Rosen Penev [Fri, 26 Mar 2021 20:23:13 +0000 (13:23 -0700)]
Merge pull request #15256 from cartender/pr_libftdi1_19
[19.07] libftdi1: Improve build binary reproducibility
Giovanni Giacobbi [Thu, 25 Mar 2021 14:59:51 +0000 (14:59 +0000)]
libftdi1: Improve build binary reproducibility
The library embeds the result of "git describe" inside the source code, making the binary result dependent of the particular commit being used in the build root when building inside a git working copy.
As this is unnecessary information, remove this option and fallback to the default "unknown", which is also the value compiled by tools that do not clone but export the openwrt base tree.
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
Josef Schlehofer [Thu, 25 Mar 2021 23:48:13 +0000 (00:48 +0100)]
Merge pull request #15214 from BKPepe/aiohttp-19.07
python-aiohttp: backport fix for CVE-2021-21330
Stan Grishin [Thu, 25 Mar 2021 22:55:51 +0000 (22:55 +0000)]
https-dns-proxy: bugfix: correct PROCD firewall object
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Mon, 22 Mar 2021 18:56:50 +0000 (11:56 -0700)]
Merge pull request #15221 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: support for additional Force DNS ports
Josef Schlehofer [Mon, 22 Mar 2021 12:53:24 +0000 (13:53 +0100)]
php: add fix for updated ICU 68+
Recently, I updated icu for issues with node feed, but it broke
compiling of php7.
Error:
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: error: 'TRUE' undeclared (first use in this function)
collator_sort_internal( TRUE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: note: each undeclared identifier is reported only once for each function it appears in
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c: In function 'zif_collator_asort':
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:543:26: error: 'FALSE' undeclared (first use in this function); did you mean 'FILE'?
collator_sort_internal( FALSE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~~
FILE
make[3]: *** [Makefile:1031: ext/intl/collator/collator_sort.lo] Error 1
More details:
https://github.com/php/php-src/commit/
8eaaabd
Backport of patch from PHP7.3 didn't work for me, but this one was suggested that
Homebrew is using it and it works for me. However, PHP7.2 is EoL.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Mon, 22 Mar 2021 07:29:14 +0000 (07:29 +0000)]
https-dns-proxy: support for additional Force DNS ports
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Mon, 22 Mar 2021 00:08:52 +0000 (01:08 +0100)]
bind: update to version 9.16.13
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Fri, 2 Oct 2020 21:12:14 +0000 (23:12 +0200)]
nnn: update to version 3.4
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
53f54c45e4a016dbcd90703fa6f9ebfe2b26b94b)
Josef Schlehofer [Mon, 22 Mar 2021 00:40:41 +0000 (01:40 +0100)]
python-aiohttp: backport fix for CVE-2021-21330
More details:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hirokazu MORIKAWA [Thu, 24 Dec 2020 06:18:56 +0000 (15:18 +0900)]
icu: update to 68.2
Maintainer: me
Compile tested: head r15324-
920b692, aarch64, x86_64
Run tested: (qemu-5.2.0) aarch64
Description:
Update to 68.2
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
d6317132dd7040fcab492ba76ec60b6fa8ae4fe6)
Hirokazu MORIKAWA [Mon, 9 Nov 2020 03:49:56 +0000 (12:49 +0900)]
icu: update to 68.1
It updates to CLDR 38. New features including locale-dependent smart unit preferences (road distance, temperature, etc.) and locale ID canonicalization conformant with CLDR.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
4f3a8c153535d7613249c567df9840ed23fa7ef1)
Rosen Penev [Mon, 31 Aug 2020 07:32:38 +0000 (00:32 -0700)]
icu: fix compilation under CentOS 7
CentOS 7's GCC is quite old and does not put max_align_t under std.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
6255a77128d0ea4e1aa1b24ef9fa06ba71072e2e)
Hirokazu MORIKAWA [Tue, 18 Aug 2020 06:13:35 +0000 (15:13 +0900)]
icu: update to 67.1
Unicode 13 & CLDR 37. Bug fixes for date and number formatting, enhanced support for user preferences in the locale identifier. LocaleMatcher code and data improved. Number skeletons have a new “concise” form that can be used in MessageFormat strings.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
e3be3aadc122c9e7689541bdbcd3e785b70b63ad)
Rosen Penev [Fri, 19 Mar 2021 22:51:45 +0000 (15:51 -0700)]
Merge pull request #15165 from gladiac1337/haproxy-2.0.21-19.07
[openwrt-19.07] haproxy: Update HAProxy to v2.0.21
Christian Lachner [Fri, 19 Mar 2021 17:38:26 +0000 (18:38 +0100)]
haproxy: Update HAProxy to v2.0.21
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Tianling Shen [Thu, 18 Mar 2021 05:12:13 +0000 (13:12 +0800)]
tmate: add new package
Tmate is a fork of tmux. It provides an instant pairing solution.
