Eneas U de Queiroz [Mon, 10 Dec 2018 02:22:15 +0000 (00:22 -0200)]
libgee: use unversioned vala dir, misc fixes
Copy vapi files to unversioned vala dir.
Added vala/host to PKG_BUILD_DEPENDS.
Removed TARGET_LDFLAGS
Removed copyright lines
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from
2cf76d52780d352b2ecb4bf14cb5eb403ef5144d)
Mislav Novakovic [Thu, 7 Jun 2018 10:26:42 +0000 (12:26 +0200)]
protobuf-c: add build time dependency protobuf
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
(cherry-picked from
a35581902cf6c6d4b51fc44a4db4d8c5bc8b51a5)
Mike Kershaw / Dragorn [Mon, 30 Apr 2018 21:14:47 +0000 (17:14 -0400)]
Enable the host tools on protobuf-c (protoc-c specifically)
Signed-Off-By: Mike Kershaw <dragorn@kismetwireless.net>
(cherry-picked from
6915059e35d74f8daede429df74d9635b2a6c9f0)
Eneas U de Queiroz [Tue, 18 Dec 2018 11:54:06 +0000 (09:54 -0200)]
softethervpn: cleanup host/build, pass HOST_*FLAGS
Remove hack to avoid readline host dependency, now that readline is
being host/built.
Pass on HOST_CFLAGS, HOST_CPPFLAGS, & HOST_LDFLAGS, to fix buildbots
host-compile errors about not finding openssl headers.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from
e3c6fcb79647b09f669addf4d7fa37151e19b3f1)
Rosen Penev [Sun, 16 Dec 2018 18:31:02 +0000 (10:31 -0800)]
11# This is a combination of 2 commits.
gammu: Fix build under 64-bit targets.
There's a faulty suffix variable that points to the wrong place.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
bf42426e4a97f3e771de2d3063a4d38f7c8f40e8
5fbc6c873e29dcde6d048ffbbea252411816f884
027ed92f6ed4adb1a90d36c2d3429106b326a53b)
Rosen Penev [Tue, 2 Apr 2019 07:05:37 +0000 (00:05 -0700)]
luasocket: Replace -fpic with $(FPIC)
This is causing linking errors on i386 and ppc.
Also removed custom warnings an optimization levels that override stock
settings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
ecb4fcca0c30d38285a35b1a33eac00927caa792)
Laurent Papier [Thu, 22 Feb 2018 22:46:48 +0000 (23:46 +0100)]
luasocket: fix build on mpc85xx
Signed-off-by: Laurent Papier <papier[at]tuxfan.net>
(cherry-picked from
cb44bfebd5cdf41fb04f14d628ed9ba62275dd1a)
Rosen Penev [Wed, 20 Nov 2019 00:51:58 +0000 (16:51 -0800)]
jool: Fix compilation
Backported upstream patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Matthias Schiffer [Wed, 4 Sep 2019 20:49:12 +0000 (22:49 +0200)]
fastd: fix init script for multiple VPN instances
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
b7ff8b8087c6e948aba45b74c261cd7337433523)
Matthias Schiffer [Wed, 21 Aug 2019 14:03:57 +0000 (16:03 +0200)]
fastd: update URL and PKG_SOURCE_URL
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
DENG Qingfang [Sat, 31 Aug 2019 14:29:29 +0000 (22:29 +0800)]
exfat-nofuse: drop BUILD_PATENTED
Microsoft has published technical specification for exFAT [1]
and the driver has been added to Linux staging tree [2].
It's now safe to drop BUILD_PATENTED label.
[1] https://docs.microsoft.com/windows/win32/fileio/exfat-specification
[2] http://lkml.iu.edu/hypermail/linux/kernel/1908.3/04254.html
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit
4c9d0c7b56365761fd1986ff954edf963feb2931)
Rafał Miłecki [Sat, 9 Jun 2018 20:02:51 +0000 (22:02 +0200)]
lighttpd: backport fix for plain auth from 1.4.49 release
Update commit
3d59ce6f502b ("lighttpd: update to 1.4.48") resulted in
plain auth regression: it simply stopped working with:
(mod_auth.c.525) password doesn't match for (...)
appearing on every authentication try.
