Tianling Shen [Thu, 18 Mar 2021 05:08:45 +0000 (13:08 +0800)]
msgpack-c: add new package
This is needed by tmate.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
cfc965b10754fea8c71dad79e6b4cd7c02f47a9b)
Rosen Penev [Sun, 29 Nov 2020 23:58:20 +0000 (15:58 -0800)]
minidlna: update to 1.3.0
Fixes two CVEs relating to UPnP.
Removed libuuid dependency. It is not used.
Remove clock_gettime hack. It seems to have been fixed.
Removed upstream patches.
Refreshed the other ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f5689796481c5b8e89cd3fff8b10ea6f675f85e9)
Hannu Nyman [Wed, 17 Mar 2021 17:55:45 +0000 (19:55 +0200)]
Merge pull request #15149 from ja-pa/tor-0.4.4.8-openwrt-19.07
[openwrt 19.07] tor: update to version 0.4.4.8 (security fix)
Jan Pavlinec [Wed, 17 Mar 2021 09:34:52 +0000 (10:34 +0100)]
tor: update to version 0.4.4.8
Fixes CVE-2021-28089 and CVE-2021-28090
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Florian Eckert [Tue, 16 Mar 2021 13:14:24 +0000 (14:14 +0100)]
Merge pull request #15136 from TDT-AG/pr/
2021015-openwrt-19.07-mwan3
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
Florian Eckert [Mon, 15 Mar 2021 13:15:39 +0000 (14:15 +0100)]
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
With this change, the interface status is no longer read from the mwan3 ubus.
The status of the interface is read directly from the status directory.
This was already implemented in the master with the
commit
c07f5230be128669f7b6731415de26f8176fbf5b.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Karl Palsson [Mon, 15 Mar 2021 10:41:31 +0000 (10:41 +0000)]
net/mosquitto: bump to 1.6.14
This is a minor security fix for outgoing bridges and the client
library.
Full details: https://mosquitto.org/blog/2021/03/version-2-0-9-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Paul Spooren [Fri, 12 Mar 2021 00:14:25 +0000 (14:14 -1000)]
CI: backport GitHub action CI
The CI is working fine with OpenWrt snapshots and 21.02, so backport it.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Olivier Poitrey [Mon, 8 Mar 2021 23:48:42 +0000 (23:48 +0000)]
nextdns: Update to version 1.11.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Rosen Penev [Mon, 8 Mar 2021 20:26:46 +0000 (12:26 -0800)]
Merge pull request #15054 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: better processing of custom user files
Stan Grishin [Mon, 8 Mar 2021 10:35:01 +0000 (10:35 +0000)]
vpn-policy-routing: better processing of custom user files
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Mon, 30 Nov 2020 00:48:36 +0000 (16:48 -0800)]
libpam: update to 1.5.1
Fix installed paths. After
e52d0487e88c3c8c57e1310d1a02b18eae0d142e
upstream, this bug was exposed.
Instead of working around it, fix the patch.
After this, everything consistently gets installed to ipkg-install/usr.
Minor Makefile reorganization.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b75f250f3bf378bcaa0784d44f64ff2bb4e7af9a)
Rosen Penev [Wed, 25 Nov 2020 00:52:51 +0000 (16:52 -0800)]
libpam: update to 1.5.0
Fixes CVE-2020-27780
Removed upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317e9fbde341549c0cd7c3d43742739d123c97)
Rosen Penev [Fri, 26 Jun 2020 00:29:54 +0000 (17:29 -0700)]
libpam: update to 1.4.0
Remove upstreamed patch and add a new one to fix compilation.
