Michael Heimpold [Wed, 16 Nov 2022 14:31:56 +0000 (15:31 +0100)]
php7: update to 7.4.33
This fixes:
- CVE-2022-31630
- CVE-2022-37454
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Moritz Warning [Wed, 2 Nov 2022 18:24:47 +0000 (19:24 +0100)]
zerotier: update to 1.10.2
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Sun, 3 Jul 2022 22:14:40 +0000 (00:14 +0200)]
zerotier: update to 1.10.1
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Sat, 30 Apr 2022 15:38:25 +0000 (17:38 +0200)]
zerotier: update to 1.8.9
Replace patch with Makefile options
to disable Rust components that
cannot be build with OpenWrt.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Wed, 13 Apr 2022 19:19:38 +0000 (21:19 +0200)]
zerotier: fix segfault on ARM platforms
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Wed, 13 Apr 2022 19:00:01 +0000 (21:00 +0200)]
zerotier: update to 1.8.8
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Tue, 8 Mar 2022 14:55:58 +0000 (15:55 +0100)]
zerotier: update to 1.8.6
* remove upstreamed gcc10 and cerrno patches
* disable SSO and OIDC as it needs Rust/Cargo support
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Tianling Shen [Sun, 13 Nov 2022 14:30:25 +0000 (22:30 +0800)]
yq: Update to 4.30.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4d667ec8e8ffb23e2d42a42c58f0318b3d248dff)
Tianling Shen [Sat, 12 Nov 2022 15:28:26 +0000 (23:28 +0800)]
yq: Update to 4.30.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2cba6e5f73326bfa91f3b5d0f432f85064255ee4)
Tianling Shen [Mon, 17 Oct 2022 12:46:28 +0000 (20:46 +0800)]
treewide: fix procd service inactive
Exit directly will result procd service inactive and uci
configuration changes are no longer monitored.
Reported-by: Lvc Revincx <revincx233@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b1651c5d5444b990b58180a26d6e76779cbb88a9)
Tianling Shen [Fri, 5 Aug 2022 13:58:06 +0000 (21:58 +0800)]
v2raya: Update to 1.5.9.1698.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
3c43f65ae90fd7de6a5bb91d1560917db1b281dd)
Tianling Shen [Sat, 18 Jun 2022 18:02:08 +0000 (02:02 +0800)]
v2raya: Update to 1.5.8.1
1. Switched to use prebuilt web files to get rid of massive Node.js.
2. Increased nofile limitation to avoid "too many open files" error.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d629a6f8b2b3e37a98540b5ec043949d2069cb88)
Tianling Shen [Wed, 20 Apr 2022 19:01:39 +0000 (03:01 +0800)]
v2rayA: Update to 1.5.7
- Removed an upstreamed patch
- Move logs to /var/log in accordance with FHS 3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ff8f25cb98ce3117fac28020f96f3e7f49ff6106)
Tianling Shen [Sat, 26 Mar 2022 14:16:03 +0000 (22:16 +0800)]
v2raya: fix panic in go 1.18
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7aa127e208262e44b81fbbf7fe023b9cfdc6fdf7)
Tianling Shen [Fri, 4 Feb 2022 09:26:22 +0000 (17:26 +0800)]
v2rayA: Update to 1.5.6.2
Manually added new env variable `XDG_DATA_HOME` which won't be passed
by procd by default.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c7b5e7ed67e1465da775e59e96b872a69a0452f5)
Tianling Shen [Fri, 4 Feb 2022 10:12:09 +0000 (18:12 +0800)]
v2raya: init: convert arguments into env variables
Suggested by upstream, to provide forward compatibility.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
8465053a58ce6efcdfe59f834e9d373496d02f64)
Tianling Shen [Fri, 10 Dec 2021 10:56:00 +0000 (18:56 +0800)]
v2rayA: Update to 1.5.5
Breaking changes:
The database has been replaced with boltdb to try to solve the problem
of database corruption.
Note that the data will not be migrated, but the previous data will be
retained. If you need the previous data, just downgrade v2rayA (v1.5.4).
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
21e98e952f5c03a590b30c65c2419e4dc8e5910f)
Tianling Shen [Sat, 2 Oct 2021 02:48:24 +0000 (10:48 +0800)]
v2raya: Update to 1.5.4
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d48b22fb9011311e78dc71b1a09b7219aecaba1d)
Tianling Shen [Wed, 15 Sep 2021 19:15:04 +0000 (03:15 +0800)]
v2raya: Update to 1.5.3
- Added missing conffiles
- Refreshed init srcipt to adapt the new arguments
- Renamed package name to lowercase (suggestion from upstream)
- Updated dependencies and license
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
16e453e4acc39eb0a3bc403f37697cd4083cdf14)
Tianling Shen [Mon, 30 Aug 2021 05:31:37 +0000 (13:31 +0800)]
v2rayA: Update to 1.5.2
Refreshed init script to adapt new arguments accepted by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
60c917089fb616d9c071023091e40bdb1f4c12f0)
Tianling Shen [Thu, 26 Aug 2021 13:13:59 +0000 (21:13 +0800)]
v2rayA: add new package
v2rayA is a Linux web GUI client of Project V which supports V2Ray,
Xray, Shadowsocks, ShadowsocksR, Trojan and Pingtunnel.
