aboutsummaryrefslogtreecommitdiff
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* package/libbluray: add optional support for libudfreadHEADmasterGravatar Bernd Kuhls9 hours1-0/+4
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* {linux, linux-headers}: bump 5.{4, 10, 11, 12}.x seriesGravatar Peter Korsgaard9 hours1-4/+4
| | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/dmalloc: fix static buildGravatar Fabrice Fontaine9 hours1-2/+4
| | | | | | | | | | | | Build of dmalloc is broken since commit 19ec872f169a851b48ba04d22432b7c0939847d4 because --enable-shlib is unconditionally set Fixes: - http://autobuild.buildroot.org/results/62c9c6aebca60649bd6f635125507bf10d63fc05 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/openssh: security bump to version 8.6p1Gravatar Fabrice Fontaine10 hours2-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Security ======== * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this option was enabled with a set of patterns that activated logging in code that runs in the low-privilege sandboxed sshd process, the log messages were constructed in such a way that printf(3) format strings could effectively be specified the low-privilege code. An attacker who had sucessfully exploited the low-privilege process could use this to escape OpenSSH's sandboxing and attack the high-privilege process. Exploitation of this weakness is highly unlikely in practice as the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. https://www.openssh.com/txt/release-8.6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/mender-grubenv: fix installing on non-efi platformsGravatar Adam Duskett13 hours1-0/+9
| | | | | | | | | | | | Currently, mender-grubenv unconditionally installs files from the $(TARGET_DIR)/boot/EFI directory to the $(BINARIES_DIR)/efi-part. This fails on systems that are not building grub against EFI. Add a check in mender-grubenv.mk to ensure the files are copied to the correct location if EFI is not selected. Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/refpolicy: fix REFPOLICY_CPE_ID_VENDORGravatar Fabrice Fontaine13 hours1-1/+1
| | | | | | | | | | | | | | | | | | cpe:2.3:a:selinuxproject:refpolicy is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aselinuxproject%3Arefpolicy Indeed, cpe:2.3:a:tresys:refpolicy has been deprecated since April 21th: <cpe-item name="cpe:/a:tresys:refpolicy:2.20180701" deprecated="true" deprecation_date="2021-04-21T16:55:43.710Z"> <title xml:lang="en-US">Tresys refpolicy 2.20180701</title> <reference href="https://github.com/TresysTechnology/refpolicy">Product</reference> <cpe-23:cpe23-item name="cpe:2.3:a:tresys:refpolicy:2.20180701:*:*:*:*:*:*:*"> <cpe-23:deprecated-by name="cpe:2.3:a:selinuxproject:refpolicy:2.20180701:*:*:*:*:*:*:*" type="NAME_CORRECTION"/> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/python-autobahn: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | cpe:2.3:a:crossbar:autobahn is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acrossbar%3Aautobahn Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/python-tqdm: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | cpe:2.3:a:tqdm_project:tqdm is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atqdm_project%3Atqdm Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/python-requests: add CPE variablesGravatar Fabrice Fontaine13 hours2-0/+4
| | | | | | | | | cpe:2.3:a:python:requests is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Arequests Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/python-engineio: add PYTHON_ENGINEIO_CPE_ID_VENDORGravatar Fabrice Fontaine13 hours1-0/+1
| | | | | | | | | | cpe:2.3:a:python-engineio_project:python-engineio is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-engineio_project%3Apython-engineio Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/python-keyring: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | cpe:2.3:a:python:keyring is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython%3Akeyring Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/gstreamer1/gstreamer1: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | | cpe:2.3:a:gstreamer_project:gstreamer is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agstreamer Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/gstreamer1/gst1-rtsp-server: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | | cpe:2.3:a:gstreamer_project:gst-rtsp-server is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agstreamer_project%3Agst-rtsp-server Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/gstreamer1/gst1-plugins-bad: add CPE variablesGravatar Fabrice Fontaine13 hours1-0/+2
| | | | | | | | | | cpe:2.3:a:freedesktop:gst-plugins-bad is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Agst-plugins-bad Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/udisks: add UDISKS_CPE_ID_VENDORGravatar Fabrice Fontaine13 hours1-0/+1
| | | | | | | | | cpe:2.3:a:freedesktop:udisks is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Audisks Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/jh71xx-tools: new packageGravatar Thomas Petazzoni13 hours4-0/+31
| | | | | | | | | | | | | | Add jh71xx-tools as a new host package, it includes a tool that allows to recover the bootloader of JH71xx-based platforms, such as the BeagleV. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> [yann.morin.1998@free.fr: - fix alphabetical order, spotted by Bin - use LICENSE as license file, update license hash accordingly ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/libxcb: add LIBXCB_CPE_ID_VENDORGravatar Fabrice Fontaine14 hours1-0/+1
