feh: add FEH_CPE_ID_VENDOR
cpe:2.3🅰️feh_project:feh is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afeh_project%3Afeh

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 16:09:26 +02:00
Fabrice Fontaine
bdf0a924a7 package/nfs-utils: fix build with libtirpc
Help nfs-utils to find the path of libtirpc

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - take the opportunity to move HOST_NFS_UTILS_DEPENDENCIES
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 16:05:25 +02:00
Fabrice Fontaine
0a5a9741e0 package/libtirpc: install full host package
Install full host package for rpc.h and all other headers to avoid the
following build failure with host-nfs-utils in version 2.5.4 raised
since commit 0ce30de72f:

checking rpc/rpc.h usability... no
checking rpc/rpc.h presence... no
checking for rpc/rpc.h... no
configure: error: Header file rpc/rpc.h not found - maybe try building with --enable-tirpc

This build failure is raised by
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=be7365239abf8556773b063730621967b9971708

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 16:02:44 +02:00
Fabrice Fontaine
0f727fb512 Revert "package/libtirpc: install rpc.h"
This reverts commit b991962993, which was
incomplete and did not actually fix the issue it purported to fix, and
we'll soon commit a proper fix.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain the reason for reverting]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 16:01:36 +02:00
Yann E. MORIN
d0edfec1e2 boot/uboot: add missing dependency to host-pkgconf
Commit 2eaa6d0f36 (boot/uboot: fix uboot building host tools on x86
architecture) added use of $(PKG_CONFIG_HOST_BINARY), but forgot to add
the corresponding build-ordr dependency.

Add this missing depenency now.

Additionally, the associated test had an explicit host pkgconf enbled in
its configuration. This is superfluous now that uboot properly depends
on host-pkgconf, so drop that from the test.

Note: it hapenned to work, because host-pkgconf, when explicitly enabled
in the configuration, and without per-package directories, would build
before uboot and thus be available. This would fail with PPD, though,
and thus would break for TLPB.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-07-17 13:18:04 +02:00
Fabrice Fontaine
dd7b9fa02b package/avahi: fix CVE-2021-36217
Avahi 0.8 allows a local denial of service (NULL pointer dereference and
daemon crash) against avahi-daemon via the D-Bus interface or a "ping
.local" command.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 12:02:24 +02:00
Fabrice Fontaine
1352b59eb2 package/putty: fix CVE-2021-36367
PuTTY through 0.75 proceeds with establishing an SSH session even if it
has never sent a substantive authentication response. This makes it
easier for an attacker-controlled SSH server to present a later spoofed
authentication prompt (that the attacker can use to capture credential
data, and use that data for purposes that are undesired by the client
user).

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 12:02:21 +02:00
Fabrice Fontaine
c9bfe7b19e package/pcre2: add PCRE2_CPE_ID_VENDOR
cpe:2.3🅰️pcre:pcre2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apcre%3Apcre2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 11:53:48 +02:00
Fabrice Fontaine
60ef5ab910 package/trinity: add TRINITY_CPE_ID_VENDOR
cpe:2.3🅰️trinity_project:trinity is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atrinity_project%3Atrinity

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 11:53:45 +02:00
Gleb Mazovetskiy
dc1970260b package/solarus: fix OpenGLES2 build
1. Adds a patch that fixes OpenGLES2 build
   https://gitlab.com/solarus-games/solarus/-/merge_requests/1364

2. Updates Config.in and solarus.mk to support OpenGLES2

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: renumber patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 11:51:10 +02:00
Fabrice Fontaine
1cf3c394c7 package/seatd: fix uclibc build
Fix uclibc build which is broken since addition of the package in commit
daae311490

We backport an upstream feature patch, because it includes the actual
fix as a side-effect (including stdarg.h at the proper location).

Fixes:
 - http://autobuild.buildroot.org/results/ad5020c5c1a7730f1ae82bf8215ed63df83421fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 10:25:47 +02:00
Bruno Marie
49e436f482 package/mpg123: remove --disable-lfs-alias option
Commit 56b28d3ee1 (mpg123: bump to version 1.13.1) added the
--disable-lfs-alias option, without explaining why it was needed.

However, this causes undefined references for apps that want to link
against mpg123.

The help for that option is pretty explicit that this is a dangerous
option to use:

    disable alias wrappers for largefile bitness (mpg123_seek_32 or
    mpg123_seek_64 in addition to mpg123_seek, or the other way around;
    It is a mess, do not play with this!)

The default is that it is enabled, so leave it at it.

Signed-off-by: Bruno Marie <gameblabla@protonmail.com>
[yann.morin.1998@free.fr: rework commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-07-17 10:15:26 +02:00
Adam Duskett
2170033bf6 package/duktape: add and install a duktape.pc file
Most distributions include a duktape.pc file bundled with the duktape
development package. As the duktape source does not include a .pc file,
add one to the package/duktape directory and install it to the staging
directory. This is used by the polkit duktape patch later in the series.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:10:06 +02:00
James Hilliard
c64abc6934 package/python{3}-cryptography: bump to version 3.3.2
This is the last version to support python2.

License hash change due to removal of OpenSSL locking reference:
49109ce1a6

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:09:18 +02:00
Fabrice Fontaine
f11128b779 package/libnice: bump to version 0.1.18
- Update indentation in hash file (two spaces)
- Switch to meson-package

https://github.com/libnice/libnice/blob/0.1.18/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:08:19 +02:00
Fabrice Fontaine
aade2fd293 package/libnice: add gobject-introspection optional dependency
gobject-introspection is an optional dependency which is enabled by
default since version 0.1.8 and
0388646bdb

Fixes:
 - http://autobuild.buildroot.org/results/1cba7aa233e19472a69ffc2d8f7324d363a22deb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:07:55 +02:00
James Hilliard
2c6b0359c3 package/swupdate: bump to version 2021.04
Add new optional dependencies.