For more details, see https://tmate.io.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ccfe1bfa508e7041c4b5f902f1354ef9566bff28)
Tianling Shen [Thu, 18 Mar 2021 05:08:45 +0000 (13:08 +0800)]
msgpack-c: add new package
This is needed by tmate.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
cfc965b10754fea8c71dad79e6b4cd7c02f47a9b)
Rosen Penev [Sun, 29 Nov 2020 23:58:20 +0000 (15:58 -0800)]
minidlna: update to 1.3.0
Fixes two CVEs relating to UPnP.
Removed libuuid dependency. It is not used.
Remove clock_gettime hack. It seems to have been fixed.
Removed upstream patches.
Refreshed the other ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f5689796481c5b8e89cd3fff8b10ea6f675f85e9)
Hannu Nyman [Wed, 17 Mar 2021 17:55:45 +0000 (19:55 +0200)]
Merge pull request #15149 from ja-pa/tor-0.4.4.8-openwrt-19.07
[openwrt 19.07] tor: update to version 0.4.4.8 (security fix)
Jan Pavlinec [Wed, 17 Mar 2021 09:34:52 +0000 (10:34 +0100)]
tor: update to version 0.4.4.8
Fixes CVE-2021-28089 and CVE-2021-28090
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Florian Eckert [Tue, 16 Mar 2021 13:14:24 +0000 (14:14 +0100)]
Merge pull request #15136 from TDT-AG/pr/
2021015-openwrt-19.07-mwan3
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
Florian Eckert [Mon, 15 Mar 2021 13:15:39 +0000 (14:15 +0100)]
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
With this change, the interface status is no longer read from the mwan3 ubus.
The status of the interface is read directly from the status directory.
This was already implemented in the master with the
commit
c07f5230be128669f7b6731415de26f8176fbf5b.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Karl Palsson [Mon, 15 Mar 2021 10:41:31 +0000 (10:41 +0000)]
net/mosquitto: bump to 1.6.14
This is a minor security fix for outgoing bridges and the client
library.
Full details: https://mosquitto.org/blog/2021/03/version-2-0-9-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Paul Spooren [Fri, 12 Mar 2021 00:14:25 +0000 (14:14 -1000)]
CI: backport GitHub action CI
The CI is working fine with OpenWrt snapshots and 21.02, so backport it.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Olivier Poitrey [Mon, 8 Mar 2021 23:48:42 +0000 (23:48 +0000)]
nextdns: Update to version 1.11.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Rosen Penev [Mon, 8 Mar 2021 20:26:46 +0000 (12:26 -0800)]
Merge pull request #15054 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: better processing of custom user files
Stan Grishin [Mon, 8 Mar 2021 10:35:01 +0000 (10:35 +0000)]
vpn-policy-routing: better processing of custom user files
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Mon, 30 Nov 2020 00:48:36 +0000 (16:48 -0800)]
libpam: update to 1.5.1
Fix installed paths. After
e52d0487e88c3c8c57e1310d1a02b18eae0d142e
upstream, this bug was exposed.
Instead of working around it, fix the patch.
After this, everything consistently gets installed to ipkg-install/usr.
Minor Makefile reorganization.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b75f250f3bf378bcaa0784d44f64ff2bb4e7af9a)
Rosen Penev [Wed, 25 Nov 2020 00:52:51 +0000 (16:52 -0800)]
libpam: update to 1.5.0
Fixes CVE-2020-27780
Removed upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317e9fbde341549c0cd7c3d43742739d123c97)
Rosen Penev [Fri, 26 Jun 2020 00:29:54 +0000 (17:29 -0700)]
libpam: update to 1.4.0
Remove upstreamed patch and add a new one to fix compilation.
