Eneas U de Queiroz [Thu, 6 Dec 2018 14:03:02 +0000 (12:03 -0200)]
unixodbc: fix clean-build compilation
For host compilation, the configure-generated config.h from the target
compilation is used in place of the host-generated file. When the
target package is compiled with clean-build, that file is gone. This
saves the file under $(STAGING_DIR), and fetch it from there.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Eneas U de Queiroz [Thu, 6 Dec 2018 11:43:36 +0000 (09:43 -0200)]
unixodbc: Fix LIB_PREFIX in host build
When copying config.h from PKG_BUILD_DIR to HOST_BUILD_DIR, LIB_PREFIX
is set to /usr/lib. Then when odbc_config is run, it reports /usr/lib
as the --lib-dir, and in --libs as well, and dependent packages may
fail. Set it to $(STAGING_DIR)/usr/lib to make it right.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Hannu Nyman [Tue, 16 Apr 2019 15:19:00 +0000 (18:19 +0300)]
nano: update to 4.1
* update nano to 4.1
* implement Makefile style changes proposed in #8483
Release notes at https://nano-editor.org/news.php
2019.04.15 - GNU nano 4.1
* By default, a newline character is again automatically added at the
end of a buffer, to produce valid POSIX text files by default, but
also to get back the easy adding of text at the bottom.
* The now unneeded option --finalnewline (-f) has been removed.
* Syntax files are read in alphabetical order when globbing, so that
the precedence of syntaxes becomes predictable.
* In the C syntax, preprocessor directives are highlighted differently.
* M-S now toggles soft wrapping, and M-N toggles line numbers.
* The jumpy-scrolling toggle has been removed.
* The legacy keystrokes ^W^Y and ^W^V are recognized again.
* Executing an external command is disallowed when in view mode.
* Problems with resizing during external or speller commands were fixed.
Tested with ipq806x R7800
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
5c212b1a13162dd78e7e8df3ded9e5f1b297a443)
Rosen Penev [Thu, 11 Apr 2019 16:47:35 +0000 (09:47 -0700)]
Merge pull request #8638 from mwarning/zerotier
zerotier: update version
Rosen Penev [Thu, 11 Apr 2019 16:42:51 +0000 (09:42 -0700)]
Merge pull request #8477 from BKPepe/openwrt-18.06_perl
[OpenWrt 18.06] perlmod: fix ability to build module out-of-feed
Karl Palsson [Thu, 11 Apr 2019 12:06:51 +0000 (12:06 +0000)]
net/mosquitto: correct config file option name
Correct option is "password_file" not "passwd_file"
Originally reported as: https://github.com/openwrt/packages/pull/8642
Added the package bump.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Moritz Warning [Sun, 9 Sep 2018 09:32:38 +0000 (11:32 +0200)]
zerotier: fix multiple instance handling and port setting
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Fri, 25 May 2018 00:04:01 +0000 (02:04 +0200)]
zerotier: update to version 1.2.12
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Hannu Nyman [Sat, 6 Apr 2019 15:16:48 +0000 (18:16 +0300)]
Merge pull request #8595 from EricLuehrsen/openwrt-18.06
[openwrt-18.06] unbound: correct forward of root domain
Eric Luehrsen [Fri, 5 Apr 2019 04:14:50 +0000 (00:14 -0400)]
unbound: correct forward of root domain
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Jonas Gorski [Mon, 1 Apr 2019 09:19:15 +0000 (11:19 +0200)]
znc: backport CVE fixes to 1.6
Backport fixes for CVEs CVE-2018-14055 and CVE-2018-14056.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Rosen Penev [Sat, 30 Mar 2019 05:56:13 +0000 (22:56 -0700)]
Merge pull request #7807 from D-Albers/openwrt-18.06
jool: Backport two fixes for newer kernels.
