Sebastian Kemper [Wed, 19 Dec 2018 19:24:12 +0000 (20:24 +0100)]
sqlite3: remove $(FPIC)
Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:
https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
champtar [Tue, 18 Dec 2018 21:46:08 +0000 (22:46 +0100)]
Merge pull request #7726 from micmac1/openwrt-18.06-sqlite3
(18.06) sqlite3 security bump
Sebastian Kemper [Tue, 18 Dec 2018 20:12:46 +0000 (21:12 +0100)]
sqlite3: security bump
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Karl Palsson [Mon, 17 Dec 2018 10:55:34 +0000 (10:55 +0000)]
net/mosquitto: bump to 1.5.5
Security and bug fix. Full changelog available at: https://mosquitto.org/ChangeLog.txt
Signed-off-by: Karl Palsson <karlp@etactica.com>
Ted Hess [Sat, 8 Dec 2018 22:12:08 +0000 (17:12 -0500)]
CircleCI: [18.06] branch specific version.
Add package checks and HASH verify from Travis. Fix build log generation.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Hannu Nyman [Tue, 11 Dec 2018 16:42:14 +0000 (18:42 +0200)]
Merge pull request #7638 from cshoredaniel/pr-nut-backport
[18.06] nut: Backport fixes from master
Daniel F. Dickinson [Tue, 21 Aug 2018 00:06:31 +0000 (20:06 -0400)]
nut: Backport fixes from master
Backport and squash the following commits from master:
5790053eb nut: Add missing conffiles
ceff68837 nut: Reorganize nut-server to clarify nut-driver
f6a2a97d2 nut: Use 'real' procd init for nut-monitor
918a62f91 nut: Make FSD really work
a2f64b3ba nut: Reduce user error with POWERDOWNFLAG
461393810 nut: Use quotes around filenames
1b6dbe7a7 nut: Remove duplicate/extraneous lines
0a49d0ffb nut: Fix checking for path before it exists
3b5a8eee8 nut: Various startup fixes for monitor and server
44e57d4bd nut: Fix variables for NUT drivers
36fd59dc7 nut: Fix extraneous config_get
192b0f164 nut: Fix a typo in setting a driver parameter
f48b060fa nut: Fix upsd runs as root
And bump PKG_RELEASE
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Rosen Penev [Thu, 6 Dec 2018 23:17:51 +0000 (15:17 -0800)]
libsndfile: Fix MIRROR_HASH
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hannu Nyman [Thu, 6 Dec 2018 08:36:21 +0000 (10:36 +0200)]
Merge pull request #7554 from micmac1/tiff-4010-18.06
(openwrt-18.06) tiff: security bump to 4.0.10
Peter Wagner [Mon, 3 Dec 2018 22:09:50 +0000 (23:09 +0100)]
libsndfile: add PKG_SOURCE_DATE
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner [Sun, 2 Dec 2018 10:42:07 +0000 (11:42 +0100)]
libsndfile: switch to cmake
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner [Sat, 1 Dec 2018 12:48:37 +0000 (13:48 +0100)]
libsndfile: switch to git
Fixes CVEs:
CVE-2017-6892
CVE-2017-8361
CVE-2017-8362
CVE-2017-8363
CVE-2017-8365
CVE-2017-12562
CVE-2017-14245
CVE-2017-14246
CVE-2017-14634
CVE-2018-13139
CVE-2018-13419
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Sebastian Kemper [Sun, 2 Dec 2018 10:31:15 +0000 (11:31 +0100)]
tiff: security bump to 4.0.10
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rosen Penev [Sat, 1 Dec 2018 11:29:16 +0000 (13:29 +0200)]
tree: Update to 1.8.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
dbe1c48c53aebd97a51f06334307224aaf7107a7)
Karl Palsson [Tue, 27 Nov 2018 16:46:12 +0000 (16:46 +0000)]
net/mosquitto: support more acl plugin options
Adds support for acl_plugin, and acl_opt_* options.
acl_opt_* requires some care as it relies on the internal behaviour of
cfg_load setting environment variables in a certain form. However,
given that _all_ of the cfg_load infrastructure relies on that, we can
be pretty sure that it won't change in a way that will hurt us.