Add some more configure options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
a05db1acfea43b8f94a417d56414ea1aae21c815)
Hannu Nyman [Sat, 6 Mar 2021 08:27:14 +0000 (10:27 +0200)]
nano: update to 5.6.1
Update nano editor to version 5.6.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
0f4138db0be558d0c957e3d4d78091a59ba660ec)
Rosen Penev [Thu, 3 Dec 2020 00:32:59 +0000 (16:32 -0800)]
ninja: update to 1.10.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f25f29c740da5bcafb1500b55c9ebfb39eb35f9f)
Rosen Penev [Wed, 9 Sep 2020 07:48:37 +0000 (00:48 -0700)]
ninja: fix typo
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
52569b80fa3334ebfe29c05a17ce7254561e2e2f)
Rosen Penev [Mon, 7 Sep 2020 20:37:25 +0000 (13:37 -0700)]
ninja: use for CMake
CMake supports Ninja for faster compilation and less bugginess when it
comes to parallel compilation. That is, some CMake packages currently
have PKG_BUILD_PARALLEL set where it is not needed with ninja.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
54449e9c6689b17379c24ca68f52a80ec5688f22)
Rosen Penev [Fri, 28 Aug 2020 00:18:32 +0000 (17:18 -0700)]
ninja: update to 1.10.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317d653643b49a6fd28b785b7655f0c08124b2)
Florian Eckert [Wed, 3 Mar 2021 09:01:24 +0000 (10:01 +0100)]
Merge pull request #14661 from TDT-AG/pr/
20210203-19.07-keepalived
keepalived: backport fixes
Rosen Penev [Tue, 2 Mar 2021 09:56:59 +0000 (01:56 -0800)]
Merge pull request #14988 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to 0.3.2-18
Stan Grishin [Mon, 1 Mar 2021 21:38:44 +0000 (21:38 +0000)]
vpn-policy-routing: update to 0.3.2-18
Signed-off-by: Stan Grishin <stangri@melmac.net>
Alexandru Ardelean [Tue, 29 Sep 2020 04:55:19 +0000 (07:55 +0300)]
python-maho-mqtt: bump to versio 1.5.1
Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ee0e11c1ab5ff94f6bfcd6d98c8f4b09327f7412)
Rosen Penev [Sun, 28 Feb 2021 23:02:10 +0000 (15:02 -0800)]
Merge pull request #14962 from EricLuehrsen/unbound_1131_1907
[openwrt-19.07] unbound: update to 1.13.1
Eric Luehrsen [Sun, 21 Feb 2021 05:51:49 +0000 (00:51 -0500)]
unbound: update to 1.13.1
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Dirk Brenken [Sat, 27 Feb 2021 05:21:20 +0000 (06:21 +0100)]
Merge pull request #14918 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: bugfix: netflix user file missing redirect
Stan Grishin [Fri, 26 Feb 2021 22:03:41 +0000 (22:03 +0000)]
vpn-policy-routing: bugfix: netflix user file missing redirect
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Fri, 26 Feb 2021 05:12:28 +0000 (21:12 -0800)]
Merge pull request #14903 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update user netflix file
Stan Grishin [Fri, 26 Feb 2021 02:16:44 +0000 (02:16 +0000)]
vpn-policy-routing: update user netflix file
Signed-off-by: Stan Grishin <stangri@melmac.net>
Hannu Nyman [Thu, 25 Feb 2021 14:58:50 +0000 (16:58 +0200)]
nano: update to version 5.6
Upgrade nano to version 5.6
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
dffdfe4ac8c903fa843695af329c83c70a7c7e1a)
Rosen Penev [Thu, 25 Feb 2021 00:53:41 +0000 (16:53 -0800)]
Merge pull request #14888 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: custom user scripts improvements
Stan Grishin [Wed, 24 Feb 2021 19:44:10 +0000 (19:44 +0000)]
vpn-policy-routing: custom user scripts improvements
Signed-off-by: Stan Grishin <stangri@melmac.net>
Jan Hak [Mon, 22 Feb 2021 08:55:55 +0000 (09:55 +0100)]
libedit: update to version
20210216-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
fd7f43ae4674b234a975ec67c604abf6e933a0b3)
Jan Hák [Tue, 28 Apr 2020 08:53:34 +0000 (10:53 +0200)]
libedit: update to version
20193112-3.1
Signed-off-by: Jan Hák <jhak@jhak.nic.cz>
(cherry picked from commit
58a5c548eb497552f53d42df677c70dbb36930f8)
Dirk Brenken [Tue, 23 Feb 2021 14:46:43 +0000 (15:46 +0100)]
adblock: update blocklist sources
* change adguard url
