Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8
Major changes are:
disable symlink by default.
remove smack inherit leftovers.
Enable guest access on IPC$ share by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
c6fa2d5bfaf24f347efd7156b2ad5b1cf62bd9a9)
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit
272b0a5c1873a34f6609e7af38395cea3f02bda5)
Rosen Penev [Sat, 13 Mar 2021 02:14:23 +0000 (18:14 -0800)]
ksmbd-tools: update to 3.3.7
Major change are:
ksmbd.control -s terminate ksmbd.mountd as well as kernel server.
Update configuration.txt and README.
Turn off smb2 leases by default again.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
7a1a8f3659cf79237fba6394fbea42755af38a52)
Rosen Penev [Fri, 12 Mar 2021 20:44:39 +0000 (12:44 -0800)]
ksmbd-tools: update to 3.3.6
Major changes are:
Add missing g_rwlock_init() for rpc_samr and rpc_lsaprc.
Fix potential potential null pointer dereferencing error.
Fix memleak.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d95edf16eff9fe7ee27eb084764d5cc329155b15)
Martin Blumenstingl [Sat, 20 Feb 2021 14:30:03 +0000 (15:30 +0100)]
ksmbd-tools: update to 3.3.5
Major changes for version 3.3.5 are:
- Rename "streams" parameter to "vfs objects = streams_xattr".
- Enable smb2 leases by default.
- Ignore ksmbd.subauth creation failure.
- Fix bugs that related to guest ok = yes.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit
58f91090f598892d12f435e02e09f3b37fd059d3)
Sven Roederer [Sat, 3 Apr 2021 20:00:31 +0000 (22:00 +0200)]
nut: fix typo in nutshutdown script
Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with
8400c9a6ec799.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit
f25f49a8b7c5a038f8a50dbb74e10db19f26d15a)
Josef Schlehofer [Sun, 21 Mar 2021 23:56:07 +0000 (00:56 +0100)]
netdata: update to version 1.29.3
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
5074fbbfdc8536daf1d979f7ead32cebb1ec2acb)
(cherry picked from commit
4322399166a0083ff090714ab022d8be72fdb257)
Josef Schlehofer [Sun, 21 Mar 2021 23:50:54 +0000 (00:50 +0100)]
syslog-ng: update to version 3.31.2
Bump config file
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
3d817e968e8d9289255f1eea293363835f6e74a7)
Dirk Brenken [Thu, 1 Apr 2021 18:55:45 +0000 (20:55 +0200)]
adblock: fix init status command
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Sun, 28 Mar 2021 21:48:00 +0000 (14:48 -0700)]
Merge pull request #15295 from lucize/librefix
[19.07] libreswan: update cu 3.32
Lucian Cristian [Sun, 28 Mar 2021 18:47:50 +0000 (21:47 +0300)]
libreswan: update cu 3.32
CVE and NSS fix
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Nikos Mavrogiannopoulos [Fri, 26 Mar 2021 20:55:20 +0000 (21:55 +0100)]
Merge pull request #15252 from ja-pa/gnutls-security-fix-19.07
[OpenWrt 19.07] gnutls: patch security issue
Rosen Penev [Fri, 26 Mar 2021 20:24:25 +0000 (13:24 -0700)]
Merge pull request #15255 from ja-pa/mariadb-10.2.37-openwrt-19.07
[OpenWrt 19.07] mariadb: update to version 10.2.37
Rosen Penev [Fri, 26 Mar 2021 20:23:13 +0000 (13:23 -0700)]
Merge pull request #15256 from cartender/pr_libftdi1_19
[19.07] libftdi1: Improve build binary reproducibility
Giovanni Giacobbi [Thu, 25 Mar 2021 14:59:51 +0000 (14:59 +0000)]
libftdi1: Improve build binary reproducibility
The library embeds the result of "git describe" inside the source code, making the binary result dependent of the particular commit being used in the build root when building inside a git working copy.
As this is unnecessary information, remove this option and fallback to the default "unknown", which is also the value compiled by tools that do not clone but export the openwrt base tree.