Originally reported as: https://github.com/openwrt/packages/pull/7434
Signed-off-by: Karl Palsson <karlp@etactica.com>
champtar [Tue, 27 Nov 2018 00:57:01 +0000 (19:57 -0500)]
Merge pull request #7481 from padre-lacroix/darkstat-18.06
darkstat: [18.06] procd init script and enabling additional parameters
Jean-Michel Lacroix [Mon, 19 Nov 2018 23:44:13 +0000 (18:44 -0500)]
darkstat: [18.06] procd init script and enabling additional parameters
This is the same change as the one on master
This is to change the init script to a procd init script
This also enable some additional parameters in the binary that
were present but not enabled:
The export file (option export_file)
The import file (option import_file)
The daylog (option daylog_file)
These are disabled by default. Also, the option to run as a daemon
is removed, as not compatible with procd.
There is no change in the binary.
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
Leonid Evdokimov [Sun, 25 Nov 2018 13:57:27 +0000 (16:57 +0300)]
prometheus-node-exporter-lua: close io.popen files to reap zombies
Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>
Ted Hess [Sat, 17 Nov 2018 20:13:19 +0000 (15:13 -0500)]
build,circleci: Updates with additional checks from travis scripts.
Checking:
- Pull request does not contain unwanted merges
- signed-off-by tag exists and matches author
- Subject line has package name
- Author name has 'firstname lastname' (no nicknames)
Signed-off-by: Ted Hess <thess@kitschensync.net>
[Use git instead of CircleCI variables]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne Champetier [Sun, 25 Nov 2018 01:45:04 +0000 (20:45 -0500)]
build,circleci: add curl & wget to base image
curl was present in latest image but seems to have been remove from latest debian:9
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Hannu Nyman [Sat, 24 Nov 2018 14:48:03 +0000 (16:48 +0200)]
nano: update to 3.2
Update nano to version 3.2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
ea656e25a2c3c70fde00e46bb42b236064ece752)
Hannu Nyman [Sat, 24 Nov 2018 14:47:21 +0000 (16:47 +0200)]
collectd: update to 5.8.1
Update collectd to version 5.8.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
29eac13d8fe4b3147fd63840f1ff11875e87776d)
Hannu Nyman [Sat, 24 Nov 2018 14:45:34 +0000 (16:45 +0200)]
collectd: remove obsolete references to avr32
Backport the collectd portion of the treewide changes
made by
e38c10061 in master
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Sebastian Kemper [Fri, 13 Jul 2018 20:46:47 +0000 (22:46 +0200)]
collectd: include nls.mk for mysql plugin
libmariadb 10.2 needs to be linked in together with iconv.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
b695c1150ac7c3d7a8248b670866555824185e0f)
Marc Benoit [Thu, 5 Apr 2018 21:56:10 +0000 (17:56 -0400)]
utils/collectd: run with low priority
Even on a powerful platform a collectd process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
stats collection can wait a bit.
Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
Make niceness more moderate, bump version.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
b33ec70c95c298ba5e9583ecffe668a5f7473ec0)
Hannu Nyman [Wed, 21 Nov 2018 17:20:53 +0000 (19:20 +0200)]
Merge pull request #7484 from luizluca/mwan3-backports
[18.06] net/mwan3: fix NDP on ipv6 for ra services
Florian Eckert [Wed, 23 May 2018 08:51:52 +0000 (10:51 +0200)]
net/mwan3: fix NDP on ipv6 for ra services
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
b6249f1781efc4fefbdf87b661d53c0923ec7438)
Magnus Kroken [Fri, 5 Oct 2018 23:23:32 +0000 (01:23 +0200)]
strongswan: backport upstream fixes for CVEs in gmp plugin
This fixes:
* CVE-2018-16151
* CVE-2018-16152
* CVE-2018-17540
Details:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Ted Hess [Tue, 13 Nov 2018 17:11:20 +0000 (12:11 -0500)]
CircleCI: Fix URL references and add BRANCH refs
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Mon, 12 Nov 2018 19:35:50 +0000 (14:35 -0500)]
Merge pull request #7366 from thess/ffmpeg-18.06
[18.06] ffmpeg: work around hard/soft float configs for libffmpeg-full
Ted Hess [Fri, 9 Nov 2018 19:00:02 +0000 (14:00 -0500)]
ffmpeg: work around hard/soft float configs for libffmpeg-full
Hard float includes: mp3lame
Soft float includes: shine (mp3 encoder)
libx264 is included when selected iff BUILD_PATENTED is true.
fdk-aac will not be available in libffmpeg-full due to incompatible license with libx264.
