Daniel Golle [Thu, 13 Oct 2022 18:46:52 +0000 (19:46 +0100)]
auc: update to 0.3.1
Remove wrongly placed 'break' statement to actually jump to the most
recent version of a release branch.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
fd36c91db869544df882de6812cf57dd5056c976)
Daniel Golle [Mon, 10 Oct 2022 03:30:55 +0000 (04:30 +0100)]
auc: update to version 0.3.0
Most notably this brings support for processing package changes such
as suggesting to replace firewall with firewall4 when updating from
21.02.x -> 22.03.y release.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
36525086ce468ba5f062f41be231be9f43d9488f)
Daniel Golle [Thu, 6 Oct 2022 15:48:23 +0000 (16:48 +0100)]
snowflake: update to version 2.3.1
03b2b56f Fix broker race condition
36f03dfd Record proxy type for proxy relay stats
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
15fdb5fa166c1d41236c519821cad6e92fbb8e68)
Daniel Golle [Thu, 6 Oct 2022 15:34:05 +0000 (16:34 +0100)]
perl-net-dns: update to version 1.35
**** 1.35 Oct 4, 2022
Improve SVCB error reporting.
Fix rt.cpan.org #144328
accept_reply test fails with matched consecutive "random"
generated packet->id
Fix rt.cpan.org #144299
Spelling errors.
**** 1.34 May 30, 2022
Improve robustness of EDNS option compose/decompose functions.
Simplify code in Makefile.PL.
Fix rt.cpan.org #142426
Avoid "Useless use of a constant in void context" warning.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
b9338331be79cf8d0c1f9aa0dde2acf57a75ebe8)
Daniel Golle [Thu, 6 Oct 2022 15:32:29 +0000 (16:32 +0100)]
pcsc-lite: update to verion 1.9.9
1.9.9: Ludovic Rousseau
11 September 2022
- SCardEstablishContext() may return SCARD_W_SECURITY_VIOLATION if refused by Polkit
- Fix SCardReleaseContext() failure on orphan handles
- Fix SCardDisconnect() on orphan handle
- pcsc-spy: log the pioSendPci & pioRecvPci SCardTransmit() parameters
- Improve the log from pcscd: log the return code in text instead of hex
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a8698d5ede0e00b73f95592d63be212483224ce1)
Daniel Golle [Thu, 6 Oct 2022 15:27:31 +0000 (16:27 +0100)]
gawk: update to version 5.2.0
For changes see ChangeLog file[1].
[1]: https://git.savannah.gnu.org/cgit/gawk.git/plain/ChangeLog?h=gawk-5.2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cd20631bc7db1faf7b543656a265734adad0a6e2)
Daniel Golle [Thu, 6 Oct 2022 14:24:28 +0000 (15:24 +0100)]
libksba: update to version 1.6.1
Update to stable release 1.6.1.
See commit log since version 1.6.0 for changes[1].
[1]: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=shortlog;h=
d3c1e063d708a46ef39152256f8b1ea466b61be0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
df589ce880bef12a297bfa39738deae84710ed4c)
Daniel Golle [Wed, 7 Sep 2022 20:27:47 +0000 (21:27 +0100)]
gnunet: update to version 0.17.5
Beware that switching to the new major version 0.17.x results in
incompatibility with clients still running 0.16.x.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6d49ad9e5c5a93014cc99f1c956eaa51b36ee95f)
Daniel Golle [Wed, 7 Sep 2022 18:49:34 +0000 (19:49 +0100)]
libp11: update to version 0.4.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
d3b50744769fe954b6713cca98c45325cc477df1)
Daniel Golle [Wed, 7 Sep 2022 18:33:30 +0000 (19:33 +0100)]
libinput: update to version 1.19.4
This release includes a fix for CVE-2022-1215, a format string
vulnerabilty in the evdev device handling. For details, see
https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
Peter Hutterer (2):
evdev: strip the device name of format directives
libinput 1.19.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
b95dbe4187a7a21f7cf13f578a81fa0337706190)
Daniel Golle [Wed, 7 Sep 2022 18:33:14 +0000 (19:33 +0100)]
libevdev: update to version 1.13.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
630f5b1608550bbe3dc204a50d873b3e54ad17af)
Daniel Golle [Wed, 7 Sep 2022 18:25:23 +0000 (19:25 +0100)]
postgresql: update to version 14.5
Release date: 2022-08-11
Adresses CVE-2022-2625.