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
Josef Schlehofer [Thu, 25 Mar 2021 23:48:13 +0000 (00:48 +0100)]
Merge pull request #15214 from BKPepe/aiohttp-19.07
python-aiohttp: backport fix for CVE-2021-21330
Stan Grishin [Thu, 25 Mar 2021 22:55:51 +0000 (22:55 +0000)]
https-dns-proxy: bugfix: correct PROCD firewall object
Signed-off-by: Stan Grishin <stangri@melmac.net>
Jan Pavlinec [Thu, 25 Mar 2021 13:30:10 +0000 (14:30 +0100)]
mariadb: update to version 10.2.37
Fixes CVE-2021-27928
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Thu, 25 Mar 2021 09:34:29 +0000 (10:34 +0100)]
gnutls: patch security issue
Fixes
CVE-2021-20231
CVE-2021-20232
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Rosen Penev [Mon, 22 Mar 2021 18:56:50 +0000 (11:56 -0700)]
Merge pull request #15221 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: support for additional Force DNS ports
Josef Schlehofer [Mon, 22 Mar 2021 12:53:24 +0000 (13:53 +0100)]
php: add fix for updated ICU 68+
Recently, I updated icu for issues with node feed, but it broke
compiling of php7.
Error:
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: error: 'TRUE' undeclared (first use in this function)
collator_sort_internal( TRUE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: note: each undeclared identifier is reported only once for each function it appears in
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c: In function 'zif_collator_asort':
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:543:26: error: 'FALSE' undeclared (first use in this function); did you mean 'FILE'?
collator_sort_internal( FALSE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~~
FILE
make[3]: *** [Makefile:1031: ext/intl/collator/collator_sort.lo] Error 1
More details:
https://github.com/php/php-src/commit/
8eaaabd
Backport of patch from PHP7.3 didn't work for me, but this one was suggested that
Homebrew is using it and it works for me. However, PHP7.2 is EoL.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Mon, 22 Mar 2021 07:29:14 +0000 (07:29 +0000)]
https-dns-proxy: support for additional Force DNS ports
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Mon, 22 Mar 2021 00:08:52 +0000 (01:08 +0100)]
bind: update to version 9.16.13
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Fri, 2 Oct 2020 21:12:14 +0000 (23:12 +0200)]
nnn: update to version 3.4
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
53f54c45e4a016dbcd90703fa6f9ebfe2b26b94b)
Josef Schlehofer [Mon, 22 Mar 2021 00:40:41 +0000 (01:40 +0100)]
python-aiohttp: backport fix for CVE-2021-21330
More details:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hirokazu MORIKAWA [Thu, 24 Dec 2020 06:18:56 +0000 (15:18 +0900)]
icu: update to 68.2
Maintainer: me
Compile tested: head r15324-
920b692, aarch64, x86_64
Run tested: (qemu-5.2.0) aarch64
Description:
Update to 68.2
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
d6317132dd7040fcab492ba76ec60b6fa8ae4fe6)
Hirokazu MORIKAWA [Mon, 9 Nov 2020 03:49:56 +0000 (12:49 +0900)]
icu: update to 68.1
It updates to CLDR 38. New features including locale-dependent smart unit preferences (road distance, temperature, etc.) and locale ID canonicalization conformant with CLDR.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
4f3a8c153535d7613249c567df9840ed23fa7ef1)
Rosen Penev [Mon, 31 Aug 2020 07:32:38 +0000 (00:32 -0700)]
icu: fix compilation under CentOS 7
CentOS 7's GCC is quite old and does not put max_align_t under std.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
6255a77128d0ea4e1aa1b24ef9fa06ba71072e2e)
Hirokazu MORIKAWA [Tue, 18 Aug 2020 06:13:35 +0000 (15:13 +0900)]
icu: update to 67.1
Unicode 13 & CLDR 37. Bug fixes for date and number formatting, enhanced support for user preferences in the locale identifier. LocaleMatcher code and data improved. Number skeletons have a new “concise” form that can be used in MessageFormat strings.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
e3be3aadc122c9e7689541bdbcd3e785b70b63ad)
Rosen Penev [Fri, 19 Mar 2021 22:51:45 +0000 (15:51 -0700)]
Merge pull request #15165 from gladiac1337/haproxy-2.0.21-19.07
[openwrt-19.07] haproxy: Update HAProxy to v2.0.21
Christian Lachner [Fri, 19 Mar 2021 17:38:26 +0000 (18:38 +0100)]
haproxy: Update HAProxy to v2.0.21
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Tianling Shen [Thu, 18 Mar 2021 05:12:13 +0000 (13:12 +0800)]
tmate: add new package
Tmate is a fork of tmux. It provides an instant pairing solution.
