feed/packages.git
5 years agopsqlodbc: bump to 10.03.0000, fix --with-unixodbc
Eneas U de Queiroz [Thu, 6 Dec 2018 11:48:35 +0000 (09:48 -0200)]
psqlodbc: bump to 10.03.0000, fix --with-unixodbc

[ Upstream commit 2bc28eb40c84894f5ec3394656a90f015ee7a70f ]

Update to 10.03.0000.

--with-unixodbc should point to the odbc_config binary, not to the top
of the install directory $(STAGING_DIR)/usr.

Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agoMerge pull request #8759 from neheb/bon2
Rosen Penev [Tue, 23 Apr 2019 18:05:36 +0000 (11:05 -0700)]
Merge pull request #8759 from neheb/bon2

[18.06] bonnie++: Update to 1.98

5 years agobonnie++: Update to 1.98 8759/head
Rosen Penev [Wed, 23 Jan 2019 23:21:12 +0000 (15:21 -0800)]
bonnie++: Update to 1.98

This version contains NVME fixes.

Edited the patches to modify the package Makefile directly so as to reduce
hacks in the OpenWrt Makefile.

Added LTO support to lower filesize by ~4KB.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoMerge pull request #8718 from neheb/lcd
Rosen Penev [Tue, 23 Apr 2019 05:59:55 +0000 (22:59 -0700)]
Merge pull request #8718 from neheb/lcd

[18.06] lcd4linux: Update to 1204

5 years agoMerge pull request #8716 from neheb/wifi
Rosen Penev [Tue, 23 Apr 2019 05:54:18 +0000 (22:54 -0700)]
Merge pull request #8716 from neheb/wifi

[18.06] wifidog: Change to use TLS above 1.0

5 years agoMerge pull request #8717 from neheb/setser
Rosen Penev [Tue, 23 Apr 2019 05:53:49 +0000 (22:53 -0700)]
Merge pull request #8717 from neheb/setser

[18.06] setserial: Don't build docs to remove nroff dependency

5 years agoMerge pull request #8720 from neheb/iio
Rosen Penev [Tue, 23 Apr 2019 05:53:26 +0000 (22:53 -0700)]
Merge pull request #8720 from neheb/iio

[18.06] libiio: add missing dependency to zlib

5 years agoMerge pull request #8719 from neheb/unix
Rosen Penev [Mon, 22 Apr 2019 19:18:34 +0000 (12:18 -0700)]
Merge pull request #8719 from neheb/unix

[18.06] unixodbc: Fix compilation

5 years agoMerge pull request #8733 from jefferyto/openwrt-18.06-python-cve-2019-9636
Rosen Penev [Mon, 22 Apr 2019 16:27:56 +0000 (09:27 -0700)]
Merge pull request #8733 from jefferyto/openwrt-18.06-python-cve-2019-9636

[openwrt-18.06] python,python3: Fix CVE-2019-9636 - urlsplit missing NFKC normalization

5 years agopython,python3: Fix CVE-2019-9636 - urlsplit missing NFKC normalization 8733/head
Jeffery To [Sat, 20 Apr 2019 16:52:30 +0000 (00:52 +0800)]
python,python3: Fix CVE-2019-9636 - urlsplit missing NFKC normalization

These patches address issue:
CVE-2019-9636: urlsplit does not handle NFKC normalization

Link to Python issue:
https://bugs.python.org/issue36216

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agoMerge pull request #8706 from nxhack/18_06_icu_support_reiwa
Rosen Penev [Fri, 19 Apr 2019 01:29:02 +0000 (18:29 -0700)]
Merge pull request #8706 from nxhack/18_06_icu_support_reiwa

[openwrt-18.06] icu: support for new Japanese era Reiwa

5 years agolibiio: add missing dependency to zlib 8720/head
Martin Schiller [Thu, 23 Aug 2018 06:52:59 +0000 (08:52 +0200)]
libiio: add missing dependency to zlib

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
5 years agounixodbc: save unixodbc_conf.h for host build 8719/head
Eneas U de Queiroz [Tue, 11 Dec 2018 23:12:24 +0000 (21:12 -0200)]
unixodbc: save unixodbc_conf.h for host build

