Rosen Penev [Mon, 10 Feb 2020 21:28:43 +0000 (13:28 -0800)]
Merge pull request #11297 from Andy2244/ksmbd-update-3.1.3-(19.07)
[19.07] ksmbd: update to 3.1.3, ksmbd-tools: update to 3.2.1, add smb1 support, add avahi support package
Andy Walsh [Mon, 10 Feb 2020 14:02:51 +0000 (15:02 +0100)]
ksmbd: update to 3.1.3, ksmbd-tools: update to 3.2.1, add smb1 support, add avahi support package
* ksmbd: update to 3.1.3
* ksmbd-tools: update to 3.2.1
* add new package build option "KSMBD_SMB_INSECURE_SERVER"
* enable smb1 support to kmod by default
* add new UCI option "allow_legacy_protocols" to section [globals]
* add avahi support package "ksmbd-avahi-service"
* ksmbd: release 3.1.3 version
* ksmbd: lock SMB2_QUERY_INFO_HE request with read lock
* ksmbd: fix potential racy between query_dir and ksmbd_vfs_empty_dir
* ksmbd: fix racy issue between deleting file and checking empty directory
* ksmbd: don't register interface which are member of bridge
* ksmbd: SO_REUSEADDR is no property of tcp_setsockopt
* ksmbd: release 3.1.2 version
* ksmbd: fix read caching buffer size as max_read_size
* ksmbd: fix the infinite loop of handling FSCTL_QUERY_ALLOCATED_RANGES
* ksmbd: use compounding for smb2 flush
* ksmbd: downgrade error message to debug in get_file_all_info
* ksmbd: rename usmbd to ksmbd.mountd in trvis-ci
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: update README file
* ksmbd-tools: release 3.2.1 version
* ksmbd-tools: revert "remove glib2.0 dependancy" patch
* ksmbd-tools: release 3.2.0 version
* ksmbd-tools: update how to restart ksmbd in README file
* Revert "ksmbd-tools: disable tbuf and rbuf caching by default"
* ksmbd-tools: disable tbuf and rbuf caching by default
* ksmbd-tools: replace usmbd prefix with ksmbd prefix
* ksmbd-tools: update README file
* ksmbd-tools: fix warning ignoring return value of 'fread'
* ksmbd-tools: downgrade unsupported command print to debug
* ksmbd-tools: remove GLIB_LIBS in Makefiles
* ksmbd-tools: rename usmbd, smbuseradd, smbshareadd to ksmbd.mountd, ksmbd.adduser and ksmbd.addshare
* ksmbd-tools: fix null pointer dereference in _list_remove
* ksmbd-tools: fix the sanity check fails depending on the password length
* ksmbd-tools: fix build error(not found glib.h)
* ksmbd-tools: remove glib-2.0 dependancy
* ksmbd-tools: update README to add libglib2.0-dev for Ubuntu preprequisite packages
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Rosen Penev [Mon, 10 Feb 2020 02:47:22 +0000 (18:47 -0800)]
dnsdist: fix compilation on PIE ARM64
$(FPIC) evaluates to -fpic on ARM64, breaking compilation:
The dnsdist build system handles it properly anyway. Added --with-pic to
make it explicit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
7ddb2ddc45158669990374968da87a62a2e9e2e2)
Rosen Penev [Sun, 9 Feb 2020 22:51:27 +0000 (14:51 -0800)]
Merge pull request #11281 from micmac1/apache-19.07-up
[19.07] apr/apr-util/apache/subversion: sync with master
Rosen Penev [Sun, 9 Feb 2020 01:43:52 +0000 (17:43 -0800)]
Merge pull request #11245 from Robby-/openwrt-19.07-rlmpython_and_fixproxycfgconflict
[19.07] freeradius3: Fix proxy.conf file conflict and enable the rlm_python and rlm_python3 modules
Sebastian Kemper [Sat, 8 Feb 2020 22:41:08 +0000 (23:41 +0100)]
apache: add postinstall script
This script notifies users about the changes that recently went into the
package, to prevent surprises.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Mon, 27 Jan 2020 21:42:02 +0000 (22:42 +0100)]
subversion: fix build failure
Since commit
a62c0e5 apu-1-config is no longer being stipped down with
regards to being called with "--link-libtool". Example:
$ ./staging_dir/target-mips_24kc_musl/usr/bin/apu-1-config --link-libtool
-L/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -R/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -laprutil-1
$
Before the mentioned commit the "-R" argument was stripped off. And when the
Makefile adds this to TARGET_LDFLAGS this then ends up in the compiler test, as
an argument for the compiler, causing build failure:
checking whether the C compiler works... no
configure: error: in `/builder/shared-workdir/build/sdk/build_dir/target-arm_mpcore+vfp_musl_eabi/subversion-1.13.0':
configure: error: C compiler cannot create executables
config.log shows what's wrong:
configure:3140: x86_64-openwrt-linux-musl-gcc -Os -pipe ... <snip> ... -R/home/sk/tmp/sdk/master-x86-64/staging_dir/target-x86_64_musl/usr/lib -laprutil-1 conftest.c >&5
x86_64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
This commit does away with these flags, they're not needed anyway. FPIC
is also removed, because it's detrimental to the applications [1] and
unnecessary as well.