For more details, see https://tmate.io.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ccfe1bfa508e7041c4b5f902f1354ef9566bff28)
Tianling Shen [Thu, 18 Mar 2021 05:08:45 +0000 (13:08 +0800)]
msgpack-c: add new package
This is needed by tmate.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
cfc965b10754fea8c71dad79e6b4cd7c02f47a9b)
Rosen Penev [Sun, 29 Nov 2020 23:58:20 +0000 (15:58 -0800)]
minidlna: update to 1.3.0
Fixes two CVEs relating to UPnP.
Removed libuuid dependency. It is not used.
Remove clock_gettime hack. It seems to have been fixed.
Removed upstream patches.
Refreshed the other ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f5689796481c5b8e89cd3fff8b10ea6f675f85e9)
Hannu Nyman [Wed, 17 Mar 2021 17:55:45 +0000 (19:55 +0200)]
Merge pull request #15149 from ja-pa/tor-0.4.4.8-openwrt-19.07
[openwrt 19.07] tor: update to version 0.4.4.8 (security fix)
Jan Pavlinec [Wed, 17 Mar 2021 09:34:52 +0000 (10:34 +0100)]
tor: update to version 0.4.4.8
Fixes CVE-2021-28089 and CVE-2021-28090
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Florian Eckert [Tue, 16 Mar 2021 13:14:24 +0000 (14:14 +0100)]
Merge pull request #15136 from TDT-AG/pr/
2021015-openwrt-19.07-mwan3
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
Florian Eckert [Mon, 15 Mar 2021 13:15:39 +0000 (14:15 +0100)]
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
With this change, the interface status is no longer read from the mwan3 ubus.
The status of the interface is read directly from the status directory.
This was already implemented in the master with the
commit
c07f5230be128669f7b6731415de26f8176fbf5b.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Karl Palsson [Mon, 15 Mar 2021 10:41:31 +0000 (10:41 +0000)]
net/mosquitto: bump to 1.6.14
This is a minor security fix for outgoing bridges and the client
library.
Full details: https://mosquitto.org/blog/2021/03/version-2-0-9-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Paul Spooren [Fri, 12 Mar 2021 00:14:25 +0000 (14:14 -1000)]
CI: backport GitHub action CI
The CI is working fine with OpenWrt snapshots and 21.02, so backport it.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Olivier Poitrey [Mon, 8 Mar 2021 23:48:42 +0000 (23:48 +0000)]
nextdns: Update to version 1.11.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Rosen Penev [Mon, 8 Mar 2021 20:26:46 +0000 (12:26 -0800)]
Merge pull request #15054 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: better processing of custom user files
Stan Grishin [Mon, 8 Mar 2021 10:35:01 +0000 (10:35 +0000)]
vpn-policy-routing: better processing of custom user files
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Mon, 30 Nov 2020 00:48:36 +0000 (16:48 -0800)]
libpam: update to 1.5.1
Fix installed paths. After
e52d0487e88c3c8c57e1310d1a02b18eae0d142e
upstream, this bug was exposed.
Instead of working around it, fix the patch.
After this, everything consistently gets installed to ipkg-install/usr.
Minor Makefile reorganization.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b75f250f3bf378bcaa0784d44f64ff2bb4e7af9a)
Rosen Penev [Wed, 25 Nov 2020 00:52:51 +0000 (16:52 -0800)]
libpam: update to 1.5.0
Fixes CVE-2020-27780
Removed upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317e9fbde341549c0cd7c3d43742739d123c97)
Rosen Penev [Fri, 26 Jun 2020 00:29:54 +0000 (17:29 -0700)]
libpam: update to 1.4.0
Remove upstreamed patch and add a new one to fix compilation.