Custom builds can override licensing restrictions but results may not be re-distributable.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Hannu Nyman [Sun, 11 Nov 2018 08:52:53 +0000 (10:52 +0200)]
Merge pull request #6932 from chris5560/radicale_18.06
radicale: [18.06] add extra command "export_storage" to init script
Dirk Brenken [Sat, 10 Nov 2018 16:39:08 +0000 (17:39 +0100)]
adblock: fix adguard source
* fix regex for adguard blocklist source
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
ff139131a73f27ec57e0865ca0d3ad965f382577)
Karl Palsson [Fri, 9 Nov 2018 10:26:02 +0000 (10:26 +0000)]
net/mosquitto: bump to 1.5.4
Security and bugfix release. Full release notes available at:
https://mosquitto.org/blog/2018/11/version-154-released/
Security:
* client certificates not validated for websockets listeners.
Bugfixes:
* wills with disconnected clients better handled
* bridge restart_timeout properly observed
Signed-off-by: Karl Palsson <karlp@etactica.com>
Hannu Nyman [Sun, 4 Nov 2018 13:58:22 +0000 (15:58 +0200)]
haveged: update to 1.9.4
Version bump to 1.9.4
Development has moved to github.
* old site: http://www.issihosts.com/haveged
* new site: https://github.com/jirka-h/haveged
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
f316aaeab65c6f9291e18cb075ea77884520b51e)
Rosen Penev [Sun, 4 Nov 2018 19:34:53 +0000 (21:34 +0200)]
ccrypt: Update to 1.11
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
2074901f33f6260a593d2ad3eeb1fdda28bb5e69)
champtar [Sat, 3 Nov 2018 17:35:02 +0000 (13:35 -0400)]
Merge pull request #7301 from micmac1/maria37
(18.06) mariadb: security bump to 10.1.37
champtar [Sat, 3 Nov 2018 17:32:12 +0000 (13:32 -0400)]
Merge pull request #7231 from padre-lacroix/bandwidthd-18.06
Bandwidthd 18.06: fix undefined references to inline functions
Sebastian Kemper [Sat, 3 Nov 2018 12:15:43 +0000 (13:15 +0100)]
mariadb: security bump to 10.1.37
Notable Changes (copied from release notes):
Various fixes from MySQL 5.6.42: MDEV-17533, MDEV-17532, MDEV-17531
MDEV-16465: fixed a bug with DDL and FOREIGN KEY
Fulltext index fixes:
MDEV-12547: extended the range of innodb_ft_result_cache_limit on 64-bit systems
MDEV-16865: InnoDB fts_query() ignores KILL
Fixes for the following security vulnerabilities:
CVE-2018-3282
CVE-2016-9843
CVE-2018-3174
CVE-2018-3143
CVE-2018-3156
CVE-2018-3251
OpenWrt changes:
- dropped obsolete ucontext patch (issue fixed upstream)
- refreshed 130-c11_atomics.patch
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Jean-Michel Lacroix [Sun, 21 Oct 2018 18:40:38 +0000 (14:40 -0400)]
bandwidthd: [18.06] fix undefined references to inline functions
This is basically same commit that took place in master 3 weeks ago.
gcc-7 with -Os makes inline functions disappeard. It is caused by
the new C11 inline semantics. pass option -fgnu89-inline to gcc let
it use gnu inline semantics.