This regression was fixed in 1.4.49 release. Backport the fix instead of
updating to the 1.4.49 to avoid risking more/other regressions.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
4cc0c8871398d7c2fb879a319c87e320249bfdcc)
Jo-Philipp Wich [Thu, 6 Jun 2019 06:58:34 +0000 (08:58 +0200)]
nlbwmon: update to latest Git HEAD
4574e6e nfnetlink: prevent tight retry loops
163a211 client: fix commit error information
21290db nlbwmon: merge existing data
abe701d database: do not overwrite unexpectedly preexisting databases
ef3fa58 socket: handle EAGAIN on send()
Ref: https://github.com/jow-/nlbwmon/issues/23
Ref: https://github.com/jow-/nlbwmon/issues/26
Ref: https://github.com/jow-/nlbwmon/issues/30
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
c528e01f4cb5112cbd26b973400ad424280a61e1)
Kevin Darbyshire-Bryant [Mon, 5 Nov 2018 18:01:50 +0000 (18:01 +0000)]
nlbwmon: receive dhcp interface triggers
Not all interfaces may have been allocated address at nlbwmon startup so
it may not collect statistics as expected/configured.
Add interface triggers to catch dhcp events and restart as required.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
662d3f16d2702fe55116c852f5d456e90891ee89)
Marc Benoit [Thu, 5 Apr 2018 22:03:34 +0000 (18:03 -0400)]
net/nlbwmon: run with lower priority
Even on a powerful platform a nlbwmon process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
bandwidth stats collection can wait a bit.
Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
(cherry picked from commit
9b3ecbd64a6328e13981165660d8930e8bb2446a)
Jo-Philipp Wich [Tue, 5 Dec 2017 12:34:50 +0000 (13:34 +0100)]
nlbwmon: update to current HEAD
Update to latest Git HEAD in order to solve a number of issues.
- Improves MAC address lookup reliability
- Properly counts DNAT-ed connections (e.g. for port forwards)
- Fixes stack corruption when parsing netlink records
- Fixes deletion of gzipped databases
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
70858690c08773c5e420f9ec66ed95c20b593212)
Kevin Darbyshire-Bryant [Mon, 14 Aug 2017 10:43:10 +0000 (11:43 +0100)]
nlbwmon: preserve protocols mapping across sysupgrade
Define package config files to preserve
/usr/share/nlbwmon/protocols across sysupgrade
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit
2305de5f2e529bb7591f5aac31557aff80ef39c4)
Jiri Slachta [Fri, 3 May 2019 06:29:57 +0000 (08:29 +0200)]
Merge pull request #8883 from micmac1/xslt-cve-17
(17.01) libxslt: backport patch for CVE-2019-11068
Sebastian Kemper [Thu, 2 May 2019 19:35:27 +0000 (21:35 +0200)]
libxslt: backport patch for CVE-2019-11068
Refreshed existing patches.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hirokazu MORIKAWA [Thu, 18 Apr 2019 05:41:21 +0000 (14:41 +0900)]
icu: [lede-17.01] support for new Japanese era Reiwa
support for new Japanese era Reiwa
change source url
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Rosen Penev [Fri, 5 Apr 2019 00:10:02 +0000 (17:10 -0700)]
Merge pull request #6642 from krombel/replace_git_by_https
[17.01] Change links from git://github.com to https://github.com
Jiri Slachta [Thu, 28 Mar 2019 08:41:04 +0000 (09:41 +0100)]
Merge pull request #8450 from micmac1/ssh2-1701-181
libssh2 (17.01): version bump/CVE fixes
Sebastian Kemper [Tue, 19 Mar 2019 08:48:01 +0000 (09:48 +0100)]
libssh2: version bump/CVE fixes
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Sun, 17 Mar 2019 16:30:06 +0000 (18:30 +0200)]
Merge pull request #8433 from hnyman/vpnc
vpnc: fix IPv6-triggered inoperability
Daniel Gimpelevich [Sun, 17 Mar 2019 14:56:14 +0000 (16:56 +0200)]
vpnc: fix IPv6-triggered inoperability
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Originally signedoffby: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