* remove malwaredomains (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Tue, 23 Feb 2021 13:12:03 +0000 (05:12 -0800)]
Merge pull request #14869 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to version 0.3
Jan Hak [Thu, 21 Jan 2021 08:42:56 +0000 (09:42 +0100)]
knot: update to version 3.0.4
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
341fffb8ddd462cc41650b13e425e6e71efdfe4e)
Jan Hak [Wed, 16 Dec 2020 13:00:40 +0000 (14:00 +0100)]
knot: update to 3.0.3
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
5cd937865316f08144ebd8aaadfb2a1da19eeb10)
Jan Hák [Mon, 16 Nov 2020 10:22:24 +0000 (11:22 +0100)]
knot: disable embedded xdp
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
1f9d6fbb26c20490dc58f84e5c86fa2c35012412)
Jan Hák [Mon, 16 Nov 2020 10:21:48 +0000 (11:21 +0100)]
knot: update to 3.0.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
a54828926dc2aa731fbfefe87a7a9687837fc2be)
Daniel Salzman [Tue, 27 Oct 2020 15:05:33 +0000 (16:05 +0100)]
knot: disable libnghttp2 autodetection
Signed-off-by: Daniel Salzman <daniel.salzman@nic.cz>
(cherry picked from commit
67e3c594de15985b76871ea5c1ba2fd05427900d)
Jan Hak [Mon, 26 Oct 2020 10:06:41 +0000 (11:06 +0100)]
knot: update to version 3.0.1
definition of PSELECT_COMPAT could be removed many years ago, is no longer needed
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
4069bb1e727a00d68352ff6baefac9f5a94e156f)
Josef Schlehofer [Tue, 23 Feb 2021 07:08:43 +0000 (08:08 +0100)]
screen: backport fix for CVE-2021-26937
Security reports:
- https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
This issue can be reproduced even on OpenWrt
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982435
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c250298fa3e60251dfbbb0df40b36c6d67bbea09)
Josef Schlehofer [Tue, 23 Feb 2021 06:28:13 +0000 (07:28 +0100)]
openvswitch: update to version 2.11.6 (security fix)
Fixes CVEs:
- CVE-2020-35498
- In DPDK: CVE-2015-8011 and CVE-2020-27827
- In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724
Removed patches:
- 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they
are included in this release as it was backported
- 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch
included in this release as it was backported
Other patches were refreshed.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Tue, 23 Feb 2021 01:12:28 +0000 (01:12 +0000)]
vpn-policy-routing: update to version 0.3
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 23 Feb 2021 00:27:00 +0000 (16:27 -0800)]
Merge pull request #14710 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: support for force DNS/DNS hijacking
Josef Schlehofer [Mon, 22 Feb 2021 18:05:35 +0000 (19:05 +0100)]
netdata: update to version 1.29.2
Release notes:
https://github.com/netdata/netdata/releases/tag/v1.29.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e8021bf14d591edfb3fe36dd194b8109d4f7ffd3)
Josef Schlehofer [Wed, 10 Feb 2021 13:17:47 +0000 (14:17 +0100)]
netdata: update to version 1.29.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
d0736d5e738cad74f81a99de0b039f75e7ca9768)
Josef Schlehofer [Mon, 22 Feb 2021 17:46:34 +0000 (18:46 +0100)]
Merge pull request #14845 from jefferyto/python-3.7.10-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.10, refresh patches
Jeffery To [Mon, 22 Feb 2021 13:02:55 +0000 (21:02 +0800)]
python3: Update to 3.7.10, refresh patches
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Moritz Warning [Sun, 21 Feb 2021 02:24:25 +0000 (03:24 +0100)]
zerotier: bump to 1.6.4
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Rosen Penev [Fri, 19 Feb 2021 01:10:31 +0000 (17:10 -0800)]
Merge pull request #14785 from nmeyerhans/openwrt-19.07+bind-9.16.12
bind: bump to 9.16.12
Noah Meyerhans [Thu, 18 Feb 2021 22:55:43 +0000 (14:55 -0800)]
bind: bump to 9.16.12
Includes fix for security issues:
* CVE-2020-8625: BIND servers are vulnerable if they are running an
affected version and are configured to use GSS-TSIG features.