see https://wiki.debian.org/GCC7#Porting_help
Compile tested on 18.06. Run tested on OpenWrt 18.06.1 r7258-
5eb055306f
QEMU Virtual CPU version (cpu64-rhel6)
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
Etienne Champetier [Sat, 3 Nov 2018 12:49:50 +0000 (08:49 -0400)]
build,circleci: fix container digest
I used podman/buildah to build this image, and the local sha256 is not the same than
the docker hub sha256. The layers are the same, so maybe just docker hub changing the manifest
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne Champetier [Sat, 3 Nov 2018 04:02:23 +0000 (00:02 -0400)]
build,circleci: add 'time' to container build image
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Philip Prindeville [Sun, 28 Oct 2018 20:38:56 +0000 (14:38 -0600)]
isc-dhcp: drop .conf suffix on dhcrelay config file
Resolves issue #7235
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
b0e73634f757141e07044596d71c4138d60a88eb)
Etienne Champetier [Tue, 30 Oct 2018 01:00:04 +0000 (21:00 -0400)]
build,circleci: copy and adjust config from master
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Peter Wagner [Sun, 28 Oct 2018 15:56:11 +0000 (16:56 +0100)]
glib2: update to 2.58.1
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Luiz Angelo Daros de Luca [Mon, 22 Oct 2018 00:25:06 +0000 (21:25 -0300)]
ruby: bump to 2.5.3
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
74216a55e1fb3e6d748e7e769c0a308eaf4c7859)
Kevin Darbyshire-Bryant [Fri, 19 Oct 2018 11:38:41 +0000 (12:38 +0100)]
libssh: mark as BROKEN due to CVE-2018-10933
The only known user of this library is currently unable to get their
application to work with with the fixed 0.7.6 release of this library.
To prevent accidental use by unknown parties of a flawed library, mark
it as BROKEN.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
14ad4cb9765b43c630605a20c29beb76383e9239)
Rosen Penev [Mon, 15 Oct 2018 17:04:50 +0000 (10:04 -0700)]
patch: Add missing CVE-2018-6951 patch
The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed
Reordered patches by date
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
394ff73e5390599545412d14d48e9185a927dc21)
Rosen Penev [Wed, 10 Oct 2018 20:06:03 +0000 (13:06 -0700)]
patch: Fix CVE-2018-6952 and CVE-2018-
1000156
Patches taken from official git repository.
Added PKG_CPE_ID for proper CVE tracking.
Added PKG_BUILD_PARALLEL for faster compilation.
Also adjusted Makefile to be more similar to other projects.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
6f0ff2550303083b51475c6481458bf9b1820936)
Hannu Nyman [Wed, 10 Oct 2018 17:29:22 +0000 (20:29 +0300)]
Merge pull request #7160 from EricLuehrsen/o1806_ub_181
[openwrt-18.06] unbound: update to 1.8.1
Hannu Nyman [Wed, 10 Oct 2018 17:28:12 +0000 (20:28 +0300)]
Merge pull request #7164 from pacien/181009-1806-pkg-tinc
tinc: update to 1.0.35 (security update) [openwrt-18.06]
Nuno Goncalves [Wed, 10 Oct 2018 06:15:23 +0000 (08:15 +0200)]
watchcat: make compatible with updated busybox ash array handling (fixes #7148)
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Pacien TRAN-GIRARD [Mon, 8 Oct 2018 18:54:11 +0000 (20:54 +0200)]
tinc: update to 1.0.35
Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758
Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html
Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
Eric Luehrsen [Tue, 9 Oct 2018 00:20:28 +0000 (20:20 -0400)]
unbound: update to 1.8.1
bug fixes for memory leaks
bug fixes for DNS over TLS
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Ted Hess [Thu, 4 Oct 2018 19:59:43 +0000 (15:59 -0400)]
iotivity, i2pd, domoticz: Bump PKG_RELEASE to force re-build with Boost upgrade to 1.68
Signed-off-by: Ted Hess <thess@kitschensync.net>
Nikos Mavrogiannopoulos [Sat, 29 Sep 2018 08:03:20 +0000 (10:03 +0200)]
gnutls: updated to 3.5.19
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Karl Palsson [Wed, 26 Sep 2018 10:42:46 +0000 (10:42 +0000)]
mosquitto: bump to 1.5.3
Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt
Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS
Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes #701.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes #645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
Closes #965.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Guo Li [Wed, 26 Sep 2018 04:14:10 +0000 (12:14 +0800)]
sendmail: fix confLIBSEARCHPATH to $(STAGING_DIR)
This fix issue 'cannot find -lnsl' on build server which has libnsl.so in
/usr/lib
Signed-off-by: Guo Li <uxgood.org@gmail.com>
Guo Li [Sun, 2 Sep 2018 10:27:59 +0000 (18:27 +0800)]
jamvm: Use <fenv.h> instead of <fpu_control.h>
musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
header, which is used in src/os/linux/{i386,x86_64}/init.c files to
setup the floating point precision. This patch makes it use the
standard C <fenv.h> header instead.