Wiki: https://github.com/v2rayA/v2rayA/wiki
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
90ec599f9ef7aa011febe5528ba8b0b2016bfe02)
Tianling Shen [Thu, 10 Nov 2022 12:47:05 +0000 (20:47 +0800)]
xray-core: Update to 1.6.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4194268e3f4c931e122dd66ca6196f6262f35c78)
[Update geodata to latest version, based on
e5c3c3409]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Thu, 3 Nov 2022 08:20:16 +0000 (16:20 +0800)]
xray-core: Update to 1.6.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
e606ea7e78c8f294e3d30df01aa82b3346dbeffe)
Tianling Shen [Wed, 26 Oct 2022 06:18:04 +0000 (14:18 +0800)]
xray-core: Update to 1.6.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b16b07409f8dae2356d0cb97f6e541218360fd80)
Tianling Shen [Mon, 19 Sep 2022 02:45:48 +0000 (10:45 +0800)]
xray-core: Update to 1.6.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a0126b15c58f7527ed21dbcb659d51072ad1f5fc)
[Update geodata to latest version, based on
f8c25627ebe1d9]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
05d1265cb7efc186ecc6b44232c6a4aca0ba0392)
Tianling Shen [Tue, 30 Aug 2022 06:49:28 +0000 (14:49 +0800)]
xray-core: Update to 1.5.10
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ddd4082d30f843e522fc69ecaa5e91d6bb65365c)
Jeffery To [Sun, 10 Apr 2022 08:44:30 +0000 (16:44 +0800)]
syncthing: Update to 1.19.2
Includes patch based on upstream change[1] to fix compilation with Go
1.18.
Fixes https://github.com/openwrt/packages/issues/18267.
[1]: https://github.com/syncthing/syncthing/commit/
e30898ddb3e51225d4bda8661a1510c5cc9afe08
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
4b7ff2df5eea9688e9652b552a92f7ecd5ebf1ea)
(cherry picked from commit
961c73ca7cc03c60d2a2fb7449327c8ab7c60563)
Josef Schlehofer [Wed, 9 Nov 2022 13:51:30 +0000 (14:51 +0100)]
golang: update to version 1.18.8
Fixes following CVEs:
- CVE-2022-32189 (version 1.18.5 [1]]
- CVE-2022-27664 (version 1.18.6 [2])
- CVE-2022-32190 (version 1.18.6 [2])
- CVE-2022-2879 (version 1.18.7 [3])
- CVE-2022-2880 (version 1.18.7 [3])
- CVE-2022-41715 (version 1.18.7 [3])
- CVE-2022-41716 (version 1.18.8 [4])
and refreshed patch
[1] https://groups.google.com/g/golang-announce/c/YqYYG87xB10
[2] https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
[3] https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
[4] https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c33c2d886918cfbc1af8d60cbb530ba563084b67)
Josef Schlehofer [Wed, 9 Nov 2022 14:11:00 +0000 (15:11 +0100)]
ffmpeg: libffmpeg-full package should provide libffmpeg package, too
The previous solution overwrote the provide from ``define
Package/libffmpeg/Default``, but that's not what was wanted.
Thus libffmpeg-full should provide three packages libffmpeg,
libffmpeg-mini and libffmpeg-audio-dec
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c333c0e5229b7c4f14dd831e2c75709d0de1615e)
Jeffery To [Mon, 18 Jul 2022 09:35:11 +0000 (17:35 +0800)]
golang: Update to 1.18.4
Includes fixes for:
* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
60168651a2c7279a4a169be6b3d61be57e871e55)
Jeffery To [Mon, 6 Jun 2022 08:24:05 +0000 (16:24 +0800)]
golang: Update to 1.18.3
Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed
buffer larger than 1<<32 - 1).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
112cf0903125837bc7990813105cbe7ce23f5ece)
Jeffery To [Sat, 14 May 2022 18:11:51 +0000 (02:11 +0800)]
golang: Update to 1.18.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
659f87d5d4a72507b16dca5b2962ff21580e1ff3)
Jeffery To [Fri, 15 Apr 2022 15:27:14 +0000 (23:27 +0800)]
golang: Update to 1.18.1
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
8c0477a89525422f633e9693cc1fe6192db785df)
Jeffery To [Fri, 25 Mar 2022 19:46:25 +0000 (03:46 +0800)]
golang: Update to 1.18, update patch
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
478666b00b8caeccf1d51c44ebb71788b0ca4388)
Josef Schlehofer [Wed, 9 Nov 2022 11:00:33 +0000 (12:00 +0100)]
golang: update to version 1.17.13
Fixes:
CVE-2022-32189
Release notes:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10?pli=1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Magnus Kessler [Thu, 12 May 2022 05:13:52 +0000 (07:13 +0200)]
tailscale: update to version 1.24.2
Signed-off-by: Magnus Kessler <Magnus.Kessler@gmx.net>
(cherry picked from commit
b557e9f0d14e59435506fae0a31dfc908175dde4)
Wes Morgan [Thu, 16 Dec 2021 19:54:32 +0000 (12:54 -0700)]
tailscale: update to 1.18.2
Signed-off-by: Wes Morgan <git@wesmorgan.me>
(cherry picked from commit
efb908b032995d80edfeea500691a1e8a616166b)
Josef Schlehofer [Thu, 3 Nov 2022 07:58:23 +0000 (08:58 +0100)]
pulseadio: fix conffiles for pulseadio-daemon-avahi package
Fixes: 60ac7dd751240fa096a85794023b18f26a8317da ("pulseaudio: simplify
and rework Makefile")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
7ae66ec7cac3cbfc94fc30149418698f15406543)
Josef Schlehofer [Sun, 30 Oct 2022 08:07:50 +0000 (09:07 +0100)]
pulseaudio: change homepage URLs to freedesktop.org
The previous used domain http(s)://pulseaudio.org redirects to
https://www.freedesktop.org/wiki/Software/PulseAudio/
This change enforces to use HTTPS everywhere for homepage URLs
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
00e3918069c5be726bcd5af80a093c0753d9d6e5)
Josef Schlehofer [Sat, 29 Oct 2022 21:42:12 +0000 (23:42 +0200)]
pulseaudio: use AUTORELEASE variable
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
364054fbe749a6121d0b6ff4e2bdda80f17389e7)
Josef Schlehofer [Sat, 29 Oct 2022 21:41:11 +0000 (23:41 +0200)]
pulseaudio: daemons should conflict to each other
It should not be possible to install pulseaudio-daemon and
pulseadio-daemon-avahi at the same time as they have the same files.