Disable backtrace functionality, as it is unreliable across
architectures and generally only supported by upstream on amd64
Remove a patch that has been incorporated upstream
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Rosen Penev [Wed, 17 Feb 2021 20:58:29 +0000 (12:58 -0800)]
Merge pull request #14778 from BKPepe/ksmbd-19.07-drop-arc4-dependency
ksmbd: remove kmod-crypto-arc4 dependency
Josef Schlehofer [Wed, 17 Feb 2021 19:31:53 +0000 (20:31 +0100)]
ksmbd: remove kmod-crypto-arc4 dependency
This kernel module is already set for target/linux/generic/config-4.14
in OpenWrt 19.07 branch. This solves a problem that this package can not
be installed on the router:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
* kmod-crypto-arc4
* opkg_install_cmd: Cannot install package kmod-fs-ksmbd.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hauke Mehrtens [Tue, 16 Feb 2021 22:26:50 +0000 (22:26 +0000)]
Merge pull request #14647 from neheb/k9
[19.07] ksmbd(-tools): update to 3.3.4
Rosen Penev [Mon, 15 Feb 2021 00:06:57 +0000 (16:06 -0800)]
Merge pull request #14714 from
1715173329/ttyd-bp
[19.07] ttyd: force enable authentication for login
John Audia [Sun, 14 Feb 2021 18:05:44 +0000 (20:05 +0200)]
htop: update to 3.0.5-1
Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit
476f70e9a04c9ba7f98b21adde8f9fe20801a455)
Josef Schlehofer [Mon, 11 Nov 2019 22:06:48 +0000 (23:06 +0100)]
python-paho-mqtt: Update to version 1.5.0
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f8e36f9fd6d5040f3ce69a1dd3f844872ea306b9)
[use pypi.mk for Python package]
Philip Prindeville [Wed, 10 Feb 2021 19:34:19 +0000 (12:34 -0700)]
Merge pull request #14715 from pprindeville/isc-dhcp-stable-fix-coredump
isc-dhcp: seeing crashes when attempting to update dynamic dns
Philip Prindeville [Fri, 11 Dec 2020 00:20:59 +0000 (17:20 -0700)]
isc-dhcp: seeing crashes when attempting to update dynamic dns
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Tianling Shen [Sun, 7 Feb 2021 17:48:21 +0000 (01:48 +0800)]
ttyd: force enable authentication for login
Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.
In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.
1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Backported from
f45bb2981d41e1005a2658661da2475518835db8
Stan Grishin [Wed, 10 Feb 2021 05:59:24 +0000 (05:59 +0000)]
https-dns-proxy: support for force DNS/DNS hijacking
Signed-off-by: Stan Grishin <stangri@melmac.net>
Karl Palsson [Mon, 8 Feb 2021 15:20:53 +0000 (15:20 +0000)]
mosquitto: bump to 1.6.13
Includes various fixes: (2.0.7 + 1.6.13 dual release)
https://mosquitto.org/blog/2021/02/version-2-0-7-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rosen Penev [Sun, 7 Feb 2021 23:19:51 +0000 (15:19 -0800)]
Merge pull request #14681 from jonathanunderwood/openwrt-19.07-getdns-no-static-linking
[19.07] getdns: disable static linking of getdns utilities
Jonathan G. Underwood [Sun, 7 Feb 2021 13:40:36 +0000 (13:40 +0000)]
getdns: disable static linking of getdns utilities
This fixes issue #13361.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Rosen Penev [Sat, 6 Feb 2021 22:34:29 +0000 (14:34 -0800)]
Merge pull request #14670 from jonathanunderwood/openwrt-19.07-cherry-pick
[19.07] getdns: cherry pick recent fixes from master
Rosen Penev [Sat, 6 Feb 2021 22:33:43 +0000 (14:33 -0800)]
Merge pull request #14677 from mwarning/zt2
zerotier: update to 1.6.3
Moritz Warning [Fri, 5 Feb 2021 16:38:26 +0000 (17:38 +0100)]
zerotier: update to 1.6.3
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Harris K Kusuma [Mon, 1 Feb 2021 11:06:09 +0000 (18:06 +0700)]
getdns: Fix TLS V1.3 Ciphersuites option in Stubby
Description :
Fix typo in CMAKE getdns included files, so Stubby can use TLS v1.3 with chipersuites options ON.