Fixes: #11139
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Wed, 15 Jan 2020 18:33:12 +0000 (19:33 +0100)]
subversion: add libsqlite3 depend
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Sat, 8 Feb 2020 21:00:48 +0000 (22:00 +0100)]
apache: bump to 2.4.41 & sync with master
This is a squash of the following cherry-picked commits:
14f4f0bef0448d950cf1371de3a05f302a2779c8
4e6bdd8a496bcf202f59e66bff1042512b49a972
c8aba5113bbe90202c87bad9db9d4c72ccc6afa2
2d188fd37f1d571f7315075b4be6538c8a125caf
31e0d618e5d8e35264d827f4de46a8b4e2535122
39e68309e8279d68496f649140f6df8ce59a3efd
a1472254db1332a3138ef7305bdc9953cfa1b8c2
d6476f30bbe06547aea23eec303294305eeb29f4
258967b0d29e4cecc9c70b10b160bda8e903665e
e94a08298e81b97d43e63e05cca167d778ff8d58
6bd63d24f0d147ca891332fe408eb279c9117dc3
66bb68a7b6413acba07fd22f7c71203e760145eb
d44ad09fcd81cafeafbca78c4e2599774f7ef76b
Short summary:
- version is bumped to 2.4.41
- httpd is renamed to apache2 to avoid overwriting of other servers (for
instance busybox's httpd)
- the name apache2 is now also used for directories, for instance
/etc/apache2 instead of /etc/apache
- a simple init script it added (/etc/init.d/apache2)
- a user "apache" is added upon package installation and used by default
- adds the Apache modules (in the main package as well as in additional
packages)
- Makefile and patches are updated and cleaned
- adds myself as maintainer
- improves the cross-compile setup (via configure variables, patches &
sed scripts)
- apxs is fixed up so that external modules can be added easily
For more details please check the individual commits provided above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Sat, 8 Feb 2020 20:50:33 +0000 (21:50 +0100)]
apr-util: sync with master
This is a squash of the following cherry-picked commits:
27c47239367f11ad8bc6b5ee19ec4fb78b99d5cf
03124bf4b42eab292e92038bd7c4efdee78b23d1
141bd55316719f11741a578e650aa1895ec68b25
40c7e95210a44bc314f612bc66ef7864de2c09ba
1d25dcde24e9b70fbcb0cee5c2269bea940fb95b
ea5b746e58d0f0b6b13aec35c1b37c4ed3bf9b80
a62c0e599b52307e0896e15164ae1558a81be930
a16b29480567d89dedc5775d03391e3203d4e644
c24f5d258bb6600546ac513efb9e304de68930bd
f6c218e74dbea49bea6317b83bfd96867e1c314b
Short summary:
- adds external modules (crypto-openssl dbd-mysql dbd-odbc dbd-pgsql
dbd-sqlite3 dbm-gdbm ldap)
- Makefile and patches are updated and cleaned
- adds myself as maintainer
- improves the cross-compile setup (via configure variables sed scripts)
For more details please check the individual commits provided above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Sat, 8 Feb 2020 20:39:01 +0000 (21:39 +0100)]
apr: bump to 1.7.0 & sync with master
This is a squash of the following cherry-picked commits:
40a29bf0555c522f76e984f6cccb395d84fbe0d2
40c7e95210a44bc314f612bc66ef7864de2c09ba
893a804c957ea73c6060aa4964d5175432588f2d
12037b3f29f72be080c6f23498e2a38d89d01232
193c3913b6a1c8d273cb86e2598848fc8b3920b6
430ab5f9b3f1e439e1990dcf3405309fd03a9979
0c6d461cc9fea34eaf59517f5cb5ed1214a217de
86396c6a49a90a3b0bd2045e472b999a23ba3e77
Short summary:
- version is bumped to 1.7.0
- Makefile and patches are updated and cleaned
- adds myself as maintainer
- improves the cross-compile setup (via configure variables, patches &
sed scripts)
For more details please check the individual commits provided above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Sat, 8 Feb 2020 09:24:35 +0000 (11:24 +0200)]
nano: update to 4.8
Update nano editor to version 4.8
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
7bc96280d31470b7dda75315154c8df72bde222a)
Michael Heimpold [Fri, 7 Feb 2020 20:09:24 +0000 (21:09 +0100)]
php7: update to 7.2.27
This fixes:
- CVE-2020-7059
- CVE-2020-7060
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Robby K [Fri, 7 Feb 2020 16:18:50 +0000 (17:18 +0100)]
freeradius3: Enable the rlm_python and rlm_python3 modules.
