feed/packages.git
9 months agoapr: update to 1.7.4
krant [Mon, 5 Feb 2024 11:47:50 +0000 (13:47 +0200)]
apr: update to 1.7.4

- Remove upstreamed patches
- Fix bindir in apr-1-config to fix subversion build

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agogit: update to 2.43.0
krant [Tue, 6 Feb 2024 08:10:04 +0000 (10:10 +0200)]
git: update to 2.43.0

- Refresh patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoalsa-utils: update to 1.2.11
krant [Tue, 6 Feb 2024 19:32:50 +0000 (21:32 +0200)]
alsa-utils: update to 1.2.11

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoalsa-ucm-conf: update to 1.2.11
krant [Tue, 6 Feb 2024 19:31:47 +0000 (21:31 +0200)]
alsa-ucm-conf: update to 1.2.11

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoalsa-lib: update to 1.2.11
krant [Tue, 6 Feb 2024 19:29:33 +0000 (21:29 +0200)]
alsa-lib: update to 1.2.11

- Change package URL to HTTPS
- Refresh patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoautoconf: update to 2.72
krant [Tue, 6 Feb 2024 13:25:47 +0000 (15:25 +0200)]
autoconf: update to 2.72

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibarchive: update to 3.7.2
krant [Tue, 6 Feb 2024 17:00:59 +0000 (19:00 +0200)]
libarchive: update to 3.7.2

- Don't set CMake options matching the defaults

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolynx: update to 2.9.0
krant [Tue, 6 Feb 2024 10:19:14 +0000 (12:19 +0200)]
lynx: update to 2.9.0

- Remove stale mirrors
- Use HTTPS for package URL
- Don't set default configure args
- Disable newly added bz2 support
- Formatting

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoexpat: update to 2.6.0
krant [Wed, 7 Feb 2024 10:38:45 +0000 (12:38 +0200)]
expat: update to 2.6.0

- Don't set default CMake options

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibmariadb: update to 3.1.23
krant [Mon, 5 Feb 2024 19:35:12 +0000 (21:35 +0200)]
libmariadb: update to 3.1.23

- Replace dead source URL
- Rebase the patch
- Remove superfluous cmake option

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoknxd: bump to upstream version 0.14.61
Othmar Truniger [Tue, 6 Feb 2024 17:46:21 +0000 (18:46 +0100)]
knxd: bump to upstream version 0.14.61

Signed-off-by: Othmar Truniger <github@truniger.ch>
9 months agogzip: update to 1.13
krant [Tue, 6 Feb 2024 12:23:25 +0000 (14:23 +0200)]
gzip: update to 1.13

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoMerge pull request #23308 from krant/fping
Florian Eckert [Wed, 7 Feb 2024 08:55:58 +0000 (09:55 +0100)]
Merge pull request #23308 from krant/fping

fping: update to 5.1

9 months agolibid3tag: update to 0.16.3
krant [Mon, 5 Feb 2024 19:47:27 +0000 (21:47 +0200)]
libid3tag: update to 0.16.3

- Switch package URL to the new upstream
- Switch PKG_SOURCE_PROTO to git
- Switch to CMake build
- Drop custom .pc file in favor of upstream version

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agofping: update to 5.1 23308/head
krant [Tue, 6 Feb 2024 15:52:14 +0000 (17:52 +0200)]
fping: update to 5.1

- Don't set default configure arg

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agompg123: update to 1.32.4
krant [Mon, 5 Feb 2024 15:38:42 +0000 (17:38 +0200)]
mpg123: update to 1.32.4

- Use package official URL
- Fix license name

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agooniguruma: bump to 6.9.9
Eneas U de Queiroz [Mon, 5 Feb 2024 13:04:31 +0000 (10:04 -0300)]
oniguruma: bump to 6.9.9

Featured changes:
- Update Unicode version 15.1.0
- NEW API: ONIG_OPTION_MATCH_WHOLE_STRING
- Fixed: (?I) option was not enabled for character classes (Issue #264).
- Changed specification to check for incorrect POSIX bracket (Issue
  #253).
- Changed [[:punct:]] in Unicode encodings to be compatible with POSIX
  definition. (Issue #268)
- Fixed: ONIG_OPTION_FIND_LONGEST behavior
--- 6.9.8
- Whole options
  - (?C) : ONIG_OPTION_DONT_CAPTURE_GROUP
  - (?I) : ONIG_OPTION_IGNORECASE_IS_ASCII
  - (?L) : ONIG_OPTION_FIND_LONGEST
- Fixed some problems found by OSS-Fuzz