Save a copy of unixodbc_conf.h in STAGING_DIR to be used by host build.
Use STAGING_DIR/tmp/unixodbc instead of include.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agounixodbc: fix clean-build compilation
Eneas U de Queiroz [Thu, 6 Dec 2018 14:03:02 +0000 (12:03 -0200)]
unixodbc: fix clean-build compilation

For host compilation, the configure-generated config.h from the target
compilation is used in place of the host-generated file.  When the
target package is compiled with clean-build, that file is gone.  This
saves the file under $(STAGING_DIR), and fetch it from there.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agounixodbc: Fix LIB_PREFIX in host build
Eneas U de Queiroz [Thu, 6 Dec 2018 11:43:36 +0000 (09:43 -0200)]
unixodbc: Fix LIB_PREFIX in host build

When copying config.h from PKG_BUILD_DIR to HOST_BUILD_DIR, LIB_PREFIX
is set to /usr/lib.  Then when odbc_config is run, it reports /usr/lib
as the --lib-dir, and in --libs as well, and dependent packages may
fail.  Set it to $(STAGING_DIR)/usr/lib to make it right.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agolcd4linux: Update to 1204 8718/head
Rosen Penev [Mon, 12 Nov 2018 23:05:29 +0000 (15:05 -0800)]
lcd4linux: Update to 1204

Very minor bugfix.

Also adjusted standard to gnu89 to fix compilation issues (lot of missing
prototypes).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agosetserial: Don't build docs to remove nroff dependency 8717/head
Rosen Penev [Thu, 11 Oct 2018 18:22:22 +0000 (11:22 -0700)]
setserial: Don't build docs to remove nroff dependency

Buildbots are failing as they lack nroff.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agowifidog: Change to use TLS above 1.0 8716/head
Rosen Penev [Sun, 26 Aug 2018 04:13:34 +0000 (21:13 -0700)]
wifidog: Change to use TLS above 1.0

This should fix compilation as wolfSSL currently does not define
wolfTLSv1_client_method. And as the comment suggests, this is only TLS 1,
not 1.0 and above.

SSLv23 is TLS 1.1 and above as currently configured in the wolfssl package

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoicu: [openwrt-18.06] support for new Japanese era Reiwa 8706/head
Hirokazu MORIKAWA [Thu, 18 Apr 2019 04:04:26 +0000 (13:04 +0900)]
icu: [openwrt-18.06] support for new Japanese era Reiwa

support for new Japanese era Reiwa
change source url

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
5 years agonano: update to 4.1
Hannu Nyman [Tue, 16 Apr 2019 15:19:00 +0000 (18:19 +0300)]
nano: update to 4.1

* update nano to 4.1
* implement Makefile style changes proposed in #8483

Release notes at https://nano-editor.org/news.php

2019.04.15 - GNU nano 4.1
* By default, a newline character is again automatically added at the
  end of a buffer, to produce valid POSIX text files by default, but
  also to get back the easy adding of text at the bottom.
* The now unneeded option --finalnewline (-f) has been removed.
* Syntax files are read in alphabetical order when globbing, so that
  the precedence of syntaxes becomes predictable.
* In the C syntax, preprocessor directives are highlighted differently.
* M-S now toggles soft wrapping, and M-N toggles line numbers.
* The jumpy-scrolling toggle has been removed.
* The legacy keystrokes ^W^Y and ^W^V are recognized again.
* Executing an external command is disallowed when in view mode.
* Problems with resizing during external or speller commands were fixed.

Tested with ipq806x R7800

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 5c212b1a13162dd78e7e8df3ded9e5f1b297a443)

5 years agoMerge pull request #8638 from mwarning/zerotier 8666/head
Rosen Penev [Thu, 11 Apr 2019 16:47:35 +0000 (09:47 -0700)]
Merge pull request #8638 from mwarning/zerotier

zerotier: update version

5 years agoMerge pull request #8477 from BKPepe/openwrt-18.06_perl
Rosen Penev [Thu, 11 Apr 2019 16:42:51 +0000 (09:42 -0700)]
Merge pull request #8477 from BKPepe/openwrt-18.06_perl

[OpenWrt 18.06] perlmod: fix ability to build module out-of-feed

5 years agonet/mosquitto: correct config file option name
Karl Palsson [Thu, 11 Apr 2019 12:06:51 +0000 (12:06 +0000)]
net/mosquitto: correct config file option name

Correct option is "password_file" not "passwd_file"

Originally reported as: https://github.com/openwrt/packages/pull/8642
Added the package bump.