| | | | | | | | | cpe:2.3:a:x:libxcb is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcb Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libdmx: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libdmx is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibdmx Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXxf86vm: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxxf86vm is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86vm Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXxf86dga: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxxf86dga is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxxf86dga Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/libXres: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxres is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxres Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXpm: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | | cpe:2.3:a:libxpm_project:libxpm is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibxpm_project%3Alibxpm Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libFS: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libfs is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibfs Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libICE: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:freedesktop:libice is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Alibice Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXt: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxt is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxt Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXtst: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxtst is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxtst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXcursor: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxcursor is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxcursor Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXdmcp: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x.org:libxdmcp is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax.org%3Alibxdmcp Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXext: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxext is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxext Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXfixes: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxfixes is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfixes Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXinerama: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxinerama is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxinerama Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/x11r7/xlib_libXfont2: add CPE variablesGravatar Fabrice Fontaine14 hours1-0/+2
| | | | | | | | | cpe:2.3:a:x:libxfont is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ax%3Alibxfont Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/localedef: fix host gcc-11.x compileGravatar Peter Seiderer14 hours2-0/+280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add two upstream patches fixing host gcc-11.x compile. Fixes: - https://bugs.busybox.net/show_bug.cgi?id=13806 In file included from ../include/pthread.h:1, from ../sysdeps/nptl/thread_db.h:25, from ../nptl/descr.h:32, from ../sysdeps/x86_64/nptl/tls.h:130, from ../sysdeps/generic/libc-tsd.h:44, from ./localeinfo.h:224, from programs/ld-ctype.c:37: ../sysdeps/nptl/pthread.h:734:47: error: argument 1 of type ‘struct __jmp_buf_tag *’ declared as a pointer [-Werror=array-parameter=] 734 | extern int __sigsetjmp (struct __jmp_buf_tag *__env, int __savemask) __THROWNL; | ~~~~~~~~~~~~~~~~~~~~~~^~~~~ In file included from ../include/setjmp.h:2, from ../nptl/descr.h:24, from ../sysdeps/x86_64/nptl/tls.h:130, from ../sysdeps/generic/libc-tsd.h:44, from ./localeinfo.h:224, from programs/ld-ctype.c:37: ../setjmp/setjmp.h:54:46: note: previously declared as an array ‘struct __jmp_buf_tag[1]’ 54 | extern int __sigsetjmp (struct __jmp_buf_tag __env[1], int __savemask) __THROWNL; | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~ Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/libxslt: fix build with latest libxml2Gravatar Fabrice Fontaine19 hours2-0/+33
| | | | | | | | | | | | | | | Build is broken since bump of libxml2 to version 2.9.11 in commit a241dcec4188dbf30fbc8b65d7e6f2ece9da3d04 because libxslt calls the following command "${XML_CONFIG} --libs print" which will return an error code since https://github.com/GNOME/libxml2/commit/2a357ab99e6f5c9196384b11cd91dd993f93014c Fixes: - http://autobuild.buildroot.org/results/47ceb8c24c9ead8a450b7fea3266f760d6b77b4f Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/prosody: security bump to version 0.11.9Gravatar Peter Korsgaard29 hours2-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: - CVE-2021-32918: DoS via insufficient memory consumption controls It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. Lua 5.2 is the default and recommended Lua version for Prosody 0.11.x series. - CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU consumption It was discovered that Prosody does not disable SSL/TLS renegotiation, even though this is not used in XMPP. A malicious client may flood a connection with renegotiation requests to consume excessive CPU resources on the server. - CVE-2021-32921: Use of timing-dependent string comparison with sensitive values It was discovered that Prosody does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. - CVE-2021-32917: Use of mod_proxy65 is unrestricted in default configuration mod_proxy65 is a file transfer proxy provided with Prosody to facilitate the transfer of files and other data between XMPP clients. It was discovered that the proxy65 component of Prosody allows open access by default, even if neither of the users have an XMPP account on the local server, allowing unrestricted use of the server’s bandwidth. - CVE-2021-32919: Undocumented dialback-without-dialback option insecure The undocumented option ‘dialback_without_dialback’ enabled an experimental feature for server-to-server authentication. A flaw in this feature meant it did not correctly authenticate remote servers, allowing a remote server to impersonate another server when this option is enabled. For more details, see the advisory: https://prosody.im/security/advisory_20210512/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/docker-engine: fix port forwarding for hosts without IPv6Gravatar Peter Korsgaard29 hours1-0/+74