cherry picked from
ca56324
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
champtar [Tue, 18 Dec 2018 21:50:41 +0000 (22:50 +0100)]
Merge pull request #7723 from micmac1/lede-17.01-sqlite3
(lede 17.01) sqlite3 security bump
Sebastian Kemper [Tue, 18 Dec 2018 19:07:34 +0000 (20:07 +0100)]
sqlite3: use dynamic linking for sqlite cli tool
Otherwise it'll carry a static copy of it's own lib.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Tue, 18 Dec 2018 19:00:33 +0000 (20:00 +0100)]
sqlite3: security bump
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https. It also adds a depend on
zlib, which is now required.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Thu, 6 Dec 2018 08:35:45 +0000 (10:35 +0200)]
Merge pull request #7555 from micmac1/tiff-4010-17.01
(lede-17.01) tiff: security bump to 4.0.10
Sebastian Kemper [Sun, 2 Dec 2018 10:59:13 +0000 (11:59 +0100)]
tiff: security bump to 4.0.10
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Wed, 10 Oct 2018 17:28:18 +0000 (20:28 +0300)]
Merge pull request #7165 from pacien/181009-1701-pkg-tinc
tinc: update to 1.0.35 (security update) [lede-17.01]
Pacien TRAN-GIRARD [Mon, 8 Oct 2018 18:54:11 +0000 (20:54 +0200)]
tinc: update to 1.0.35
Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758
Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html
Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
Ted Hess [Thu, 30 Aug 2018 18:00:05 +0000 (14:00 -0400)]
socat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC
Signed-off-by: Ted Hess <thess@kitschensync.net>
Michael Heimpold [Tue, 21 Aug 2018 19:11:38 +0000 (21:11 +0200)]
Merge pull request #6835 from micmac1/xml2-cve-17.01
libxml2: add Debian patches to address CVEs
Sebastian Kemper [Tue, 21 Aug 2018 18:42:53 +0000 (20:42 +0200)]
libxml2: add Debian patches to address CVEs
Debian uses libxml2 2.9.4 in Stretch. This adds their security related
fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release.
Fixed CVEs:
CVE-2016-4658
CVE-2016-5131
CVE-2017-0663
CVE-2017-15412
CVE-2017-7375
CVE-2017-7376
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Jiri Slachta [Sun, 19 Aug 2018 17:12:40 +0000 (19:12 +0200)]
Merge pull request #6806 from micmac1/tiff-17.01
tiff: fix remaining CVEs
Sebastian Kemper [Sun, 19 Aug 2018 08:50:58 +0000 (10:50 +0200)]
tiff: fix remaining CVEs
Backport Rosen's commit in master to 17.01 to address open CVEs. This
fixes:
CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Dirk Brenken [Sat, 18 Aug 2018 17:53:35 +0000 (19:53 +0200)]
Merge pull request #6783 from EricLuehrsen/unbound_1701
[lede-17.01] unbound: drop odhcpd leases with wrong field count
Eric Luehrsen [Fri, 17 Aug 2018 01:37:43 +0000 (21:37 -0400)]
unbound: drop odhcpd leases with wrong field count
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry pick commit:
59617f076d7cbdd04a341bf7cfb5f3d9772b5765)
Daniel Golle [Wed, 15 Aug 2018 18:08:16 +0000 (20:08 +0200)]
Merge pull request #6760 from micmac1/postgresql-17.01
postgresql: security bump to 9.5.14 for 17.01
Sebastian Kemper [Wed, 15 Aug 2018 15:28:43 +0000 (17:28 +0200)]
postgresql: security bump to 9.5.14
This update includes fixes for the following CVEs:
- CVE-2018-1053
- CVE-2018-1058
- CVE-2018-10915
- CVE-2018-10925
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Matthias Kesler [Wed, 1 Aug 2018 20:53:20 +0000 (22:53 +0200)]
Change links from git://github.com to https://github.com
I got into troubles to be behind a proxy and my build then fails
because it cannot connect to git://github.com urls
To avoid such problems for others I think it is useful to replace
them for the whole repo. This changes make it work for me again.