For more details, please see the release notes[1].
[1]: https://www.postgresql.org/docs/release/14.5/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
ead096d6dd6805f9c8dfa24611b7152618c502c8)
Daniel Golle [Wed, 7 Sep 2022 18:12:44 +0000 (19:12 +0100)]
pcsc-lite: update to version 1.9.8
1.9.8: Ludovic Rousseau
11 June 2022
- Install install_spy.sh & uninstall_spy.sh scripts in docdir
- SCardTransmit(): do not fail if receive buffer is "too large"
- SCardControl(): do not fail if receive buffer is "too large"
- fix some memory leaks on shutdown
- use a better random number generator
- Some other minor improvements
1.9.7: Ludovic Rousseau
13 May 2022
- disable strict compilation by default
- fix 3 warnings
1.9.6: Ludovic Rousseau
11 May 2022
- do not fail reader removal in some specific cases (USB/Thunderbolt port)
- improve documentation regarding /etc/reader.conf.d/
- SCardGetStatusChange: speedup the case DISABLE_AUTO_POWER_ON
- configure:
. add --disable-strict option
By default the compiler arguments are now:
-Wall -Wextra -Wno-unused-parameter -Werror ${CFLAGS}
. fail if flex is not found
- fix different data races
- pcscdaemon: -v displays internal constants values:
MAX_READERNAME & PCSCLITE_MAX_READERS_CONTEXTS
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
db667b5b0ff51a2c74f61b166f1e5700e7161090)
Daniel Golle [Wed, 7 Sep 2022 17:24:22 +0000 (18:24 +0100)]
exim: update to version 4.96
Exim version 4.96
-----------------
JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
after reception to before a subsequent reception. This should
mean slightly faster delivery, and also confirmation of reception
to senders.
JH/02 Move from using the pcre library to pcre2. The former is no longer
being developed or supported (by the original developer).
JH/03 Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for
sendfile() didi not account for the way the ClamAV driver code called it.
JH/05 Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
JH/07 Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
JH/08 Remove stripping of the binaries from the FreeBSD build. This was added
in 4.61 without a reason logged. Binaries will be bigger, which might
matter on diskspace-constrained systems, but debug is easier.
JH/09 Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be
handing out large-numbered file descriptors, violating the usual Unix
assumption (and required by Posix) that the lowest possible number will be
allocated by the kernel when a new one is needed. In the daemon, and any
child procesees, values higher than 1024 (being bigger than FD_SETSIZE)
are not useable for FD_SET() [and hence select()] and overwrite the stack.
Assorted crashes happen.
JH/11 Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections. Found by
Wakko Warner.
JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux,
though only once PCRE2 was introduced: the memory accounting used under
debug offset allocations by an int, giving a hard trap in early startup.
Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz.
JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given. The write-protection of configuration introduced
in 4.95 trapped when normalisation was applied to an option not needing
expansion action.
JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon
failing to close the certificates directory, every hour or any time it
was touched.
JH/16 Debugging initiated by an ACL control now continues through into routing
and transport processes. Previously debugging stopped any time Exim
re-execs, or for processing a queued message.
JH/17 The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
4.88 to 4.95 are affected.
JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn.
JH/20 When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename. Previously, if a directory
path was given, for example via the autoreply "once" option, the DB
file.pag and file.dir files would be created in that directory's
parent.
JH/21 Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector. These were previously deprecated.
JH/22 Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously
the call into OpenSSL to send a TLS Close was being repeated; this
resulted in the library waiting for the peer's Close. If that was never
sent we waited forever. Fix by tracking send calls.
JH/24 The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler. The old ordering can be obtained by
appending a new option "preexpand", after a comma, to the "run".
