krant [Mon, 5 Feb 2024 11:47:50 +0000 (13:47 +0200)]
apr: update to 1.7.4
- Remove upstreamed patches
- Fix bindir in apr-1-config to fix subversion build
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 08:10:04 +0000 (10:10 +0200)]
git: update to 2.43.0
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 19:32:50 +0000 (21:32 +0200)]
alsa-utils: update to 1.2.11
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 19:31:47 +0000 (21:31 +0200)]
alsa-ucm-conf: update to 1.2.11
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 19:29:33 +0000 (21:29 +0200)]
alsa-lib: update to 1.2.11
- Change package URL to HTTPS
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 13:25:47 +0000 (15:25 +0200)]
autoconf: update to 2.72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 17:00:59 +0000 (19:00 +0200)]
libarchive: update to 3.7.2
- Don't set CMake options matching the defaults
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 10:19:14 +0000 (12:19 +0200)]
lynx: update to 2.9.0
- Remove stale mirrors
- Use HTTPS for package URL
- Don't set default configure args
- Disable newly added bz2 support
- Formatting
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 7 Feb 2024 10:38:45 +0000 (12:38 +0200)]
expat: update to 2.6.0
- Don't set default CMake options
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 5 Feb 2024 19:35:12 +0000 (21:35 +0200)]
libmariadb: update to 3.1.23
- Replace dead source URL
- Rebase the patch
- Remove superfluous cmake option
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Othmar Truniger [Tue, 6 Feb 2024 17:46:21 +0000 (18:46 +0100)]
knxd: bump to upstream version 0.14.61
Signed-off-by: Othmar Truniger <github@truniger.ch>
krant [Tue, 6 Feb 2024 12:23:25 +0000 (14:23 +0200)]
gzip: update to 1.13
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Florian Eckert [Wed, 7 Feb 2024 08:55:58 +0000 (09:55 +0100)]
Merge pull request #23308 from krant/fping
fping: update to 5.1
krant [Mon, 5 Feb 2024 19:47:27 +0000 (21:47 +0200)]
libid3tag: update to 0.16.3
- Switch package URL to the new upstream
- Switch PKG_SOURCE_PROTO to git
- Switch to CMake build
- Drop custom .pc file in favor of upstream version
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 6 Feb 2024 15:52:14 +0000 (17:52 +0200)]
fping: update to 5.1
- Don't set default configure arg
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 5 Feb 2024 15:38:42 +0000 (17:38 +0200)]
mpg123: update to 1.32.4
- Use package official URL
- Fix license name
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Eneas U de Queiroz [Mon, 5 Feb 2024 13:04:31 +0000 (10:04 -0300)]
oniguruma: bump to 6.9.9
Featured changes:
- Update Unicode version 15.1.0
- NEW API: ONIG_OPTION_MATCH_WHOLE_STRING
- Fixed: (?I) option was not enabled for character classes (Issue #264).
- Changed specification to check for incorrect POSIX bracket (Issue
#253).
- Changed [[:punct:]] in Unicode encodings to be compatible with POSIX
definition. (Issue #268)
- Fixed: ONIG_OPTION_FIND_LONGEST behavior
--- 6.9.8
- Whole options
- (?C) : ONIG_OPTION_DONT_CAPTURE_GROUP
- (?I) : ONIG_OPTION_IGNORECASE_IS_ASCII
- (?L) : ONIG_OPTION_FIND_LONGEST
- Fixed some problems found by OSS-Fuzz
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
krant [Mon, 5 Feb 2024 13:20:37 +0000 (15:20 +0200)]
subversion: update to 1.14.3
- Adopt the package
- Remove default configure options
- Rebase the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Fabrice Fontaine [Mon, 5 Feb 2024 07:00:18 +0000 (08:00 +0100)]
devel/autoconf: assign PKG_LICENSE_FILES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Eneas U de Queiroz [Mon, 5 Feb 2024 13:30:57 +0000 (10:30 -0300)]
python-certifi: Update to 2024.2.2
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
krant [Mon, 5 Feb 2024 15:49:38 +0000 (17:49 +0200)]
opus: update to 1.4
- Add patch to fix build on ARM
- Use official source URL
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Timothy M. Ace [Mon, 5 Feb 2024 00:17:14 +0000 (19:17 -0500)]
python-orjson: update to version 3.9.13
Relevant changes since 3.9.12:
- FIXED: Serialization str escape uses only 128-bit SIMD.