Signed-off-by: Robby K <robbyke@gmail.com>
Robby K [Fri, 7 Feb 2020 16:18:33 +0000 (17:18 +0100)]
freeradius3: Fix proxy.conf file conflict.
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
Alexander Traud [Mon, 27 Jan 2020 20:39:26 +0000 (21:39 +0100)]
syslog-ng: listen not globally but just locally
Beside that, listen not only on IPv4 but also on IPv6 = Dual Stack.
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
(cherry picked from commit
a4553b2efe934f6ade1f39e99923662c159a2546)
Jan Pavlinec [Sun, 3 Nov 2019 14:41:35 +0000 (15:41 +0100)]
python-importlib-metadata: add new package
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Rosen Penev [Fri, 31 Jan 2020 03:07:26 +0000 (19:07 -0800)]
shadow: update to 4.8.1
Fixed license information.
Removed patch requiring autoreconf and replaced with a configure variable.
Removed faulty patch that broke systems without a disabled crypt size hack.
Replaced with using a SED command as well as bcrypt, which works in musl.
Removed su patch and converted it to a SED command in the Makefile.
Added new shadow utilities.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
87e5ded04cf65fbaa398568efe41830c4b60397a)
Rosen Penev [Tue, 4 Feb 2020 01:06:07 +0000 (17:06 -0800)]
Merge pull request #11213 from adde88/openwrt-19.07
[19.07] hcxtools: update to latest version
Rosen Penev [Mon, 3 Feb 2020 22:05:06 +0000 (14:05 -0800)]
Merge pull request #11229 from jefferyto/golang-env-fixes-openwrt-19.07
[openwrt-19.07] golang: Improve build isolation from user environment
Jeffery To [Mon, 3 Feb 2020 20:05:29 +0000 (04:05 +0800)]
golang: Improve build isolation from user environment
* Set GOENV=off when building Go compiler and packages, to ignore user's
environment configuration file
* Set GOCACHE when building host Go
* Unset GOTMPDIR, to use the buildroot temp directory instead of temp
directories in build_dir
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
3b5f1c73fb05816e74e0863e314b889e2c6146cf)
Hannu Nyman [Mon, 3 Feb 2020 19:22:41 +0000 (21:22 +0200)]
Merge pull request #11226 from micmac1/sqlite3-19.07
[19.07] sqlite3: update to version 3.31.1
Josip Kelečić [Mon, 3 Feb 2020 10:08:52 +0000 (11:08 +0100)]
sqlite3: update to version 3.31.1
Signed-off-by: Josip Kelečić <josip.kelecic@sartura.hr>
Andreas Nilsen [Sun, 2 Feb 2020 13:05:20 +0000 (14:05 +0100)]
hcxtools: update to 5.3.0 + changes to Makefile to include latest binaries being compiled
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
hcxdumptool: forgot to add new openssl dependency
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
Josef Schlehofer [Sun, 2 Feb 2020 22:05:35 +0000 (23:05 +0100)]
dnscrypt-proxy2: update to version 2.0.39
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
561b535c368acc6ed703fde39c449ee195f113ec)
Josef Schlehofer [Sun, 26 Jan 2020 13:52:10 +0000 (14:52 +0100)]
dnscrypt-proxy2: update to version 2.0.36
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
8eb0d55475b41abf3d5f4242d3b806ce99fb6788)
Rosen Penev [Sun, 2 Feb 2020 22:06:19 +0000 (14:06 -0800)]
Merge pull request #11219 from jefferyto/golang-1.13.7-openwrt-19.07
[openwrt-19.07] golang: Update to 1.13.7, add PKG_CPE_ID to Makefile
Jeffery To [Sun, 2 Feb 2020 20:35:09 +0000 (04:35 +0800)]
golang: Update to 1.13.7, add PKG_CPE_ID to Makefile
This update includes fixes for[1]:
* CVE-2020-7919 - doesn't appear to be published publicly yet
* CVE-2020-0601 - a Windows-related issue
[1]: https://github.com/golang/go/issues?q=milestone%3AGo1.13.7+label%3ACherryPickApproved
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
0dc4fa6efbc7588e9d49b8b6f0199918bb3af882)
Hannu Nyman [Sun, 2 Feb 2020 18:19:25 +0000 (20:19 +0200)]
Merge pull request #11214 from Andy2244/wsdd2-fix_typos-(19.07)
[19.07] wsdd2: fix typos
Dirk Brenken [Sun, 2 Feb 2020 14:42:24 +0000 (15:42 +0100)]
Merge pull request #11216 from dibdot/19.07-2
[19.07] adblock: update 3.8.15
Dirk Brenken [Sun, 2 Feb 2020 14:36:04 +0000 (15:36 +0100)]
adblock: update 3.8.15
* remove 'reg_cz' list (abandoned)
* add 'notracking' list (provided by @rcarmo)
* 19.07-only: fix/bring back status message
Signed-off-by: Dirk Brenken <dev@brenken.org>
Andy Walsh [Sun, 2 Feb 2020 14:06:34 +0000 (15:06 +0100)]
wsdd2: fix typos
* fix typos (WG_PARM, reload_trigger)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andreas Nilsen [Sun, 2 Feb 2020 13:04:28 +0000 (14:04 +0100)]