JH/25 Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of
the the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
Previously any use of the local address in the EHLO name disabled
PIPECONNECT, the common case being to use the rDNS of it.
JH/28 OpenSSL: fix transport-required OCSP stapling verification under session
resumption. Previously verify failed because no certificate status is
passed on the wire for the restarted session. Fix by using the recorded
ocsp status of the stored session for the new connection.
JH/29 TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
Previously only the server IP was used.
JH/30 Fix string_copyn() for limit greater than actual string length.
Previously the copied amount was the limit, which could result in a
overlapping memcpy for newly allocated destination soon after a
source string shorter than the limit. Found/investigated by KM.
JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection. This caused a
SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas.
JH/32 Fix CHUNKING for a second message on a connection when the first was
rejected. Previously we did not reset the chunking-offered state, and
erroneously rejected the BDAT command. Investigation help from
Jesse Hathaway.
JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning
an empty address. Previously the expansion returned an error.
HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy. Previously these were misparsed, leading to paniclog entries.
Also contains commit
51be321b27 "Fix PAM auth. Bug 2813" addressing
CVE-2022-37451.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
f2763b95afc57b88dc9d494b3fbf3841ba38a314)
Daniel Golle [Wed, 7 Sep 2022 17:45:16 +0000 (18:45 +0100)]
gpgme: update to version 1.18.0
Noteworthy changes in version 1.18.0 (2022-08-10)
-------------------------------------------------
* New keylist mode to force refresh via external methods. [T5951]
* The keylist operations now create an import result to report the
result of the locate keylist modes. [T5951]
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure. [T5939]
* cpp, qt: Do not export internal symbols anymore. [T5906]
* cpp, qt: Support revocation of own OpenPGP keys. [T5904]
* qt: The file name of (signed and) encrypted data can now be set. [T6056]
* cpp, qt: Support setting the primary user ID. [T5938]
* python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
00bfb4f151d80e8e6f7b860d423ef1fa8c926251)
Daniel Golle [Wed, 7 Sep 2022 17:39:46 +0000 (18:39 +0100)]
cryptsetup: update to version 2.5.0
Update to new major release of cryptsetup. For details, please see
the release notes[1].
[1]: https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
80439f802cc61e826277851aaeb30ba7a221195c)
Daniel Golle [Wed, 7 Sep 2022 17:53:16 +0000 (18:53 +0100)]
lvm2: update to release 2.03.16
Mostly bug fixes and minor improvements.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
4e70f5caef0e80d75bb0c50c1819b9ded6923adc)
Josef Schlehofer [Wed, 12 Oct 2022 06:43:04 +0000 (08:43 +0200)]
Merge pull request #19571 from
1715173329/v2
[openwrt-22.03] v2ray-core: add new package
Michal Vasilek [Mon, 10 Oct 2022 13:39:46 +0000 (15:39 +0200)]
python3: update to 3.10.7
* fixes CVE-2021-28861
* adjust pip and setuptools versions
* refresh patches
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
e9ddc479f9a77b9d173081bbc57cd805b24942d8)
Stan Grishin [Mon, 10 Oct 2022 11:09:22 +0000 (04:09 -0700)]
Merge pull request #19580 from stangri/openwrt-22.03-curl
[22.03] curl: error out if wolfSSL is not usable
Petr Štetiar [Mon, 10 Oct 2022 08:47:55 +0000 (10:47 +0200)]
curl: error out if wolfSSL is not usable
When we explicitly declare, that we would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then we should
make sure, that we either endup with curl having that support, or it
shouldn't be available at all, otherwise we risk, that we end up with
regressions like following:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produce curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: #19005, #19547
Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
9140f366ef91c6eeb04ca39347c40deecaf56419)
Josef Schlehofer [Sun, 9 Oct 2022 19:37:02 +0000 (21:37 +0200)]
Merge pull request #19568 from
1715173329/y3
[openwrt-22.03] yq: Update to 4.28.1
Josef Schlehofer [Sun, 9 Oct 2022 19:36:56 +0000 (21:36 +0200)]
Merge pull request #19567 from
1715173329/c3
[openwrt-22.03] cloudflared: Update to 2022.10.0
Tianling Shen [Thu, 8 Sep 2022 01:54:40 +0000 (09:54 +0800)]
v2ray-geodata: split from xray-geodata
This can be used for v2ray, Xray, v2rayA and some other projects,
make it generic.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
975153f93da132e545353d90ff3eb76b16ed0938)
[rebased into 22.03 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Thu, 8 Sep 2022 01:52:57 +0000 (09:52 +0800)]
v2ray-core: add new package
Project V is a set of network tools that help you to build your own computer network.