- FIXED: Fix compatibility with CPython 3.13 alpha 3.
- Publish musllinux_1_2 instead of musllinux_1_1 wheels.
- Serialization uses small integer optimization in CPython 3.12 or later.
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:24:43 +0000 (18:24 +0100)]
lang/python/python-yaml: fix PKG_CPE_ID
There is not a single CVE linked to pyyaml_project:pyyaml so use
pyyaml:pyyaml instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pyyaml:pyyaml
Fixes: c06a04c754bdcfdb2ea0bd1d654128863a2b6738 (python-yaml: update to version 5.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Jonas Lochmann [Mon, 1 Jan 2024 00:00:00 +0000 (01:00 +0100)]
mwan3: use network_get_preferred_ipaddr6
This updates mwan3 to use network_get_preferred_ipaddr6 instead of
network_get_ipaddr6 if possible to determine a source ip for the
connectivity checks. This avoids issues where the first ip address
that is returned from network_get_ipaddr6 does not work anymore while
the preferred one returned from network_get_preferred_ipaddr6 works.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
Rosen Penev [Sun, 4 Feb 2024 23:50:11 +0000 (15:50 -0800)]
mosquitto: reenable options wrongly turned off
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Timothy Ace [Tue, 30 Jan 2024 00:01:50 +0000 (19:01 -0500)]
CONTRIBUTING.md: clarify pull request commit requirements
Corrects the commit subject being referred to as a "description"
and links the official OpenWrt patch submission standards for
commit messages. Adds additional notes about real names and
emails being required. Also fixes the capitalization of GitHub
and SourceForge.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
krant [Thu, 1 Feb 2024 13:11:28 +0000 (15:11 +0200)]
gnuplot: update to 6.0.0
- Add patch for MIPS and PowerPC systems
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 31 Jan 2024 19:34:06 +0000 (21:34 +0200)]
libsamplerate: update to 0.2.2
- Update package/source URLs to official ones
- Change license according to upstream
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 31 Jan 2024 13:34:53 +0000 (15:34 +0200)]
freetype: update to 2.13.2
- change package URL to HTTPS
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Timothy Ace [Thu, 1 Feb 2024 17:40:17 +0000 (12:40 -0500)]
perl-time-moment: initial package at v0.44
Builds compiled perl module Time::Moment v0.44 from CPAN.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
krant [Thu, 1 Feb 2024 20:53:05 +0000 (22:53 +0200)]
libmaxminddb: update to 1.9.1
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 2 Feb 2024 08:21:37 +0000 (10:21 +0200)]
jq: update to 1.7.1
- Update package URLs
- Fix license
- Drop obsolete CFLAGS
- Drop obsolete patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 1 Feb 2024 20:12:28 +0000 (22:12 +0200)]
libstrophe: update 0.13.0
- Use common Github URL
- Add missing zlib dependency
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 1 Feb 2024 07:59:45 +0000 (09:59 +0200)]
libsndfile: update to 1.2.2
- Update package URL to the official one
- Update source URL to the official one
- Modernize CMake options
- Fixup pkgconfig file
- Enable mpg123 support per users request (+7kB)
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Paul Donald [Tue, 16 Jan 2024 01:47:32 +0000 (02:47 +0100)]
p910nd: hotplug script
Signed-off-by: Paul Donald <newtwen@gmail.com>
krant [Sat, 3 Feb 2024 10:12:01 +0000 (12:12 +0200)]
graphicsmagick: update to 1.3.42
- Adopt the package
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Eric Fahlgren [Wed, 10 Jan 2024 16:10:05 +0000 (08:10 -0800)]
snort3: finish up several incomplete capabilities
Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents
Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location
CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages
Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Jan Klos [Wed, 24 Jan 2024 16:57:27 +0000 (17:57 +0100)]
iputils: bump to
20240117
Signed-off-by: Jan Klos <jan@klos.xyz>
krant [Thu, 1 Feb 2024 15:34:58 +0000 (17:34 +0200)]
procps-ng: update to 4.0.4
- Update the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:37:33 +0000 (18:37 +0100)]
treewide: assign PKG_CPE_ID
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
PeterFromSweden [Sun, 28 Jan 2024 16:23:40 +0000 (17:23 +0100)]
telldus-mqtt: add new package in utils
Extends functionality of exisiting telldus-core package
Signed-off-by: PeterFromSweden <peterfromswe884@gmail.com>
krant [Wed, 31 Jan 2024 11:38:30 +0000 (13:38 +0200)]
make: update to 4.4.1
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 31 Jan 2024 09:19:34 +0000 (11:19 +0200)]
leptonica: update to 1.84.1
- remove upstreamed patch
- explicitly disable openjpeg to ignore host-installed library
- fix .cmake and .pc paths
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Olivier Poitrey [Sun, 4 Feb 2024 23:50:54 +0000 (23:50 +0000)]
nextdns: Update to version 1.42.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
krant [Thu, 1 Feb 2024 08:36:33 +0000 (10:36 +0200)]
imagemagick: take over maintainership
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 31 Jan 2024 12:53:27 +0000 (14:53 +0200)]
imagemagick: update to 7.1.1-27
- Use official source URL
- Add libstdcpp dependency
- Don't set configure options which are matching default values
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 31 Jan 2024 13:14:23 +0000 (15:14 +0200)]
flac: update to 1.4.3
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Jan Hoffmann [Thu, 1 Feb 2024 20:12:05 +0000 (21:12 +0100)]
vnstat2: update to version 2.12
This version includes several new features that allow to simplify the
package significantly: The noexit patch and hotplug script are no longer
needed, and the init script doesn't have to check for legacy databases
anymore.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
krant [Thu, 1 Feb 2024 10:37:35 +0000 (12:37 +0200)]
zstd: update to 1.5.5
- Don't set Meson options which are matching defaults
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Konstantin Demin [Thu, 1 Feb 2024 00:29:58 +0000 (03:29 +0300)]
libcurl-gnutls: update to version 8.6.0
https://curl.se/changes.html#8_6_0
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 22:01:37 +0000 (23:01 +0100)]
utils/ntfs-3g: fix PKG_CPE_ID
tuxera:ntfs-3g is a better CPE ID than ntfs-3g:ntfs-3g as this CPE ID
has the latest CVEs (whereas ntfs-3g:ntfs-3g only has one CVE from 2007):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tuxera:ntfs-3g
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 10:13:06 +0000 (11:13 +0100)]
utils/gpsd: fix PKG_CPE_ID
gpsd_project:gpsd is a better CPE ID than berlios:gps_daemon as this CPE
ID has the latest CVEs (whereas berlios:gps_daemon only has one CVE from
2004):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gpsd_project:gpsd
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:17:47 +0000 (18:17 +0100)]
lang/python/python-pip: fix PKG_CPE_ID
There is not a single CVE linked to python:pip so use pypa:pip instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pypa:pip
Moreover, CPE_ID missed PKG_ prefix
Fixes: eee273507b868ad5f6f7e744d513c85330967906 (python3: Split pip into separate source package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:20:15 +0000 (18:20 +0100)]
net/nbd: fix PKG_CPE_ID
There is not a single CVE linked to network_block_device:nbd so use
network_block_device_project:network_block_device instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:network_block_device_project:network_block_device
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 22:31:04 +0000 (23:31 +0100)]
multimedia/motion: fix PKG_CPE_ID
motion_project:motion is a better CPE ID than lavrsen:motion as this CPE