Jiri Slachta [Thu, 28 Mar 2019 08:41:06 +0000 (09:41 +0100)]
Merge pull request #8449 from micmac1/ssh2-1806-181
libssh2 (18.06): version bump/CVE fixes
Karl Palsson [Tue, 26 Mar 2019 16:02:46 +0000 (16:02 +0000)]
mosquitto: bump to v1.5.8
Full changelog available at:
https://github.com/eclipse/mosquitto/blob/v1.5.8/ChangeLog.txt
This is a bugfix release. Of likely note to OpenWrt is a bug affecting
missing messages on bridges since 1.5.4:
https://github.com/eclipse/mosquitto/issues/1174
Signed-off-by: Karl Palsson <karlp@etactica.com>
Jan Pavlinec [Fri, 15 Mar 2019 14:03:37 +0000 (15:03 +0100)]
php7: Add PKG_CPE_ID for proper CVE tracking
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
0465f6fb46eaee51a6f29de8f4177357796a3522)
Michael Heimpold [Wed, 13 Mar 2019 21:21:16 +0000 (22:21 +0100)]
php7: update to 7.2.16
Also refresh patch which does not apply cleanly anymore.
Run tested on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
80cdd53134b03c59259b92782e6e78219330f1c6)
Michael Heimpold [Sun, 10 Feb 2019 20:45:16 +0000 (21:45 +0100)]
php7: fix cross compiling patch (fixes #8166)
Fixes: e148924a4 ("php7: update to 7.2.15")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
1d4081dd4c43ab51d8a6393c0c6c57ba9a79b80c)
Michael Heimpold [Sat, 9 Feb 2019 12:35:53 +0000 (13:35 +0100)]
php7: update to 7.2.15
Also refresh patch which does not apply cleanly anymore.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
e148924a4c2935007ded7f4f05c0bd63016c5b00)
Michael Heimpold [Fri, 11 Jan 2019 22:47:30 +0000 (23:47 +0100)]
php7: update to 7.2.14
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:
-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-
This parameter seems to make no difference on other targets, nor
improve or make worse the package size.
Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
963c841463cee3a2d8afc34b5363a3e097556e04)
Michael Heimpold [Sun, 9 Dec 2018 15:01:14 +0000 (16:01 +0100)]
php7: update to 7.2.13
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
794f8f8e94105a84c3a929f8703a84f52d68a91c)
Michael Heimpold [Sun, 11 Nov 2018 19:48:21 +0000 (20:48 +0100)]
php7: update to 7.2.12
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
2186fe821da70c84b74aad364515b73cc30c75f8)
Michael Heimpold [Tue, 16 Oct 2018 19:59:49 +0000 (21:59 +0200)]
php7: update to 7.2.11
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
797776a3b3a2c886c325831eacea85e3d94104e4)
Michael Heimpold [Sun, 23 Sep 2018 19:35:04 +0000 (21:35 +0200)]
php7: update to 7.2.10
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
c69af6717cc28f946284a729c4c2b8954eede673)
Michael Heimpold [Sun, 2 Sep 2018 19:44:34 +0000 (21:44 +0200)]
php7: adjust load priority for openssl (fixes #6893)
This orders loading of openssl extension before extensions
which require openssl functions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
5afeb3f9c8512d5d786766bd394c4e2f6371f99f)
Hannu Nyman [Sun, 24 Mar 2019 17:14:03 +0000 (19:14 +0200)]
nano: update to 4.0
Update nano editor to version 4.0.
Release notes at
http://git.savannah.gnu.org/cgit/nano.git/plain/NEWS?h=v4.0
2019.03.24 - GNU nano 4.0 "Thy Rope of Sands"
* An overlong line is no longer automatically hard-wrapped.
* Smooth scrolling (one line at a time) has become the default.
* A newline character is no longer automatically added at end of buffer.
* The line below the title bar is by default part of the editing space.
* Option --breaklonglines (-b) turns automatic hard-wrapping back on.
* Option --jumpyscrolling (-j) gives the chunky, half-screen scrolling.
* Option --finalnewline (-f) brings back the automatic newline at EOF.
* Option --emptyline (-e) leaves the line below the title bar unused.
* <Alt+Up> and <Alt+Down> now do a linewise scroll instead of a findnext.
* Any number of justifications can be undone (like all other operations).
* When marked text is justified, it becomes a single, separate paragraph.
* Option --guidestripe=<number> draws a vertical bar at the given column.
* Option --fill=<number> no longer turns on automatic hard-wrapping.
* When a line continues offscreen, it now ends with a highlighted ">".
* The halfs of a split two-column character are shown as "[" and "]".
* A line now scrolls horizontally one column earlier.
* The bindable functions 'cutwordleft' and 'cutwordright' were renamed
to 'chopwordleft' and 'chopwordright' as they don't use the cutbuffer.
* The paragraph-jumping functions were moved from Search to Go-to-Line.
* Option --rebinddelete is able to compensate for more misbindings.