Let's avoid that situation by adding conflict.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
5a5bb15949f7cf0abb717245bc23508af2c48ed9)
Josef Schlehofer [Sat, 29 Oct 2022 21:37:09 +0000 (23:37 +0200)]
pulseaudio: simplify and rework Makefile
There were two conffiles sections and both of them were same, but for
different variants. We can have just one conffile section and use it also
for the other variant.
The same applies for the install section for different variants.
- We have two install sections, but we call the first one with the same
files and then add something more for the second variant.
- While at it to make it easier, let's change those three rows for
copying packages into the single one to make sure that I did not miss
anything. Also, we create a directory first and then move files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
60ac7dd751240fa096a85794023b18f26a8317da)
Szabolcs Hubai [Sat, 29 Oct 2022 09:28:13 +0000 (11:28 +0200)]
mpd: depend the full variant on pulseaudio instead of pulseaudio-daemon
The full variant of mpd depends on pulseaudio-daemon, so it was not
possible to use the other pulseaudio variant with avahi.
Both pulseaudio daemons provides package pulseaudio, so users can choose
which variant suits them best.
Let's change the dependency to pulseaudio.
Fixes: #19187
Fixes: 2ed62adc5914 ("mpd: enable pulseaudio in full package")
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit
abe35e89f60efb99dee76c53a1ebdc2bd48f73a1)
Tianling Shen [Mon, 31 Oct 2022 04:54:58 +0000 (12:54 +0800)]
rclone: Update to 1.60.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
90e037b5e59043e70118eeb2675e22bef1ffe4e4)
Tianling Shen [Mon, 31 Oct 2022 04:56:33 +0000 (12:56 +0800)]
yq: Update to 4.29.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d1f2b96b7eb17fc990765ae5fd47fe0d99c07c88)
Scott Roberts [Thu, 6 Oct 2022 12:44:03 +0000 (06:44 -0600)]
zabbix: add variants for SSL support
opkg does not offer ssl varients:
zabbix-agentd
zabbix-sender
zabbix-get
zabbix-proxy
zabbix-server
resolve this by adding ssl varients.
Signed-off-by: Scott Roberts <ttocsr@gmail.com>
(cherry picked from commit
cd48d03f01917af2fd525955b6fd8b8498ad3d6f)
(cherry picked from commit
e0502e477c88f5430ea6277780354a2cdda2ebee)
Rosen Penev [Sat, 20 Mar 2021 21:58:49 +0000 (14:58 -0700)]
coova-chili: fix compilation with kernel 5.10
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
eba4abb65d9e12982a8c0f9e4674bcf5307e22de)
Rosen Penev [Thu, 31 Mar 2022 03:25:12 +0000 (20:25 -0700)]
ptunnel-ng: fix compilation with kernel 5.15
Some header change requires to include musl's headers first.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
468863128f1d4d47effa37bd69de69ae5aff29b7)
Rosen Penev [Mon, 28 Mar 2022 22:47:36 +0000 (15:47 -0700)]
libpfring: update to 8.0.0
Fixes compilation with kernel 5.15
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f8f2146b1b754495eca6cf821eaa730462429972)
Rosen Penev [Mon, 22 Feb 2021 01:56:33 +0000 (17:56 -0800)]
coova-chilli: update to 1.6
Remove usptreamed patches.
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
c05077a499a1522a105f7d4cf72f64e8e098fe1f)
Rosen Penev [Sun, 3 Apr 2022 02:43:09 +0000 (19:43 -0700)]
xtables-addons: update to 3.19
Fixes compilation with kernel 5.15.