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
9 months agosubversion: update to 1.14.3
krant [Mon, 5 Feb 2024 13:20:37 +0000 (15:20 +0200)]
subversion: update to 1.14.3

- Adopt the package
- Remove default configure options
- Rebase the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agodevel/autoconf: assign PKG_LICENSE_FILES
Fabrice Fontaine [Mon, 5 Feb 2024 07:00:18 +0000 (08:00 +0100)]
devel/autoconf: assign PKG_LICENSE_FILES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agopython-certifi: Update to 2024.2.2
Eneas U de Queiroz [Mon, 5 Feb 2024 13:30:57 +0000 (10:30 -0300)]
python-certifi: Update to 2024.2.2

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
9 months agoopus: update to 1.4
krant [Mon, 5 Feb 2024 15:49:38 +0000 (17:49 +0200)]
opus: update to 1.4

- Add patch to fix build on ARM
- Use official source URL

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agopython-orjson: update to version 3.9.13
Timothy M. Ace [Mon, 5 Feb 2024 00:17:14 +0000 (19:17 -0500)]
python-orjson: update to version 3.9.13

Relevant changes since 3.9.12:
- FIXED: Serialization str escape uses only 128-bit SIMD.
- FIXED: Fix compatibility with CPython 3.13 alpha 3.
- Publish musllinux_1_2 instead of musllinux_1_1 wheels.
- Serialization uses small integer optimization in CPython 3.12 or later.

Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
9 months agolang/python/python-yaml: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:24:43 +0000 (18:24 +0100)]
lang/python/python-yaml: fix PKG_CPE_ID

There is not a single CVE linked to pyyaml_project:pyyaml so use
pyyaml:pyyaml instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pyyaml:pyyaml

Fixes: c06a04c754bdcfdb2ea0bd1d654128863a2b6738 (python-yaml: update to version 5.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agomwan3: use network_get_preferred_ipaddr6
Jonas Lochmann [Mon, 1 Jan 2024 00:00:00 +0000 (01:00 +0100)]
mwan3: use network_get_preferred_ipaddr6

This updates mwan3 to use network_get_preferred_ipaddr6 instead of
network_get_ipaddr6 if possible to determine a source ip for the
connectivity checks. This avoids issues where the first ip address
that is returned from network_get_ipaddr6 does not work anymore while
the preferred one returned from network_get_preferred_ipaddr6 works.

Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
9 months agolualanes: Version bump to v3.16.2
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2

Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.

Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.

Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.

Signed-off-by: Mark Baker <mark@vpost.net>
9 months agomosquitto: reenable options wrongly turned off
Rosen Penev [Sun, 4 Feb 2024 23:50:11 +0000 (15:50 -0800)]
mosquitto: reenable options wrongly turned off

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agoCONTRIBUTING.md: clarify pull request commit requirements
Timothy Ace [Tue, 30 Jan 2024 00:01:50 +0000 (19:01 -0500)]
CONTRIBUTING.md: clarify pull request commit requirements

Corrects the commit subject being referred to as a "description"
and links the official OpenWrt patch submission standards for
commit messages. Adds additional notes about real names and
emails being required. Also fixes the capitalization of GitHub
and SourceForge.

Signed-off-by: Timothy Ace <openwrt@timothyace.com>
9 months agognuplot: update to 6.0.0
krant [Thu, 1 Feb 2024 13:11:28 +0000 (15:11 +0200)]
gnuplot: update to 6.0.0

- Add patch for MIPS and PowerPC systems

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibsamplerate: update to 0.2.2
krant [Wed, 31 Jan 2024 19:34:06 +0000 (21:34 +0200)]
libsamplerate: update to 0.2.2

- Update package/source URLs to official ones
- Change license according to upstream

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agofreetype: update to 2.13.2
krant [Wed, 31 Jan 2024 13:34:53 +0000 (15:34 +0200)]
freetype: update to 2.13.2

- change package URL to HTTPS

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoperl-time-moment: initial package at v0.44
Timothy Ace [Thu, 1 Feb 2024 17:40:17 +0000 (12:40 -0500)]
perl-time-moment: initial package at v0.44

Builds compiled perl module Time::Moment v0.44 from CPAN.