Original patch at Felix Janda at
https://sourceforge.net/p/jamvm/patches/6/
Signed-off-by: Guo Li <uxgood.org@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Ted Hess [Wed, 26 Sep 2018 14:08:40 +0000 (10:08 -0400)]
fdm: Merge latest version and build fixes from master
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Wed, 26 Sep 2018 13:43:36 +0000 (09:43 -0400)]
boost: Merge updates (1.68.0) and build fixes from master
Makefile and package changes to support builds with both Python 2.x and Python 3.x versions.
Python versioning is automatically configured from lang/python repository xxx-version.mk files.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Jo-Philipp Wich [Tue, 25 Sep 2018 14:25:16 +0000 (16:25 +0200)]
Merge pull request #7084 from brianjmurrell/add-foolsm-to-18.06
foolsm: Add package foolsm
Rob Mosher [Mon, 20 Aug 2018 21:35:34 +0000 (17:35 -0400)]
cshark: update to latest git HEAD
This fixes GCC8 compile due to buffer overrun
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
(cherry picked from commit
e3144f00a3c5c05987680fd647f73349bd376076)
Hans Dedecker [Thu, 13 Sep 2018 12:21:00 +0000 (14:21 +0200)]
strongswan: refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
3bc3949e28aa16f74fd63fc8c5bddc4277081f21)
Hans Dedecker [Thu, 13 Sep 2018 10:26:20 +0000 (12:26 +0200)]
strongswan: fix OpenWrt hotplug script handling
Commit
6cd8fcabe added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
d0ac611bf0dbf10d16e1b3dae6ba1d3ea80befc6)
Florian Eckert [Thu, 5 Jul 2018 10:57:27 +0000 (12:57 +0200)]
strongswan: add openwrt hotplug script handling
Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
6cd8fcabe6d1727192bf447c7adc8e1eb42ab8f7)
Sebastian Kemper [Fri, 13 Jul 2018 20:30:40 +0000 (22:30 +0200)]
strongswan: include nls.mk for mysql plugin
ibmariadb 10.2 needs to be linked in together with iconv.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
7a0aebbff299c8eaeffb1f78be458ce88c6af8ea)
Hans Dedecker [Mon, 6 Nov 2017 10:39:14 +0000 (11:39 +0100)]
net-snmp: fix inbound firewall rule support
Commit
ae5ee6ba6c506b42d942c98349b3a54181790ec8 added support for inbound
firewall rule support but some corner cases were not covered.
In case net-snmp is started and the network interface is already up
the procd firewall rule is created but not applied by fw3 as
service_started calling procd_set_config_changed firewall was missing.
When stopping net-snmp clean up the net-snmp inbound firewall rules in
iptables by calling procd_set_config_changed firewall in stop_service
which will trigger fw3 to remove the inbound firewall rules.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
0bd19db0498780c3ac1e69ebc16c1334a609e285)
Rosen Penev [Fri, 31 Aug 2018 23:48:35 +0000 (16:48 -0700)]
tdb: Remove libbsd dependency
libbsd gets picked up since it's no longer limited to glibc.
Patch identical to libtalloc one. Same codebase.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
33dc529e0050519d45b73a05527fa04614482ae9)
BangLang Huang [Mon, 16 Jul 2018 03:05:00 +0000 (11:05 +0800)]
tdb: bump to latest version
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
d1804d38d45e1ed3ff4684278498fc3b8c3d761a)
Eneas U de Queiroz [Wed, 23 May 2018 17:16:09 +0000 (14:16 -0300)]
tdb: avoid installing duplicate files
Use $(CP) instead of $(INSTALL) so that libtdb.so.1 is installed as
symlink, and not duplicated.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit
75d9ab331ddcd62a91789ad93da16d7c56e55bf6)
Hirokazu MORIKAWA [Thu, 17 May 2018 06:16:52 +0000 (15:16 +0900)]
node: Fix incorrect detection of arm_version and arm_fpu
Automatic detection of the arm architecture does not work well.
http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt
```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
#error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
^~~~~
```
https://github.com/openwrt/packages/issues/5728
Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".