Add some more configure options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
a05db1acfea43b8f94a417d56414ea1aae21c815)
Hannu Nyman [Sat, 6 Mar 2021 08:27:14 +0000 (10:27 +0200)]
nano: update to 5.6.1
Update nano editor to version 5.6.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
0f4138db0be558d0c957e3d4d78091a59ba660ec)
Rosen Penev [Thu, 3 Dec 2020 00:32:59 +0000 (16:32 -0800)]
ninja: update to 1.10.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f25f29c740da5bcafb1500b55c9ebfb39eb35f9f)
Rosen Penev [Wed, 9 Sep 2020 07:48:37 +0000 (00:48 -0700)]
ninja: fix typo
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
52569b80fa3334ebfe29c05a17ce7254561e2e2f)
Rosen Penev [Mon, 7 Sep 2020 20:37:25 +0000 (13:37 -0700)]
ninja: use for CMake
CMake supports Ninja for faster compilation and less bugginess when it
comes to parallel compilation. That is, some CMake packages currently
have PKG_BUILD_PARALLEL set where it is not needed with ninja.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
54449e9c6689b17379c24ca68f52a80ec5688f22)
Rosen Penev [Fri, 28 Aug 2020 00:18:32 +0000 (17:18 -0700)]
ninja: update to 1.10.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0f317d653643b49a6fd28b785b7655f0c08124b2)
Florian Eckert [Wed, 3 Mar 2021 09:01:24 +0000 (10:01 +0100)]
Merge pull request #14661 from TDT-AG/pr/
20210203-19.07-keepalived
keepalived: backport fixes
Rosen Penev [Tue, 2 Mar 2021 09:56:59 +0000 (01:56 -0800)]
Merge pull request #14988 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to 0.3.2-18
Stan Grishin [Mon, 1 Mar 2021 21:38:44 +0000 (21:38 +0000)]
vpn-policy-routing: update to 0.3.2-18
Signed-off-by: Stan Grishin <stangri@melmac.net>
Alexandru Ardelean [Tue, 29 Sep 2020 04:55:19 +0000 (07:55 +0300)]
python-maho-mqtt: bump to versio 1.5.1
Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ee0e11c1ab5ff94f6bfcd6d98c8f4b09327f7412)
Rosen Penev [Sun, 28 Feb 2021 23:02:10 +0000 (15:02 -0800)]
Merge pull request #14962 from EricLuehrsen/unbound_1131_1907
[openwrt-19.07] unbound: update to 1.13.1
Eric Luehrsen [Sun, 21 Feb 2021 05:51:49 +0000 (00:51 -0500)]
unbound: update to 1.13.1
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Dirk Brenken [Sat, 27 Feb 2021 05:21:20 +0000 (06:21 +0100)]
Merge pull request #14918 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: bugfix: netflix user file missing redirect
Stan Grishin [Fri, 26 Feb 2021 22:03:41 +0000 (22:03 +0000)]
vpn-policy-routing: bugfix: netflix user file missing redirect
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Fri, 26 Feb 2021 05:12:28 +0000 (21:12 -0800)]
Merge pull request #14903 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update user netflix file
Stan Grishin [Fri, 26 Feb 2021 02:16:44 +0000 (02:16 +0000)]
vpn-policy-routing: update user netflix file
Signed-off-by: Stan Grishin <stangri@melmac.net>
Hannu Nyman [Thu, 25 Feb 2021 14:58:50 +0000 (16:58 +0200)]
nano: update to version 5.6
Upgrade nano to version 5.6
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
dffdfe4ac8c903fa843695af329c83c70a7c7e1a)
Rosen Penev [Thu, 25 Feb 2021 00:53:41 +0000 (16:53 -0800)]
Merge pull request #14888 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: custom user scripts improvements
Stan Grishin [Wed, 24 Feb 2021 19:44:10 +0000 (19:44 +0000)]
vpn-policy-routing: custom user scripts improvements
Signed-off-by: Stan Grishin <stangri@melmac.net>
Jan Hak [Mon, 22 Feb 2021 08:55:55 +0000 (09:55 +0100)]
libedit: update to version
20210216-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
fd7f43ae4674b234a975ec67c604abf6e933a0b3)
Jan Hák [Tue, 28 Apr 2020 08:53:34 +0000 (10:53 +0200)]
libedit: update to version
20193112-3.1
Signed-off-by: Jan Hák <jhak@jhak.nic.cz>
(cherry picked from commit
58a5c548eb497552f53d42df677c70dbb36930f8)
Dirk Brenken [Tue, 23 Feb 2021 14:46:43 +0000 (15:46 +0100)]
adblock: update blocklist sources
* change adguard url