It secures your network connections and thus protects your privacy.
For more details, see https://www.v2fly.org/en_US/guide/faq.html
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
6461d1b055d32021de6591bebae4f3301a755fd0)
Tianling Shen [Sat, 8 Oct 2022 06:25:38 +0000 (14:25 +0800)]
yq: Update to 4.28.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
40f0e263bf63068ff8c4e1adeaf4e807498d95f5)
Tianling Shen [Sat, 8 Oct 2022 06:24:38 +0000 (14:24 +0800)]
cloudflared: Update to 2022.10.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
37bdf739b1c2710614db31a90df5e3e819d6aa01)
Tianling Shen [Sun, 2 Oct 2022 04:57:25 +0000 (12:57 +0800)]
cloudflared: Update to 2022.9.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
cae36485f02b7f05a0296396483174f045cfece4)
Alexandru Ardelean [Sun, 9 Oct 2022 05:07:48 +0000 (08:07 +0300)]
Merge pull request #19553 from commodo/python-pytz-22.03
[22.03] python3-pytz: bump to version 2022.4
Tianling Shen [Sun, 2 Oct 2022 04:58:23 +0000 (12:58 +0800)]
gg: Update to 0.2.13
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
891b87747a5100d5e8c489cea0882a0a0ce8f127)
Tianling Shen [Sun, 2 Oct 2022 04:55:46 +0000 (12:55 +0800)]
dnsproxy: Update to 0.45.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b5ec852c54efe2ef69320101b37f0981c52063bd)
Tianling Shen [Fri, 23 Sep 2022 06:56:50 +0000 (14:56 +0800)]
dnsproxy: Update to 0.45.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5b72dce338e197e0e3998d8a9d49f52248178a99)
Stan Grishin [Fri, 7 Oct 2022 21:27:43 +0000 (14:27 -0700)]
Merge pull request #19544 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: update to 2022-08-12-1
Alexandru Ardelean [Fri, 7 Oct 2022 07:34:15 +0000 (10:34 +0300)]
python3-pytz: bump to version 2022.4
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Noah Meyerhans [Wed, 21 Sep 2022 18:57:50 +0000 (11:57 -0700)]
bind: bump to 9.18.7
Fixes multiple security issues:
CVE-2022-38178 - Fix memory leak in EdDSA verify processing
CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query
CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected
CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer
CVE-2022-2795 - Prevent excessive resource use while processing large
delegations
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
58bcd3fad37eaf56d4dbeecc0c73abe464e7e987)
Stan Grishin [Fri, 7 Oct 2022 06:26:21 +0000 (06:26 +0000)]
https-dns-proxy: update to 2022-08-12-1
* update to upstream version 2022-08-12
* add ca_certs_file option for CA certs file for curl
* add procd_add_interface_trigger for wan6 (hopefully fixes
https://github.com/openwrt/packages/issues/19531)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
796a3dda800b0d17df06d87995148b934be15e5d)
Eneas U de Queiroz [Wed, 14 Sep 2022 21:32:47 +0000 (18:32 -0300)]
libgd: avoid recursive and redundant dependencies
Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.