| | | | | | | | | | | | | | | | | | | | docker-engine 20.10.6 broke container port forwarding for hosts without IPv6 support: docker: Error response from daemon: driver failed programming external connectivity on endpoint naughty_moore (038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error starting userland proxy: listen tcp6 [::]:80: socket: address family not supported by protocol. Add a libnetwork patch from an upstream pull request to fix this, after adjusting the patch to apply to docker-engine (which has libnetwork vendored under vendor/github.com/docker/libnetwork): - https://github.com/moby/libnetwork/pull/2635, - https://github.com/moby/moby/pull/42322 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/live555: security bump to version 2021.05.03Gravatar Fabrice Fontaine29 hours2-3/+3
| | | | | | | | | | | | Fix CVE-2021-28899: Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. http://live555.com/liveMedia/public/changelog.txt Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libxml2: bump to version 2.9.12Gravatar Fabrice Fontaine29 hours2-3/+3
| | | | | | | | | | Brown-paper bag release: https://github.com/GNOME/libxml2/commit/b48e77cf4f6fa0792c5f4b639707a2b0675e461b Update indentation in hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ipackage/modem-manager: bump version to 1.16.4Gravatar Petr Vorel31 hours2-2/+2
| | | | | Signed-off-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/opentyrian: switch to using githubGravatar Yann E. MORIN31 hours2-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenTyrian was previously managed in a Mercurial repository hosted on Bitbucket. Mid-2020, Bitbucket shut off all its Mercurial repositories: https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket Since then, OpenTyrian's source code is inacessible, but we have had no build failure associated as there is an old archive hosted on s.b.o, so that all builds fallback to downloading that: http://sources.buildroot.net/opentyrian/opentyrian-9c9f0ec3532b.tar.gz However, the project has been revived (kinda) on github: https://github.com/opentyrian/opentyrian Git commit cf5dbeb69eebd9ef9afc4473088d9469b79589eb has been found to be the closest, both in content and date, to the Mercuail reference 9c9f0ec3532b we were using. The only deltas are in Mercurial-specific files: b/.hg_archival.txt | 5 0 5 0 ----- b/.hgtags | 2 1 1 0 +- 2 files changed, 1 insertion(+), 6 deletions(-) While at it, add a hash file. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Julien Boibessot <julien.boibessot@armadeus.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/postgis: fix comment dependencies (binutils-bug-21464, ↵Gravatar Peter Seiderer31 hours1-2/+2
| | | | | | | | | | | binutils-bug-27597) The comment dependencies need to be the inverse of the package dependencies (fixes comment shown in menuconfig even if the package is available). Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libgeos: fix comment dependencies (binutils-bug-12464, ↵Gravatar Peter Seiderer31 hours1-2/+2
| | | | | | | | | | | binutils-bug-27597) The comment dependencies need to be the inverse of the package dependencies (fixes comment shown in menuconfig even if the package is available). Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libxml2: security bump to version 2.9.11Gravatar Adrian Perez de Castro42 hours5-119/+2
| | | | | | | | | | | | Update libxml2 to version 2.9.11, which incorporates all the patches carried by Buildroot (which are hence removed), and includes fixes for CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2021-3541 (at least), as per https://gitlab.gnome.org/GNOME/libxml2/-/issues/186#note_1104945 Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/postgresql: security bump version to 13.3Gravatar Bernd Kuhls42 hours2-3/+3
| | | | | | | | Fixes CVE-2021-32027, CVE-2021-32028 & CVE-2021-32029: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/rt-tests: add patch to fix compatibility with make 3.81Gravatar Peter Korsgaard3 days1-0/+48
| | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/cf7c4f360f5464c700788cc8299fd086544c80e8/build-end.log Older GNU make versions don't like the explicit undefine. It isn't really needed as ifdef handles undefined and defined-to-the-empty-string the same way, so just drop the undefine logic. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/bitcoin: security bump to version 0.21.1Gravatar Fabrice Fontaine3 days2-3/+3
| | | | | | | | | | Tag as a security bump as having an up to date bitcoin is important: https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/vlc: security bump version to 3.0.14Gravatar Bernd Kuhls3 days11-46/+5
| | | | | | | | | | | | | | | | | Removed patch 0002 which was applied upstream: https://code.videolan.org/videolan/vlc/-/commit/41caaa08cde60c4fec4bf2e5f9610e2a1b9e6a23 Renumbered remaining patches. Release notes: https://www.videolan.org/vlc/releases/3.0.13.html https://www.videolan.org/vlc/releases/3.0.12-update.html Version 3.0.13 fixes VideoLAN-SB-VLC-3013: https://www.videolan.org/security/sb-vlc3013.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sysklogd: bump to version 2.2.3Gravatar Joachim Wiberg4 days2-2/+5
| | | | | | | https://github.com/troglobit/sysklogd/releases/tag/v2.2.3 Signed-off-by: Joachim Wiberg <troglobit@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/kodi: bump version to 19.1Gravatar Bernd Kuhls4 days5-38/+4
| | | | | | | | Removed patch 0002 which was applied upstream: https://github.com/xbmc/xbmc/commit/c9cf94d3108d742e50ea73b5553125ef5e405c73 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/kodi-pvr-nextpvr: bump version to 8.2.3-MatrixGravatar Bernd Kuhls4 days2-2/+2
| | | | | | | | Changelog: https://github.com/kodi-pvr/pvr.nextpvr/blob/Matrix/pvr.nextpvr/changelog.txt Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>