Josef Schlehofer [Sat, 11 Jan 2020 22:14:45 +0000 (23:14 +0100)]
django: update to version 1.11.27
Fixes: CVE-2019-19844
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Jan Pavlinec [Thu, 9 Jan 2020 00:22:26 +0000 (01:22 +0100)]
measurement-kit: update to version 0.10.8
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
744e2dd19d2a9cbd0dee6a88c19743429b8aec21)
Jan Pavlinec [Fri, 29 Nov 2019 10:48:01 +0000 (11:48 +0100)]
measurement-kit: update package
Changes:
-add InstallDev section
-remove uclibc patch (issue fixed in upstream)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
df853b2d202d6bb1ecbfce8b7c72513db3b5a36c)
Jan Pavlinec [Wed, 25 Sep 2019 10:34:30 +0000 (12:34 +0200)]
measurement-kit: update to version 0.10.6
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
2949906ec47470cd49f0a1d2f35305c4998e7711)
Rosen Penev [Sat, 11 Jan 2020 02:18:59 +0000 (18:18 -0800)]
smbd: Update to 3.0.2
Fixes a nasty stack corruption issue and a big endian fix.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
232a271f4081ffa8bcfc591558eccab24500c526)
Rosen Penev [Sat, 11 Jan 2020 02:07:42 +0000 (18:07 -0800)]
transmission: Sync with master
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alexandru Ardelean [Tue, 10 Sep 2019 16:51:03 +0000 (19:51 +0300)]
python,python3: split python[3]-pkg-resources from setuptools
This package is required by other packages to run some binaries via
`load_entry_point`.
So, this splits this package away from setuptools.
setuptools is pretty big, akd pkg-resources is also big, but not as big.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ed0e77f3c385770065bf6ec6ed7c3bbbb6deb395)
Reference to discussion at
https://github.com/openwrt/packages/commit/
c61579b564a3877235d74684b1a75915d77e42a9#commitcomment-
36665837
Adjusted python PKG_RELEASE items to current situation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Yousong Zhou [Wed, 8 Jan 2020 05:03:19 +0000 (13:03 +0800)]
openvswitch: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 04:58:54 +0000 (12:58 +0800)]
openvswitch: backport patch to fix compilation
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 04:03:06 +0000 (12:03 +0800)]
openvswitch: fix building failure caused by dst_ops api change
Ref: https://github.com/openwrt/packages/issues/10961
Reported-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 03:57:10 +0000 (11:57 +0800)]
openvswitch: bump to version 2.11.1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Rosen Penev [Mon, 6 Jan 2020 01:15:37 +0000 (17:15 -0800)]
Merge pull request #10920 from Rixerx/openwrt-19.07
[19.07] zabbix: update to 4.0.16
Rosen Penev [Sun, 5 Jan 2020 23:38:13 +0000 (15:38 -0800)]
Merge pull request #10881 from mstorchak/stubby-19.07
[19.07] stubby: switch to ca-bundle
Sebastian Kemper [Mon, 14 Oct 2019 20:01:01 +0000 (22:01 +0200)]
sqlite3: bump to version 3.30.1
Fixes CVE-2019-16168
In other news:
- adds ABI_VERSION
- prefers INSTALL_DATA over CP
- removes gratuitous trailing slashes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from commit
33fecfefec690e7593dac3959ca5302c73dd8e3f)
Sebastian Kemper [Fri, 19 Jul 2019 19:21:08 +0000 (21:21 +0200)]
sqlite3: bump to 3.29.0
Fixes CVE-2019-5018
Also drops upstreamed patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
2f7fbde7d6e6297dae1e35df64a3b6af456536a9)
DENG Qingfang [Wed, 14 Aug 2019 18:42:24 +0000 (02:42 +0800)]
nginx: update to 1.16.1
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
5ffc744018a3a36a059ccb91c8ee17c51c93eb0c)