hcxdumptool: update to 6.0.1
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
Michael Heimpold [Sat, 1 Feb 2020 21:54:41 +0000 (22:54 +0100)]
Merge pull request #11203 from micmac1/19.07-xml2
[19.07] libxml2: fix libxslt host build
Sebastian Kemper [Sun, 27 Oct 2019 09:06:35 +0000 (10:06 +0100)]
libxml2: install xml2-config with host triplet
Currently only xml2-config is installed, for both the normal libxml2
package as well as the host package. The problem with that is that due
to multilib considerations the build host may have xml2-config installed
with a host triplet prefix, like x86_64-pc-linux-gnu-xml2-config (and
xml2-config as a symbolic link to it). Gentoo for instance sets it up
like this.
Packages may actually search for a prefixed xml2-config before searching
for xml2-config. An example would be Asterisk:
checking for x86_64-pc-linux-gnu-xml2-config... /usr/bin/x86_64-pc-linux-gnu-xml2-config
This then introduces wrong information into the build, for instance
bad includes:
~/tmp/openwrt $ /usr/bin/x86_64-pc-linux-gnu-xml2-config --cflags
-I/usr/include/libxml2
When the intention is to use OpenWrt's own (host) libxml2 one would like
to see this output used instead:
~/tmp/openwrt $ ./staging_dir/hostpkg/bin/xml2-config --cflags
-I/home/sk/tmp/openwrt/staging_dir/hostpkg/include/libxml2
This commit addresses this by installing xml2-config with a suitable
prefix and creating a symbolic link xml2-config. This is done for both
the host package and the normal package. The latter also needs this fix
because the target may use the same triplet as the host system (for
instance x86_64 cross-compiling for x86_64).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Tue, 22 Oct 2019 21:58:12 +0000 (23:58 +0200)]
libxml2/host: revert xml2-config prefix fix
Commit
218f0229a4594b32d9db6ad0678cdce7e2663e27 added a workaround for a
problem. The host compile overwrote xml2-config in
"$(STAGING_DIR)/host/bin". The workaround fixed the issue for regular
target packages. But it didn't leave a proper xml2-config script for
host packages.
Times have changed. Host packages are now installed in
"$(STAGING_DIR_HOSTPKG). So there is no longer any danger of the host
package overwriting the xml2-config script for target packages. So
revert the mentioned commit, leaving us with two proper xml2-config
scripts, one for target package builds and one for host package builds.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Olivier Poitrey [Sat, 1 Feb 2020 07:58:58 +0000 (09:58 +0200)]
nextdns: Update to version 1.4.23
Changelog:
* Fix OpenWRT with existing forwarder + fix dnsmasq restore issue
* Refactor service execution to better report errors
* Refactor merlin tz setup so it does not need to curl on boot
* Improve upgrade command for install.sh
* Do not mask curl error on install
* Fix timezone logging issue with Merlin
* Add support for Merlin John's fork
* Add raspbian support to installer
* Fix upgrade not reinstalling service
* Limit the aarch64 fix to merlin
* Reset DHCP DNS to self on Merlin router setup
* Fix memory issue with aarch64 based router
* Update Go version
* Allow override of detected env
* Setup timezone correctly on Merlin init script
* Don't ignore curl error on install
* Fix Asus Merlin John’s fork trust store issue
* Fix synology auto setup
* Fix report client info not enabled with setup-router option
* Add support for edgeos DHCP lease file locations
* Fix signal handling when running as a service
* Fix exit menu keyboard shortcut
* Do not fail on upgrade if uninstall failed
* Fix exit menu in installer
* Remove failing upx (for now)
* Make sure nextdns keeps running once ssh session is closed
* Add auto setup of Synology with DHCP server enabled
* Use router's DNS to discover more names
* Get A/AAAA from both answer and addition sections
* Ignore certain invalid names during discovery
* Fix activate with setup-router
* Fix serveral install issues
* Add exponential backoff to mdns probe retry
* Correctly end dhcp lease probing when discovery is cancelled
* Store DHCP/MDNS discovered addrs separately to avoid ping/pong
discovery
* Add DHCP lease support to client discovery
* Do not report mdns listen unreachable error as start will retry
* Reimplement mdns client discovery