* Options --morespace and --smooth are obsolete and thus ignored.
* The --disable-wrapping-as-root configure option was removed.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
f1d51dbf7692cee150c3f1202d678afc7fcd178f)
Philip Prindeville [Sun, 23 Sep 2018 19:36:37 +0000 (13:36 -0600)]
perlmod: fix ability to build module out-of-feed
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Sebastian Kemper [Tue, 19 Mar 2019 07:48:55 +0000 (08:48 +0100)]
libssh2: version bump/CVE fixes
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rosen Penev [Sun, 11 Nov 2018 03:38:41 +0000 (19:38 -0800)]
Jinja2: Update to 2.10
Switch URL to a deterministic one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Luiz Angelo Daros de Luca [Mon, 18 Mar 2019 17:35:39 +0000 (14:35 -0300)]
ruby: update to 2.5.5
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma
2.5.4: Fixes multiple vulnerabilities:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Fri, 8 Feb 2019 03:38:33 +0000 (01:38 -0200)]
ruby: fix build for uclibc
Backporting upstream fix. Closes #8051.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
f9b16dea51b34e6fbced77a81096cf1fb82f39ce)
Daniel Gimpelevich [Sat, 9 Mar 2019 11:17:47 +0000 (03:17 -0800)]
vpnc: fix IPv6-triggered inoperability
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from
ca56324 and PKG_MIRROR_HASH removal from
494ce71)
Hannu Nyman [Sun, 17 Mar 2019 08:33:25 +0000 (10:33 +0200)]
postgresql: Revert adding build dependency to zlib/host
Revert the addition of build dependency in commit
2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
https://github.com/openwrt/openwrt/commit/
8dcd941d8b934891676a8d4bbef1ee78e89a4bf7#diff-
1ed408c61d79f9c6c5d197333e94ce8d
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that
2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
d8e61d49da52e86994492c9c274da35dd3b214fc)
Hannu Nyman [Sat, 16 Mar 2019 06:01:50 +0000 (08:01 +0200)]
Merge pull request #8403 from BKPepe/transmission_openwrt-18.06
[OpenWrt 18.06] Transmission: update to version 2.94
Hannu Nyman [Sat, 16 Mar 2019 06:00:39 +0000 (08:00 +0200)]
Merge pull request #8402 from BKPepe/netdata_openwrt-18.06
[OpenWrt 18.06] Netdata: update to version 1.12.2
Hannu Nyman [Wed, 13 Mar 2019 15:24:28 +0000 (17:24 +0200)]
Merge pull request #8395 from EricLuehrsen/unbound_191_1806
[openwrt-18.06] unbound: update to 1.9.1
Rosen Penev [Wed, 13 Mar 2019 14:28:09 +0000 (15:28 +0100)]
transmission: update to version 2.94
Add LTO support
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Josef Schlehofer [Wed, 13 Mar 2019 13:49:27 +0000 (14:49 +0100)]
Netdata: update to version 1.12.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Ted Hess [Wed, 13 Mar 2019 12:39:17 +0000 (08:39 -0400)]
libtalloc: Merge 2.1.14 from master (remove libbsd dependency)
Signed-off-by: Ted Hess <thess@kitschensync.net>
Eric Luehrsen [Wed, 13 Mar 2019 01:26:53 +0000 (21:26 -0400)]
unbound: update to 1.9.1
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Hannu Nyman [Tue, 12 Mar 2019 15:49:32 +0000 (17:49 +0200)]
Merge pull request #8386 from wvdakker/openwrt-18.06
Openwrt 18.06: Shorewall Bump to 5.2.0.5 (issue #8382)
W. van den Akker [Mon, 11 Mar 2019 19:46:16 +0000 (20:46 +0100)]
Shorewall6: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:45:17 +0000 (20:45 +0100)]
Shorewall: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:44:18 +0000 (20:44 +0100)]
Shorewall6-lite: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:42:53 +0000 (20:42 +0100)]
Shorewall-lite: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:40:49 +0000 (20:40 +0100)]
Shorewall-core: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
Daniel Golle [Thu, 7 Mar 2019 12:06:26 +0000 (13:06 +0100)]
postgresql: add HOST_BUILD_DEPENDS:=zlib/host
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit
2d1694ff7cd9e4517483f1012d9deed1b2b710c4)
Daniel Golle [Wed, 6 Mar 2019 00:42:43 +0000 (01:42 +0100)]
gnurl: update to version 7.64.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit
78adac5930f8b2613b77a0e803465396a42947b0)
Daniel Golle [Thu, 7 Mar 2019 02:20:50 +0000 (03:20 +0100)]
libgabe: add package
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 7 Mar 2019 00:39:24 +0000 (01:39 +0100)]
libpbc: add new package
cherry-pick commit
4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 5 Mar 2019 18:05:35 +0000 (19:05 +0100)]
Merge pull request #8346 from Cynerd/jinja2-missing-dep-18.06
Jinja2: add missing dependency on markupsafe
Karel Kočí [Tue, 5 Mar 2019 16:20:36 +0000 (17:20 +0100)]
Jinja2: add missing dependency on markupsafe
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Daniel Golle [Tue, 5 Mar 2019 01:02:36 +0000 (02:02 +0100)]
gnunet: revert accidentally applied libmicrohttpd changes
revert
7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
which was accidentally merged from master while the rename of the
libmicrohttpd* packages has happened only on master.