Jan Pavlinec [Mon, 30 Dec 2019 12:23:05 +0000 (13:23 +0100)]
tor: add respawn to init script
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
5bce9c3e1d043e90fb31920e7a1ff5dbe1116124)
Jan Pavlinec [Tue, 17 Dec 2019 12:44:29 +0000 (13:44 +0100)]
tor: update to version 0.4.2.5
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
a339e0ede37de1dbbb15240d6d6907b063b9866c)
Josef Schlehofer [Sat, 4 Jan 2020 19:50:31 +0000 (20:50 +0100)]
youtube-dl: update to version 2020.1.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Sat, 4 Jan 2020 00:32:02 +0000 (16:32 -0800)]
Merge pull request #10940 from Andy2244/samba-4.11.4-(19.07)
[19.07] samba4: update to 4.11.4 (python3 version), add rpcsvc-proto, add libasn1 host build
Rosen Penev [Sat, 4 Jan 2020 00:15:54 +0000 (16:15 -0800)]
Merge pull request #10938 from Andy2244/smbd-rename-3.0.1-(19.07)
[19.07] smbd: rename from cifsd, update to 3.0.1
Rosen Penev [Sat, 4 Jan 2020 00:09:13 +0000 (16:09 -0800)]
Merge pull request #10939 from Andy2244/wsdd2-init-update-(19.07)
[19.07] wsdd2: update to git (2019-12-15), bind to 'lan' only, update init for smbd
Rosen Penev [Sat, 4 Jan 2020 00:08:32 +0000 (16:08 -0800)]
Merge pull request #10937 from Andy2244/libtirpc-1.2.5-(19.07)
[19.07] libtirpc: update to 1.2.5
Andy Walsh [Sat, 4 Jan 2020 00:08:11 +0000 (01:08 +0100)]
samba4: update to 4.11.4 (python3 version), add rpcsvc-proto, add libasn1 host build
* update to 4.11.4 (python3 version)
* re-enable AD-DC option
* add 'samba_nice' UCI option via "config procd 'extra'"
* restructure buildsteps (don't rely on waf --targets logic)
* move quota option into VFS
* move ACL option into AC-DC
* add more admin-tools
* use rpath_install for libs
* fix rpath + rstrip
extra:
* add rpcsvc-proto package _(don't rely on nfs-utils/host for headers, rpcgen anymore)_
* add libasn1 host build _(samba4 is looking for the bins)_
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 4 Jan 2020 00:01:43 +0000 (01:01 +0100)]
wsdd2: update to git (2019-12-15), bind to 'lan' only, update init for smbd
* update to git (2019-12-15)
* bind to 'lan' interface only
* update init for renamed cifsd->smbd
* make smbd/samba compatible _(avoid testparm dependency)_
* only start if needed
* add meta data _(vendor, model, sku)_
* update smb.conf procd location
* lower restart delay
* remove outdated patch
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Fri, 3 Jan 2020 23:55:40 +0000 (00:55 +0100)]
smbd: rename from cifsd, update to 3.0.1
* follow upstream rename to 'smbd' and 'smbd-tools'
* config is '/config/smbd' and '/etc/smbd/smb.conf'
* smbd: update to 3.0.1
* smbd: fixes delete access on readonly shares
* smbd: add patch to keep version metadata in kmod
* smbd: remove synchrous kill_server patches
* smbd-tools: update to 3.0.1
* smbd-tools: userspace service is now 'usmbd'
* smbd-tools: userspace tools are: 'smbuseradd', 'smbshareadd' with /etc/smbd/smbdpwd.db
* smbd-tools: split package into server/utils (reduce size)
* smbd-tools: fix init (luci save&apply)
* smbd-tools: remove kill_server related timeouts
* smbd-tools: add low memory options to template, to prevent oom
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Fri, 3 Jan 2020 23:48:23 +0000 (00:48 +0100)]
libtirpc: update to 1.2.5
* update to 1.2.5
* remove upstream merged patches
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Krystian Kozak [Wed, 1 Jan 2020 10:19:49 +0000 (11:19 +0100)]
zabbix: update to 4.0.16
Updated to 4.0.16 LTS version.