Add some more configure options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
a05db1acfea43b8f94a417d56414ea1aae21c815)
Hannu Nyman [Sat, 6 Mar 2021 08:27:14 +0000 (10:27 +0200)]
nano: update to 5.6.1
Update nano editor to version 5.6.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
0f4138db0be558d0c957e3d4d78091a59ba660ec)
Rosen Penev [Thu, 3 Dec 2020 00:32:59 +0000 (16:32 -0800)]
ninja: update to 1.10.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f25f29c740da5bcafb1500b55c9ebfb39eb35f9f)
Rosen Penev [Wed, 9 Sep 2020 07:48:37 +0000 (00:48 -0700)]
ninja: fix typo
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
52569b80fa3334ebfe29c05a17ce7254561e2e2f)
Rosen Penev [Mon, 7 Sep 2020 20:37:25 +0000 (13:37 -0700)]
ninja: use for CMake
CMake supports Ninja for faster compilation and less bugginess when it
comes to parallel compilation. That is, some CMake packages currently
have PKG_BUILD_PARALLEL set where it is not needed with ninja.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
54449e9c6689b17379c24ca68f52a80ec5688f22)
Rosen Penev [Fri, 28 Aug 2020 00:18:32 +0000 (17:18 -0700)]
ninja: update to 1.10.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317d653643b49a6fd28b785b7655f0c08124b2)
Florian Eckert [Wed, 3 Mar 2021 09:01:24 +0000 (10:01 +0100)]
Merge pull request #14661 from TDT-AG/pr/
20210203-19.07-keepalived
keepalived: backport fixes
Rosen Penev [Tue, 2 Mar 2021 09:56:59 +0000 (01:56 -0800)]
Merge pull request #14988 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to 0.3.2-18
Stan Grishin [Mon, 1 Mar 2021 21:38:44 +0000 (21:38 +0000)]
vpn-policy-routing: update to 0.3.2-18
Signed-off-by: Stan Grishin <stangri@melmac.net>
Alexandru Ardelean [Tue, 29 Sep 2020 04:55:19 +0000 (07:55 +0300)]
python-maho-mqtt: bump to versio 1.5.1
Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ee0e11c1ab5ff94f6bfcd6d98c8f4b09327f7412)
Rosen Penev [Sun, 28 Feb 2021 23:02:10 +0000 (15:02 -0800)]
Merge pull request #14962 from EricLuehrsen/unbound_1131_1907
[openwrt-19.07] unbound: update to 1.13.1
Eric Luehrsen [Sun, 21 Feb 2021 05:51:49 +0000 (00:51 -0500)]
unbound: update to 1.13.1
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Dirk Brenken [Sat, 27 Feb 2021 05:21:20 +0000 (06:21 +0100)]
Merge pull request #14918 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: bugfix: netflix user file missing redirect
Stan Grishin [Fri, 26 Feb 2021 22:03:41 +0000 (22:03 +0000)]
vpn-policy-routing: bugfix: netflix user file missing redirect
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Fri, 26 Feb 2021 05:12:28 +0000 (21:12 -0800)]
Merge pull request #14903 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update user netflix file
Stan Grishin [Fri, 26 Feb 2021 02:16:44 +0000 (02:16 +0000)]
vpn-policy-routing: update user netflix file
Signed-off-by: Stan Grishin <stangri@melmac.net>
Hannu Nyman [Thu, 25 Feb 2021 14:58:50 +0000 (16:58 +0200)]
nano: update to version 5.6
Upgrade nano to version 5.6
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
dffdfe4ac8c903fa843695af329c83c70a7c7e1a)
Rosen Penev [Thu, 25 Feb 2021 00:53:41 +0000 (16:53 -0800)]
Merge pull request #14888 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: custom user scripts improvements
Stan Grishin [Wed, 24 Feb 2021 19:44:10 +0000 (19:44 +0000)]
vpn-policy-routing: custom user scripts improvements
Signed-off-by: Stan Grishin <stangri@melmac.net>
Jan Hak [Mon, 22 Feb 2021 08:55:55 +0000 (09:55 +0100)]
libedit: update to version
20210216-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
fd7f43ae4674b234a975ec67c604abf6e933a0b3)
Jan Hák [Tue, 28 Apr 2020 08:53:34 +0000 (10:53 +0200)]
libedit: update to version
20193112-3.1
Signed-off-by: Jan Hák <jhak@jhak.nic.cz>
(cherry picked from commit
58a5c548eb497552f53d42df677c70dbb36930f8)
Dirk Brenken [Tue, 23 Feb 2021 14:46:43 +0000 (15:46 +0100)]
adblock: update blocklist sources
* change adguard url