Revert it for openwrt-18.06.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 3 Mar 2019 01:58:35 +0000 (02:58 +0100)]
gnunet-secushare: add package (replacing gnunet-social package)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 2 Mar 2019 19:27:02 +0000 (20:27 +0100)]
gnunet: GNUnet v0.11.0 release
Backport and squash the following commits from master:
4dcd1d4d0 gnunet: update to 0.12 pre-release snapshot
acc59d3a0 gnunet: fix uclibc build issue
f546ac9b8 gnunet: remove iconv hack
b5b271a39 gnunet: update to gnunet 0.11 release candidate source as of
20180929
1459c3513 gnunet: update source
0b548cb73 gnunet: adapt uci-defaults to renamed namestore-flat -> -heap
effc8b5bf gnunet: update to source to
20190128
7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
1d5af8f9e gnunet: fix PKG_MIRROR_HASH
77191eddb gnunet: GNUnet v0.11 release
1c658e5f3 gnunet-secushare: auto-configure database backend
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 3 Mar 2019 01:56:38 +0000 (02:56 +0100)]
postgresql: update to version 9.6.12
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 2 Mar 2019 19:12:48 +0000 (20:12 +0100)]
libextractor: update to version 1.9
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Daniel Golle [Sat, 2 Mar 2019 19:08:23 +0000 (20:08 +0100)]
gnurl: update to version 7.63.0
Backport and squash the following commits from master:
af06f6fd5 gnurl: update to version 7.61.1
7cdbb7569 gnurl: build without libpsl
d34eda733 gnurl: update to version 7.63.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yousong Zhou [Wed, 27 Feb 2019 10:31:35 +0000 (10:31 +0000)]
openvswitch: bump to version 2.8.5
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Stijn Tintel [Sun, 17 Feb 2019 15:47:54 +0000 (17:47 +0200)]
vallumd: bump to 0.1.4
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
d89cd30a79c7219b25e0d81d6f3faabcad9bb544)
Hannu Nyman [Thu, 14 Feb 2019 16:25:51 +0000 (18:25 +0200)]
Merge pull request #8207 from commodo/18.06-CVE-2018-20406
[18.06] python3: fix [CVE-2018-20406]
Karl Palsson [Thu, 14 Feb 2019 11:14:13 +0000 (11:14 +0000)]
mosquitto: update to 1.5.7
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
Peter Wagner [Wed, 13 Feb 2019 22:05:54 +0000 (23:05 +0100)]
irssi: update to 1.2.0
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Alexandru Ardelean [Wed, 13 Feb 2019 08:14:50 +0000 (10:14 +0200)]
[18.06] python3: fix [CVE-2018-20406]
Link to Python bug:
https://bugs.python.org/issue34656
Upstream commit:
https://github.com/python/cpython/commit/
71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc
OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Yousong Zhou [Mon, 11 Feb 2019 13:21:04 +0000 (13:21 +0000)]
shadowsocks-libev: flush ss rules on entry
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Karl Palsson [Thu, 7 Feb 2019 14:02:27 +0000 (14:02 +0000)]
mosquitto: bump to 1.5.6
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
Hannu Nyman [Thu, 7 Feb 2019 18:49:29 +0000 (20:49 +0200)]
Merge pull request #8143 from micmac1/18.06-bump-maria38
mariadb: security bump to 10.1.38
Sebastian Kemper [Wed, 6 Feb 2019 22:32:46 +0000 (23:32 +0100)]
mariadb: bump to 10.1.38
Upstream Release Notes:
- MDEV-17475: Maximum value of table_definition_cache is now
2097152
- MDEV-13671: InnoDB should use case-insensitive column name comparisons
like the rest of the server
- ALTER TABLE fixes: MDEV-17230, MDEV-16499, MDEV-17904, MDEV-17833,
MDEV-17470, MDEV-18237, MDEV-18016
- Improvements to InnoDB page checksum, recovery, and Mariabackup:
MDEV-17957, MDEV-12112, MDEV-18025, MDEV-18279, MDEV-18183
- Galera
- MDEV-15740: Galera durability fix
- New configuration variable wsrep_certification_rules, used for
controlling whether to use new/optimized
(--wsrep_certification_rules=optimized) certification rules or the
old/classic ones (--wsrep_certification_rules=strict). Setting the
variable to strict can cause more certification failures.