Compile tested: Yes, x86_64
Run tested: Yes, x86_64
Signed-off-by: Krystian Kozak <krystian.kozak20@gmail.com>
Hannu Nyman [Tue, 31 Dec 2019 15:23:20 +0000 (17:23 +0200)]
Merge pull request #10903 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: initial release
Josef Schlehofer [Tue, 31 Dec 2019 02:06:29 +0000 (03:06 +0100)]
youtube-dl: update to version 2019.12.25
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Mon, 30 Dec 2019 14:40:38 +0000 (07:40 -0700)]
vpn-policy-routing: initial release
Signed-off-by: Stan Grishin <stangri@melmac.net>
Hannu Nyman [Sun, 29 Dec 2019 13:18:27 +0000 (15:18 +0200)]
nano: update to 4.7
Update nano to version 4.7
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
c62f8962ba3cf4e044941e372a155a97e5438ebd)
Rosen Penev [Sun, 29 Dec 2019 12:36:16 +0000 (04:36 -0800)]
Merge pull request #10897 from jefferyto/golang-format-ldflags-openwrt-19.07
[openwrt-19.07] golang: Format TARGET_LDFLAGS for gcc
Jeffery To [Sun, 29 Dec 2019 10:43:01 +0000 (18:43 +0800)]
golang: Format TARGET_LDFLAGS for gcc
go invokes the external linker by calling gcc, so -zxxx options in
TARGET_LDFLAGS (in golang-package.mk) need to be formatted as -Wl,z,xxx.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
dbd6f224c38367fb3a26b1ed0b76dd5e284a98a7)
Hannu Nyman [Sat, 28 Dec 2019 21:52:37 +0000 (23:52 +0200)]
Merge pull request #10892 from cshoredaniel/pr-19.07-radicale2-doc-passlib-bcrypt
[19.07] radicale2: Document suggested use of passlib and bcrypt
Hannu Nyman [Sat, 28 Dec 2019 21:51:39 +0000 (23:51 +0200)]
Merge pull request #10893 from cshoredaniel/pr-19.07-update-passlib-1-7-2
[19.07] passlib: Update passlib to 1.7.2
Daniel F. Dickinson [Fri, 27 Dec 2019 20:00:06 +0000 (15:00 -0500)]
radicale2: Document suggested use of passlib and bcrypt
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Rosen Penev [Sat, 28 Dec 2019 19:39:29 +0000 (11:39 -0800)]
Merge pull request #10888 from mwarning/zerotier
zerotier: backport from master
Moritz Warning [Mon, 16 Sep 2019 23:37:24 +0000 (01:37 +0200)]
zerotier: update to 1.4.6
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Sun, 8 Sep 2019 15:18:47 +0000 (17:18 +0200)]
zerotier: make sure the /var/lib exists
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Sun, 8 Sep 2019 15:17:55 +0000 (17:17 +0200)]
zerotier: change license to BSL 1.1
Business Source License.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Mon, 2 Sep 2019 01:48:44 +0000 (03:48 +0200)]
zerotier: update to release 1.4.4
Also allow path to local.conf to be set and enable linker optimisations
to save a few bytes.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Tue, 13 Aug 2019 14:58:48 +0000 (16:58 +0200)]
zerotier: udpate to 1.4.2
Signed-off-by: Moritz Warning <moritzwarning@web.de>
DENG Qingfang [Thu, 8 Aug 2019 09:05:25 +0000 (17:05 +0800)]
zerotier: fix linking to libnatpmp and build with uclibc
Makefile always checks the existence of host's NAT-PMP header,
which results in internal NAT-PMP code being used if it's missing.
Add a patch to make it check targets' header instead.
Use aligned_alloc() instead of valloc() in case of uclibc.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Moritz Warning [Sat, 3 Aug 2019 19:42:58 +0000 (21:42 +0200)]
zerotier: update to zerotier 1.4.0
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Thu, 4 Jul 2019 13:52:09 +0000 (15:52 +0200)]
zerotier: keep configuration file on update
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Daniel F. Dickinson [Fri, 27 Dec 2019 19:06:30 +0000 (14:06 -0500)]
passlib: Update passlib to 1.7.2
Relevant bits of upstream changelog
New Features
argon2: Support more hashes
scrypt: Now uses python 3.6 stdlib’s hashlib.scrypt() as backend, if present (issue 86).