ID has the latest CVE (whereas lavrsen:motion only a CVE from 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:motion_project:motion
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 22:04:45 +0000 (23:04 +0100)]
net/miniupnpc: fix PKG_CPE_ID
cpe:/a:miniupnp_project:miniupnpc is the correct CPE ID for miniupnpc:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:miniupnp_project:miniupnpc
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 17:30:52 +0000 (18:30 +0100)]
libs/libidn2: fix PKG_CPE_ID
There is not a single CVE linked to libidn2_project:libidn2 so use
gnu:libidn2 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gnu:libidn2
Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 17:27:39 +0000 (18:27 +0100)]
libs/expat: fix PKG_CPE_ID
There is not a single CVE linked to libexpat:expat so use
libexpat_project:libexpat instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libexpat_project:libexpat
Fixes: 70c62ef2d77aef5d8a27ccca2b147bc2a69dc7f8 (expat: update to version 2.2.7 (security fix))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 21:31:08 +0000 (22:31 +0100)]
utils/lrzsz: fix PKG_CPE_ID
PKG_CPE_ID was missing ":lrzsz"
Fixes: 6d6c4b21b5e22a9f1058db5b61521a298e00a5f0 (lrzsz: update to v0.12.21rc and fix a CVE)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Sun, 4 Feb 2024 21:08:51 +0000 (22:08 +0100)]
lang/python/python-paho-mqtt: fix license
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
https://github.com/eclipse/paho.mqtt.python/commit/
fabe7500fb6fde31fd98c619e0117d1c651fd18d
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519bb8cdfaa973070f65ff9a3a481e5cd1 (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Vladimir Ulrich [Sun, 4 Feb 2024 21:08:14 +0000 (00:08 +0300)]
zoneinfo: Updated to 2024a release
Signed-off-by: Vladimir Ulrich <admin@evl.su>
Fabrice Fontaine [Sun, 4 Feb 2024 21:46:55 +0000 (22:46 +0100)]
net/ntpd: fix license
Replace "Unique" by the standard SPDX identifier for NTP license:
https://spdx.org/licenses/NTP.html
Fixes: 1aff45c6dd36f2a5875eadaeae2ed93da8ff6d45 (ntpd: add SPDX license information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Sun, 4 Feb 2024 21:41:03 +0000 (22:41 +0100)]
utils/lsof: fix license
Replace "Unique" by the standard SPDX identifier for lsof license:
https://spdx.org/licenses/lsof.html
Fixes: 59adfc86b9d1e5a8fb9d5c83db6546a6b49a77f5 (lsof: add license information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:48:20 +0000 (18:48 +0100)]
net/boinc: fix PKG_CPE_ID
boinc_project:boinc has never been a valid CPE ID so use
rom_walton:boinc instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:rom_walton:boinc
Fixes: 9c2bd865c715cad8646157d6bbfb669d9970c322 (boinc: new package for distributed computing/data acquisition)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 21:23:24 +0000 (22:23 +0100)]
utils/zsh: fix PKG_CPE_ID
zsh:zsh is a better CPE ID than zsh_project:zsh as this CPE ID has the
latest CVEs (whereas zsh_project:zsh only has CVEs up to 2017):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zsh:zsh
Fixes: ff056fcffcacf2632505bb108bf8e8c2a3cef09c (zsh: Update to 5.6.2)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 19:50:37 +0000 (20:50 +0100)]
utils/tmux: fix PKG_CPE_ID
tmux_project:tmux is a better CPE ID than nicholas_marriott:tmux as this
CPE ID has the latest CVE (whereas nicholas_marriott:tmux only has a CVE
from 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tmux_project:tmux
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 19:43:57 +0000 (20:43 +0100)]
net/tinyproxy: fix PKG_CPE_ID
tinyproxy_project:tinyproxy is a better CPE ID than banu:tinyproxy as
this CPE ID has the latest CVEs (whereas banu:tinyproxy only has CVEs up
to 2012):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinyproxy_project:tinyproxy