(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```
Also specifying an option lines compactly.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
3482320c2a4bdca5f090fdc3ddfa3273d2b9c805)
Hirokazu MORIKAWA [Mon, 7 May 2018 06:48:15 +0000 (15:48 +0900)]
node: fix host build fail
modify patch.
https://github.com/nodejs/node/pull/19196
made not to use libressl headers
fix to include path not to use "host/include"
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
818770d27364f31ba7a984d7f49374789463fc29)
Hannu Nyman [Sun, 23 Sep 2018 15:42:29 +0000 (18:42 +0300)]
nano: update to 3.1
* Update nano editor to 3.1
* Apply a post-release upstream patch to fix compilation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
af86b170648dabec0d245753347d6b37b05fd1c7)
Jonathan Bennett [Sun, 9 Sep 2018 21:50:43 +0000 (16:50 -0500)]
Nano: Update to 3.0
Signed-off-by: Jonathan Bennett <jbennett@incomsystems.biz>
(cherry picked from commit
0ceaa4e32cdcbbc9036a4bb5143f22252dc33f75)
Brian J. Murrell [Wed, 13 Dec 2017 12:48:01 +0000 (07:48 -0500)]
foolsm: Add package foolsm
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit
5cff94399d39016790921552a13719214cb46d73)
Hannu Nyman [Mon, 17 Sep 2018 17:32:23 +0000 (20:32 +0300)]
Merge pull request #7053 from mlichvar/chrony-fix-ipv6-allow-18.06
chrony: fix configuration of IPv6 client access (18.06)
Miroslav Lichvar [Mon, 17 Sep 2018 09:11:25 +0000 (11:11 +0200)]
chrony: fix configuration of IPv6 client access
Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.
Fixes issue #7039.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Dirk Brenken [Wed, 5 Sep 2018 15:39:57 +0000 (17:39 +0200)]
adblock: bugfix 3.5.5v2
* fix uci wrapper calls
* fix link in readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
cd3f925210f243cc07106d87c9e3664a7cbe448c)
Dirk Brenken [Sat, 1 Sep 2018 06:35:35 +0000 (08:35 +0200)]
adblock: update 3.5.5
* accept only ascii aka punycode chars in blocklists to prevent possible
dns backend warnings
* fix cornercase issues in json parsing (backend & frontend)
* slightly optimize tld compression performance
* refine logging
* use uci wrapper where possible
* change indentation from spaces to tabs (saves 8kb)
* add experimental youtube blocklist source
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
4987f066f9c7face7a35804ef53798786ff8155f)
Christian Schoenebeck [Sun, 2 Sep 2018 14:59:20 +0000 (16:59 +0200)]
radicale[18.06]: add extra command "export_storage" to init script
add extra command "export_storage" to export data for use with Radicale 2.x.x
remove myself as PKG_MAINTAINER
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Ted Hess [Thu, 30 Aug 2018 18:00:05 +0000 (14:00 -0400)]
socat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC
Signed-off-by: Ted Hess <thess@kitschensync.net>
Toke Høiland-Jørgensen [Tue, 28 Aug 2018 10:12:57 +0000 (12:12 +0200)]
sqm-scripts: Bump to v1.2.4
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Michael Heimpold [Thu, 23 Aug 2018 20:11:24 +0000 (22:11 +0200)]
php7: update to 7.2.9
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 23 Aug 2018 20:04:31 +0000 (22:04 +0200)]
php7: add dependency to hash for mysqlnd
The following error shows that mysqlnd depends on functions
provided by hash:
root@OpenWrt:/etc/php7# php-cli -m
PHP Warning: PHP Startup: Unable to load dynamic library
'mysqlnd.so' (tried: /usr/lib/php/mysqlnd.so (Error
relocating /usr/lib/php/mysqlnd.so: PHP_SHA256Final: symbol
not found), /usr/lib/php/mysqlnd.so.so (Error loading shared
library /usr/lib/php/mysqlnd.so.so: No such file or
directory)) in Unknown on line 0
So let's model this dep in package metadata.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Tue, 21 Aug 2018 19:19:01 +0000 (21:19 +0200)]
libxml2: add cpe id for CVE tracking
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Tue, 21 Aug 2018 19:07:48 +0000 (21:07 +0200)]
Merge pull request #6834 from micmac1/xml2-cve-18.06
libxml2: fix CVE-2018-9251 and CVE-2018-14567
Sebastian Kemper [Tue, 21 Aug 2018 18:29:17 +0000 (20:29 +0200)]
libxml2: fix CVE-2018-9251 and CVE-2018-14567
Backport from master.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Karl Palsson [Mon, 20 Aug 2018 09:30:12 +0000 (09:30 +0000)]
net/mosquitto: update to 1.5.1
Bugfix release. Full changelog at:
https://mosquitto.org/blog/2018/08/version-151-released/
Of most interest to OpenWrt:
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined.