Bugfixes
Python 3.8 compatibility fixes
passlib.apache.HtpasswdFile: improve compatibility with Apache 2.4's htpasswd
passlib.totp: fix some compatibility issues with older TOTP clients (issue 92)
Fixed error in argon2.parsehash() (issue 97)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Maxim Storchak [Tue, 10 Dec 2019 12:39:20 +0000 (14:39 +0200)]
stubby: switch to ca-bundle in 19.07
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Rosen Penev [Thu, 26 Dec 2019 21:53:13 +0000 (13:53 -0800)]
Merge pull request #10875 from jefferyto/golang-ldflags-fix-openwrt-19.07
[openwrt-19.07] golang: Fix ldflags when GO_PKG_LDFLAGS is set
Jeffery To [Thu, 26 Dec 2019 12:53:40 +0000 (20:53 +0800)]
golang: Fix ldflags when GO_PKG_LDFLAGS is set
go build/install supports multiple -ldflags arguments, but they are not
combined; for each package, the latest match on the command line is
used.[1]
Previously, the main executable would not be affected by the default
ldflags if GO_PKG_LDFLAGS or GO_PKG_LDFLAGS_X were set. (The default
ldflags instructs go to use the external linker.)
This fixes golang-package.mk so that the default ldflags take effect in
all cases.
[1]: https://golang.org/cmd/go/#hdr-Compile_packages_and_dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
4827bc7509f221a2a3585ba99ef9d7c331356db2)
Rosen Penev [Tue, 24 Dec 2019 01:57:39 +0000 (17:57 -0800)]
Merge pull request #10865 from nxhack/libuv_1_32_0
[openwrt-19.07] libuv: update to 1.32.0
Hirokazu MORIKAWA [Tue, 24 Dec 2019 01:48:32 +0000 (10:48 +0900)]
libuv: update to 1.32.0
[openwrt-19.07] libuv: update to 1.32.0
update to 1.32.0
Update is required to build the latest node.js v12.x.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Rosen Penev [Mon, 23 Dec 2019 05:43:53 +0000 (21:43 -0800)]
Merge pull request #10762 from leonghui/wiki-link-update-19.07
[19.07] treewide: replace old wiki links
Hannu Nyman [Sun, 22 Dec 2019 12:18:25 +0000 (14:18 +0200)]
Merge pull request #10862 from gladiac1337/haproxy-2.0.12-openwrt-19.07
[openwrt-19.07] haproxy: Update HAProxy to v2.0.12
Christian Lachner [Sun, 22 Dec 2019 09:18:07 +0000 (10:18 +0100)]
haproxy: Update HAProxy to v2.0.12
- Update haproxy download URL and hash
- Remove @neheb's obsolete-ssl patch as it was upstreamed, see:
(http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=
6445d988ec8def9d0f80de0eda9c5763d39facc1)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Eric Luehrsen [Wed, 18 Dec 2019 05:06:26 +0000 (00:06 -0500)]
unbound: update to 1.9.6
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit
173f2d6c9fd5f24777240ac35e2c3049a10a6b39)
Josef Schlehofer [Sun, 8 Dec 2019 23:56:49 +0000 (00:56 +0100)]
dnscrypt-proxy2: Update to version 2.0.34
Repository was renamed to github.com/DNSCrypt/dnscrypt-proxy
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
cddf39cbd162ca766568f4755721ab4b5e491546)
DENG Qingfang [Tue, 10 Dec 2019 12:04:47 +0000 (20:04 +0800)]
mtr: update to 0.93
Update mtr to 0.93
Add size optimization options
ath79 ipk size: 31.9k -> 31.4k
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
ad5615737ac6cfc6078d3b905cbfbc9e746e0ebe)
Jan Hak [Mon, 16 Dec 2019 12:56:39 +0000 (13:56 +0100)]
knot: update to version 2.9.2
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
ca729cd43c4c498be5f173afee978836fbadea7b)
Josef Schlehofer [Sun, 15 Dec 2019 23:21:35 +0000 (00:21 +0100)]
meson: Update to version 0.52.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ce027362c4d0459e715938d1d07891dd9dc5246b)
Jan Pavlinec [Wed, 18 Dec 2019 10:57:53 +0000 (11:57 +0100)]
lmdb: use toolchain AR for compilation
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
7c82793719765985f8d273d2d98308b7b2b0c78b)
Karel Kočí [Mon, 13 May 2019 11:38:04 +0000 (13:38 +0200)]
shadow: change default encryption method from DES to SHA512
Busybox in default uses SHA512 as well.