* Fix installer GOARCH detection with arm6+
* Fix bin install on platforms needing sudo
* Correctly detect edgeos and ddwrt as routers
* Fix install.sh sudo
* Disable upx as it break many platforms
* Fix installer regression with merlin
* Fix mips64 detection
* Fix OpenWRT detection
* Fix UPX post build script
* Fix install with John's Asuswrt-Merlin fork
* Fix more DDWRT
* Fix DDWRT support
* Fix merlin service add/remove
* Use UPX to compress binaries typicially used on routers
* Revert "Remove direct dep on reflect"
* Use letters for installer menus
* Fix install script for upgrades not working if binary is running
* Do not return an error on mdns listen if at least one interface worked
* Fix installer for synology
* Fix pfSense support
* Remove the logs for each server on each connect
* Move install instructions to wiki
* Fix install.sh uid detection with merlin
* Fix install.sh for arm6+
* Add Synology init system support
* Fix install.sh
* Add a generic router setup that just changes the listen to public
* Update README
* Add auto setup support for EdgeOS
* Restore per OS install instruction in readme during installer beta
* Refactor install.sh
* Remove dep on golang.org/x/net/ipv[4|6]
* Remove direct dep on reflect
* Rewrite the zeroconf code to use dnsmessage instead miekg/dns
* Add auto setup support for DD-WRT
* Improve arch detection
* Add auto setup support for OpenWRT
* Add automatic router setup support
* Fix service
* Remove dep en seq on sysv style init scripts
* Add Entware init system support
* Report init system used on install and in UA
* Add EdgeOS support
* Reads /etc/hosts before forwarding queries to the upstream
* Fix localhost resolution with Linux arch empty /etc/hosts
* Use /etc/hosts file to resolve listen address and list on all IPs
listed
* Add support for multiple router firmware
* Fix hardened privacy disabling dual stack
* Add a config set sub command and refactor commands handling
* Add support for activate on freebsd
* Fix inverted MAC matching
* Add unit test for conf prefix match #35
* Activate uses listen address instead of static 127.0.0.1
* Improve FreeBSD integration
* Add FreeBSD support
* Fix a typo
* Use zip for windows archive
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Edited PKG_RELEASE to 1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
a3b028b3579ca43f91879726f73b331d46cce433)
Hannu Nyman [Sat, 1 Feb 2020 07:28:04 +0000 (09:28 +0200)]
Merge pull request #11197 from Ansuel/backport
Backport
Ansuel Smith [Fri, 31 Jan 2020 22:07:54 +0000 (23:07 +0100)]
uwsgi: backport master changes to 19.07
To support new luci version uwsgi has been changed.
Backport this changes to 19.07
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Fri, 31 Jan 2020 22:06:46 +0000 (23:06 +0100)]
nginx: backport master changes to 19.07
Currently luci is broken in 19.07.
Changes done to fix this problem didn't merge in the
19.07 release.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Rosen Penev [Fri, 31 Jan 2020 00:30:01 +0000 (16:30 -0800)]
Merge pull request #11184 from micmac1/19.07-maria-10.2.31
[19.07] mariadb: security bump to 10.2.31
Rosen Penev [Fri, 31 Jan 2020 00:27:49 +0000 (16:27 -0800)]
Merge pull request #11176 from jefferyto/python-fix-float-byte-order-openwrt-19.07
[openwrt-19.07] python,python3: Fix float byte order detection
Sebastian Kemper [Thu, 30 Jan 2020 20:33:56 +0000 (21:33 +0100)]
mariadb: security bump to 10.2.31
Addresses CVE-2020-2574.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Eneas U de Queiroz [Thu, 16 Jan 2020 17:07:40 +0000 (14:07 -0300)]
python-certify: bump to 2019.11.28
This is a regular Mozilla CA bundle update.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
c799f2a913cedfba87d57ecb0ea0cbc8a186489f)
Jeffery To [Thu, 30 Jan 2020 11:12:25 +0000 (19:12 +0800)]
python3: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.
Fixing byte order detection allows the repr() of floats to be
shorter[2]. sys.float_repr_style should be 'short' instead of 'legacy'
on supported platforms.
See #11134.
[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/3.8/whatsnew/3.1.html#other-language-changes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 30 Jan 2020 10:28:49 +0000 (18:28 +0800)]
python: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.