Signed-off-by: Karl Palsson <karlp@etactica.com>
5 years agozerotier: fix multiple instance handling and port setting 8638/head
Moritz Warning [Sun, 9 Sep 2018 09:32:38 +0000 (11:32 +0200)]
zerotier: fix multiple instance handling and port setting

Signed-off-by: Moritz Warning <moritzwarning@web.de>
5 years agozerotier: update to version 1.2.12
Moritz Warning [Fri, 25 May 2018 00:04:01 +0000 (02:04 +0200)]
zerotier: update to version 1.2.12

Signed-off-by: Moritz Warning <moritzwarning@web.de>
5 years agoMerge pull request #8595 from EricLuehrsen/openwrt-18.06
Hannu Nyman [Sat, 6 Apr 2019 15:16:48 +0000 (18:16 +0300)]
Merge pull request #8595 from EricLuehrsen/openwrt-18.06

[openwrt-18.06] unbound: correct forward of root domain

5 years agounbound: correct forward of root domain 8595/head
Eric Luehrsen [Fri, 5 Apr 2019 04:14:50 +0000 (00:14 -0400)]
unbound: correct forward of root domain

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years agoznc: backport CVE fixes to 1.6
Jonas Gorski [Mon, 1 Apr 2019 09:19:15 +0000 (11:19 +0200)]
znc: backport CVE fixes to 1.6

Backport fixes for CVEs CVE-2018-14055 and CVE-2018-14056.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
5 years agoMerge pull request #7807 from D-Albers/openwrt-18.06
Rosen Penev [Sat, 30 Mar 2019 05:56:13 +0000 (22:56 -0700)]
Merge pull request #7807 from D-Albers/openwrt-18.06

jool: Backport two fixes for newer kernels.

5 years agoMerge pull request #8449 from micmac1/ssh2-1806-181
Jiri Slachta [Thu, 28 Mar 2019 08:41:06 +0000 (09:41 +0100)]
Merge pull request #8449 from micmac1/ssh2-1806-181

libssh2 (18.06): version bump/CVE fixes

5 years agomosquitto: bump to v1.5.8
Karl Palsson [Tue, 26 Mar 2019 16:02:46 +0000 (16:02 +0000)]
mosquitto: bump to v1.5.8

Full changelog available at:
https://github.com/eclipse/mosquitto/blob/v1.5.8/ChangeLog.txt

This is a bugfix release.  Of likely note to OpenWrt is a bug affecting
missing messages on bridges since 1.5.4:
https://github.com/eclipse/mosquitto/issues/1174

Signed-off-by: Karl Palsson <karlp@etactica.com>
5 years agophp7: Add PKG_CPE_ID for proper CVE tracking
Jan Pavlinec [Fri, 15 Mar 2019 14:03:37 +0000 (15:03 +0100)]
php7: Add PKG_CPE_ID for proper CVE tracking

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 0465f6fb46eaee51a6f29de8f4177357796a3522)

5 years agophp7: update to 7.2.16
Michael Heimpold [Wed, 13 Mar 2019 21:21:16 +0000 (22:21 +0100)]
php7: update to 7.2.16

Also refresh patch which does not apply cleanly anymore.

Run tested on Duckbill for mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 80cdd53134b03c59259b92782e6e78219330f1c6)

5 years agophp7: fix cross compiling patch (fixes #8166)
Michael Heimpold [Sun, 10 Feb 2019 20:45:16 +0000 (21:45 +0100)]
php7: fix cross compiling patch (fixes #8166)

Fixes: e148924a4 ("php7: update to 7.2.15")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 1d4081dd4c43ab51d8a6393c0c6c57ba9a79b80c)

5 years agophp7: update to 7.2.15
Michael Heimpold [Sat, 9 Feb 2019 12:35:53 +0000 (13:35 +0100)]
php7: update to 7.2.15

Also refresh patch which does not apply cleanly anymore.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit e148924a4c2935007ded7f4f05c0bd63016c5b00)

5 years agophp7: update to 7.2.14
Michael Heimpold [Fri, 11 Jan 2019 22:47:30 +0000 (23:47 +0100)]
php7: update to 7.2.14

While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:

-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-

This parameter seems to make no difference on other targets, nor
improve or make worse the package size.

Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 963c841463cee3a2d8afc34b5363a3e097556e04)

5 years agophp7: update to 7.2.13
Michael Heimpold [Sun, 9 Dec 2018 15:01:14 +0000 (16:01 +0100)]
php7: update to 7.2.13

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 794f8f8e94105a84c3a929f8703a84f52d68a91c)

5 years agophp7: update to 7.2.12
Michael Heimpold [Sun, 11 Nov 2018 19:48:21 +0000 (20:48 +0100)]
php7: update to 7.2.12

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2186fe821da70c84b74aad364515b73cc30c75f8)

5 years agophp7: update to 7.2.11
Michael Heimpold [Tue, 16 Oct 2018 19:59:49 +0000 (21:59 +0200)]
php7: update to 7.2.11

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 797776a3b3a2c886c325831eacea85e3d94104e4)

5 years agophp7: update to 7.2.10
Michael Heimpold [Sun, 23 Sep 2018 19:35:04 +0000 (21:35 +0200)]
php7: update to 7.2.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c69af6717cc28f946284a729c4c2b8954eede673)

5 years agophp7: adjust load priority for openssl (fixes #6893)
Michael Heimpold [Sun, 2 Sep 2018 19:44:34 +0000 (21:44 +0200)]
php7: adjust load priority for openssl (fixes #6893)

This orders loading of openssl extension before extensions
which require openssl functions.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5afeb3f9c8512d5d786766bd394c4e2f6371f99f)

5 years agonano: update to 4.0
Hannu Nyman [Sun, 24 Mar 2019 17:14:03 +0000 (19:14 +0200)]
nano: update to 4.0

Update nano editor to version 4.0.

Release notes at
http://git.savannah.gnu.org/cgit/nano.git/plain/NEWS?h=v4.0

 2019.03.24 - GNU nano 4.0 "Thy Rope of Sands"
 * An overlong line is no longer automatically hard-wrapped.
 * Smooth scrolling (one line at a time) has become the default.
 * A newline character is no longer automatically added at end of buffer.
 * The line below the title bar is by default part of the editing space.
 * Option --breaklonglines (-b) turns automatic hard-wrapping back on.
 * Option --jumpyscrolling (-j) gives the chunky, half-screen scrolling.
 * Option --finalnewline (-f) brings back the automatic newline at EOF.
 * Option --emptyline (-e) leaves the line below the title bar unused.
 * <Alt+Up> and <Alt+Down> now do a linewise scroll instead of a findnext.
 * Any number of justifications can be undone (like all other operations).
 * When marked text is justified, it becomes a single, separate paragraph.
 * Option --guidestripe=<number> draws a vertical bar at the given column.
 * Option --fill=<number> no longer turns on automatic hard-wrapping.
 * When a line continues offscreen, it now ends with a highlighted ">".
 * The halfs of a split two-column character are shown as "[" and "]".
 * A line now scrolls horizontally one column earlier.
 * The bindable functions 'cutwordleft' and 'cutwordright' were renamed
   to 'chopwordleft' and 'chopwordright' as they don't use the cutbuffer.
 * The paragraph-jumping functions were moved from Search to Go-to-Line.
 * Option --rebinddelete is able to compensate for more misbindings.
 * Options --morespace and --smooth are obsolete and thus ignored.
 * The --disable-wrapping-as-root configure option was removed.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit f1d51dbf7692cee150c3f1202d678afc7fcd178f)

5 years agoperlmod: fix ability to build module out-of-feed 8477/head
Philip Prindeville [Sun, 23 Sep 2018 19:36:37 +0000 (13:36 -0600)]
perlmod: fix ability to build module out-of-feed

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
5 years agolibssh2: version bump/CVE fixes 8449/head
Sebastian Kemper [Tue, 19 Mar 2019 07:48:55 +0000 (08:48 +0100)]
libssh2: version bump/CVE fixes

- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years agoJinja2: Update to 2.10
Rosen Penev [Sun, 11 Nov 2018 03:38:41 +0000 (19:38 -0800)]
Jinja2: Update to 2.10

Switch URL to a deterministic one.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoruby: update to 2.5.5
Luiz Angelo Daros de Luca [Mon, 18 Mar 2019 17:35:39 +0000 (14:35 -0300)]
ruby: update to 2.5.5

2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma

2.5.4: Fixes multiple vulnerabilities:

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 years agoruby: fix build for uclibc
Luiz Angelo Daros de Luca [Fri, 8 Feb 2019 03:38:33 +0000 (01:38 -0200)]
ruby: fix build for uclibc

Backporting upstream fix. Closes #8051.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit f9b16dea51b34e6fbced77a81096cf1fb82f39ce)

5 years agovpnc: fix IPv6-triggered inoperability
Daniel Gimpelevich [Sat, 9 Mar 2019 11:17:47 +0000 (03:17 -0800)]
vpnc: fix IPv6-triggered inoperability

When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from ca56324 and PKG_MIRROR_HASH removal from 494ce71)

5 years agopostgresql: Revert adding build dependency to zlib/host
Hannu Nyman [Sun, 17 Mar 2019 08:33:25 +0000 (10:33 +0200)]
postgresql: Revert adding build dependency to zlib/host

Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.

The host build of zlib was removed already in April 2018 by
https://github.com/openwrt/openwrt/commit/8dcd941d8b934891676a8d4bbef1ee78e89a4bf7#diff-1ed408c61d79f9c6c5d197333e94ce8d
which made zlib a build tool defined in /tools

The newly introduced build dependency causes always a warning like:
   WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
   has a build dependency on 'zlib/host', which does not exist

Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit d8e61d49da52e86994492c9c274da35dd3b214fc)

5 years agoMerge pull request #8403 from BKPepe/transmission_openwrt-18.06
Hannu Nyman [Sat, 16 Mar 2019 06:01:50 +0000 (08:01 +0200)]
Merge pull request #8403 from BKPepe/transmission_openwrt-18.06

[OpenWrt 18.06] Transmission: update to version 2.94

5 years agoMerge pull request #8402 from BKPepe/netdata_openwrt-18.06
Hannu Nyman [Sat, 16 Mar 2019 06:00:39 +0000 (08:00 +0200)]
Merge pull request #8402 from BKPepe/netdata_openwrt-18.06

[OpenWrt 18.06] Netdata: update to version 1.12.2

5 years agoMerge pull request #8395 from EricLuehrsen/unbound_191_1806
Hannu Nyman [Wed, 13 Mar 2019 15:24:28 +0000 (17:24 +0200)]
Merge pull request #8395 from EricLuehrsen/unbound_191_1806

[openwrt-18.06] unbound: update to 1.9.1

5 years agotransmission: update to version 2.94 8403/head
Rosen Penev [Wed, 13 Mar 2019 14:28:09 +0000 (15:28 +0100)]
transmission: update to version 2.94

Add LTO support

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoNetdata: update to version 1.12.2 8402/head
Josef Schlehofer [Wed, 13 Mar 2019 13:49:27 +0000 (14:49 +0100)]
Netdata: update to version 1.12.2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agolibtalloc: Merge 2.1.14 from master (remove libbsd dependency)
Ted Hess [Wed, 13 Mar 2019 12:39:17 +0000 (08:39 -0400)]
libtalloc: Merge 2.1.14 from master (remove libbsd dependency)

Signed-off-by: Ted Hess <thess@kitschensync.net>
5 years agounbound: update to 1.9.1 8395/head
Eric Luehrsen [Wed, 13 Mar 2019 01:26:53 +0000 (21:26 -0400)]
unbound: update to 1.9.1

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years agoMerge pull request #8386 from wvdakker/openwrt-18.06
Hannu Nyman [Tue, 12 Mar 2019 15:49:32 +0000 (17:49 +0200)]
Merge pull request #8386 from wvdakker/openwrt-18.06

Openwrt 18.06: Shorewall Bump to 5.2.0.5 (issue #8382)

5 years agoShorewall6: Bump to 5.2.0.5. 8386/head
W. van den Akker [Mon, 11 Mar 2019 19:46:16 +0000 (20:46 +0100)]
Shorewall6: Bump to 5.2.0.5.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
5 years agoShorewall: Bump to 5.2.0.5.
W. van den Akker [Mon, 11 Mar 2019 19:45:17 +0000 (20:45 +0100)]
Shorewall: Bump to 5.2.0.5.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
5 years agoShorewall6-lite: Bump to 5.2.0.5.
W. van den Akker [Mon, 11 Mar 2019 19:44:18 +0000 (20:44 +0100)]
Shorewall6-lite: Bump to 5.2.0.5.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
5 years agoShorewall-lite: Bump to 5.2.0.5.
W. van den Akker [Mon, 11 Mar 2019 19:42:53 +0000 (20:42 +0100)]
Shorewall-lite: Bump to 5.2.0.5.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
5 years agoShorewall-core: Bump to 5.2.0.5.
W. van den Akker [Mon, 11 Mar 2019 19:40:49 +0000 (20:40 +0100)]
Shorewall-core: Bump to 5.2.0.5.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
5 years agopostgresql: add HOST_BUILD_DEPENDS:=zlib/host
Daniel Golle [Thu, 7 Mar 2019 12:06:26 +0000 (13:06 +0100)]
postgresql: add HOST_BUILD_DEPENDS:=zlib/host

spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found

Fix this by adding zlib/host to HOST_BUILD_DEPENDS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 2d1694ff7cd9e4517483f1012d9deed1b2b710c4)

5 years agognurl: update to version 7.64.0
Daniel Golle [Wed, 6 Mar 2019 00:42:43 +0000 (01:42 +0100)]
gnurl: update to version 7.64.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 78adac5930f8b2613b77a0e803465396a42947b0)

5 years agolibgabe: add package
Daniel Golle [Thu, 7 Mar 2019 02:20:50 +0000 (03:20 +0100)]
libgabe: add package

cherry-pick and squash commits from master for GNUnet
 04eb431cb libgabe: add package
 7831fb63b libgabe: update to shared library version

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agolibpbc: add new package
Daniel Golle [Thu, 7 Mar 2019 00:39:24 +0000 (01:39 +0100)]
libpbc: add new package

cherry-pick commit 4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agoMerge pull request #8346 from Cynerd/jinja2-missing-dep-18.06
Daniel Golle [Tue, 5 Mar 2019 18:05:35 +0000 (19:05 +0100)]
Merge pull request #8346 from Cynerd/jinja2-missing-dep-18.06

Jinja2: add missing dependency on markupsafe

5 years agoJinja2: add missing dependency on markupsafe 8346/head
Karel Kočí [Tue, 5 Mar 2019 16:20:36 +0000 (17:20 +0100)]
Jinja2: add missing dependency on markupsafe

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
5 years agognunet: revert accidentally applied libmicrohttpd changes
Daniel Golle [Tue, 5 Mar 2019 01:02:36 +0000 (02:02 +0100)]
gnunet: revert accidentally applied libmicrohttpd changes

revert 7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
which was accidentally merged from master while the rename of the
libmicrohttpd* packages has happened only on master.
Revert it for openwrt-18.06.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agognunet-secushare: add package (replacing gnunet-social package)
Daniel Golle [Sun, 3 Mar 2019 01:58:35 +0000 (02:58 +0100)]
gnunet-secushare: add package (replacing gnunet-social package)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agognunet: GNUnet v0.11.0 release
Daniel Golle [Sat, 2 Mar 2019 19:27:02 +0000 (20:27 +0100)]
gnunet: GNUnet v0.11.0 release

Backport and squash the following commits from master:
 4dcd1d4d0 gnunet: update to 0.12 pre-release snapshot
 acc59d3a0 gnunet: fix uclibc build issue
 f546ac9b8 gnunet: remove iconv hack
 b5b271a39 gnunet: update to gnunet 0.11 release candidate source as of 20180929
 1459c3513 gnunet: update source
 0b548cb73 gnunet: adapt uci-defaults to renamed namestore-flat -> -heap
 effc8b5bf gnunet: update to source to 20190128
 7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
 1d5af8f9e gnunet: fix PKG_MIRROR_HASH
 77191eddb gnunet: GNUnet v0.11 release
 1c658e5f3 gnunet-secushare: auto-configure database backend

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agopostgresql: update to version 9.6.12
Daniel Golle [Sun, 3 Mar 2019 01:56:38 +0000 (02:56 +0100)]
postgresql: update to version 9.6.12

Backport and squash the following commits from master:
 43ec390bd postgresql: security bump to 9.6.10
 845aab78a postgresql: Update to 9.6.11
 fe6597dd7 postgresql: update to version 9.6.12

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agolibextractor: update to version 1.9
Daniel Golle [Sat, 2 Mar 2019 19:12:48 +0000 (20:12 +0100)]
libextractor: update to version 1.9