Signed-off-by: Matthias Kesler <krombel@krombel.de>
Hannu Nyman [Wed, 27 Jun 2018 04:18:11 +0000 (07:18 +0300)]
Merge pull request #6350 from EricLuehrsen/unbound_20180625_1701
[lede-17.01] unbound: limit outside script source to init funciton scope
Eric Luehrsen [Tue, 26 Jun 2018 00:40:21 +0000 (20:40 -0400)]
unbound: limit outside script source to init funciton scope
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Hannu Nyman [Mon, 21 May 2018 05:23:30 +0000 (08:23 +0300)]
Merge pull request #6077 from MikePetullo/lede-17.01-lighttpd
lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
Philip Prindeville [Wed, 3 Jan 2018 00:08:59 +0000 (17:08 -0700)]
lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
If we're built with CONFIG_LIGHTTPD_SSL then mod_openssl.so should
be included into the base package. Fixes issue #5343.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Hannu Nyman [Sun, 29 Apr 2018 21:22:03 +0000 (00:22 +0300)]
usbip: remove upstreamed musl compatibility patch (#5983)
Remove musl compatibility patch that is now included
in the upstream Linux kernel and backported to stable kernels.
Commit in 4.4:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/tools/usb/usbip?h=linux-4.4.y&id=
6638091f1b1623db8b2338ef5a5f26d9ec870444
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Wed, 25 Apr 2018 09:26:16 +0000 (12:26 +0300)]
Merge pull request #5803 from VincentRiou/lighttpd_1_4_48_with_wstunnel
Lighttpd 1.4.48 with wstunnel
Luiz Angelo Daros de Luca [Thu, 29 Mar 2018 18:23:01 +0000 (15:23 -0300)]
Merge pull request #5848 from luizluca/ruby-2.4.4
[17.01] ruby: bump to 2.4.4
Luiz Angelo Daros de Luca [Thu, 29 Mar 2018 14:37:25 +0000 (11:37 -0300)]
ruby: bump to 2.4.4
This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Hannu Nyman [Tue, 27 Mar 2018 20:26:20 +0000 (23:26 +0300)]
Merge pull request #5839 from nxhack/lede-17_01_icu_CVE-2017-15422
icu: fix CVE-2017-15422
Hirokazu MORIKAWA [Tue, 27 Mar 2018 08:05:45 +0000 (17:05 +0900)]
icu: fix CVE-2017-15422
[lede-17.01]
Maintainer: me
Compile tested: ar71xx, mips_24kc_gcc-5.4.0_musl-1.1.16, lede-17.01 r3863-
fad29d2
Run tested: NONE
Description:
CVE-2017-15422 : integer overflow in icu
https://security-tracker.debian.org/tracker/CVE-2017-15422
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Vincent Riou [Fri, 23 Mar 2018 14:57:16 +0000 (14:57 +0000)]
lighttpd: add mod-wstunnel
Exposes the mod-wstunnel plugin which implements websocket proxying over http
Signed-off-by: Vincent Riou <vincent@invizbox.com>
Philip Prindeville [Sat, 16 Dec 2017 19:49:22 +0000 (12:49 -0700)]
lighttpd: update to 1.4.48
All of the bugs for which we had patches have been fixed upstream
in 1.4.46, so the patches can be dropped.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Conflicts:
net/lighttpd/Makefile
Tony Ambardar [Mon, 8 Jan 2018 11:50:26 +0000 (03:50 -0800)]
sqm-scripts: Fix return value bug in postrm script
The script removes the UCI option ucitrack.@sqm[0] if present and then
returns success. If that UCI option is already absent however, the
script incorrectly returns failure, which blocks upgrade of the
luci-app-sqm package.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Karl Palsson [Thu, 1 Mar 2018 11:20:03 +0000 (11:20 +0000)]
mosqitto: bump to 1.4.15 for CVE fixes.
See https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
for full details.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rafał Miłecki [Mon, 19 Feb 2018 11:43:14 +0000 (12:43 +0100)]
minidlna: exclude "po" directory to fix CONFIG_BUILD_NLS=y builds
This fixes:
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.18 but the autoconf macros are from gettext version 0.19
Makefile of minidlna package specifies PKG_FIXUP:=autoreconf. That
results in calling autoreconf with multiple arguments, including many -I
ones. One of autoreconf steps is calling aclocal with the same set of -I
arguments.