Drop patches that are now upstream.

License update details

LICENSES/BSD-1-Clause.txt:
e419b06b49

LICENSES/BSD-2-Clause.txt:
32c1f98eac

LICENSES/BSD-3-Clause.txt:
32c1f98eac

LICENSES/CC0-1.0.txt:
7c3630f572

LICENSES/CC-BY-ND-4.0.txt:
b66db00c56

LICENSES/GPL-2.0-only.txt:
af2cc98b44

LICENSES/GPL-2.0-or-later.txt:
11af069b85

LICENSES/ISC.txt:
6500f1e89a

LICENSES/LGPL-2.1-or-later.txt:
4ef88a9df8

LICENSES/LicenseRef-OpenSSL-Exception.txt:
2f513d117c

LICENSES/MIT.txt:
c1bad02cb9

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:07:21 +02:00
Fabrice Fontaine
2b2f635733 package/php: requires DES support in openssl
Enable DES in openssl to fix build failure raised since commit
a83d41867c

Fixes:
 - http://autobuild.buildroot.org/results/c10800fde50b123809557ed50e0a86acb59404a4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:05:55 +02:00
Fabrice Fontaine
db67c4fcff package/keepalived: fix build with kernel >= 5.13
Fixes:
 - http://autobuild.buildroot.org/results/9a93d7d76b0a4319c29fbf7b5986bcc78539ae8b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:05:13 +02:00
Fabrice Fontaine
32e085527f package/libsoup: fix build with gcc 4.8
Fix build failure with gcc 4.8 which is raised since bump to version
2.72.0 in commit 8e5f7f1cfc:

In file included from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/resolv.h:65:0,
                 from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/glib-2.0/gio/gnetworking.h:40,
                 from ../libsoup/soup-address.c:14:
/tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/arpa/nameser.h:115:2: error: unknown type name 'u_char'
  const u_char *_msg, *_eom;
  ^

Fixes:
 - http://autobuild.buildroot.org/results/56b9cb987e25b99d6fed16c537552f47c3376f21

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:04:50 +02:00
Maxim Kochetkov
7bd57831e9 package/qt5/qt5base: fix build with gcc 11
Fix the following build failure with gcc 11:

text/qbytearraymatcher.h:103:38: error: 'numeric_limits' is not a member of 'std'
  103 |         const auto uchar_max = (std::numeric_limits<uchar>::max)();
      |                                      ^~~~~~~~~~~~~~

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:03:30 +02:00
James Hilliard
d2ef0058c9 package/systemd: bump to version 249
Add config option for systemd-sysext.

Add config option for systemd-oomd.

Add new host-python3-jinja2 dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:01:51 +02:00
Fabrice Fontaine
bdad2d09e3 package/libtipc: renumber patches
Commit 883a33ece5 forgot to renumber
remaining patches

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:01:25 +02:00
Fabrice Fontaine
b991962993 package/libtirpc: install rpc.h
Install rpc.h to avoid the following build failure with host-nfs-utils
in version 2.5.4 raised since commit
0ce30de72f:

checking rpc/rpc.h usability... no
checking rpc/rpc.h presence... no
checking for rpc/rpc.h... no
configure: error: Header file rpc/rpc.h not found - maybe try building with --enable-tirpc

This build failure is raised by
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=be7365239abf8556773b063730621967b9971708

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:01:23 +02:00
Fabrice Fontaine
7e913bf36e package/tpm2-tools: add TPM2_TOOLS_CPE_ID_VENDOR
cpe:2.3🅰️tpm2-tools_project:tpm2-tools is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atpm2-tools_project%3Atpm2-tools

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:01:22 +02:00
Fabrice Fontaine
9d3dd83058 package/linuxptp: add LINUXPTP_CPE_ID_VENDOR
cpe:2.3🅰️linuxptp_project:linuxptp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxptp_project%3Alinuxptp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-17 10:01:20 +02:00
Fabrice Fontaine
4c429c3f8c package/suricata: security bump to version 6.0.3
Various security, performance, accuracy and stability issues have been
fixed, including a critical evasion assigned CVE-2021-35063.

https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:32:20 +02:00
Fabrice Fontaine
48c9adbe70 package/libhtp: bump to version 0.5.38
https://github.com/OISF/libhtp/releases/tag/0.5.38

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:32:14 +02:00
Fabrice Fontaine
0683ab9fca package/mbedtls: security bump to version 2.16.11
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-2

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:31:25 +02:00
Heiko Thiery
a7f3dc0a02 package/linuxptp: security bump version to 3.1.1
This fixes the following CVEs:
 - CVE-2021-3570 linuxptp: missing length check of forwarded messages
 - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock

See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:30:51 +02:00
Fabrice Fontaine
56a105f9fb package/python-urllib3: security bump to version 1.26.6
Fix CVE-2021-33503: An issue was discovered in urllib3 before 1.26.5.
When provided with a URL containing many @ characters in the authority
component, the authority regular expression exhibits catastrophic
backtracking, causing a denial of service if a URL were passed as a
parameter or redirected to via an HTTP redirect.

https://github.com/urllib3/urllib3/blob/1.26.6/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 23:30:26 +02:00