* Fix IPv6 addresses not being able to be used as bridge addresses.
* Fix problem opening listeners on Pi caused by unsigned char being default.
* Fix segfault on startup if bridge CA certificates could not be read.
* Fix possible endian issue when reading the memory_limit option.
* library and client bugfixes including: https://github.com/openwrt/packages/issues/6765
Signed-off-by: Karl Palsson <karlp@etactica.com>
Jiri Slachta [Sun, 19 Aug 2018 17:12:28 +0000 (19:12 +0200)]
Merge pull request #6805 from micmac1/tiff-18.06
tiff: fix remaining CVEs
Sebastian Kemper [Sun, 19 Aug 2018 08:39:02 +0000 (10:39 +0200)]
tiff: fix remaining CVEs
Backport Rosen's commit in master to 18.06 to address open CVEs. This
fixes:
CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Dirk Brenken [Sat, 18 Aug 2018 17:53:04 +0000 (19:53 +0200)]
Merge pull request #6782 from EricLuehrsen/unbound_odhcpd_fix
[openwrt-18.06] unbound: drop odhcpd leases with wrong field count
Eric Luehrsen [Fri, 17 Aug 2018 01:37:43 +0000 (21:37 -0400)]
unbound: drop odhcpd leases with wrong field count
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry pick commit:
59617f076d7cbdd04a341bf7cfb5f3d9772b5765)
Ted Hess [Wed, 15 Aug 2018 12:58:40 +0000 (08:58 -0400)]
ffmpeg: Add build overrides for some specific CPUs: Octeon, X86 and 24kf.
Octeon: Rename octeonplus to oction+
MIPS 24kf: Inline ASM fails to build (unknown reason)
X86: Configure finds NASM and assumes YASM if name explictly set (wrong switches)
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Sun, 12 Aug 2018 21:36:28 +0000 (17:36 -0400)]
ffmpeg: Add cpu_type to configure opts. Upgrade to 3.2.12
Fixes certain combinations of architecture/cpu_type failing builds
Signed-off-by: Ted Hess <thess@kitschensync.net>
Daniel Golle [Wed, 15 Aug 2018 18:07:49 +0000 (20:07 +0200)]
Merge pull request #6759 from micmac1/postgresql-18.06
postgresql: security bump to 9.6.10 for 18.06
Sebastian Kemper [Wed, 15 Aug 2018 15:00:18 +0000 (17:00 +0200)]
postgresql: security bump to 9.6.10
This update includes fixes for the following CVEs:
- CVE-2018-1115
- CVE-2018-10925
- CVE-2018-10915
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Philip Prindeville [Tue, 7 Aug 2018 22:00:19 +0000 (16:00 -0600)]
perl: version modules and non-base packages
Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.
For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell. This changes all of
that by embedding the ABI number into the filename.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
0d9584724ff1c011f587540c2d25be8a90a81413)
Dirk Brenken [Sun, 12 Aug 2018 06:53:49 +0000 (08:53 +0200)]
Merge pull request #6736 from micmac1/maria-1806-10.1.35-cve
mariadb[18.06]: security bump to 10.1.35
Sebastian Kemper [Sat, 11 Aug 2018 20:59:22 +0000 (22:59 +0200)]
mariadb: security bump to 10.1.35
Bump minor version. Bugfix release. 100% backward compatible.
Includes fixes for:
CVE-2018-3064
CVE-2018-3063
CVE-2018-3058
CVE-2018-3066
Also includes CPPFLAGS fix from master (to get fortify-source headers
etc.).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>