Fixed changed binary name.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e5af50679587bf39fec31f4af75f7aa8efd498a0)
(cherry picked from commit
4a5633b6b5dc7663d22e317072764fbefe35877c)
Josef Schlehofer [Mon, 24 Oct 2022 12:40:11 +0000 (14:40 +0200)]
ffmpeg: add conflicts and provides
Motivation of this change is that full variants provides the mini
variant and as well audio-dec package, thus you can not install both as
it fails with the following output:
Collected errors:
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavcodec.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavcodec.so.58.91.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavdevice.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavdevice.so.58.10.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavformat.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavformat.so.58.45.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavutil.so.56
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavutil.so.56.51.100
But that file is already provided by package * libffmpeg-full
* opkg_install_cmd: Cannot install package libffmpeg-audio-dec.
Let's change it to:
Installing libffmpeg-audio-dec (4.3.4-1) to root...
Collected errors:
* check_conflicts_for: The following packages conflict with libffmpeg-audio-dec:
* check_conflicts_for: libffmpeg-full *
* opkg_install_cmd: Cannot install package libffmpeg-audio-dec.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9693bd47c5a67def43577c082d8ece34ffaf5113)
Christian Marangi [Tue, 25 Oct 2022 08:29:42 +0000 (10:29 +0200)]
atlas-probe: fix SIGSEGV error on 32bit system
Changes to time_t cause SIGSEGV error on 32bit system and cause ripe
atlas malfunction. (registration successful but no traffic)
Also introduce minor patch to fix some compilation warning.
While at it move PKG_RELEASE to AUTORELEASE macro.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
14c5dfe4c10f6550b7c4aab4419e0f64ef1abda4)
Josef Schlehofer [Wed, 26 Oct 2022 07:12:38 +0000 (09:12 +0200)]
libwebsockets: fix recursive dependency
While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl
It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.
Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a4e8cbb89a48729b3c3ad615765549628d495b0f)
Josef Schlehofer [Tue, 25 Oct 2022 10:14:25 +0000 (12:14 +0200)]
libwebsockets: OpenSSL and mbedTLS variants should conflict
They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
676c5c72b5eeb583da2603e399fac085fa442c59)
Josef Schlehofer [Tue, 25 Oct 2022 05:52:15 +0000 (07:52 +0200)]
libwebsockets: full variant provides OpenSSL
For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.
Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
77e682a11c53f4dcd0e76bdea5ee82de77eaacfe)
Josef Schlehofer [Tue, 25 Oct 2022 07:40:37 +0000 (09:40 +0200)]
lighttpd: backport patch to fix dummy Sec-WebSocket-Key
It was requested in https://gitlab.nic.cz/turris/os/packages/-/issues/873
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
de49362d35a4baaa36ca8cab3fa874f3ca8cb6ad)
Michal Hrusecky [Fri, 21 Oct 2022 20:43:52 +0000 (22:43 +0200)]
mariadb: Drop unused rundir fix socket dir perms
We had been creating "rundir" but it was never used, probably leftover
from some removed function. At the same time, we were setting quite
strict rights to the socket directory (while comments sugested
otherwise).
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit
8f6831b64b89243e7c1be5948f33e6737f7ddfc3)
Josef Schlehofer [Sun, 23 Oct 2022 07:44:53 +0000 (09:44 +0200)]
Merge pull request #19667 from miska/mariadb-21.02
[21.02] mariadb: Update to the latest version 10.4.26
Josef Schlehofer [Thu, 20 Oct 2022 19:59:19 +0000 (21:59 +0200)]
python3: update to version 3.9.15
Release notes:
- https://www.python.org/downloads/release/python-3915/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Hrusecky [Fri, 21 Oct 2022 21:36:45 +0000 (23:36 +0200)]
mariadb: Update to the latest version 10.4.26
Keeping the major version, bumping just a minor version. It includes
various bug fixes and security fixes. For details, see:
* https://mariadb.com/kb/en/mariadb-10426-release-notes/
* https://mariadb.com/kb/en/mariadb-10425-release-notes/
* https://mariadb.com/kb/en/mariadb-10424-release-notes/
* https://mariadb.com/kb/en/mariadb-10423-release-notes/
While at it, also switching to AUTORELEASE and refreshing patches.
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
Michal Vasilek [Tue, 18 Oct 2022 11:43:52 +0000 (13:43 +0200)]
ddns-scripts: fix cloudflare&digitalocean provides
Fixes mistake in
dbe79e409d4d772d607364b47116a108508bb466, the
cloudflare PROVIDES got mixed up with digitalocean.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
001564ed8356398c0e61dec12063604127b290e7)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
Michal Vasilek [Wed, 12 Oct 2022 16:50:34 +0000 (18:50 +0200)]
ddns-scripts: add PROVIDES for old package names
* ddns-scripts-services: provide ddns-scripts_service
* ddns-scripts-cloudflare: provide ddns-scripts_digitalocean.com-v2
* ddns-scripts-freedns: provide ddns-scripts_freedns_42_pl
* ddns-scripts-godaddy: provide ddns-scripts_godaddy.com-v1
* ddns-scripts-noip: provide ddns-scripts_no-ip_com
* ddns-scripts-nsupdate: provide ddns-scripts_nsupdate
* ddns-scripts-route53: provide ddns-scripts_route53-v1
* ddns-scripts-cnkuai: provide ddns-scripts_cnkuai_cn
https://github.com/openwrt/packages/pull/13509 renamed many ddns-scripts
packages, but didn't include a PROVIDES for the old package names to
make updates work well.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
dbe79e409d4d772d607364b47116a108508bb466)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
Michal Vasilek [Wed, 12 Oct 2022 17:29:55 +0000 (19:29 +0200)]
tailscale: fix -version
tailscale version, tailscaled -version and the web UI reported the wrong
version number which doesn't cause any issues, but it can be confusing.