Fixing byte order detection allows the repr() of floats to be shorter (a
feature backported to Python 2.7 from Python 3.1[2]).
sys.float_repr_style should be 'short' instead of 'legacy' on supported
platforms.
See #11134.
[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/2.7/whatsnew/2.7.html#python-3-1-features
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
a0da5aec7f4ae24feb3c4f2fb3bf3c1c9cb9e639)
Omitted PKG_RELEASE change
Rosen Penev [Wed, 31 Jul 2019 06:33:40 +0000 (23:33 -0700)]
python: Replace utime with utimes
Optionally fixes compilation with uClibc-ng.
Based on the surrounding code, this looks like an oversight.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from
608df65a627e22db08f04bab0cb97c246ff40449)
Adjusted PKG_RELEASE
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Sebastian Kemper [Sat, 26 Oct 2019 12:47:52 +0000 (14:47 +0200)]
libxslt/host: depend on libxml2/host
The host build requires libxml2-dev. This commit adds the dependency for
libxml2/host, as the host system may not have it installed. This also
avoids using the host's xml2-config (in /usr/bin for instance) while
linking to libraries in staging_dir/hostpkg.
ldd staging_dir/hostpkg/bin/xsltproc | grep xml2
libxml2.so.2 => /home/sk/tmp/openwrt/staging_dir/hostpkg/lib/libxml2.so.2 (0x00007fcc0644c000)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
05f0beb6a82c43838196035d15d6757b1e571aa6)
Jan Pavlinec [Wed, 24 Jul 2019 13:33:48 +0000 (15:33 +0200)]
libxslt: patch security issues
Fixes:
CVE-2019-13117
CVE-2019-13118
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from
f77c53cff150d99fd0e27de670fa87f11246310d)
Florian Eckert [Mon, 14 Oct 2019 10:38:02 +0000 (12:38 +0200)]
libxslt: add host build
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from
48ad713a1407711404a7913f179702d30632da5a)
Rosen Penev [Tue, 28 Jan 2020 09:57:06 +0000 (01:57 -0800)]
Merge pull request #11149 from nickberry17/add_mm_to_19
backport ModemManager and dependencies to 19.07
Nicholas Smith [Tue, 28 Jan 2020 01:52:04 +0000 (11:52 +1000)]
modemmanager: add ModemManager to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Nicholas Smith [Tue, 28 Jan 2020 01:51:42 +0000 (11:51 +1000)]
libqmi: add libqmi to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Nicholas Smith [Tue, 28 Jan 2020 01:51:25 +0000 (11:51 +1000)]
libmbim: add libmbim to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Rosen Penev [Mon, 27 Jan 2020 23:48:22 +0000 (15:48 -0800)]
Merge pull request #11143 from Andy2244/smbd-rename_ksmbd-update-3.1.1-(19.07)
[19.07] smbd: update to 3.1.1, rename to "ksmbd", "ksmbd-tools"
Rosen Penev [Mon, 27 Jan 2020 23:48:09 +0000 (15:48 -0800)]
Merge pull request #11144 from Andy2244/wsdd2-rename_ksmbd-(19.07)
[19.07] wsdd2: update for renamed smbd->ksmbd
Andy Walsh [Fri, 13 Dec 2019 14:29:32 +0000 (15:29 +0100)]
glib2: fix mips16 build, add size reducing static link, fpic CFLAGS
* allows building as mips16 (fixes broken mips16/32 mixed static linking)
* add some static link related flags to reduce target binary size
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry-picked from
a558b209440590deb5fae5ff32e4731c5e516194)
Rosen Penev [Sun, 3 Nov 2019 04:54:54 +0000 (21:54 -0700)]
glib2: Disable Werror
On GCC9, it throws a Wformat-nonliteral error. Unfortunately, there's no
easy was to fix it as it is fortify-headers where the warning ultimately
comes from.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
abdec8939e0d7cadaf0e82d9e7bb17e843525ad7)
Andy Walsh [Mon, 27 Jan 2020 21:16:27 +0000 (22:16 +0100)]
wsdd2: update for renamed smbd->ksmbd
* update for renamed smbd->ksmbd
* fix build warning for global network.sh include
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Mon, 27 Jan 2020 21:03:28 +0000 (22:03 +0100)]
smbd: update to 3.1.1, rename to "ksmbd", "ksmbd-tools"
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Hannu Nyman [Sun, 26 Jan 2020 20:39:33 +0000 (22:39 +0200)]
Merge pull request #11123 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: fix deleting server items, configurable dnsmasq settings change