Signed-off-by: Timothy Ace <openwrt@timothyace.com>
9 months agolibmaxminddb: update to 1.9.1
krant [Thu, 1 Feb 2024 20:53:05 +0000 (22:53 +0200)]
libmaxminddb: update to 1.9.1

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agojq: update to 1.7.1
krant [Fri, 2 Feb 2024 08:21:37 +0000 (10:21 +0200)]
jq: update to 1.7.1

- Update package URLs
- Fix license
- Drop obsolete CFLAGS
- Drop obsolete patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibstrophe: update 0.13.0
krant [Thu, 1 Feb 2024 20:12:28 +0000 (22:12 +0200)]
libstrophe: update 0.13.0

- Use common Github URL
- Add missing zlib dependency

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibsndfile: update to 1.2.2
krant [Thu, 1 Feb 2024 07:59:45 +0000 (09:59 +0200)]
libsndfile: update to 1.2.2

- Update package URL to the official one
- Update source URL to the official one
- Modernize CMake options
- Fixup pkgconfig file
- Enable mpg123 support per users request (+7kB)

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agop910nd: hotplug script
Paul Donald [Tue, 16 Jan 2024 01:47:32 +0000 (02:47 +0100)]
p910nd: hotplug script

Signed-off-by: Paul Donald <newtwen@gmail.com>
9 months agographicsmagick: update to 1.3.42
krant [Sat, 3 Feb 2024 10:12:01 +0000 (12:12 +0200)]
graphicsmagick: update to 1.3.42

- Adopt the package

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agosnort3: finish up several incomplete capabilities
Eric Fahlgren [Wed, 10 Jan 2024 16:10:05 +0000 (08:10 -0800)]
snort3: finish up several incomplete capabilities

Reporting
 - Use json alert data for 10x speed improvement in report generation
 - Include both gid and sid, plus packet direction in report output
 - Add by-date incident filtering
 - Add verbose mode which displays actual rules triggered and their source
 - Attempt to look up host names from IPs in verbose mode
 - Clean up display of port number involved in incidents

Rules
 - Complete downloader for subscription rules using oinkcode (only tested
   with snort.org's "free" tier subscription)
 - Auto-detect multiple rules files and include them in lua 'ips.rules'
 - Add '--backup' option to copy out current rules before installing new
 - Add '--persistent' option to 'snort-rules', storing in persistent location

CLI interface
 - Completely rework command line option parsing in all user scripts
 - Allow options and commands to be in any order on command line
 - Add long-form names for all options ('--help' for '-h' and so on)
 - Detect errors properly in options, enhance help pages

Bug fixes
 - Use 'mkdir -p' on all directory creation
 - Use proper tmp directory from 'snort.snort.temp_dir' everywhere

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
9 months agoiputils: bump to 20240117
Jan Klos [Wed, 24 Jan 2024 16:57:27 +0000 (17:57 +0100)]
iputils: bump to 20240117

Signed-off-by: Jan Klos <jan@klos.xyz>
9 months agoprocps-ng: update to 4.0.4
krant [Thu, 1 Feb 2024 15:34:58 +0000 (17:34 +0200)]
procps-ng: update to 4.0.4

- Update the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agotreewide: assign PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:37:33 +0000 (18:37 +0100)]
treewide: assign PKG_CPE_ID

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agotelldus-mqtt: add new package in utils
PeterFromSweden [Sun, 28 Jan 2024 16:23:40 +0000 (17:23 +0100)]
telldus-mqtt: add new package in utils

Extends functionality of exisiting telldus-core package

Signed-off-by: PeterFromSweden <peterfromswe884@gmail.com>
9 months agomake: update to 4.4.1
krant [Wed, 31 Jan 2024 11:38:30 +0000 (13:38 +0200)]
make: update to 4.4.1

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoleptonica: update to 1.84.1
krant [Wed, 31 Jan 2024 09:19:34 +0000 (11:19 +0200)]
leptonica: update to 1.84.1

- remove upstreamed patch
- explicitly disable openjpeg to ignore host-installed library
- fix .cmake and .pc paths