This is fixed by specifying the version in go ldflags similar to how
it's done in many other go packages and the official tailscale Dockerfile.
version.Long version can not be specified in GO_PKG_LDFLAGS_X because it
contains a space and GO_PKG_LDFLAGS_X is always split at a space.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
738f44be4f39191aa4640086f37ef62420442e06)
Stijn Tintel [Wed, 22 Sep 2021 12:59:53 +0000 (15:59 +0300)]
keepalived: fix build with IPVS disabled
The genhash binary is only built when IPVS is enabled, so make its
installation depend on IPVS being enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
624d2278e7e78fd568679ad3976a6cf35ae143d1)
Florian Eckert [Wed, 18 Aug 2021 07:42:06 +0000 (09:42 +0200)]
keepalived: update to version 2.2.4
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
3f5b2d8cb3317e951f609ea20f86c5494b12fb1f)
Florian Eckert [Tue, 9 Mar 2021 08:12:37 +0000 (09:12 +0100)]
keepalived: update to version 2.2.2
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
bdcb3d590587e6cc77c231025b5ea485e134e8ad)
Daniel Golle [Thu, 13 Oct 2022 19:21:11 +0000 (20:21 +0100)]
postgresql: update to version 13.8
Update to 13.8 maintainance release of the PostgreSQL 13 release.
This release contains a variety of fixes from 13.7, among also a fix
addressing CVE-2022-2625.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 18 Mar 2022 18:50:34 +0000 (18:50 +0000)]
perl-net-dns: update to version 1.35
**** 1.35 Oct 4, 2022
Improve SVCB error reporting.
Fix rt.cpan.org #144328
accept_reply test fails with matched consecutive "random"
generated packet->id
Fix rt.cpan.org #144299
Spelling errors.
**** 1.34 May 30, 2022
Improve robustness of EDNS option compose/decompose functions.
Simplify code in Makefile.PL.
Fix rt.cpan.org #142426
Avoid "Useless use of a constant in void context" warning.
**** 1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
93a7806578acbdbdf972d87631623c640de8602c)
(cherry picked from commit
b9338331be79cf8d0c1f9aa0dde2acf57a75ebe8)
Daniel Golle [Fri, 18 Mar 2022 18:36:16 +0000 (18:36 +0000)]
pcsc-lite: update to version 1.9.8
1.9.8: Ludovic Rousseau
11 June 2022
- Install install_spy.sh & uninstall_spy.sh scripts in docdir
- SCardTransmit(): do not fail if receive buffer is "too large"
- SCardControl(): do not fail if receive buffer is "too large"
- fix some memory leaks on shutdown
- use a better random number generator
- Some other minor improvements
1.9.7: Ludovic Rousseau
13 May 2022
- disable strict compilation by default
- fix 3 warnings
1.9.6: Ludovic Rousseau
11 May 2022
- do not fail reader removal in some specific cases (USB/Thunderbolt port)
- improve documentation regarding /etc/reader.conf.d/
- SCardGetStatusChange: speedup the case DISABLE_AUTO_POWER_ON
- configure:
. add --disable-strict option
By default the compiler arguments are now:
-Wall -Wextra -Wno-unused-parameter -Werror ${CFLAGS}
. fail if flex is not found
- fix different data races
- pcscdaemon: -v displays internal constants values:
MAX_READERNAME & PCSCLITE_MAX_READERS_CONTEXTS
- Some other minor improvements
1.9.5: Ludovic Rousseau 4 December 2021
- pcscd: autoexit even if no client connects
- Fix variable substitution in systemd units
- fix potential race conditions with powerState handling
- Add and use tag TAG_IFD_DEVICE_REMOVED
- UnitaryTests: port code to Python 3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
5c22f4917557bccb51a57e1b6cc0cab1d093581f)
(cherry picked from commit
db667b5b0ff51a2c74f61b166f1e5700e7161090)
pcsc-lite: update to verion 1.9.9
1.9.9: Ludovic Rousseau
11 September 2022
- SCardEstablishContext() may return SCARD_W_SECURITY_VIOLATION if refused by Polkit
- Fix SCardReleaseContext() failure on orphan handles
- Fix SCardDisconnect() on orphan handle
- pcsc-spy: log the pioSendPci & pioRecvPci SCardTransmit() parameters
- Improve the log from pcscd: log the return code in text instead of hex
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a8698d5ede0e00b73f95592d63be212483224ce1)
Daniel Golle [Fri, 18 Mar 2022 18:49:33 +0000 (18:49 +0000)]
lvm2: update to 2.03.15
Version 2.03.15 - 07th February 2022
====================================
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.16 - 18th May 2022
===============================
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath
configuration.