All of that results in:
1) aclocal using staging_dir's /usr/share/aclocal and its po.m4
2) not using minidlna's po.m4
3) not updating Makefile.in.in
If staging_dir's po.m4 has different GETTEXT_MACRO_VERSION than the
minidlna's one it'll result in a mismatch in the Makefile.in. Ideally we
should take care of regenerating Makefile.in.in but this isn't
currentlly supported. As localization isn't properly supported anyway
(no shipping .mo files) it's safe to just disable building po files.
Added patch comes from the master branch commit
d5fcc972ba57d
("multimedia/minidlna: Update to 1.2.0").
Fixes: 72928442614d9 ("minidlna: backport fixes from 1.1.6 and 1.2.0 releases")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
champtar [Wed, 31 Jan 2018 15:55:37 +0000 (07:55 -0800)]
Merge pull request #5492 from micmac1/fix-sqlite3-on-uclibc
sqlite3 [lede-17.01]: fix uClibc builds
Sebastian Kemper [Tue, 23 Jan 2018 19:57:23 +0000 (20:57 +0100)]
sqlite3: fix uClibc builds
When compiling against uClibc on lede-17.01 it's detected in the linking
phase that '__isnan' is nowhere to be found:
sqlite3-sqlite3.o: In function `serialGet':
sqlite3.c:(.text+0x6364): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_result_double':
sqlite3.c:(.text+0x10faa): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VXPrintf':
sqlite3.c:(.text+0x175ca): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3_bind_double':
sqlite3.c:(.text+0x1b0ac): undefined reference to `__isnan'
sqlite3-sqlite3.o: In function `sqlite3VdbeExec':
sqlite3.c:(.text+0x3b77e): undefined reference to `__isnan'
collect2: error: ld returned 1 exit status
To fix this libm needs to be linked in as well in the uClibc case. So
add libm ('-lm') to the TARGET_LDFLAGS accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Nikos Mavrogiannopoulos [Tue, 30 Jan 2018 19:34:14 +0000 (20:34 +0100)]
p11-kit: disable trust module
This allows prevents build error due to trust-paths not being
specified. The trust module was not being used in openwrt.
Resolves #5528
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Jiri Slachta [Tue, 30 Jan 2018 18:57:37 +0000 (19:57 +0100)]
Merge pull request #5541 from micmac1/jiri-lede-17.01
libssh2, libxslt, tiff: security bumps + fix (for lede-17.01)
Sebastian Kemper [Tue, 30 Jan 2018 14:13:05 +0000 (15:13 +0100)]
tiff: version bump to address open CVEs
- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
to be added to fix the open CVEs. There have been no API/ABI
changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
on top.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Tue, 30 Jan 2018 14:09:01 +0000 (15:09 +0100)]
libxslt: add patches copied from Debian to fix CVEs
- there are multiple open CVEs, this adds patches for them
- adds --disable-silent-rules for verbose build output
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Tue, 30 Jan 2018 14:06:06 +0000 (15:06 +0100)]
libssh: fix zlib detection
- currently zlib is never detected, although there is a dependency on
it, fix that.
- change links from http to https
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
tripolar [Sat, 27 Jan 2018 12:24:29 +0000 (13:24 +0100)]
Merge pull request #5493 from micmac1/fix-alsa-lib-on-uclibc
alsa-lib [lede-17.01]: fix build on uclibc
Sebastian Kemper [Tue, 23 Jan 2018 20:54:07 +0000 (21:54 +0100)]
alsa-lib: fix uClibc builds
Currently alsa-lib fails to build on uClibc:
parser.c: In function 'snd_tplg_build_file':
parser.c:262:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:262:35: note: each undeclared identifier is reported only once for each function it appears in
parser.c:262:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c: In function 'snd_tplg_build':
parser.c:330:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:330:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
Makefile:390: recipe for target 'parser.lo' failed
Fix this by adding an upstream fix as a backport.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Fri, 26 Jan 2018 14:29:20 +0000 (16:29 +0200)]
Merge pull request #5497 from daztucker/lede-17.01
net/https-dns-proxy: Update to 2018-01-24.
Darren Tucker [Wed, 24 Jan 2018 05:50:19 +0000 (16:50 +1100)]
net/https-dns-proxy: Update to 2018-01-24.