While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
085eb34fbf7c7aaa20da35ebe2f493601c5f19b2)
Nick Hainke [Sat, 24 Sep 2022 15:59:40 +0000 (17:59 +0200)]
tor: update to 0.4.7.10
Release Notes:
https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
b9cf0cdce6ee56778a0b7ecd3d5ed520b3e2dbac)
[fix commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
Nick Hainke [Fri, 30 Sep 2022 10:03:05 +0000 (12:03 +0200)]
expat: update to 2.4.9
Fixes CVE-2022-40674.
Release Notes:
- https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes
- https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
a8774f84e9c18fb0ff1ab3f831a5fe8fcab377e0)
Glenn Strauss [Sat, 1 Oct 2022 07:58:16 +0000 (03:58 -0400)]
lighttpd: remove deprecated modules
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
9d7e18fb257914d0c03e0b5e9e4afef49073d375)
Hirokazu MORIKAWA [Wed, 5 Oct 2022 02:27:26 +0000 (11:27 +0900)]
node: bump to v16.17.1
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
658621bf5eec076f6f1a7d12b29105fba279a379)
Petr Štetiar [Wed, 5 Oct 2022 19:30:52 +0000 (21:30 +0200)]
Merge pull request #19521 from ynezz/ynezz/openwrt-22.03-wolfssl-CVE-2022-39173
[22.03] treewide: fix security issues by bumping all packages using libwolfssl
Stan Grishin [Wed, 5 Oct 2022 06:41:12 +0000 (23:41 -0700)]
Merge pull request #19528 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: add settings for canary domains
Stan Grishin [Tue, 4 Oct 2022 22:07:52 +0000 (22:07 +0000)]
https-dns-proxy: add settings for canary domains
* add setting to enable/disable blocking access to iCloud Private Relay resolvers
* add setting to enable/disable blocking access to Mozilla resolvers
* rename variables loaded from config in the init script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
4ff71d8e4cd7cd4b3f4cc0d4d832ead512edef08)
Stan Grishin [Tue, 4 Oct 2022 22:06:15 +0000 (15:06 -0700)]
Merge pull request #19526 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: bugfix: prevent canary domains duplicates
Stan Grishin [Tue, 4 Oct 2022 21:25:42 +0000 (21:25 +0000)]
https-dns-proxy: bugfix: prevent canary domains duplicates
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
f99ada410fa799b419ca7819ed2bbcf779ec3d12)
Michael Heimpold [Tue, 4 Oct 2022 15:35:04 +0000 (17:35 +0200)]
Merge pull request #19516 from mhei/22.03-php8-update-8.1.11
[22.03] php8: update to 8.1.11
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit
ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit
f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
845d81ca0976c82829addc23e9e8b95885c910ee)
Petr Štetiar [Tue, 4 Oct 2022 08:13:08 +0000 (10:13 +0200)]
Revert "treewide: fix security issues by bumping all packages using libwolfssl"
This reverts commit
0ddec62e6911b7f97016062ee18f6558f455debc as it was
backport too soon, we need to first wait for fixed libwolfssl being
available.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit
ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit
f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
845d81ca0976c82829addc23e9e8b95885c910ee)
Ivan Pavlov [Thu, 25 Aug 2022 19:39:47 +0000 (22:39 +0300)]
openvpn: explicitly disable engine parameter for openssl variant
Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
is to disable engine support as engine support is deprecated. For ath79 architecture
build with autodetection engine support fails, so explicitly set off for now.