Backport and squash the following commits from master:
 853e9d1c3 libextractor: Update to 1.7
 1a23de5db libextractor: update to version 1.8
 a50f26941 libextractor: fix PKG_HASH
 6709d9b82 libextractor: update to version 1.9

5 years agognurl: update to version 7.63.0
Daniel Golle [Sat, 2 Mar 2019 19:08:23 +0000 (20:08 +0100)]
gnurl: update to version 7.63.0

Backport and squash the following commits from master:
 af06f6fd5 gnurl: update to version 7.61.1
 7cdbb7569 gnurl: build without libpsl
 d34eda733 gnurl: update to version 7.63.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agoopenvswitch: bump to version 2.8.5
Yousong Zhou [Wed, 27 Feb 2019 10:31:35 +0000 (10:31 +0000)]
openvswitch: bump to version 2.8.5

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agovallumd: bump to 0.1.4
Stijn Tintel [Sun, 17 Feb 2019 15:47:54 +0000 (17:47 +0200)]
vallumd: bump to 0.1.4

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit d89cd30a79c7219b25e0d81d6f3faabcad9bb544)

5 years agoMerge pull request #8207 from commodo/18.06-CVE-2018-20406
Hannu Nyman [Thu, 14 Feb 2019 16:25:51 +0000 (18:25 +0200)]
Merge pull request #8207 from commodo/18.06-CVE-2018-20406

[18.06] python3: fix [CVE-2018-20406]

5 years agomosquitto: update to 1.5.7
Karl Palsson [Thu, 14 Feb 2019 11:14:13 +0000 (11:14 +0000)]
mosquitto: update to 1.5.7

This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/

Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings

Signed-off-by: Karl Palsson <karlp@etactica.com>
5 years agoirssi: update to 1.2.0
Peter Wagner [Wed, 13 Feb 2019 22:05:54 +0000 (23:05 +0100)]
irssi: update to 1.2.0

Signed-off-by: Peter Wagner <tripolar@gmx.at>
5 years ago[18.06] python3: fix [CVE-2018-20406] 8207/head
Alexandru Ardelean [Wed, 13 Feb 2019 08:14:50 +0000 (10:14 +0200)]
[18.06] python3: fix [CVE-2018-20406]

Link to Python bug:
  https://bugs.python.org/issue34656

Upstream commit:
  https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc

OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
5 years agoshadowsocks-libev: flush ss rules on entry
Yousong Zhou [Mon, 11 Feb 2019 13:21:04 +0000 (13:21 +0000)]
shadowsocks-libev: flush ss rules on entry

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agomosquitto: bump to 1.5.6
Karl Palsson [Thu, 7 Feb 2019 14:02:27 +0000 (14:02 +0000)]
mosquitto: bump to 1.5.6

This is a bugfix and security release.

CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.

=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.

CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.

CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.

Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files

Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1

Signed-off-by: Karl Palsson <karlp@etactica.com>
5 years agoMerge pull request #8143 from micmac1/18.06-bump-maria38
Hannu Nyman [Thu, 7 Feb 2019 18:49:29 +0000 (20:49 +0200)]
Merge pull request #8143 from micmac1/18.06-bump-maria38

mariadb: security bump to 10.1.38

5 years agomariadb: bump to 10.1.38 8143/head
Sebastian Kemper [Wed, 6 Feb 2019 22:32:46 +0000 (23:32 +0100)]
mariadb: bump to 10.1.38

Upstream Release Notes:

- MDEV-17475: Maximum value of table_definition_cache is now 2097152
- MDEV-13671: InnoDB should use case-insensitive column name comparisons
  like the rest of the server
- ALTER TABLE fixes: MDEV-17230, MDEV-16499, MDEV-17904, MDEV-17833,
  MDEV-17470, MDEV-18237, MDEV-18016
- Improvements to InnoDB page checksum, recovery, and Mariabackup:
  MDEV-17957, MDEV-12112, MDEV-18025, MDEV-18279, MDEV-18183
- Galera
  - MDEV-15740: Galera durability fix
  - New configuration variable wsrep_certification_rules, used for
    controlling whether to use new/optimized
    (--wsrep_certification_rules=optimized) certification rules or the
    old/classic ones (--wsrep_certification_rules=strict). Setting the
    variable to strict can cause more certification failures.