This solve issue that's written in here :
https://github.com/getdnsapi/stubby/issues/240
https://github.com/getdnsapi/stubby/issues/257
Signed-off-by: Harris K Kusuma <igharris.kk@gmail.com>
Rosen Penev [Sun, 2 Aug 2020 22:05:11 +0000 (15:05 -0700)]
getdns: fix compilation without deprecated OpenSSL APIs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Mon, 15 Jun 2020 09:47:20 +0000 (11:47 +0200)]
keepalived: fix config typo
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
a8a1fbfa0da2676583f0289e7ed2806a3191800c)
* Update PKG_RELEASE to 5
Florian Eckert [Wed, 29 Apr 2020 17:40:46 +0000 (19:40 +0200)]
keepalived: add script security param to fix warning
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
1b1ba710632f8f4850f02c22e83734a6c8b5c41a)
Rosen Penev [Thu, 4 Feb 2021 08:23:59 +0000 (00:23 -0800)]
ksmbd: update to 3.3.4
Manually added from master.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Thu, 4 Feb 2021 01:26:48 +0000 (17:26 -0800)]
ksmbd-tools: update to 3.3.4
Manually updated.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Mon, 4 Nov 2019 12:24:34 +0000 (13:24 +0100)]
keepalived: set default run directory for pid file on build
This fixes a runtime startup error on system which does not have a
toplevel runtime directory for the pid file. On openwrt the pid is
located at /var/run and not on /run. To fix that add a configure option to
move the pid location to /var/run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
bc98aaa3f711f1cd6f7fa3a65da43411c2db98aa)
* Patch adapted for the branch so that it can be applied correctly
Rosen Penev [Wed, 3 Feb 2021 03:40:16 +0000 (19:40 -0800)]
Merge pull request #14632 from stangri/19.07-simple-adblock
[19.07] simple-adblock: remove dependency on jsonfilter & old code
Stan Grishin [Tue, 2 Feb 2021 22:11:20 +0000 (22:11 +0000)]
simple-adblock: remove dependency on jsonfilter & old code
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Wed, 27 Jan 2021 22:27:57 +0000 (23:27 +0100)]
sudo: backport patches for CVE-2021-3156
This security vulnerability is known as Baron Samedit [1] and there is a
research by Qualys [2] and they discovered it. Unfortunately or
fortunately, there isn't present sudoedit on OpenWrt.
Two patches were applied cleanly and the other two required manual
intervention. Those were backported from version 1.9.5p2
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
[2] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Tue, 26 Jan 2021 22:53:53 +0000 (14:53 -0800)]
Merge pull request #14575 from Andy2244/samba4-fix-#13758
[19.07] samba4: fix for #13758
Andy Walsh [Tue, 26 Jan 2021 11:24:57 +0000 (12:24 +0100)]
samba4: fix for #13758
* fix for possible exploit #13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Rosen Penev [Tue, 26 Jan 2021 07:07:17 +0000 (23:07 -0800)]
Merge pull request #14565 from rs/nextdns-1.10.1-openwrt-19.07
[19.07] nextdns: Update to version 1.10.1
Michael Heimpold [Mon, 25 Jan 2021 22:54:21 +0000 (23:54 +0100)]
Merge pull request #14558 from cartender/pr/19_fix_php7_conf_ac
php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'