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
62e909e845e25ea87d671358cc8f4724326c7eaf)
Ivan Pavlov [Mon, 6 Jun 2022 05:57:31 +0000 (08:57 +0300)]
openvpn: update to 2.5.7
Added limited support for OpenSSL 3.0
Fixed some bugs
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
45b751dd850b20e791851d116f2f927c3fbe79eb)
Ivan Pavlov [Fri, 18 Mar 2022 05:43:53 +0000 (08:43 +0300)]
openvpn: update to 2.5.6
Maintainer: me / @mkrkn
Compile tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
Run tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547)
several build fixes, refer to https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
172795b8584c43327d320b591ab64647e4b821d4)
Jianhui Zhao [Sun, 22 May 2022 14:01:18 +0000 (22:01 +0800)]
rtty: update to 8.0.1
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit
0ea357c164d4d265d750459de2ad6a63149fe89e)
Michael Heimpold [Mon, 3 Oct 2022 09:08:08 +0000 (11:08 +0200)]
php8: update to 8.1.11
This fixes:
- CVE-2022-31628
- CVE-2022-31629
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
e0db68ef0af282679f3450e34d6d7c2a817b9af2)
Stan Grishin [Tue, 4 Oct 2022 03:59:56 +0000 (20:59 -0700)]
Merge pull request #19502 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: allow domains bugfix & canary domains support
Marc Benoit [Mon, 5 Sep 2022 18:52:07 +0000 (14:52 -0400)]
nextdns: initialize nextdns from /etc/uci-defaults
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
(cherry picked from commit
e54247a6fa9c03f286d38460c425d6dbd622b657)
Tianling Shen [Fri, 23 Sep 2022 06:58:22 +0000 (14:58 +0800)]
dnslookup: Update to 1.8.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
671e794db130b1819f041346e8f19ad752f6aa08)
Stan Grishin [Sat, 1 Oct 2022 23:11:28 +0000 (23:11 +0000)]
simple-adblock: allow domains bugfix & canary domains support
* fix bug in download_lists and adb_allow to prevent unintended exclisions from
the block-lists of domains containing allowed domain. Fixes issue:
https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
disabled by default
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9156ef6507f8c3fe6785234dff223bad5b59a78e)
Stan Grishin [Sat, 1 Oct 2022 23:01:43 +0000 (16:01 -0700)]
Merge pull request #19490 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: uci wrappers & iCloud canary domains
Stan Grishin [Sat, 1 Oct 2022 23:01:22 +0000 (16:01 -0700)]
Merge pull request #19469 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: update to 1.9.1-1
Stan Grishin [Thu, 29 Sep 2022 23:58:53 +0000 (23:58 +0000)]
https-dns-proxy: uci wrappers & iCloud canary domains
* switch to using uci wrappers instead of direct uci calls
* add support for iCloud canary domains
https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
749b03ffbffbdf208bd589db6526c939d404ba79)
Rosen Penev [Sun, 18 Sep 2022 00:26:50 +0000 (17:26 -0700)]
bandwidthd: fix format warnings
Should fix crashing errors under musl 1.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e62158b6f8ab3ea2b6869474a36845dc69fbbe02)
Josef Schlehofer [Sun, 25 Sep 2022 10:00:55 +0000 (12:00 +0200)]
unbound: update to version 1.16.3
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204
Refreshed one patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
027533f9a23bbedd0b7c988405a9b5fd433da502)
Stan Grishin [Fri, 23 Sep 2022 20:44:12 +0000 (20:44 +0000)]
simple-adblock: update to 1.9.1-1
* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
for dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
f8c5fd93e7e055e2425729e812fe0d1e4aab8032)
Stan Grishin [Mon, 26 Sep 2022 20:34:50 +0000 (13:34 -0700)]
Merge pull request #19466 from stangri/openwrt-22.03-curl
[22.03] curl: bugfix: github source url
Stan Grishin [Mon, 26 Sep 2022 08:31:56 +0000 (08:31 +0000)]
curl: bugfix: github source url
* fixes https://github.com/openwrt/packages/issues/19456
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
c812153f8d4f73b3f82cb19e3b98c84ca680eecb)
Peter van Dijk [Wed, 21 Sep 2022 10:31:25 +0000 (12:31 +0200)]
pdns-recursor: update to 4.7.3
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
8e234be1e753184f1529af785af96b962e84c40b)
Karl Palsson [Fri, 23 Sep 2022 12:01:25 +0000 (12:01 +0000)]
libs/cjson: bump to 1.7.15
This is a bugfix release.
