NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,936 Commits 5 Branches 387 Tags 143 MiB
ff4ff190a7
Commit Graph

56936 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabrice Fontaine
388970eb3c package/gdb: fix gdbserver build with m68k and uclibc 
Allow to build gdbserver with m68k and uclibc. This patch is not needed
for version above 9.2 because build_gdbserver as been
moved to its own file since
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=919adfe8409211c726c1d05b47ca59890ee648f1

This new file (gdbserver/configure.srv) does not seem to be affected by
this issue

Fixes:
 - http://autobuild.buildroot.org/results/f4d6d9d8418c0da48a3db4ad5a82e19bd16eae34

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d7ac28707)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 23:16:02 +02:00
Fabrice Fontaine
cfbe193dc8 package/mpv: security bump to version 0.33.1 
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.

https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34a387b5f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:56:31 +02:00
Fabrice Fontaine
0f35d6dca6 package/paho-mqtt-c: security bump to version 1.3.9 
Old security issue not fixed:
https://github.com/eclipse/paho.mqtt.c/issues/1084

https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9dad1ef144)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:55:34 +02:00
Fabrice Fontaine
cbcf61a6d5 package/boost: disable logs with riscv32 
boost logs can't be built with riscv32 because it unconditionally uses
__NR_futex:

libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()':
libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope
   38 | #define BOOST_LOG_SYS_FUTEX __NR_futex
      |                             ^~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d72350e62a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:54:26 +02:00
Adrian Perez de Castro
9970bbca52 package/webkitgtk: disable gamepad support 
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the
gamepad API, which requires libmanette, a library that is not yet
available in Buildroot.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 97b2511edb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:53:39 +02:00
Adrian Perez de Castro
071df79e1d package/webkitgtk: select missing multimedia deps 
Select a few missing multimedia related dependencies:

- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT is needed for
  "autoaudiosink"; not having this element can cause a crash as
  it is used unconditionally.
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA and
  BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX are needed for
  WebM video playback.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6823e59111)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:52:39 +02:00
Fabrice Fontaine
2b054f52d7 package/libopenh264: fix mips32 build 
Fix build failure with mips32 which is raised since the addition of
bootlin toolchains

Fixes:
 - http://autobuild.buildroot.org/results/cba3e9d0fd061cc3a92cb732bcdc2c7b66dbf6cb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 52b875d3ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:49:32 +02:00
Yann E. MORIN
d18597c141 package/libffi: drop superfluous CPE_ID_VERSION 
The default for FOO_CPE_ID_VERSION is to default to FOO_VERSION, so drop
this superfluous definition.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Reviewed-by: Matthew Weber <Matthew.Weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cb1134bb79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:46:11 +02:00
Fabrice Fontaine
0b20376f67 package/pifmrds: always link with -lm 
Commit 888546e527 wrongly removed linking
with -lm resulting in the following build failure:

/home/buildroot/autobuild/run/instance-3/output-1/host/bin/arm-linux-gnueabihf-gcc  -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -L/home/buildroot/autobuild/run/instance-3/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/lib -lsndfile
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-linux-gnueabihf/7.3.1/../../../../arm-linux-gnueabihf/bin/ld: fm_mpx.o: undefined reference to symbol 'cos@@GLIBC_2.4'
/home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/lib/libm.so.6: error adding symbols: DSO missing from command line

Fixes:
 - http://autobuild.buildroot.org/results/b2a6e6fd77bf9071ce9f75fed1811be9ffe5366d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8258081602)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:45:57 +02:00
Fabrice Fontaine
155dfeb314 package/pifmrds: use pkg-config 
Use pkg-config to retrieve libsndfile dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 888546e527)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-09 22:45:34 +02:00
Fabrice Fontaine
5603394b97 package/php-imagick: add CPE variables 
cpe:2.3🅰️php:imagick is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aphp%3Aimagick

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5022410324)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:27:00 +02:00
Fabrice Fontaine
32640f39e9 package/libmspack: add CPE variables 
cpe:2.3🅰️kyzer:libmspack is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3🅰️kyzer:libmspack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 20e20555c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:26:43 +02:00
Fabrice Fontaine
bb2f9b0d1e package/perl: add PERL_CPE_ID_VENDOR 
cpe:2.3🅰️perl:perl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aperl%3Aperl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0aae08ee3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:26:10 +02:00
Fabrice Fontaine
8fd35db31b package/findutils: add FINDUTILS_CPE_ID_VENDOR 
cpe:2.3🅰️gnu:findutils is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Afindutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5c81ffaffc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:26:06 +02:00
Fabrice Fontaine
c3cd45d320 package/python-pillow: security bump to version 8.2.0 
- Fix numerous CVEs:
  https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html#security
  https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
- Update license to HPND:
  81078e8a0d

https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e4625ae8d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:25:14 +02:00
Fabrice Fontaine
e1f5ffc326 package/python-pillow: add webpmux support 
webpmux is an optional dependency since version 2.2.0 and
b4735f7829