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
Luiz Angelo Daros de Luca [Mon, 22 Jan 2018 10:43:03 +0000 (08:43 -0200)]
Merge pull request #5317 from luizluca/17.01/ruby-2.4.3
[17.01] ruby: bump to 2.4.3
Hannu Nyman [Sat, 20 Jan 2018 08:03:35 +0000 (10:03 +0200)]
Merge pull request #5479 from EricLuehrsen/lede-17.01-unbound-168
[lede-17.01] unbound: update to 1.6.8 for CVE-2017-15105
Eric Luehrsen [Sat, 20 Jan 2018 02:24:54 +0000 (21:24 -0500)]
unbound: update to 1.6.8 for CVE-2017-15105
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Hannu Nyman [Fri, 19 Jan 2018 13:10:12 +0000 (15:10 +0200)]
Merge pull request #5477 from dibdot/travelmate-17.01
[17.01] travelmate: release 1.0.2
Hannu Nyman [Fri, 19 Jan 2018 13:10:02 +0000 (15:10 +0200)]
Merge pull request #5476 from dibdot/adblock-17.01
[17.01] adblock: release 3.4.3
Dirk Brenken [Fri, 19 Jan 2018 09:02:23 +0000 (10:02 +0100)]
[17.01] travelmate: release 1.0.2
* bump travelmate version in stable tree
Signed-off-by: Dirk Brenken <dev@brenken.org>
Dirk Brenken [Fri, 19 Jan 2018 08:50:39 +0000 (09:50 +0100)]
[17.01] adblock: release 3.4.3
* bump adblock version in stable tree
Signed-off-by: Dirk Brenken <dev@brenken.org>
Yousong Zhou [Fri, 19 Jan 2018 03:14:32 +0000 (11:14 +0800)]
vpnc: fix using proto_add_host_dependency
Fixes #4343
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Alexandru Ardelean [Thu, 16 Mar 2017 19:33:41 +0000 (21:33 +0200)]
ulogd: use strncpy instead of memcpy
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
953f951c5eb3841e619a18b3aeb95a652dbb9a93)
Hannu Nyman [Sat, 6 Jan 2018 10:20:47 +0000 (12:20 +0200)]
wget: backport 1.19.2 from master
Backport the update to 1.19.2 from master.
Fixes e.g. CVE-2017-13089 and CVE-2017-13090
(tested in my own ipq806x and ar71xx lede-17.01 builds)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Banglang Huang [Sat, 6 Jan 2018 10:04:33 +0000 (12:04 +0200)]
tree: backport from master
Tree is a recursive directory listing command that
produces a depth indented listing of files, which is
colorized ala dircolors if the LS_COLORS environment
variable is set and output is to tty.
root@lede:/# tree -L 1
.
├── bin
├── dev
├── etc
├── lib
├── mnt
├── overlay
├── proc
├── rom
├── root
├── sbin
├── sys
├── tmp
├── usr
├── var -> /tmp
└── www
15 directories, 0 files
http://mama.indstate.edu/users/ice/tree/
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
b6ff884d4570e5f522ad97bbd481362ee1ebeff7)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Daniel Golle [Thu, 4 Jan 2018 23:20:31 +0000 (00:20 +0100)]
postgresql: update to version 9.5.10
Contains fixes for
* CVE-2017-15099
* CVE-2017-15098
* CVE-2017-12172
* CVE-2017-7548
* CVE-2017-7547
* CVE-2017-7546
* CVE-2017-7486
* CVE-2017-7485
* CVE-2017-7484
Note that some fixes apply for newly created databases only!
To mitigate CVE-2017-7486 and CVE-2017-7547 in existing databases,
a procedure described in the the release notes of PostgreSQL 9.5.8
is necessary!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rosen Penev [Mon, 11 Dec 2017 03:54:14 +0000 (19:54 -0800)]
gnutls: Use HTTPS instead of FTP
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Luiz Angelo Daros de Luca [Fri, 22 Dec 2017 05:28:56 +0000 (03:28 -0200)]
ruby: bump to 2.4.3
This release includes some bug fixes and a security fix.