Rosen Penev [Sun, 26 Jan 2020 18:48:13 +0000 (10:48 -0800)]
Merge pull request #11129 from Robby-/openwrt-19.07-freeradius3_update_3_0_20
[19.07] freeradius3: Update to 3.0.20
Jiri Slachta [Sun, 26 Jan 2020 17:27:49 +0000 (18:27 +0100)]
Merge pull request #11126 from micmac1/19.07-tiff
[19.07] tiff: update version to 4.1.0
Robby K [Sun, 26 Jan 2020 13:43:06 +0000 (14:43 +0100)]
freeradius3: Update to 3.0.20
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
https://github.com/FreeRADIUS/freeradius-server/commit/
bf1a1eda2387745bbe538998f3d2e6514f981bfd
https://github.com/FreeRADIUS/freeradius-server/commit/
a3c46544b38ab46218c385d0ee197538fad5b3da
Signed-off-by: Robby K <robbyke@gmail.com>
Jiri Slachta [Mon, 11 Nov 2019 20:49:06 +0000 (21:49 +0100)]
tiff: update version to 4.1.0
Signed-off-by: Jiri Slachta <jiri@slachta.eu>
Stan Grishin [Sun, 26 Jan 2020 04:14:56 +0000 (21:14 -0700)]
https-dns-proxy: fix deleting server items, configurable dnsmasq settings change
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 2 Jul 2019 17:07:53 +0000 (10:07 -0700)]
avrdude: Fix GPIO path building
%ud is a GNU extension. It's not really supported elsewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
536c6b8be7cb620f6258cbcb7e85a50662976f2b)
Rosen Penev [Thu, 23 Jan 2020 02:41:20 +0000 (18:41 -0800)]
Merge pull request #10990 from BKPepe/django-19.07
[OpenWrt 19.07] django: update to version 1.11.27
Rosen Penev [Mon, 20 Jan 2020 22:55:29 +0000 (14:55 -0800)]
Merge pull request #11078 from ddast/radicale_add_urllib_dep
radicale-py3: Add python3-urllib dependency
Dennis Dast [Mon, 20 Jan 2020 19:43:34 +0000 (20:43 +0100)]
radicale-py3: Add python3-urllib dependency
Depend on python3-urllib instead of python3-email (python3-urllib has
python3-email as a dependency).
Signed-off-by: Dennis Dast <mail@ddast.de>
Matt Merhar [Mon, 20 Jan 2020 03:39:44 +0000 (22:39 -0500)]
nut: fix other/otherflag custom variables in nut-server.init
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry-picked from
0b04dd34a0cd706a7be33da3b7536f3c50714c8e)
Sebastian Kemper [Wed, 27 Nov 2019 18:52:27 +0000 (19:52 +0100)]
nut: update OpenSSL 1.1.0 patch
Replaces OpenWrt patch with upstream patch. Also removes
0002-Fix-check-for-empty-string.patch as this is included in upstream
OpenSSL 1.1.0 patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
7d4f1b8589bc425acfd4d71a6e6be08a66d8f3dc)
Sebastian Kemper [Wed, 27 Nov 2019 18:41:40 +0000 (19:41 +0100)]
nut: fix CGI setup
This commit makes
- the libgd dependency (as well as specifying libs and includes)
- the configure argument "--with-cgi"
dependant on whether the package nut-web-cgi is selected.
nut-web-cgi is also added to PKG_CONFIG_DEPENDS.
Resolves: #10641
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
cdd660a41dbfb87c9a253a7ebf856d7b733b752f)
Hannu Nyman [Sun, 19 Jan 2020 20:49:31 +0000 (22:49 +0200)]
Merge pull request #11063 from EricLuehrsen/openwrt-19.07-unbound
[openwrt-19.07] unbound: improve dependencies for okpg
Eric Luehrsen [Sat, 18 Jan 2020 02:42:40 +0000 (21:42 -0500)]
unbound: improve dependencies for okpg
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
cherry pick
6505154a7450fe871396a4a05bcd2423f0f8aafb
Rosen Penev [Sun, 19 Jan 2020 20:17:06 +0000 (12:17 -0800)]
Merge pull request #11061 from cotequeiroz/afalg_1.1.0-19.07
[19.07] afalg_engine: bump to v1.1.0
Eneas U de Queiroz [Sun, 19 Jan 2020 18:55:37 +0000 (15:55 -0300)]
afalg_engine: bump to v1.1.0
This version is up to 20% faster than 1.0.1.
Build without cryptouser information, which is not available in 19.07.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Josef Schlehofer [Sat, 11 Jan 2020 22:11:02 +0000 (23:11 +0100)]
btrfs-progs: update to version 5.4.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c864563372d45c6040366d4f39447e6c8a5e6aab)
Josef Schlehofer [Thu, 16 Jan 2020 11:45:15 +0000 (12:45 +0100)]
libseccomp: add seccomp-syscalls.h to InstallDev
In the version 2.4.2, there was introduced a new header file.