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: move into existing webp conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1f3e99f0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:25:02 +02:00
Fabrice Fontaine
70f869e49f package/python-pillow: add xcb support 
libxcb is an optional dependency since version 7.1.0 and
3c39e6fcf6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e1e0e275c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:24:54 +02:00
Fabrice Fontaine
0787c26661 package/python-pillow: add lcms2 support 
lcms2 is an optional dependency since version 2.3.0 and
6d9f349140

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9e21579c13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:24:49 +02:00
Fabrice Fontaine
10405de456 package/expat: security bump to version 2.4.1 
Fix CVE-2013-0340 "Billion Laughs":
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/

https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 990d0c1cd2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:23:25 +02:00
Fabrice Fontaine
0c9fd33934 package/expat: bump to version 2.3.0 
https://github.com/libexpat/libexpat/blob/R_2_3_0/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f2720836b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:23:21 +02:00
Fabrice Fontaine
6431ed682e package/qemu: fix build with latest binutils 
Fixes:
 - http://autobuild.buildroot.org/results/c0881df995093036eb7579d870efcae3feb323aa

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1eb1a24e9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 10:21:13 +02:00
Fabrice Fontaine
2c659b358a package/libnids: drop LIBNIDS_IGNORE_CVES 
NVD database has been updated:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3🅰️libnids_project:libnids:1.24:*:*:*:*:*:*:*

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 65c9ebcd90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:13:12 +02:00
Fabrice Fontaine
971cd9e294 package/mini-snmpd: add CPE variables 
cpe:2.3🅰️minisnmpd_project:minisnmpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminisnmpd_project%3Aminisnmpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5dfb873acf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:12:32 +02:00
Fabrice Fontaine
db4b42eedd package/minissdpd: add MINISSDPD_CPE_ID_VENDOR 
cpe:2.3🅰️miniupnp_project:minissdpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminissdpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 84c07e1f51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:12:26 +02:00
Fabrice Fontaine
392064c10e package/minidlna: add CPE variables 
cpe:2.3🅰️readymedia_project:readymedia is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Areadymedia_project%3Areadymedia

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cb140cd040)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:12:19 +02:00
Fabrice Fontaine
700f216173 package/minizip: add MINIZIP_CPE_ID_VENDOR 
cpe:2.3🅰️minizip_project:minizip is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminizip_project%3Aminizip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix typo MINZIP -> MINIZIP]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 425339dcdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:11:47 +02:00
Fabrice Fontaine
d8805810c3 package/netsurf: add NETSURF_CPE_ID_VENDOR 
cpe:2.3🅰️netsurf-browser:netsurf is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetsurf-browser%3Anetsurf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 22c5e1f847)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:11:41 +02:00
Fabrice Fontaine
9a69e303c9 package/opencv3: add CPE variables 
cpe:2.3🅰️opencv:opencv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopencv%3Aopencv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4919a9c17f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:11:07 +02:00
Fabrice Fontaine
cf11ac8f30 package/oprofile: add OPROFILE_CPE_ID_VENDOR 
cpe:2.3🅰️maynard_johnson:oprofile is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amaynard_johnson%3Aoprofile

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bd5dabce4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:11:01 +02:00
Fabrice Fontaine
ce067a4710 package/libnids: add LIBNIDS_CPE_ID_VENDOR 
cpe:2.3🅰️libnids_project:libnids is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibnids_project%3Alibnids

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3ab5ec3fbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 09:08:23 +02:00
Bernd Kuhls
bc116b690b package/hwloc: add optional dependencies to udev, libxml2, ncurses & numactl 
udev:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L626

libxml2:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc.m4#L1273

ncurses:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L340

numactl:
https://github.com/open-mpi/hwloc/blob/master/config/hwloc_internal.m4#L419

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: drop unconditional --disable-libxml2]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 648ff342db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 08:39:41 +02:00
Fabrice Fontaine
37de514b65 package/p7zip: add P7ZIP_CPE_ID_VENDOR 
cpe:2.3🅰️7-zip:p7zip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3A7-zip%3Ap7zip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 77d1a1be54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 08:11:07 +02:00
Fabrice Fontaine
1650cce463 package/libical: add LIBICAL_CPE_ID_VENDOR 
cpe:2.3🅰️libical_project:libical is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibical_project%3Alibical

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c95d3d8ab8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 08:10:59 +02:00
Fabrice Fontaine
243fffb181 package/shellinabox: add SHELLINABOX_CPE_ID_VENDOR 
cpe:2.3🅰️shellinabox_project:shellinabox is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ashellinabox_project%3Ashellinabox