- Fixes for the following security vulnerabilities:
- CVE-2019-2537
- CVE-2019-2529
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Fri, 1 Feb 2019 14:37:58 +0000 (16:37 +0200)]
Merge pull request #8098 from jonathanunderwood/openwrt-18.06-getdns-stubby-from-master
[18.06] Cherry pick getdns and stubby commits from master
Jonathan G. Underwood [Thu, 3 Jan 2019 15:10:47 +0000 (15:10 +0000)]
stubby: update to version 0.2.4
This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.
This commit also includes a number of clean-ups:
o change START=50 to START=30 in init file
Starting earlier in the boot means less chance of missing interface
trigger events. See: https://github.com/openwrt/packages/pull/4675
o remove unused variables from init file
o separate local declarations and assignments in init file
o add defensive quoting in init file
o use default values for procd respawn in init file
o make use of {} in variables consistent in init file
o remove unused variable from init file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
David Mora [Sun, 30 Dec 2018 14:50:36 +0000 (09:50 -0500)]
stubby: Remove iamperson347 from maintainer
I am no longer able to support maintaining the stubby daemon for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
jonathanunderwood [Sun, 4 Nov 2018 10:49:52 +0000 (10:49 +0000)]
stubby: add Jonathan Underwood as co-maintainer (#7307)
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sat, 27 Oct 2018 17:28:29 +0000 (18:28 +0100)]
stubby: add reload_config to documentation
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sat, 27 Oct 2018 10:29:22 +0000 (11:29 +0100)]
stubby: fix loading of config file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sun, 30 Sep 2018 13:59:57 +0000 (14:59 +0100)]
stubby: add uci support to init file
This commit brings UCI support to the stubby package.
o All options are documented in the README.md file.
o The README.md file has been re-written to include a short usage
manual.
o The default configuration now includes more Cloudflare addresses.
o The stubby service is (re)started using procd triggers from a
specified interface with a configurable time delay.
o Round robin use of upstream resolvers is now activated by
default.
o Client privacy is now activated by default.
o Options are added for specifying the log level of the daemon and
command line options passed to the stubby command.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Tony Ambardar [Tue, 18 Sep 2018 08:06:32 +0000 (01:06 -0700)]
stubby: bump PKG_RELEASE
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 11:08:29 +0000 (04:08 -0700)]
stubby: remove unnecessary core limit
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 10:11:19 +0000 (03:11 -0700)]
stubby: add SPKI pin set for Cloudflare cert
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.
Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:35:31 +0000 (02:35 -0700)]
stubby: add Cloudflare 1.0.0.1 and ::1001 servers
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:23:34 +0000 (02:23 -0700)]
stubby: use EDNS client-subnet privacy by default
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:04:42 +0000 (02:04 -0700)]
stubby: fix config file definition
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:03:08 +0000 (02:03 -0700)]
stubby: rearrange Makefile for clarity
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 13:21:11 +0000 (06:21 -0700)]
stubby: add missing dependency on ca-certificates
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Jonathan G. Underwood [Thu, 3 Jan 2019 01:16:23 +0000 (01:16 +0000)]
getdns: update to version 1.5.0
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
David Mora [Sun, 30 Dec 2018 14:50:39 +0000 (09:50 -0500)]
getdns: Remove iamperson347 from maintainer
I am no longer able to support maintaining the getdns lib for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
Hannu Nyman [Thu, 31 Jan 2019 18:12:48 +0000 (20:12 +0200)]
Merge pull request #8094 from candrews/patch-2
getdns: fix missing libbsd dependency
Craig Andrews [Thu, 31 Jan 2019 16:16:57 +0000 (11:16 -0500)]
getdns: fix missing libbsd dependency
Backport these commits from master to the 18.06 branch:
8365744b80c1c0c57fabe199aaa08e6bacef8063
035b22b2085c1dc5f5788a941a44f69de757826b
d0766135ade4409103cd5bfbd6180a41c4f2741a
Fixes https://github.com/openwrt/packages/issues/8093
Signed-off-by: Craig Andrews <candrews@integralblue.com>
Adrien DAURIAT [Wed, 30 Jan 2019 22:32:51 +0000 (23:32 +0100)]
acme: Fix loading credentials
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
Hannu Nyman [Wed, 30 Jan 2019 21:09:39 +0000 (23:09 +0200)]
Merge pull request #8077 from BKPepe/openwrt-18.06
[openwrt-18.06] youtube-dl: update to version 2019.01.30.1
Josef Schlehofer [Wed, 30 Jan 2019 13:27:55 +0000 (14:27 +0100)]
youtube-dl: update to version 2019.01.30.1
Add Josef Schlehofer as Co-maintainer to be able to track issues
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hannu Nyman [Sun, 27 Jan 2019 21:05:41 +0000 (23:05 +0200)]
Merge pull request #8048 from jefferyto/openwrt-18.06-python-idna
[openwrt-18.06] python-idna: Add missing dependency on python(3)-codecs
Jeffery To [Sun, 27 Jan 2019 12:26:48 +0000 (20:26 +0800)]
python-idna: Add missing dependency on python(3)-codecs
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hannu Nyman [Sun, 27 Jan 2019 09:58:13 +0000 (11:58 +0200)]
Merge pull request #7945 from jefferyto/openwrt-18.06-python-lib2to3-pyc-fix
[openwrt-18.06] python/python3: Fix lib2to3 fixes search
Jeffery To [Sat, 12 Jan 2019 22:14:36 +0000 (06:14 +0800)]
python/python3: Fix lib2to3 fixes search
This is the patch from
c98b12d9a920ede376d1eaef0da0c0da9d26d6b3 (#7931),
applied for both python 2 and 3.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hannu Nyman [Wed, 2 Jan 2019 16:02:23 +0000 (18:02 +0200)]
Merge pull request #7799 from cshoredaniel/pr-nut-runas-backport
[18.06] nut: Default to run as root but fix alt runas
Peter Wagner [Wed, 2 Jan 2019 00:02:44 +0000 (01:02 +0100)]
libsndfile: update to
42132c543358cee9f7c3e9e9b15bb6c1063a608e
Fixes CVE-2018-19758
Hannu Nyman [Tue, 1 Jan 2019 19:55:43 +0000 (21:55 +0200)]
Merge pull request #7757 from jefferyto/openwrt-18.06-python-dist-info
[openwrt-18.06] python/python3: fix .dist-info missing for setuptools and pip
Hannu Nyman [Mon, 31 Dec 2018 20:33:38 +0000 (22:33 +0200)]
Merge pull request #7820 from commodo/18-06-python3-CVE-2018-14647
[18.06] python3: backport CVE-2018-14647 patch from upstream
Hannu Nyman [Mon, 31 Dec 2018 20:32:58 +0000 (22:32 +0200)]
Merge pull request #7819 from commodo/18-06-python-CVE-2018-14647
[18.06] python: backport CVE-2018-14647 patches from upstream
Alexandru Ardelean [Mon, 31 Dec 2018 17:06:09 +0000 (19:06 +0200)]
python3: backport CVE-2018-14647 patch from upstream [18.06]
These patches are backports from Python 3.6 upstream.
The security issue is described here:
https://nvd.nist.gov/vuln/detail/CVE-2018-14647
The Python bug report:
https://bugs.python.org/issue34623
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 31 Dec 2018 15:45:39 +0000 (17:45 +0200)]
python: backport CVE-2018-14647 patches from upstream [18.06]
These patches are backports from Python 2.7 upstream.
The security issue is described here:
https://nvd.nist.gov/vuln/detail/CVE-2018-14647
The Python bug report:
https://bugs.python.org/issue34623
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
projects / feed / packages.git / log