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 19:35:54 +0000 (20:35 +0100)]
net/tinc: fix PKG_CPE_ID
tinc-vpn:tinc is a better CPE ID than tinc:tinc as this CPE ID has the
latest CVEs (whereas tinc:tinc only has CVEs up to 2002):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinc-vpn:tinc
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 20:48:01 +0000 (21:48 +0100)]
net/vsftpd: fix PKG_CPE_ID
vsftpd_project:vsftpd is a better CPE ID than beasts:vsftpd as this CPE
ID has the latest CVEs (whereas beasts:vsftpd only has CVEs up to 2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:vsftpd_project:vsftpd
Fixes: 1371b7be878382b8b52cd73ff72a3a41d28013c4 (vsftpd: Fix compilation without ECC or deprecated APIs)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:38:11 +0000 (18:38 +0100)]
libs/redis: fix PKG_CPE_ID
There is not a single CVE linked to pivotal_software:redis so use
redis:redis instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:redis:redis
Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:15:55 +0000 (18:15 +0100)]
lang/python/python-requests: fix PKG_CPE_ID
There is not a single CVE linked to python-requests:requests so use
python:requests instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:requests
Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 17:09:46 +0000 (18:09 +0100)]
lang/python/python-urllib3: fix PKG_CPE_ID
There is not a single CVE linked to urllib3_project:urllib3 so use
python:urllib3 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:urllib3
Fixes: 6dcaa769d8ce8921dc3bfaf78ab9a8c1cef4a9b9 (python-urllib3: update to version 1.25)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
S. Brusch [Fri, 2 Feb 2024 12:28:37 +0000 (13:28 +0100)]
crowdsec: new upstream release version 1.6.0
Update crowdsec to latest upstream release version 1.6.0
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Package tested: not able to test run due to limited space (package is big)
Description: update to latest version of upstream
Fabrice Fontaine [Sun, 4 Feb 2024 20:57:46 +0000 (21:57 +0100)]
libs/libgd: fix license
libgd is licensed under its own "GD" license and not MIT
Fixes: 60feea09c9d343f648045e5e85e7788e75d4e039 (libgd: import from oldpackages, add myself as maintainer, add license...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: bump package version
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: unify SSL dependencies
ssl/full variants now depend on "ca-certs" (provided by "ca-bundle" and "ca-certificates")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: ncat: use default CA bundle
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Jiri Slachta [Sun, 4 Feb 2024 21:42:04 +0000 (22:42 +0100)]
Merge pull request #23279 from ffontaine/fix-tiff-license
libs/tiff: fix license
Fabrice Fontaine [Sun, 4 Feb 2024 21:30:33 +0000 (22:30 +0100)]
libs/tiff: fix license
tiff is licensed under its own "libtiff" license and not BSD-3-Clause
Fixes: 364de5bc3f16eba42f93d36e848b998b3579e39e (tiff: add licensing information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Sun, 4 Feb 2024 10:06:04 +0000 (11:06 +0100)]
lang/python/python-aiohttp: fix PKG_CPE_ID
aiohttp:aiohttp is a better CPE ID than aio-libs_projet:aiohttp as this
CPE ID has the latest CVEs (whereas aio-libs_project:aiohttp only has
one CVE from 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aiohttp:aiohttp
Fixes: 2edf5034f1c09fe60af52087abe7b6fcef9433fc (python-aiohttp: add a new package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
krant [Thu, 1 Feb 2024 14:25:01 +0000 (16:25 +0200)]
less: update to 643
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 1 Feb 2024 15:06:57 +0000 (17:06 +0200)]
grep: update to 3.11
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Sergey Ponomarev [Sat, 3 Feb 2024 20:13:22 +0000 (22:13 +0200)]