Ship it to InstallDev
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hannu Nyman [Sat, 18 Jan 2020 22:08:39 +0000 (00:08 +0200)]
Merge pull request #11051 from wvdakker/openwrt-19.07
[Openwrt 19.07] Shorewall: Bump to 5.2.3.5
W. van den Akker [Sat, 18 Jan 2020 21:25:26 +0000 (22:25 +0100)]
Shorewall6-lite: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:23:30 +0000 (22:23 +0100)]
Shorewall6: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:22:12 +0000 (22:22 +0100)]
Shorewall: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:21:10 +0000 (22:21 +0100)]
Shorewall-lite: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:20:18 +0000 (22:20 +0100)]
Shorewall-core: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
Eneas U de Queiroz [Thu, 16 Jan 2020 18:21:21 +0000 (15:21 -0300)]
afalg_engine: fix ENGINES location, zero-copy
Use a fixed ENGINES_DIR location, instead of trying to read it from the
openssl Makefile.
It also fixes the zero-copy config option not being passed down to the
cmake options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from
6a5f7920e96ca8718129041c048d638c62e65959)
Eneas U de Queiroz [Fri, 1 Nov 2019 03:00:27 +0000 (00:00 -0300)]
afalg_engine: add new package
This is an alternate AF_ALG engine for openssl, based on the devcrypto
engine, but using the AF_ALG interface instead of /dev/crypto.
It is different than the AF_ALG engine that ships with OpenSSL:
- it uses sync calls, instead of async
- it suports more algorithms
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
0e0bd6da4b1a658165e4985ee00822f4eeabe5f6)
Stijn Tintel [Thu, 16 Jan 2020 21:28:55 +0000 (23:28 +0200)]
strongswan: bump to 5.8.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Paul Fertser [Thu, 21 Nov 2019 17:26:46 +0000 (20:26 +0300)]
strongswan: allow to specify per-connection reqid with UCI
This is useful to assign all traffic to a fw3 zone, e.g.:
/etc/config/ipsec:
config remote 'test'
list tunnel 'dev'
...
config 'tunnel' 'dev'
option reqid '33'
...
/etc/config/firewall:
config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...
config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019,
8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 15 Sep 2019 14:46:15 +0000 (17:46 +0300)]
strongswan: bump to 5.8.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jan Pavlinec [Thu, 16 Jan 2020 14:47:08 +0000 (15:47 +0100)]
libarchive: update to version 3.4.1 (security fix)
Fixes CVE-2019-19221
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from
df634dcc926650de22248b89620c649c0fef7602)
Eneas U de Queiroz [Fri, 6 Dec 2019 20:26:40 +0000 (17:26 -0300)]
oniguruma: bump to version 6.9.4
This version adds a new RegSet API, and fixes the following:
- CVE-2019-19012
- CVE-2019-19203
- CVE-2019-19204
- CVE-2019-19246
- some problems (found by libFuzzer test)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from
94895ec81838c02b8aa4bbc1d4af45ff2e01f004)
Stan Grishin [Thu, 16 Jan 2020 17:51:55 +0000 (10:51 -0700)]
vpn-policy-routing: bugfix: remove conflict with vpnbypass
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit
05603822d3b5ad3644db65a5d48983ca2b6f52fc)
Rosen Penev [Tue, 14 Jan 2020 20:11:06 +0000 (12:11 -0800)]
Merge pull request #11021 from jefferyto/golang-updates-openwrt-19.07
[openwrt-19.07] golang: Updates
Jeffery To [Tue, 14 Jan 2020 17:26:40 +0000 (01:26 +0800)]
golang: Update to 1.13.6
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 14 Jan 2020 16:58:28 +0000 (00:58 +0800)]
golang: Fix selection of GOARM value
This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.
Fixes #10967.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Josef Schlehofer [Sun, 12 Jan 2020 11:28:37 +0000 (12:28 +0100)]
libseccomp: update to version 2.4.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Sat, 11 Jan 2020 22:14:45 +0000 (23:14 +0100)]
django: update to version 1.11.27
Fixes: CVE-2019-19844
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Eric Luehrsen [Sat, 11 Jan 2020 19:13:56 +0000 (14:13 -0500)]
unbound: fix TLS forwards with optional suffix
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit
b101dd76fb4fd29cea53dbdabe7f302bdb48dca3)
Jan Pavlinec [Thu, 9 Jan 2020 00:22:26 +0000 (01:22 +0100)]
measurement-kit: update to version 0.10.8
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
744e2dd19d2a9cbd0dee6a88c19743429b8aec21)
projects / feed / packages.git / log