* remove malwaredomains (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Tue, 23 Feb 2021 13:12:03 +0000 (05:12 -0800)]
Merge pull request #14869 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to version 0.3
Jan Hak [Thu, 21 Jan 2021 08:42:56 +0000 (09:42 +0100)]
knot: update to version 3.0.4
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
341fffb8ddd462cc41650b13e425e6e71efdfe4e)
Jan Hak [Wed, 16 Dec 2020 13:00:40 +0000 (14:00 +0100)]
knot: update to 3.0.3
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
5cd937865316f08144ebd8aaadfb2a1da19eeb10)
Jan Hák [Mon, 16 Nov 2020 10:22:24 +0000 (11:22 +0100)]
knot: disable embedded xdp
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
1f9d6fbb26c20490dc58f84e5c86fa2c35012412)
Jan Hák [Mon, 16 Nov 2020 10:21:48 +0000 (11:21 +0100)]
knot: update to 3.0.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
a54828926dc2aa731fbfefe87a7a9687837fc2be)
Daniel Salzman [Tue, 27 Oct 2020 15:05:33 +0000 (16:05 +0100)]
knot: disable libnghttp2 autodetection
Signed-off-by: Daniel Salzman <daniel.salzman@nic.cz>
(cherry picked from commit
67e3c594de15985b76871ea5c1ba2fd05427900d)
Jan Hak [Mon, 26 Oct 2020 10:06:41 +0000 (11:06 +0100)]
knot: update to version 3.0.1
definition of PSELECT_COMPAT could be removed many years ago, is no longer needed
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
4069bb1e727a00d68352ff6baefac9f5a94e156f)
Josef Schlehofer [Tue, 23 Feb 2021 07:08:43 +0000 (08:08 +0100)]
screen: backport fix for CVE-2021-26937
Security reports:
- https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
This issue can be reproduced even on OpenWrt
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982435
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c250298fa3e60251dfbbb0df40b36c6d67bbea09)
Josef Schlehofer [Tue, 23 Feb 2021 06:28:13 +0000 (07:28 +0100)]
openvswitch: update to version 2.11.6 (security fix)
Fixes CVEs:
- CVE-2020-35498
- In DPDK: CVE-2015-8011 and CVE-2020-27827
- In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724
Removed patches:
- 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they
are included in this release as it was backported
- 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch
included in this release as it was backported
Other patches were refreshed.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Tue, 23 Feb 2021 01:12:28 +0000 (01:12 +0000)]
vpn-policy-routing: update to version 0.3
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 23 Feb 2021 00:27:00 +0000 (16:27 -0800)]
Merge pull request #14710 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: support for force DNS/DNS hijacking
Josef Schlehofer [Mon, 22 Feb 2021 18:05:35 +0000 (19:05 +0100)]
netdata: update to version 1.29.2
Release notes:
https://github.com/netdata/netdata/releases/tag/v1.29.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e8021bf14d591edfb3fe36dd194b8109d4f7ffd3)
Josef Schlehofer [Wed, 10 Feb 2021 13:17:47 +0000 (14:17 +0100)]
netdata: update to version 1.29.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
d0736d5e738cad74f81a99de0b039f75e7ca9768)
Josef Schlehofer [Mon, 22 Feb 2021 17:46:34 +0000 (18:46 +0100)]
Merge pull request #14845 from jefferyto/python-3.7.10-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.10, refresh patches
Jeffery To [Mon, 22 Feb 2021 13:02:55 +0000 (21:02 +0800)]
python3: Update to 3.7.10, refresh patches
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Moritz Warning [Sun, 21 Feb 2021 02:24:25 +0000 (03:24 +0100)]
zerotier: bump to 1.6.4
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Rosen Penev [Fri, 19 Feb 2021 01:10:31 +0000 (17:10 -0800)]
Merge pull request #14785 from nmeyerhans/openwrt-19.07+bind-9.16.12
bind: bump to 9.16.12
Noah Meyerhans [Thu, 18 Feb 2021 22:55:43 +0000 (14:55 -0800)]
bind: bump to 9.16.12
Includes fix for security issues:
* CVE-2020-8625: BIND servers are vulnerable if they are running an
affected version and are configured to use GSS-TSIG features.