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agonextdns: Update to version 1.42.0
Olivier Poitrey [Sun, 4 Feb 2024 23:50:54 +0000 (23:50 +0000)]
nextdns: Update to version 1.42.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
9 months agoimagemagick: take over maintainership
krant [Thu, 1 Feb 2024 08:36:33 +0000 (10:36 +0200)]
imagemagick: take over maintainership

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoimagemagick: update to 7.1.1-27
krant [Wed, 31 Jan 2024 12:53:27 +0000 (14:53 +0200)]
imagemagick: update to 7.1.1-27

- Use official source URL
- Add libstdcpp dependency
- Don't set configure options which are matching default values

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoflac: update to 1.4.3
krant [Wed, 31 Jan 2024 13:14:23 +0000 (15:14 +0200)]
flac: update to 1.4.3

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agovnstat2: update to version 2.12
Jan Hoffmann [Thu, 1 Feb 2024 20:12:05 +0000 (21:12 +0100)]
vnstat2: update to version 2.12

This version includes several new features that allow to simplify the
package significantly: The noexit patch and hotplug script are no longer
needed, and the init script doesn't have to check for legacy databases
anymore.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
9 months agozstd: update to 1.5.5
krant [Thu, 1 Feb 2024 10:37:35 +0000 (12:37 +0200)]
zstd: update to 1.5.5

- Don't set Meson options which are matching defaults

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibcurl-gnutls: update to version 8.6.0
Konstantin Demin [Thu, 1 Feb 2024 00:29:58 +0000 (03:29 +0300)]
libcurl-gnutls: update to version 8.6.0

https://curl.se/changes.html#8_6_0

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
9 months agoutils/ntfs-3g: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 22:01:37 +0000 (23:01 +0100)]
utils/ntfs-3g: fix PKG_CPE_ID

tuxera:ntfs-3g is a better CPE ID than ntfs-3g:ntfs-3g as this CPE ID
has the latest CVEs (whereas ntfs-3g:ntfs-3g only has one CVE from 2007):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tuxera:ntfs-3g

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoutils/gpsd: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 10:13:06 +0000 (11:13 +0100)]
utils/gpsd: fix PKG_CPE_ID

gpsd_project:gpsd is a better CPE ID than berlios:gps_daemon as this CPE
ID has the latest CVEs (whereas berlios:gps_daemon only has one CVE from
2004):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gpsd_project:gpsd

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolang/python/python-pip: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:17:47 +0000 (18:17 +0100)]
lang/python/python-pip: fix PKG_CPE_ID

There is not a single CVE linked to python:pip so use pypa:pip instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pypa:pip

Moreover, CPE_ID missed PKG_ prefix

Fixes: eee273507b868ad5f6f7e744d513c85330967906 (python3: Split pip into separate source package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/nbd: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:20:15 +0000 (18:20 +0100)]
net/nbd: fix PKG_CPE_ID

There is not a single CVE linked to network_block_device:nbd so use
network_block_device_project:network_block_device instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:network_block_device_project:network_block_device

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agomultimedia/motion: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 22:31:04 +0000 (23:31 +0100)]
multimedia/motion: fix PKG_CPE_ID

motion_project:motion is a better CPE ID than lavrsen:motion as this CPE
ID has the latest CVE (whereas lavrsen:motion only a CVE from 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:motion_project:motion

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/miniupnpc: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 22:04:45 +0000 (23:04 +0100)]
net/miniupnpc: fix PKG_CPE_ID

cpe:/a:miniupnp_project:miniupnpc is the correct CPE ID for miniupnpc:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:miniupnp_project:miniupnpc

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolibs/libidn2: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 17:30:52 +0000 (18:30 +0100)]
libs/libidn2: fix PKG_CPE_ID

There is not a single CVE linked to libidn2_project:libidn2 so use
gnu:libidn2 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gnu:libidn2

Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolibs/expat: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 17:27:39 +0000 (18:27 +0100)]
libs/expat: fix PKG_CPE_ID

There is not a single CVE linked to libexpat:expat so use
libexpat_project:libexpat instead:

https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libexpat_project:libexpat

Fixes: 70c62ef2d77aef5d8a27ccca2b147bc2a69dc7f8 (expat: update to version 2.2.7 (security fix))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoutils/lrzsz: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 21:31:08 +0000 (22:31 +0100)]
utils/lrzsz: fix PKG_CPE_ID

PKG_CPE_ID was missing ":lrzsz"