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81009e31d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 08:10:47 +02:00
Fabrice Fontaine
dbd9d87261 package/blktrace: add BLKTRACE_CPE_ID_VENDOR 
cpe:2.3🅰️blktrace_project:blktrace is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ablktrace_project%3Ablktrace

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b3c332853e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-08 08:10:41 +02:00
Peter Korsgaard
a9c45a66a2 package/lz4: add upstream security fix for CVE-2021-3520 
Fixes a potential memory corruption with negative memmove() size.  For
details, see (NVD not yet updated):

https://security-tracker.debian.org/tracker/CVE-2021-3520

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ecb55c43ce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:43:09 +02:00
Fabrice Fontaine
b14c5918d4 package/imagemagick: security bump to version 7.0.11-13 
Fix CVE-2021-20309 to CVE-2021-20313

https://github.com/ImageMagick/ImageMagick/blob/7.0.11-13/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d642381049)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:42:21 +02:00
Fabrice Fontaine
32f4885cc3 package/vlc: fix build with latest live555 
Fix build failure with live555 raised since commit
6ad1c7f12e

Fixes:
 - http://autobuild.buildroot.org/results/83170984f96238756c45bf1f4e542363afafd45f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb6017fabe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:40:39 +02:00
Fabrice Fontaine
ddeadc09a8 package/msmtp: add MSMTP_CPE_ID_VENDOR 
cpe:2.3🅰️marlam:msmtp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amarlam%3Amsmtp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bf85592a46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:40:34 +02:00
Fabrice Fontaine
4ef158c3db package/mpv: add MPV_CPE_ID_VENDOR 
cpe:2.3🅰️mpv:mpv is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ampv%3Ampv

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b5eaff4df3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:40:24 +02:00
Fabrice Fontaine
089246ef52 package/pwgen: add PWGEN_CPE_ID_VENDOR 
cpe:2.3🅰️pwgen_project:pwgen is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apwgen_project%3Apwgen

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb72fa0d3c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:39:14 +02:00
Fabrice Fontaine
64b824184d package/pulseaudio: add PULSEAUDIO_CPE_ID_VENDOR 
cpe:2.3🅰️pulseaudio:pulseaudio is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apulseaudio%3Apulseaudio

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 27c764153a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:39:05 +02:00
Fabrice Fontaine
e0cb9d01eb package/proxychains-ng: add PROXYCHAINS_NG_CPE_ID_VENDOR 
cpe:2.3🅰️proxychains-ng_project:proxychains-ng is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aproxychains-ng_project%3Aproxychains-ng

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 53d0ca9dfb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:38:58 +02:00
Fabrice Fontaine
6118713a20 package/pigz: add PIGZ_CPE_ID_VENDOR 
cpe:2.3🅰️zlib:pigz is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Azlib%3Apigz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1ee888c248)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:37:38 +02:00
Fabrice Fontaine
bf45624821 package/picocom: add PICOCOM_CPE_ID_VENDOR 
cpe:2.3🅰️picocom_project:picocom is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apicocom_project%3Apicocom

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 214d4e9c22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:37:33 +02:00
Fabrice Fontaine
31477c0181 package/pngquant: add PNGQUANT_CPE_ID_VENDOR 
cpe:2.3🅰️pngquant:pngquant is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apngquant%3Apngquant

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f5732350be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:37:27 +02:00
Fabrice Fontaine
947ee29bb0 package/uhd: USRP1 needs gcc >= 4.9 
Commit c577eac16e forgot to add
dependencies of BR2_PACKAGE_UHD_USB to BR2_PACKAGE_UHD_USRP1

Fixes:
 - http://autobuild.buildroot.org/results/eaae6548fb536e2b0ea539c236cd7579e63fa21e

Note: threads dependency is already guaranteed as uhd itself depends on
NPTL already.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0403dd7d76)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:36:43 +02:00
Fabrice Fontaine
daf1a5d80a package/llvm: include limits 
Fix the following build failure:

In file included from /data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.cc:15:
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h: In function 'void AddRange(std::vector<T>*, T, T, int)':
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h:17:30: error: 'numeric_limits' is not a member of 'std'
   17 |   static const T kmax = std::numeric_limits<T>::max();
      |                              ^~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/68581aad7c622a1fc74bb5556799e3c681425b2a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d8f456d59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:35:29 +02:00
Christian Stewart
10c2e6c588 package/runc: security bump to version 1.0.0-rc95 
Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 96c23d1d0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:34:57 +02:00
Peter Korsgaard
51e7ddcf3b package/mutt: add upstream security fix for CVE-2021-32055 
Fixes the following security issue:

- CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt
  2019-10-25 through 2021-05-04) has a $imap_qresync issue in which
  imap/util.c has an out-of-bounds read in situations where an IMAP sequence
  set ends with a comma.  NOTE: the $imap_qresync setting for QRESYNC is not
  enabled by default.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-06-07 23:32:25 +02:00