Disable backtrace functionality, as it is unreliable across
architectures and generally only supported by upstream on amd64
Remove a patch that has been incorporated upstream
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Rosen Penev [Wed, 17 Feb 2021 20:58:29 +0000 (12:58 -0800)]
Merge pull request #14778 from BKPepe/ksmbd-19.07-drop-arc4-dependency
ksmbd: remove kmod-crypto-arc4 dependency
Josef Schlehofer [Wed, 17 Feb 2021 19:31:53 +0000 (20:31 +0100)]
ksmbd: remove kmod-crypto-arc4 dependency
This kernel module is already set for target/linux/generic/config-4.14
in OpenWrt 19.07 branch. This solves a problem that this package can not
be installed on the router:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
* kmod-crypto-arc4
* opkg_install_cmd: Cannot install package kmod-fs-ksmbd.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hauke Mehrtens [Tue, 16 Feb 2021 22:26:50 +0000 (22:26 +0000)]
Merge pull request #14647 from neheb/k9
[19.07] ksmbd(-tools): update to 3.3.4
Rosen Penev [Mon, 15 Feb 2021 00:06:57 +0000 (16:06 -0800)]
Merge pull request #14714 from
1715173329/ttyd-bp
[19.07] ttyd: force enable authentication for login
John Audia [Sun, 14 Feb 2021 18:05:44 +0000 (20:05 +0200)]
htop: update to 3.0.5-1
Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit
476f70e9a04c9ba7f98b21adde8f9fe20801a455)
Josef Schlehofer [Mon, 11 Nov 2019 22:06:48 +0000 (23:06 +0100)]
python-paho-mqtt: Update to version 1.5.0
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f8e36f9fd6d5040f3ce69a1dd3f844872ea306b9)
[use pypi.mk for Python package]
Philip Prindeville [Wed, 10 Feb 2021 19:34:19 +0000 (12:34 -0700)]
Merge pull request #14715 from pprindeville/isc-dhcp-stable-fix-coredump
isc-dhcp: seeing crashes when attempting to update dynamic dns
Philip Prindeville [Fri, 11 Dec 2020 00:20:59 +0000 (17:20 -0700)]
isc-dhcp: seeing crashes when attempting to update dynamic dns
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Tianling Shen [Sun, 7 Feb 2021 17:48:21 +0000 (01:48 +0800)]
ttyd: force enable authentication for login
Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.
In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.
1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Backported from
f45bb2981d41e1005a2658661da2475518835db8
Stan Grishin [Wed, 10 Feb 2021 05:59:24 +0000 (05:59 +0000)]
https-dns-proxy: support for force DNS/DNS hijacking
Signed-off-by: Stan Grishin <stangri@melmac.net>
Karl Palsson [Mon, 8 Feb 2021 15:20:53 +0000 (15:20 +0000)]
mosquitto: bump to 1.6.13
Includes various fixes: (2.0.7 + 1.6.13 dual release)
https://mosquitto.org/blog/2021/02/version-2-0-7-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rosen Penev [Sun, 7 Feb 2021 23:19:51 +0000 (15:19 -0800)]
Merge pull request #14681 from jonathanunderwood/openwrt-19.07-getdns-no-static-linking
[19.07] getdns: disable static linking of getdns utilities
Jonathan G. Underwood [Sun, 7 Feb 2021 13:40:36 +0000 (13:40 +0000)]
getdns: disable static linking of getdns utilities
This fixes issue #13361.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Rosen Penev [Sat, 6 Feb 2021 22:34:29 +0000 (14:34 -0800)]
Merge pull request #14670 from jonathanunderwood/openwrt-19.07-cherry-pick
[19.07] getdns: cherry pick recent fixes from master
Rosen Penev [Sat, 6 Feb 2021 22:33:43 +0000 (14:33 -0800)]
Merge pull request #14677 from mwarning/zt2
zerotier: update to 1.6.3
Moritz Warning [Fri, 5 Feb 2021 16:38:26 +0000 (17:38 +0100)]
zerotier: update to 1.6.3
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Harris K Kusuma [Mon, 1 Feb 2021 11:06:09 +0000 (18:06 +0700)]
getdns: Fix TLS V1.3 Ciphersuites option in Stubby
Description :
Fix typo in CMAKE getdns included files, so Stubby can use TLS v1.3 with chipersuites options ON.