Fixes: 6d6c4b21b5e22a9f1058db5b61521a298e00a5f0 (lrzsz: update to v0.12.21rc and fix a CVE)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolang/python/python-paho-mqtt: fix license
Fabrice Fontaine [Sun, 4 Feb 2024 21:08:51 +0000 (22:08 +0100)]
lang/python/python-paho-mqtt: fix license

python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
https://github.com/eclipse/paho.mqtt.python/commit/fabe7500fb6fde31fd98c619e0117d1c651fd18d

While at it, add LICENSE.txt to PKG_LICENSE_FILES

Fixes: 784f2a519bb8cdfaa973070f65ff9a3a481e5cd1 (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agozoneinfo: Updated to 2024a release
Vladimir Ulrich [Sun, 4 Feb 2024 21:08:14 +0000 (00:08 +0300)]
zoneinfo: Updated to 2024a release

Signed-off-by: Vladimir Ulrich <admin@evl.su>
9 months agonet/ntpd: fix license
Fabrice Fontaine [Sun, 4 Feb 2024 21:46:55 +0000 (22:46 +0100)]
net/ntpd: fix license

Replace "Unique" by the standard SPDX identifier for NTP license:
https://spdx.org/licenses/NTP.html

Fixes: 1aff45c6dd36f2a5875eadaeae2ed93da8ff6d45 (ntpd: add SPDX license information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoutils/lsof: fix license
Fabrice Fontaine [Sun, 4 Feb 2024 21:41:03 +0000 (22:41 +0100)]
utils/lsof: fix license

Replace "Unique" by the standard SPDX identifier for lsof license:
https://spdx.org/licenses/lsof.html

Fixes: 59adfc86b9d1e5a8fb9d5c83db6546a6b49a77f5 (lsof: add license information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/boinc: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:48:20 +0000 (18:48 +0100)]
net/boinc: fix PKG_CPE_ID

boinc_project:boinc has never been a valid CPE ID so use
rom_walton:boinc instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:rom_walton:boinc

Fixes: 9c2bd865c715cad8646157d6bbfb669d9970c322 (boinc: new package for distributed computing/data acquisition)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoutils/zsh: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 21:23:24 +0000 (22:23 +0100)]
utils/zsh: fix PKG_CPE_ID

zsh:zsh is a better CPE ID than zsh_project:zsh as this CPE ID has the
latest CVEs (whereas zsh_project:zsh only has CVEs up to 2017):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zsh:zsh

Fixes: ff056fcffcacf2632505bb108bf8e8c2a3cef09c (zsh: Update to 5.6.2)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoutils/tmux: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 19:50:37 +0000 (20:50 +0100)]
utils/tmux: fix PKG_CPE_ID

tmux_project:tmux is a better CPE ID than nicholas_marriott:tmux as this
CPE ID has the latest CVE (whereas nicholas_marriott:tmux only has a CVE
from 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tmux_project:tmux

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/tinyproxy: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 19:43:57 +0000 (20:43 +0100)]
net/tinyproxy: fix PKG_CPE_ID

tinyproxy_project:tinyproxy is a better CPE ID than banu:tinyproxy as
this CPE ID has the latest CVEs (whereas banu:tinyproxy only has CVEs up
to 2012):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinyproxy_project:tinyproxy

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/tinc: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 19:35:54 +0000 (20:35 +0100)]
net/tinc: fix PKG_CPE_ID

tinc-vpn:tinc is a better CPE ID than tinc:tinc as this CPE ID has the
latest CVEs (whereas tinc:tinc only has CVEs up to 2002):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinc-vpn:tinc

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonet/vsftpd: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 20:48:01 +0000 (21:48 +0100)]
net/vsftpd: fix PKG_CPE_ID

vsftpd_project:vsftpd is a better CPE ID than beasts:vsftpd as this CPE
ID has the latest CVEs (whereas beasts:vsftpd only has CVEs up to 2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:vsftpd_project:vsftpd

Fixes: 1371b7be878382b8b52cd73ff72a3a41d28013c4 (vsftpd: Fix compilation without ECC or deprecated APIs)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolibs/redis: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:38:11 +0000 (18:38 +0100)]
libs/redis: fix PKG_CPE_ID

There is not a single CVE linked to pivotal_software:redis so use
redis:redis instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:redis:redis

Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolang/python/python-requests: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:15:55 +0000 (18:15 +0100)]
lang/python/python-requests: fix PKG_CPE_ID

There is not a single CVE linked to python-requests:requests so use
python:requests instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:requests

Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolang/python/python-urllib3: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:09:46 +0000 (18:09 +0100)]
lang/python/python-urllib3: fix PKG_CPE_ID

There is not a single CVE linked to urllib3_project:urllib3 so use
python:urllib3 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:urllib3

Fixes: 6dcaa769d8ce8921dc3bfaf78ab9a8c1cef4a9b9 (python-urllib3: update to version 1.25)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agocrowdsec: new upstream release version 1.6.0
S. Brusch [Fri, 2 Feb 2024 12:28:37 +0000 (13:28 +0100)]
crowdsec: new upstream release version 1.6.0

Update crowdsec to latest upstream release version 1.6.0

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Package tested: not able to test run due to limited space (package is big)

Description: update to latest version of upstream

9 months agolibs/libgd: fix license
Fabrice Fontaine [Sun, 4 Feb 2024 20:57:46 +0000 (21:57 +0100)]
libs/libgd: fix license

libgd is licensed under its own "GD" license and not MIT

Fixes: 60feea09c9d343f648045e5e85e7788e75d4e039 (libgd: import from oldpackages, add myself as maintainer, add license...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agonmap: bump package version
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: bump package version

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
9 months agonmap: unify SSL dependencies
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: unify SSL dependencies

ssl/full variants now depend on "ca-certs" (provided by "ca-bundle" and "ca-certificates")

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
9 months agonmap: ncat: use default CA bundle
Konstantin Demin [Wed, 31 Jan 2024 09:24:53 +0000 (12:24 +0300)]
nmap: ncat: use default CA bundle

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
9 months agoMerge pull request #23279 from ffontaine/fix-tiff-license
Jiri Slachta [Sun, 4 Feb 2024 21:42:04 +0000 (22:42 +0100)]
Merge pull request #23279 from ffontaine/fix-tiff-license

libs/tiff: fix license

9 months agolibs/tiff: fix license 23279/head
Fabrice Fontaine [Sun, 4 Feb 2024 21:30:33 +0000 (22:30 +0100)]
libs/tiff: fix license

tiff is licensed under its own "libtiff" license and not BSD-3-Clause

Fixes: 364de5bc3f16eba42f93d36e848b998b3579e39e (tiff: add licensing information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolang/python/python-aiohttp: fix PKG_CPE_ID
Fabrice Fontaine [Sun, 4 Feb 2024 10:06:04 +0000 (11:06 +0100)]
lang/python/python-aiohttp: fix PKG_CPE_ID

aiohttp:aiohttp is a better CPE ID than aio-libs_projet:aiohttp as this
CPE ID has the latest CVEs (whereas aio-libs_project:aiohttp only has
one CVE from 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aiohttp:aiohttp

Fixes: 2edf5034f1c09fe60af52087abe7b6fcef9433fc (python-aiohttp: add a new package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoless: update to 643
krant [Thu, 1 Feb 2024 14:25:01 +0000 (16:25 +0200)]
less: update to 643

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agogrep: update to 3.11
krant [Thu, 1 Feb 2024 15:06:57 +0000 (17:06 +0200)]
grep: update to 3.11

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agocloudflared: refine config.yml
Sergey Ponomarev [Sat, 3 Feb 2024 20:13:22 +0000 (22:13 +0200)]
cloudflared: refine config.yml

The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.

The `url: http://localhost:8000` is not a valid config option.

Additionally add a smale of configuring ingres rules.

The cloudflared.config has missing option token.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
9 months agoMerge pull request #23263 from ffontaine/fix-sudo-cpeid
Alexandru Ardelean [Sat, 3 Feb 2024 06:12:38 +0000 (08:12 +0200)]
Merge pull request #23263 from ffontaine/fix-sudo-cpeid

admin/sudo: fix PKG_CPE_ID

9 months agoMerge pull request #23262 from ffontaine/fix-squashfs-tools-cpeid
Alexandru Ardelean [Sat, 3 Feb 2024 06:05:56 +0000 (08:05 +0200)]
Merge pull request #23262 from ffontaine/fix-squashfs-tools-cpeid

utils/squashfs-tools: fix PKG_CPE_ID

9 months agoutils/squashfs-tools: fix PKG_CPE_ID 23262/head
Fabrice Fontaine [Fri, 2 Feb 2024 19:08:34 +0000 (20:08 +0100)]
utils/squashfs-tools: fix PKG_CPE_ID