Full release notes available at: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.15
Signed-off-by: Karl Palsson <karlp@etactica.com>
Karl Palsson [Mon, 19 Sep 2022 14:15:27 +0000 (14:15 +0000)]
pagekite: add patchs for 64bit time
Source: https://github.com/pagekite/libpagekite/pull/78
Signed-off-by: Karl Palsson <karlp@etactica.com>
Karl Palsson [Mon, 19 Sep 2022 11:45:13 +0000 (11:45 +0000)]
mosquitto: bump to 2.0.15
Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/
Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/
2.0.15 is bigger security and bugfix release. 2.0.14 had a couple of
minor changes and was skipped for OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Ptilopsis Leucotis [Sun, 15 May 2022 04:02:40 +0000 (07:02 +0300)]
mosquitto: add missing 'persistence' section in config
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
David Bauer [Fri, 23 Sep 2022 11:15:37 +0000 (13:15 +0200)]
poemgr: update to latest HEAD
8988247 Makefile: Enable warnings as errors (-Werror)
aea39ca Makefile: Respect the CFLAGS and LDFLAGS that have been passed in
189594f poemgr: Fix compiler warnings in poemgr.c
0e1a8cf pd69104: Avoid self-induced pointer casts
2d53298 uswflex: Remove unused variables and declarations
d345441 poemgr: Reorganize poemgr.h to remove forward declarations
df1a7bc contrib: remove unneccessary functions.sh loading
056a6a9 poemgr: Fix name based profile selection
b8f8f23 poemgr: prolong the power budget detection delay
9e8344a poemgr: configure power_budget to override detected limit
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
255c4e6c80ae1f5c00e443eb0b77438ecf78c54c)
Stijn Tintel [Thu, 24 Mar 2022 14:52:30 +0000 (16:52 +0200)]
poemgr: fix conffiles path
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
33927a51c896e459aff4f7f9658da64f7768489a)
Dirk Brenken [Sun, 25 Sep 2022 19:00:00 +0000 (21:00 +0200)]
adblock: update 4.1.4-5
* auto-whitelist ext. dns lookup domain
* add public doh server blocklist source
* whitespace fixes in adblock.sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5603ed923747f7f361be4bf69387317f35f7f548)
James McGuire [Sat, 24 Sep 2022 21:49:21 +0000 (14:49 -0700)]
adblock: add lightswitch05 blocklist source
Signed-off-by: James McGuire <jamesm51@gmail.com>
(cherry picked from commit
b971cdc79b812334f71d0095a938bbc4a784a38f)
Alexander E. Patrakov [Sun, 4 Sep 2022 16:38:58 +0000 (00:38 +0800)]
hping3: add new package
The new package would help measuring one-way delays using ICMP type 13
packets. This is important for various scripts that automatically adjust
CAKE shaper bandwidth based on the observed bufferbloat. They need to
understand whether the delay is on the way up or on the way down, so
that they can adjust the bandwidth of the proper part of the shaper.
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379
V2: refreshed patches
Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
(cherry picked from commit
688a5413d087a4f8f70d523b189875831d6e39c4)
Michael Heimpold [Sun, 25 Sep 2022 08:22:17 +0000 (10:22 +0200)]
Merge pull request #19438 from mhei/22.03-squid-libxml2-backport
[22.03] squid: fix compilation with libxml (fixes #19099)
Daniel Golle [Sun, 25 Sep 2022 00:28:43 +0000 (01:28 +0100)]
snowflake: run snowflake-proxy with procd-ujail
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
0f3d48a3784fb495ffdfe4a83f540ad42fab89df)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Daniel Golle [Sat, 24 Sep 2022 02:03:22 +0000 (03:03 +0100)]
snowflake: add package
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cf120a7effd5d13a7f705b5eb9d22410b73d71f3)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Michael Heimpold [Thu, 25 Aug 2022 06:20:45 +0000 (08:20 +0200)]
squid: fix compilation with libxml (fixes #19099)
Add a patch which removes a call in Libxml2Parser.cc to 'xmlSetFeature'.
This function belongs to the 'depreciated' API part and is not
available in OpenWrt builds.