* remove malwaredomains (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Tue, 23 Feb 2021 13:12:03 +0000 (05:12 -0800)]
Merge pull request #14869 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: update to version 0.3
Jan Hak [Thu, 21 Jan 2021 08:42:56 +0000 (09:42 +0100)]
knot: update to version 3.0.4
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
341fffb8ddd462cc41650b13e425e6e71efdfe4e)
Jan Hak [Wed, 16 Dec 2020 13:00:40 +0000 (14:00 +0100)]
knot: update to 3.0.3
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
5cd937865316f08144ebd8aaadfb2a1da19eeb10)
Jan Hák [Mon, 16 Nov 2020 10:22:24 +0000 (11:22 +0100)]
knot: disable embedded xdp
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
1f9d6fbb26c20490dc58f84e5c86fa2c35012412)
Jan Hák [Mon, 16 Nov 2020 10:21:48 +0000 (11:21 +0100)]
knot: update to 3.0.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
a54828926dc2aa731fbfefe87a7a9687837fc2be)
Daniel Salzman [Tue, 27 Oct 2020 15:05:33 +0000 (16:05 +0100)]
knot: disable libnghttp2 autodetection
Signed-off-by: Daniel Salzman <daniel.salzman@nic.cz>
(cherry picked from commit
67e3c594de15985b76871ea5c1ba2fd05427900d)
Jan Hak [Mon, 26 Oct 2020 10:06:41 +0000 (11:06 +0100)]
knot: update to version 3.0.1
definition of PSELECT_COMPAT could be removed many years ago, is no longer needed
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
4069bb1e727a00d68352ff6baefac9f5a94e156f)
Josef Schlehofer [Tue, 23 Feb 2021 07:08:43 +0000 (08:08 +0100)]
screen: backport fix for CVE-2021-26937
Security reports:
- https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
This issue can be reproduced even on OpenWrt
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982435
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c250298fa3e60251dfbbb0df40b36c6d67bbea09)
Josef Schlehofer [Tue, 23 Feb 2021 06:28:13 +0000 (07:28 +0100)]
openvswitch: update to version 2.11.6 (security fix)
Fixes CVEs:
- CVE-2020-35498
- In DPDK: CVE-2015-8011 and CVE-2020-27827
- In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724
Removed patches:
- 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they
are included in this release as it was backported
- 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch
included in this release as it was backported
Other patches were refreshed.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Tue, 23 Feb 2021 01:12:28 +0000 (01:12 +0000)]
vpn-policy-routing: update to version 0.3
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 23 Feb 2021 00:27:00 +0000 (16:27 -0800)]
Merge pull request #14710 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: support for force DNS/DNS hijacking
Josef Schlehofer [Mon, 22 Feb 2021 18:05:35 +0000 (19:05 +0100)]
netdata: update to version 1.29.2
Release notes:
https://github.com/netdata/netdata/releases/tag/v1.29.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e8021bf14d591edfb3fe36dd194b8109d4f7ffd3)
Josef Schlehofer [Wed, 10 Feb 2021 13:17:47 +0000 (14:17 +0100)]
netdata: update to version 1.29.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
d0736d5e738cad74f81a99de0b039f75e7ca9768)
Josef Schlehofer [Mon, 22 Feb 2021 17:46:34 +0000 (18:46 +0100)]
Merge pull request #14845 from jefferyto/python-3.7.10-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.10, refresh patches
Jeffery To [Mon, 22 Feb 2021 13:02:55 +0000 (21:02 +0800)]
python3: Update to 3.7.10, refresh patches
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Moritz Warning [Sun, 21 Feb 2021 02:24:25 +0000 (03:24 +0100)]
zerotier: bump to 1.6.4
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Rosen Penev [Fri, 19 Feb 2021 01:10:31 +0000 (17:10 -0800)]
Merge pull request #14785 from nmeyerhans/openwrt-19.07+bind-9.16.12
bind: bump to 9.16.12
Noah Meyerhans [Thu, 18 Feb 2021 22:55:43 +0000 (14:55 -0800)]
bind: bump to 9.16.12
Includes fix for security issues:
* CVE-2020-8625: BIND servers are vulnerable if they are running an
affected version and are configured to use GSS-TSIG features.