lvmdevices support for removing by device id using --deviceidtype and
--deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
Mostly bug fixes and minor improvements.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
63408123dfb4eaaccd0e5c1ba02a300779e629f5)
(cherry picked from commit
4e70f5caef0e80d75bb0c50c1819b9ded6923adc)
Florian Eckert [Tue, 15 Mar 2022 14:04:55 +0000 (15:04 +0100)]
libudev-zero: update to version 1.0.1
The new version includes all previously locally backported patches.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
669e4a9542e5e6cb82a7b775733637e031260f62)
Daniel Golle [Wed, 7 Sep 2022 18:49:34 +0000 (19:49 +0100)]
libp11: update to version 0.4.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
d3b50744769fe954b6713cca98c45325cc477df1)
Daniel Golle [Thu, 6 Oct 2022 14:24:28 +0000 (15:24 +0100)]
libksba: update to version 1.6.1
Update to stable release 1.6.1.
See commit log since version 1.6.0 for changes[1].
[1]: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=shortlog;h=
d3c1e063d708a46ef39152256f8b1ea466b61be0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
df589ce880bef12a297bfa39738deae84710ed4c)
Daniel Golle [Fri, 18 Mar 2022 18:46:53 +0000 (18:46 +0000)]
libinput: update to version 1.19.4
This release includes a fix for CVE-2022-1215, a format string
vulnerabilty in the evdev device handling. For details, see
https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
Peter Hutterer (2):
evdev: strip the device name of format directives
libinput 1.19.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
23638c7ffb104de7bea476726d42974cc42fb893)
(cherry picked from commit
b95dbe4187a7a21f7cf13f578a81fa0337706190)
Daniel Golle [Wed, 7 Sep 2022 18:33:14 +0000 (19:33 +0100)]
libevdev: update to version 1.13.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
630f5b1608550bbe3dc204a50d873b3e54ad17af)
Daniel Golle [Thu, 24 Mar 2022 22:30:03 +0000 (22:30 +0000)]
gpgme: update to version 1.18.0
Noteworthy changes in version 1.17.0 (2022-02-07)
-------------------------------------------------
* New context flag "key-origin". [#5733]
* New context flag "import-filter". [#5739]
* New export mode to export secret subkeys. [#5757]
* Detect errors during the export of secret keys. [#5766]
* New function gpgme_op_receive_keys to import keys from a keyserver
without first running a key listing. [#5808]
* Detect bad passphrase error in certificate import. [T5713]
* Allow setting --key-origin when importing keys. [T5733]
* Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry", and "socketdir" in gpgme_get_dirinfo. [T5727,T5613]
* Under Unix use poll(2) instead of select(2), when available.
[T2385]
* Do not use --flat_namespace when linking for macOS. [T5610]
* Fix results returned by gpgme_data_* functions. [T5481]
* Support closefrom also for glibc. [rM4b64774b6d]
* cpp,qt: Add support for export of secret keys and secret subkeys.
[#5757]
* cpp,qt: Support for adding existing subkeys to other keys. [#5770]
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time. [#4717]
* qt: Expect UTF-8 on stderr on Windows. [rM8fe1546282]
* qt: Allow retrieving the default value of a config entry. [T5515]
Noteworthy changes in version 1.17.1 (2022-03-06)
-------------------------------------------------
* qt: Fix a bug in the ABI compatibility of 1.17.0. [T5834]
Noteworthy changes in version 1.18.0 (2022-08-10)
-------------------------------------------------
* New keylist mode to force refresh via external methods. [T5951]
* The keylist operations now create an import result to report the
result of the locate keylist modes. [T5951]
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure. [T5939]
* cpp, qt: Do not export internal symbols anymore. [T5906]
* cpp, qt: Support revocation of own OpenPGP keys. [T5904]
* qt: The file name of (signed and) encrypted data can now be set. [T6056]
* cpp, qt: Support setting the primary user ID. [T5938]
* python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
d7799595bd74992145172706b5e65f71658e0e63)
(cherry picked from commit
00bfb4f151d80e8e6f7b860d423ef1fa8c926251)
Hauke Mehrtens [Sun, 9 Jan 2022 18:45:49 +0000 (18:45 +0000)]
gpgme: Fix compile with glibc 2.34
This backports a patch from upstream gpgme to fix compilation with glibc 2.34.
It fixes the following build problem:
posix-io.c: In function '_gpgme_io_spawn':
posix-io.c:577:23: error: void value not ignored as it ought to be
577 | while ((i = closefrom (fd)) && errno == EINTR)
| ^
make[5]: *** [Makefile:947: posix-io.lo] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
dafb96c14837bf133e5215cf65fc7ed1439a375a)
Daniel Golle [Thu, 6 Oct 2022 15:27:31 +0000 (16:27 +0100)]
gawk: update to version 5.2.0
For changes see ChangeLog file[1].