- Fixes for the following security vulnerabilities:
  - CVE-2019-2537
  - CVE-2019-2529

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years agoMerge pull request #8098 from jonathanunderwood/openwrt-18.06-getdns-stubby-from...
Hannu Nyman [Fri, 1 Feb 2019 14:37:58 +0000 (16:37 +0200)]
Merge pull request #8098 from jonathanunderwood/openwrt-18.06-getdns-stubby-from-master

[18.06] Cherry pick getdns and stubby commits from master

5 years agostubby: update to version 0.2.4 8098/head
Jonathan G. Underwood [Thu, 3 Jan 2019 15:10:47 +0000 (15:10 +0000)]
stubby: update to version 0.2.4

This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.

This commit also includes a number of clean-ups:
    o change START=50 to START=30 in init file
      Starting earlier in the boot means less chance of missing interface
      trigger events. See: https://github.com/openwrt/packages/pull/4675
    o remove unused variables from init file
    o separate local declarations and assignments in init file
    o add defensive quoting in init file
    o use default values for procd respawn in init file
    o make use of {} in variables consistent in init file
    o remove unused variable from init file

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: Remove iamperson347 from maintainer
David Mora [Sun, 30 Dec 2018 14:50:36 +0000 (09:50 -0500)]
stubby: Remove iamperson347 from maintainer

I am no longer able to support maintaining the stubby daemon for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.

5 years agostubby: add Jonathan Underwood as co-maintainer (#7307)
jonathanunderwood [Sun, 4 Nov 2018 10:49:52 +0000 (10:49 +0000)]
stubby: add Jonathan Underwood as co-maintainer (#7307)

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: add reload_config to documentation
Jonathan G. Underwood [Sat, 27 Oct 2018 17:28:29 +0000 (18:28 +0100)]
stubby: add reload_config to documentation

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: fix loading of config file
Jonathan G. Underwood [Sat, 27 Oct 2018 10:29:22 +0000 (11:29 +0100)]
stubby: fix loading of config file

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: add uci support to init file
Jonathan G. Underwood [Sun, 30 Sep 2018 13:59:57 +0000 (14:59 +0100)]
stubby: add uci support to init file

This commit brings UCI support to the stubby package.

    o All options are documented in the README.md file.
    o The README.md file has been re-written to include a short usage
      manual.
    o The default configuration now includes more Cloudflare addresses.
    o The stubby service is (re)started using procd triggers from a
      specified interface with a configurable time delay.
    o Round robin use of upstream resolvers is now activated by
      default.
    o Client privacy is now activated by default.
    o Options are added for specifying the log level of the daemon and
      command line options passed to the stubby command.

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: bump PKG_RELEASE
Tony Ambardar [Tue, 18 Sep 2018 08:06:32 +0000 (01:06 -0700)]
stubby: bump PKG_RELEASE

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: remove unnecessary core limit
Tony Ambardar [Tue, 7 Aug 2018 11:08:29 +0000 (04:08 -0700)]
stubby: remove unnecessary core limit

Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add SPKI pin set for Cloudflare cert
Tony Ambardar [Tue, 7 Aug 2018 10:11:19 +0000 (03:11 -0700)]
stubby: add SPKI pin set for Cloudflare cert

Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.

Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add Cloudflare 1.0.0.1 and ::1001 servers
Tony Ambardar [Tue, 7 Aug 2018 09:35:31 +0000 (02:35 -0700)]
stubby: add Cloudflare 1.0.0.1 and ::1001 servers

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: use EDNS client-subnet privacy by default
Tony Ambardar [Tue, 7 Aug 2018 09:23:34 +0000 (02:23 -0700)]
stubby: use EDNS client-subnet privacy by default

Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: fix config file definition
Tony Ambardar [Tue, 7 Aug 2018 09:04:42 +0000 (02:04 -0700)]
stubby: fix config file definition

The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: rearrange Makefile for clarity
Tony Ambardar [Tue, 7 Aug 2018 09:03:08 +0000 (02:03 -0700)]
stubby: rearrange Makefile for clarity

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add missing dependency on ca-certificates
Tony Ambardar [Tue, 7 Aug 2018 13:21:11 +0000 (06:21 -0700)]
stubby: add missing dependency on ca-certificates

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agogetdns: update to version 1.5.0
Jonathan G. Underwood [Thu, 3 Jan 2019 01:16:23 +0000 (01:16 +0000)]
getdns: update to version 1.5.0

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>