Disable backtrace functionality, as it is unreliable across
architectures and generally only supported by upstream on amd64
Remove a patch that has been incorporated upstream
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Rosen Penev [Wed, 17 Feb 2021 20:58:29 +0000 (12:58 -0800)]
Merge pull request #14778 from BKPepe/ksmbd-19.07-drop-arc4-dependency
ksmbd: remove kmod-crypto-arc4 dependency
Josef Schlehofer [Wed, 17 Feb 2021 19:31:53 +0000 (20:31 +0100)]
ksmbd: remove kmod-crypto-arc4 dependency
This kernel module is already set for target/linux/generic/config-4.14
in OpenWrt 19.07 branch. This solves a problem that this package can not
be installed on the router:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
* kmod-crypto-arc4
* opkg_install_cmd: Cannot install package kmod-fs-ksmbd.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hauke Mehrtens [Tue, 16 Feb 2021 22:26:50 +0000 (22:26 +0000)]
Merge pull request #14647 from neheb/k9
[19.07] ksmbd(-tools): update to 3.3.4
Rosen Penev [Mon, 15 Feb 2021 00:06:57 +0000 (16:06 -0800)]
Merge pull request #14714 from
1715173329/ttyd-bp
[19.07] ttyd: force enable authentication for login
John Audia [Sun, 14 Feb 2021 18:05:44 +0000 (20:05 +0200)]
htop: update to 3.0.5-1
Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit
476f70e9a04c9ba7f98b21adde8f9fe20801a455)
Josef Schlehofer [Mon, 11 Nov 2019 22:06:48 +0000 (23:06 +0100)]
python-paho-mqtt: Update to version 1.5.0
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f8e36f9fd6d5040f3ce69a1dd3f844872ea306b9)
[use pypi.mk for Python package]
Philip Prindeville [Wed, 10 Feb 2021 19:34:19 +0000 (12:34 -0700)]
Merge pull request #14715 from pprindeville/isc-dhcp-stable-fix-coredump
isc-dhcp: seeing crashes when attempting to update dynamic dns
Philip Prindeville [Fri, 11 Dec 2020 00:20:59 +0000 (17:20 -0700)]
isc-dhcp: seeing crashes when attempting to update dynamic dns
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Tianling Shen [Sun, 7 Feb 2021 17:48:21 +0000 (01:48 +0800)]
ttyd: force enable authentication for login
Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.
In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.
1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Backported from
f45bb2981d41e1005a2658661da2475518835db8
Stan Grishin [Wed, 10 Feb 2021 05:59:24 +0000 (05:59 +0000)]
https-dns-proxy: support for force DNS/DNS hijacking
Signed-off-by: Stan Grishin <stangri@melmac.net>
Karl Palsson [Mon, 8 Feb 2021 15:20:53 +0000 (15:20 +0000)]
mosquitto: bump to 1.6.13
Includes various fixes: (2.0.7 + 1.6.13 dual release)
https://mosquitto.org/blog/2021/02/version-2-0-7-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rosen Penev [Sun, 7 Feb 2021 23:19:51 +0000 (15:19 -0800)]
Merge pull request #14681 from jonathanunderwood/openwrt-19.07-getdns-no-static-linking
[19.07] getdns: disable static linking of getdns utilities
Jonathan G. Underwood [Sun, 7 Feb 2021 13:40:36 +0000 (13:40 +0000)]
getdns: disable static linking of getdns utilities
This fixes issue #13361.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Rosen Penev [Sat, 6 Feb 2021 22:34:29 +0000 (14:34 -0800)]
Merge pull request #14670 from jonathanunderwood/openwrt-19.07-cherry-pick
[19.07] getdns: cherry pick recent fixes from master
Rosen Penev [Sat, 6 Feb 2021 22:33:43 +0000 (14:33 -0800)]
Merge pull request #14677 from mwarning/zt2
zerotier: update to 1.6.3
projects / feed / packages.git / log