[1]: https://git.savannah.gnu.org/cgit/gawk.git/plain/ChangeLog?h=gawk-5.2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cd20631bc7db1faf7b543656a265734adad0a6e2)
Daniel Golle [Thu, 25 Mar 2021 22:50:23 +0000 (22:50 +0000)]
exfatprogs: update to 1.1.3
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
54b8e21fe7ba61fdd5fd60b6d9c211e27b7cd740)
(cherry picked from commit
97e87c471c4a8e03ff218f842ae37cbfd240cc96)
(cherry picked from commit
b1585a53756fac2dcc08b7ecec9260c29714bf5a)
(cherry picked from commit
3caf9ce16be0ce305acc289023b74c88abb16b01)
Daniel Golle [Wed, 7 Sep 2022 17:24:22 +0000 (18:24 +0100)]
exim: update to version 4.96
Exim version 4.96
-----------------
JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
after reception to before a subsequent reception. This should
mean slightly faster delivery, and also confirmation of reception
to senders.
JH/02 Move from using the pcre library to pcre2. The former is no longer
being developed or supported (by the original developer).
JH/03 Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for
sendfile() didi not account for the way the ClamAV driver code called it.
JH/05 Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
JH/07 Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
JH/08 Remove stripping of the binaries from the FreeBSD build. This was added
in 4.61 without a reason logged. Binaries will be bigger, which might
matter on diskspace-constrained systems, but debug is easier.
JH/09 Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be
handing out large-numbered file descriptors, violating the usual Unix
assumption (and required by Posix) that the lowest possible number will be
allocated by the kernel when a new one is needed. In the daemon, and any
child procesees, values higher than 1024 (being bigger than FD_SETSIZE)
are not useable for FD_SET() [and hence select()] and overwrite the stack.
Assorted crashes happen.
JH/11 Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections. Found by
Wakko Warner.
JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux,
though only once PCRE2 was introduced: the memory accounting used under
debug offset allocations by an int, giving a hard trap in early startup.
Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz.
JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given. The write-protection of configuration introduced
in 4.95 trapped when normalisation was applied to an option not needing
expansion action.
JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon
failing to close the certificates directory, every hour or any time it
was touched.
JH/16 Debugging initiated by an ACL control now continues through into routing
and transport processes. Previously debugging stopped any time Exim
re-execs, or for processing a queued message.
JH/17 The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
4.88 to 4.95 are affected.
JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn.
JH/20 When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename. Previously, if a directory
path was given, for example via the autoreply "once" option, the DB
file.pag and file.dir files would be created in that directory's
parent.
JH/21 Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector. These were previously deprecated.
JH/22 Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously
the call into OpenSSL to send a TLS Close was being repeated; this
resulted in the library waiting for the peer's Close. If that was never
sent we waited forever. Fix by tracking send calls.
JH/24 The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler. The old ordering can be obtained by
appending a new option "preexpand", after a comma, to the "run".
JH/25 Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of
the the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
Previously any use of the local address in the EHLO name disabled
PIPECONNECT, the common case being to use the rDNS of it.
JH/28 OpenSSL: fix transport-required OCSP stapling verification under session
resumption. Previously verify failed because no certificate status is
passed on the wire for the restarted session. Fix by using the recorded
ocsp status of the stored session for the new connection.
JH/29 TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
Previously only the server IP was used.
JH/30 Fix string_copyn() for limit greater than actual string length.
Previously the copied amount was the limit, which could result in a
overlapping memcpy for newly allocated destination soon after a
source string shorter than the limit. Found/investigated by KM.
JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection. This caused a
SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas.
JH/32 Fix CHUNKING for a second message on a connection when the first was
rejected. Previously we did not reset the chunking-offered state, and
erroneously rejected the BDAT command. Investigation help from
Jesse Hathaway.
JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning
an empty address. Previously the expansion returned an error.
HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy. Previously these were misparsed, leading to paniclog entries.
Also contains commit
51be321b27 "Fix PAM auth. Bug 2813" addressing
CVE-2022-37451.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
f2763b95afc57b88dc9d494b3fbf3841ba38a314)
Daniel Golle [Wed, 7 Sep 2022 17:39:46 +0000 (18:39 +0100)]
cryptsetup: update to version 2.5.0
Update to new major release of cryptsetup. For details, please see
the release notes[1].
[1]: https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
80439f802cc61e826277851aaeb30ba7a221195c)
Daniel Golle [Sat, 23 Jul 2022 08:37:28 +0000 (09:37 +0100)]
cryptsetup: fix library paths by calling autoreconf
Use PKG_FIXUP:=autoreconf when building cryptsetup to prevent
accidental linkage against host libraries.