This solve issue that's written in here :
https://github.com/getdnsapi/stubby/issues/240
https://github.com/getdnsapi/stubby/issues/257
Signed-off-by: Harris K Kusuma <igharris.kk@gmail.com>
Rosen Penev [Sun, 2 Aug 2020 22:05:11 +0000 (15:05 -0700)]
getdns: fix compilation without deprecated OpenSSL APIs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Mon, 15 Jun 2020 09:47:20 +0000 (11:47 +0200)]
keepalived: fix config typo
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
a8a1fbfa0da2676583f0289e7ed2806a3191800c)
* Update PKG_RELEASE to 5
Florian Eckert [Wed, 29 Apr 2020 17:40:46 +0000 (19:40 +0200)]
keepalived: add script security param to fix warning
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
1b1ba710632f8f4850f02c22e83734a6c8b5c41a)
Rosen Penev [Thu, 4 Feb 2021 08:23:59 +0000 (00:23 -0800)]
ksmbd: update to 3.3.4
Manually added from master.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Thu, 4 Feb 2021 01:26:48 +0000 (17:26 -0800)]
ksmbd-tools: update to 3.3.4
Manually updated.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Mon, 4 Nov 2019 12:24:34 +0000 (13:24 +0100)]
keepalived: set default run directory for pid file on build
This fixes a runtime startup error on system which does not have a
toplevel runtime directory for the pid file. On openwrt the pid is
located at /var/run and not on /run. To fix that add a configure option to
move the pid location to /var/run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
bc98aaa3f711f1cd6f7fa3a65da43411c2db98aa)
* Patch adapted for the branch so that it can be applied correctly
Rosen Penev [Wed, 3 Feb 2021 03:40:16 +0000 (19:40 -0800)]
Merge pull request #14632 from stangri/19.07-simple-adblock
[19.07] simple-adblock: remove dependency on jsonfilter & old code
Stan Grishin [Tue, 2 Feb 2021 22:11:20 +0000 (22:11 +0000)]
simple-adblock: remove dependency on jsonfilter & old code
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Wed, 27 Jan 2021 22:27:57 +0000 (23:27 +0100)]
sudo: backport patches for CVE-2021-3156
This security vulnerability is known as Baron Samedit [1] and there is a
research by Qualys [2] and they discovered it. Unfortunately or
fortunately, there isn't present sudoedit on OpenWrt.
Two patches were applied cleanly and the other two required manual
intervention. Those were backported from version 1.9.5p2
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
[2] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Tue, 26 Jan 2021 22:53:53 +0000 (14:53 -0800)]
Merge pull request #14575 from Andy2244/samba4-fix-#13758
[19.07] samba4: fix for #13758
Andy Walsh [Tue, 26 Jan 2021 11:24:57 +0000 (12:24 +0100)]
samba4: fix for #13758
* fix for possible exploit #13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Rosen Penev [Tue, 26 Jan 2021 07:07:17 +0000 (23:07 -0800)]
Merge pull request #14565 from rs/nextdns-1.10.1-openwrt-19.07
[19.07] nextdns: Update to version 1.10.1
Michael Heimpold [Mon, 25 Jan 2021 22:54:21 +0000 (23:54 +0100)]
Merge pull request #14558 from cartender/pr/19_fix_php7_conf_ac
php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
Olivier Poitrey [Mon, 25 Jan 2021 17:55:29 +0000 (17:55 +0000)]
nextdns: Update to version 1.10.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Giovanni Giacobbi [Fri, 22 Jan 2021 00:25:39 +0000 (00:25 +0000)]
php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
Package release version unchanged as it does not impact the build result in any way.