cloudflared: refine config.yml
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
The cloudflared.config has missing option token.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Alexandru Ardelean [Sat, 3 Feb 2024 06:12:38 +0000 (08:12 +0200)]
Merge pull request #23263 from ffontaine/fix-sudo-cpeid
admin/sudo: fix PKG_CPE_ID
Alexandru Ardelean [Sat, 3 Feb 2024 06:05:56 +0000 (08:05 +0200)]
Merge pull request #23262 from ffontaine/fix-squashfs-tools-cpeid
utils/squashfs-tools: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 19:08:34 +0000 (20:08 +0100)]
utils/squashfs-tools: fix PKG_CPE_ID
There is not a single CVE linked to phillip_lougher:squashfs so use
squashfs-tools_project:squashfs-tools instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:squashfs-tools_project:squashfs-tools
Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fabrice Fontaine [Fri, 2 Feb 2024 19:18:23 +0000 (20:18 +0100)]
admin/sudo: fix PKG_CPE_ID
sudo_project:sudo is a better CPE ID than todd_miller:sudo as this CPE
ID has the latest CVEs (whereas todd_miller:sudo only has CVEs up to
2016):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:sudo_project:sudo
Fixes: 8ce9f30c421255c514b1b2e41fc92eafd7976583 (sudo: Update to 1.8.24)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
krant [Thu, 1 Feb 2024 21:10:02 +0000 (23:10 +0200)]
libidn2: update to 2.3.7
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Stan Grishin [Fri, 2 Feb 2024 13:47:17 +0000 (06:47 -0700)]
Merge pull request #23219 from rockdrilla/curl-8.6.0
curl: update to 8.6.0
krant [Thu, 1 Feb 2024 12:06:47 +0000 (14:06 +0200)]
unrar: update to 6.2.12
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 1 Feb 2024 16:53:36 +0000 (18:53 +0200)]
tar: update to 1.35
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 17:24:48 +0000 (18:24 +0100)]
libs/vips: fix PKG_CPE_ID
libvips:libvips is a better CPE ID than vips:vips as this CPE ID has the
latest CVEs (whereas vips only has an old CVE from 2010):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libvips:libvips
Fix:
299e5b0a9bce19d6e96cb9ff217028b36ee2dd36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
krant [Thu, 1 Feb 2024 21:02:01 +0000 (23:02 +0200)]
libpsl: update to 0.21.5
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Fabrice Fontaine [Thu, 1 Feb 2024 22:22:16 +0000 (23:22 +0100)]
net/krb5: fix PKG_CPE_ID
mit:kerberos_5 is a better CPE ID than mit:kerberos as this CPE ID has
the latest CVEs (whereas mit:kerberos only has CVEs until 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:mit:kerberos_5
Fix:
299e5b0a9bce19d6e96cb9ff217028b36ee2dd36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Nikos Mavrogiannopoulos [Fri, 2 Feb 2024 08:33:15 +0000 (09:33 +0100)]
Merge pull request #23243 from ffontaine/fix-libpam-cpeid
libs/libpam: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 21:12:24 +0000 (22:12 +0100)]
libs/libpam: fix PKG_CPE_ID
linux-pam:linux-pam is a better CPE ID than kernel:linux-pam as this CPE
ID has the latest CVEs (whereas kernel:linux-pam only has a
SUSE-specific CVE):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:linux-pam:linux-pam
Fix:
6f74b0c4f15a095b1069a8aaeb19a32dfbc7539a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tianling Shen [Thu, 1 Feb 2024 15:21:07 +0000 (23:21 +0800)]
dnsproxy: Update to 0.64.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Stan Grishin [Thu, 25 Jan 2024 23:15:49 +0000 (23:15 +0000)]
nebula: update to 1.8.2-2
The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file
Kudos to @BKPepe and @
1715173329 for feedback which lead to these fixes
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Konstantin Demin [Thu, 1 Feb 2024 00:28:09 +0000 (03:28 +0300)]
curl: update to 8.6.0
* https://curl.se/changes.html#8_6_0
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>