Fixes: #19011
Reported-by: @dreirund
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
ad0ac5198decbc15c57801509a3005c1608ecbce)
Daniel Golle [Fri, 18 Mar 2022 18:40:15 +0000 (18:40 +0000)]
ccid: update to version 1.5.0
1.5.0 - 27 January 2022, Ludovic Rousseau
- Add support of
- ACS ACR1281U
- Circle CCR7125 ICC
- Circle CIR125 ICC
- Circle CIR125-DOT ICC
- Circle CIR215 CL with iProduct 0x2100
- Circle CIR315 DI
- Circle CIR315 with idProduct: 0x0324
- Circle CIR315 with idProduct: 0x7004
- Circle CIR415 CL
- Circle CIR515 ICC
- Circle CIR615 CL
- Circle CIR615 CL & 1S
- ELYCTIS CL reader
- Nitrokey Nitrokey 3
- Thales Shield M4 Reader
- Add support of simultaneous slot access on multi slots readers
- Use FeliCa instead of Felica on SONY request
- Fix SafeNet eToken 5110 SC issue
- Allow vendor control commands for Omnikey 5427 CK
- always compute readTimeout to use a value greater than default 3 seconds
- Check the bSeq value when receiving a CCID frame
- Avoid logging errors when a reader is removed
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
0dd218a2fb4a569ad61324ad6d57336453e1ef96)
Daniel Golle [Mon, 21 Mar 2022 10:53:25 +0000 (10:53 +0000)]
auc: update to 0.3.1
Sync auc with main branch.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6c9ab0e426466ca3bb18a76f2f6b4645015a31e0)
(cherry picked from commit
f1969ab5849095dbfe85f34e9415988357ed53bf)
(cherry picked from commit
36525086ce468ba5f062f41be231be9f43d9488f)
(cherry picked from commit
fd36c91db869544df882de6812cf57dd5056c976)
Michal Vasilek [Mon, 10 Oct 2022 13:18:24 +0000 (15:18 +0200)]
python3: update to 3.9.14
* fixes CVE-2021-28861
* refresh patches
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Stan Grishin [Mon, 10 Oct 2022 15:20:16 +0000 (08:20 -0700)]
Merge pull request #19581 from stangri/openwrt-21.02-curl
[21.02] curl: error out if wolfSSL is not usable
Petr Štetiar [Mon, 10 Oct 2022 08:47:55 +0000 (10:47 +0200)]
curl: error out if wolfSSL is not usable
When we explicitly declare, that we would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then we should
make sure, that we either endup with curl having that support, or it
shouldn't be available at all, otherwise we risk, that we end up with
regressions like following:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produce curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: #19005, #19547
Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
9140f366ef91c6eeb04ca39347c40deecaf56419)
Josef Schlehofer [Sun, 9 Oct 2022 19:37:09 +0000 (21:37 +0200)]
Merge pull request #19569 from
1715173329/y2
[openwrt-21.02] yq: Update to 4.28.1
Tianling Shen [Sat, 8 Oct 2022 06:25:38 +0000 (14:25 +0800)]
yq: Update to 4.28.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
40f0e263bf63068ff8c4e1adeaf4e807498d95f5)
Hirokazu MORIKAWA [Fri, 7 Oct 2022 07:18:29 +0000 (16:18 +0900)]
node: bump to v14.20.1
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* CVE-2022-32213: bypass via obs-fold mechanic (Medium)
* CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Stan Grishin [Sat, 8 Oct 2022 00:33:43 +0000 (17:33 -0700)]
Merge pull request #19548 from ynezz/ynezz/openwrt-21.02-fix-broken-libcurl
[21.02] fix broken libcurl by backporting curl: fix compilation with wolfSSL
Rosen Penev [Wed, 20 Jul 2022 02:24:19 +0000 (19:24 -0700)]
curl: fix compilation with wolfSSL
options.h header is needed after bump of libwolfssl to version 5.5.1,
otherwise libcurl autodetection for libwolfssl availability fails and
libcurl is then compiled without https support.
Fixes: #19547
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
317575755a83fe21888439f1fd9adccca9e0f36e)
(cherry picked from commit
ef545e0317e06cb388eec33c9dc4292f09473fdb)
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit verbosity]
Petr Štetiar [Thu, 6 Oct 2022 11:34:38 +0000 (13:34 +0200)]
Merge pull request #19536 from ynezz/ynezz/openwrt-21.02-wolfssl-CVE-2022-39173
[21.02] treewide: fix security issues by bumping all packages using libwolfssl
Eneas U de Queiroz [Wed, 14 Sep 2022 21:32:47 +0000 (18:32 -0300)]
libgd: avoid recursive and redundant dependencies
Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.
While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
085eb34fbf7c7aaa20da35ebe2f493601c5f19b2)
Nick Hainke [Sat, 24 Sep 2022 15:59:40 +0000 (17:59 +0200)]
tor: update to 0.4.7.10
Release Notes:
https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
b9cf0cdce6ee56778a0b7ecd3d5ed520b3e2dbac)
[fix commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit
ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit
f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
845d81ca0976c82829addc23e9e8b95885c910ee)
(cherry picked from commit
f624e41f38e82e3b2df83e309e7bb00b68ad0091)
Michael Heimpold [Tue, 4 Oct 2022 15:35:32 +0000 (17:35 +0200)]
Merge pull request #19518 from mhei/21.02-php8-update-8.0.24
[21.02] php8: update to 8.0.24
Michael Heimpold [Tue, 4 Oct 2022 15:35:16 +0000 (17:35 +0200)]
Merge pull request #19517 from mhei/21.02-php7-update-7.4.32
[21.02] php7: update to 7.4.32
Michael Heimpold [Tue, 4 Oct 2022 05:45:10 +0000 (07:45 +0200)]
php8: update to 8.0.24
This fixes:
- CVE-2022-31629
- CVE-2022-31628
Also refresh patch to apply cleanly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>