There is not a single CVE linked to phillip_lougher:squashfs so use
squashfs-tools_project:squashfs-tools instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:squashfs-tools_project:squashfs-tools

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoadmin/sudo: fix PKG_CPE_ID 23263/head
Fabrice Fontaine [Fri, 2 Feb 2024 19:18:23 +0000 (20:18 +0100)]
admin/sudo: fix PKG_CPE_ID

sudo_project:sudo is a better CPE ID than todd_miller:sudo as this CPE
ID has the latest CVEs (whereas todd_miller:sudo only has CVEs up to
2016):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:sudo_project:sudo

Fixes: 8ce9f30c421255c514b1b2e41fc92eafd7976583 (sudo: Update to 1.8.24)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolibidn2: update to 2.3.7
krant [Thu, 1 Feb 2024 21:10:02 +0000 (23:10 +0200)]
libidn2: update to 2.3.7

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoMerge pull request #23219 from rockdrilla/curl-8.6.0
Stan Grishin [Fri, 2 Feb 2024 13:47:17 +0000 (06:47 -0700)]
Merge pull request #23219 from rockdrilla/curl-8.6.0

curl: update to 8.6.0

9 months agounrar: update to 6.2.12
krant [Thu, 1 Feb 2024 12:06:47 +0000 (14:06 +0200)]
unrar: update to 6.2.12

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agotar: update to 1.35
krant [Thu, 1 Feb 2024 16:53:36 +0000 (18:53 +0200)]
tar: update to 1.35

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibs/vips: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 17:24:48 +0000 (18:24 +0100)]
libs/vips: fix PKG_CPE_ID

libvips:libvips is a better CPE ID than vips:vips as this CPE ID has the
latest CVEs (whereas vips only has an old CVE from 2010):

  https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libvips:libvips

Fix: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agolibpsl: update to 0.21.5
krant [Thu, 1 Feb 2024 21:02:01 +0000 (23:02 +0200)]
libpsl: update to 0.21.5

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agonet/krb5: fix PKG_CPE_ID
Fabrice Fontaine [Thu, 1 Feb 2024 22:22:16 +0000 (23:22 +0100)]
net/krb5: fix PKG_CPE_ID

mit:kerberos_5 is a better CPE ID than mit:kerberos as this CPE ID has
the latest CVEs (whereas mit:kerberos only has CVEs until 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:mit:kerberos_5

Fix: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agoMerge pull request #23243 from ffontaine/fix-libpam-cpeid
Nikos Mavrogiannopoulos [Fri, 2 Feb 2024 08:33:15 +0000 (09:33 +0100)]
Merge pull request #23243 from ffontaine/fix-libpam-cpeid

libs/libpam: fix PKG_CPE_ID

9 months agolibs/libpam: fix PKG_CPE_ID 23243/head
Fabrice Fontaine [Thu, 1 Feb 2024 21:12:24 +0000 (22:12 +0100)]
libs/libpam: fix PKG_CPE_ID

linux-pam:linux-pam is a better CPE ID than kernel:linux-pam as this CPE
ID has the latest CVEs (whereas kernel:linux-pam only has a
SUSE-specific CVE):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:linux-pam:linux-pam

Fix: 6f74b0c4f15a095b1069a8aaeb19a32dfbc7539a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
9 months agodnsproxy: Update to 0.64.1
Tianling Shen [Thu, 1 Feb 2024 15:21:07 +0000 (23:21 +0800)]
dnsproxy: Update to 0.64.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
9 months agonebula: update to 1.8.2-2
Stan Grishin [Thu, 25 Jan 2024 23:15:49 +0000 (23:15 +0000)]
nebula: update to 1.8.2-2

The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file

Kudos to @BKPepe and @1715173329 for feedback which lead to these fixes

Signed-off-by: Stan Grishin <stangri@melmac.ca>
9 months agocurl: update to 8.6.0 23219/head
Konstantin Demin [Thu, 1 Feb 2024 00:28:09 +0000 (03:28 +0300)]
curl: update to 8.6.0

* https://curl.se/changes.html#8_6_0

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>