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
Josef Schlehofer [Mon, 18 Jan 2021 22:49:16 +0000 (23:49 +0100)]
msmtp: update to version 1.8.14
Release notes for 1.8.1.3:
https://marlam.de/msmtp/news/msmtp-1-8-13/
Release notes for 1.8.1.4:
https://marlam.de/msmtp/news/msmtp-1-8-13/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ff76e24e5aa8e4e2dc38d0b9ac7f3f92059c7a39)
Josef Schlehofer [Sun, 24 Jan 2021 08:26:17 +0000 (09:26 +0100)]
youtube-dl: update to version 2021.1.16
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
5d839fc06b48e43c3aa444469ac7d91b85519040)
Josef Schlehofer [Mon, 7 Dec 2020 02:32:29 +0000 (03:32 +0100)]
youtube-dl: update to version 2020.12.7
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
87e15391cd50b4f72da686f76ed2a012694c2c3f)
Rosen Penev [Sat, 23 Jan 2021 01:42:24 +0000 (17:42 -0800)]
Merge pull request #14501 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: bugfix: high CPU utilization
Rosen Penev [Tue, 19 Jan 2021 07:39:47 +0000 (23:39 -0800)]
Merge pull request #14499 from nemesisdesign/openwrt-19.07
openwisp-config: update to version 0.5.0
Stan Grishin [Mon, 18 Jan 2021 15:28:06 +0000 (15:28 +0000)]
https-dns-proxy: bugfix: high CPU utilization
Signed-off-by: Stan Grishin <stangri@melmac.net>
Federico Capoano [Mon, 18 Jan 2021 14:55:30 +0000 (09:55 -0500)]
openwisp-config: update to version 0.5.0
Full changelog available at https://github.com/openwisp/openwisp-config/releases/tag/0.5.0
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit
9f7b8088c374a5c8533c61baf56ae57343f6fb67)
# Conflicts:
# admin/openwisp-config/Makefile
Rosen Penev [Sun, 17 Jan 2021 09:59:54 +0000 (01:59 -0800)]
Revert "libzip: update to 1.7.3"
This reverts commit
d8f0ebaa3d2582628e34fa9d7d1d003cc94de24e.
Versions 1.7.2 and above mandate CMake 3.1.7, making this unsuitable
for backporting.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Michael Heimpold [Wed, 15 Jul 2020 21:51:21 +0000 (23:51 +0200)]
libzip: update to 1.7.3
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
1335121067561e3ddc9ca4e6e66244d04985c47b)
Michael Heimpold [Sun, 14 Jun 2020 13:09:31 +0000 (15:09 +0200)]
libzip: update to 1.7.1 (closes #12512)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
fa566417cab7bd75702a82bc4532a204d6cfc0fb)
Michael Heimpold [Wed, 12 Feb 2020 20:05:45 +0000 (21:05 +0100)]
libzip: update to 1.6.1
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
5a6054d4777c5d403375deacea6ec15f58d1ceb9)
Michael Heimpold [Sat, 1 Feb 2020 23:00:12 +0000 (00:00 +0100)]
libzip: update to 1.6.0
Also remove upstreamed patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
3b622a612c53c6e9ebeed05ec188214f7912d839)
Sebastian Kemper [Mon, 16 Dec 2019 22:33:30 +0000 (23:33 +0100)]
libzip: fix musl-fts failure
musl doesn't support fts. But with the extra package musl-fts installed,
libzip picks up the fts header and fails at the linking stage:
zipcmp.c:(.text.startup+0x130): undefined reference to `fts_open'
/home/sk/tmp/openwrt/staging_dir/toolchain-mips_24kc_gcc-8.3.0_musl/lib/gcc/mips-openwrt-linux-musl/8.3.0/../../../../mips-openwrt-linux-musl/bin/ld: zipcmp.c:(.text.startup+0x172): undefined reference to `fts_read'
So with musl-fts we need to link in libfts. To address that this commits
patches the cmake setup to check if fts is available in libc itself or
in any external libfts.
So when musl-fts is installed on the system the setup will be the
following:
musl: use libfts
uclibc: use fts from libc
glibc: like uclibc
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
0c381f7c7a6fbd6d62632fa67671a2dd2a5051a5)
Michael Heimpold [Mon, 2 Dec 2019 23:07:42 +0000 (00:07 +0100)]
libzip: add package
This introduces libzip which is e.g. a dependency for upcoming upgrade
of PHP to version 7.4.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
a4a98d5efedd413a2fd31bffb88f9f072b9805eb)
Hannu Nyman [Fri, 15 Jan 2021 13:54:41 +0000 (15:54 +0200)]
nano: update to 5.5
Update nano editor to version 5.5
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
be75f779737dc09328eb60896f477fde27a21e4f)
projects / feed / packages.git / log