According to my understanding, this call can be removed safely since
it disables the feature "substitute entities" which is disabled by default.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
3ec47dc85cc4b191be1b2fee3195680343f770e1)
Martin Hübner [Tue, 2 Aug 2022 12:42:06 +0000 (14:42 +0200)]
gatling: add package gatling
Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
(cherry picked from commit
83ff83e32055dc50b01fffe7bae9ea113655756b)
Tianling Shen [Mon, 19 Sep 2022 02:42:57 +0000 (10:42 +0800)]
gg: Update to 0.2.11
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2a0ee392aea2a2cc1434c64c0af60be427e2786c)
Tianling Shen [Mon, 19 Sep 2022 02:33:32 +0000 (10:33 +0800)]
yq: Update to 4.27.5
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
fca4f1b8301917cb4eb64d0f5e9bfb4836d3d8e8)
Tianling Shen [Mon, 19 Sep 2022 02:45:48 +0000 (10:45 +0800)]
xray-core: Update to 1.6.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a0126b15c58f7527ed21dbcb659d51072ad1f5fc)
[Update geodata to latest version, based on
f8c25627ebe1d9]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glenn Strauss [Sun, 18 Sep 2022 07:02:40 +0000 (03:02 -0400)]
lighttpd: update to lighttpd 1.4.67 release hash
* update to lighttpd 1.4.67 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
f750089d26422557280ddfda1788f2491d15f701)
Rosen Penev [Thu, 22 Sep 2022 23:04:25 +0000 (16:04 -0700)]
tang: update directory
There's no more cache.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b847cfb93f89114d7a714b57af67198abadf9fa4)
Rosen Penev [Thu, 22 Sep 2022 23:02:24 +0000 (16:02 -0700)]
Revert "jose: remove libjose"
This reverts commit
02d6c8346cfae7c2de456800a862a7dd90782858.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
09781a8a65fa6624db55867f6918e9b4c03d7a32)
Rosen Penev [Thu, 22 Sep 2022 23:02:05 +0000 (16:02 -0700)]
Revert "jose: fix static library usage"
This reverts commit
c61b70918b6c10f6fd726b098474736a7e0ae9cd.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f5d3b820c529de94f2a55e078e8f5f2ff87755e9)
Michal Vasilek [Thu, 22 Sep 2022 17:47:41 +0000 (19:47 +0200)]
knot-resolver: update to 5.5.3
* fixes CVE-2022-40188
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
5d2fd886930a95d14df02ca8fbaf6f3814df3c01)
Tianling Shen [Sat, 3 Sep 2022 09:34:58 +0000 (17:34 +0800)]
libtorrent-rasterbar: Update to 2.0.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c741bf64cdac2ac1059c0e545e1afd842820c8c1)
Michael Heimpold [Wed, 21 Sep 2022 15:25:12 +0000 (17:25 +0200)]
Merge pull request #19418 from mhei/22.03-libxml2-update-2.10.2
[22.03] libxml2: update to 2.10.2
Stan Grishin [Tue, 20 Sep 2022 22:04:44 +0000 (15:04 -0700)]
Merge pull request #19381 from stangri/openwrt-22.03-curl
[22.03] curl: update to 7.85.0
Hannu Nyman [Tue, 20 Sep 2022 19:27:30 +0000 (22:27 +0300)]
Merge pull request #19415 from G-M0N3Y-2503/docker-update-22.03
[22.03] Docker: Update to v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:45:06 +0000 (20:45 +1000)]
dockerd: Update to v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:44:44 +0000 (20:44 +1000)]
docker: Update to v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:41:21 +0000 (20:41 +1000)]
libnetwork: Update to
0dde5c8 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:38:17 +0000 (20:38 +1000)]
containerd: Update to v1.6.8 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:37:08 +0000 (20:37 +1000)]
runc: Update to v1.1.4 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Michael Heimpold [Mon, 29 Aug 2022 21:26:20 +0000 (23:26 +0200)]
libxml2: update to 2.10.2
This fixes:
- CVE-2022-2309
Release Notes:
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.1
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.2
Also drop removed docbook compile switch.
Disable PKG_FIXUP to allow backporting.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
dc21121cf9c1c51649f0ffdaffd26326e53b4f45)