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
fc0105391766404699330e455bc028d8a52a2553)
Arturo Rinaldi [Sat, 9 Dec 2017 20:39:24 +0000 (21:39 +0100)]
python: declare explicit Host/Compile to fix pgen tool installation error
Signed-off-by: Arturo Rinaldi arty.net2@gmail.com
[squash commits, fix commit title]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
champtar [Mon, 11 Dec 2017 19:43:46 +0000 (11:43 -0800)]
Merge pull request #5012 from TDT-AG/
20171025-luci-app-mwan3-fix-iface_state
net/mwan3-luci: fix iface_state on on status page for 17.01
Florian Eckert [Wed, 25 Oct 2017 11:46:15 +0000 (13:46 +0200)]
net/mwan3-luci: fix iface_state on on status page
Since commit
4739584c2434fda6c4f14b0ef3d38fa055352c0e the status of the
interface is not reported correctly anymore. To fix this issue do not test
if the routing table is presented use instead the "/var/run/iface_state/[iface]"
to get the interface state because the routing table will not get deleted
anymore if the interface is offline.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Jo-Philipp Wich [Tue, 5 Dec 2017 13:32:57 +0000 (14:32 +0100)]
Merge pull request #5228 from commodo/python-2.7.14-17.01
python: update to version 2.7.14 for branch 17.01
Alexandru Ardelean [Tue, 5 Dec 2017 13:15:09 +0000 (15:15 +0200)]
python: update to version 2.7.14 for branch 17.01
Bump version and overwrite patches from master,
since those were refreshed (at some point).
I got an email notification about some CVEs
for branch 17.01, so I decided to update Python.
Technically, one seems to be for SolidWorks
from what I can tell, but upgrading should be easy.
```
Hello Alexandru Ardelean,
The package python is vulnerable to the following CVEs:
CVE-2014-4616
https://nvd.nist.gov/vuln/detail/CVE-2014-4616
CVE-2017-100015
https://nvd.nist.gov/vuln/detail/CVE-2017-100015
Please consider updating or patching the package.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel Golle [Mon, 20 Nov 2017 16:49:34 +0000 (17:49 +0100)]
attendedsysupgrade-common: add package
This package provides the UCI config shared by both, the CLI and Web
clients used for attended-sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Saverio Proto [Sun, 5 Nov 2017 03:00:10 +0000 (04:00 +0100)]
tinc: version bump 1.0.33
Signed-off-by: Saverio Proto <saverio.proto@switch.ch>
Nikos Mavrogiannopoulos [Sat, 21 Oct 2017 18:24:35 +0000 (20:24 +0200)]
gnutls: updated to 3.5.16
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Matthias Schiffer [Mon, 23 Oct 2017 02:52:49 +0000 (04:52 +0200)]
jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:
Package kmod-jool is missing dependencies for the following libraries:
crypto_hash.ko
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Etienne Champetier [Mon, 23 Oct 2017 00:49:50 +0000 (17:49 -0700)]
monit: update to 5.24, use https download url
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne Champetier [Sun, 9 Jul 2017 03:13:40 +0000 (20:13 -0700)]
monit: update to 5.23
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 23 Jan 2017 03:48:23 +0000 (19:48 -0800)]
monit: update to 5.20, use PKG_HASH
this adds zlib as dependency
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne Champetier [Sun, 9 Jul 2017 03:13:27 +0000 (20:13 -0700)]
sqlite3: update to 3.19.3
fix possible database corruption
https://www.sqlite.org/releaselog/3_19_3.html
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Daniel Engberg [Wed, 31 May 2017 15:11:02 +0000 (17:11 +0200)]
libs/sqlite3: Update to
3190200
Update sqlite to
3190200
Remove obsolete tarball hash variable
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Ian Leonard [Sun, 19 Feb 2017 05:30:28 +0000 (21:30 -0800)]
sqlite: update to 3.17.0
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Karl Palsson [Wed, 25 Oct 2017 11:15:12 +0000 (11:15 +0000)]
libwebsockets: add PROVIDES to both variants
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01. The two variant packages both now PROVIDE
libwebsockets, the virtual package.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Hirokazu MORIKAWA [Tue, 24 Oct 2017 06:36:29 +0000 (15:36 +0900)]
icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
https://security-tracker.debian.org/tracker/CVE-2017-14952
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Jo-Philipp Wich [Fri, 20 Oct 2017 13:08:54 +0000 (15:08 +0200)]
Revert "Provides a way to acquire the list of installed packages without the"
This reverts commit
983819f3f01ff27ba72bb0fb7ce6f1bea95bd8d1.