On big ditribution this default is sourced from PAM. That means that
shadow reads pam settings and uses that. OpenWrt in most cases does not
have PAM installed and in such case shadow fallbacks to its own default
which is DES. This just changes that default to SHA512 which is
consistent with rest of the system.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit
f27ce05a5859a6cea24eb290e27ed904a67fe2e5)
Josef Schlehofer [Wed, 18 Dec 2019 21:05:33 +0000 (22:05 +0100)]
netdata: Update to version 1.19.0
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
dbf7b965b705ce4e28c264abf06fc9669c9aca72)
Josef Schlehofer [Wed, 18 Dec 2019 20:44:34 +0000 (21:44 +0100)]
syslog-ng: Update to version 3.25.1
Bump version in config
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ac4870f2053ae0c1c87a6205ed145717314c1992)
Josef Schlehofer [Wed, 18 Dec 2019 21:46:02 +0000 (22:46 +0100)]
btrfs-progs: Update to version 5.4
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
101791a236c8879a06076c617349cc1aad6c6fb3)
Hannu Nyman [Sat, 21 Dec 2019 18:07:36 +0000 (20:07 +0200)]
Merge pull request #10856 from BKPepe/python3-19.07
[OpenWrt 19.07] python3: Updated to version 3.7.6
Rosen Penev [Sat, 21 Dec 2019 15:03:10 +0000 (07:03 -0800)]
Merge pull request #10852 from gekmihesg/19.07-restic-rest-server
[19.07] restic-rest-server: add package
Rosen Penev [Sat, 21 Dec 2019 15:02:43 +0000 (07:02 -0800)]
Merge pull request #10853 from gekmihesg/19.07-restic
[19.07] restic: add package
Josef Schlehofer [Sat, 21 Dec 2019 13:29:16 +0000 (14:29 +0100)]
python3: Updated to version 3.7.6
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Markus Weippert [Wed, 18 Dec 2019 17:43:35 +0000 (18:43 +0100)]
restic: add package
Signed-off-by: Markus Weippert <markus@gekmihesg.de>
Markus Weippert [Wed, 18 Dec 2019 17:42:56 +0000 (18:42 +0100)]
restic-rest-server: add package
Signed-off-by: Markus Weippert <markus@gekmihesg.de>
Rosen Penev [Thu, 19 Dec 2019 21:29:41 +0000 (13:29 -0800)]
icu: Backport C++11 math patch
Fixes compilation with uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
93d049951d6efbdec48a1f52cf1781f27063c528)
Rosen Penev [Thu, 19 Dec 2019 00:14:44 +0000 (16:14 -0800)]
Merge pull request #10753 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: switch to https-dns-proxy package name
Rosen Penev [Wed, 18 Dec 2019 23:56:21 +0000 (15:56 -0800)]
Merge pull request #10822 from cshoredaniel/pr-19.07-remove-msmtp-scripts
msmtp-scripts: [19.07] Remove as abandoning upstream; msmtp-queue works
Jan Pavlinec [Wed, 11 Dec 2019 11:44:19 +0000 (12:44 +0100)]
git: update to version 2.24.1 (security fix)
Fixes
CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351,
CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, and
CVE-2019-19604
And fix deprecated PKG_CPE_ID
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
06d36ca794ef4f67dd1a3be6ccb6ddc075437fd2)
Josef Schlehofer [Sun, 10 Nov 2019 16:42:28 +0000 (17:42 +0100)]
git: Update to version 2.24.0
Refresh patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
887b4e90e6ad42c3c474fdcc6c340c7dbec9984e)
Lucian Cristian [Mon, 9 Dec 2019 21:50:16 +0000 (23:50 +0200)]
nspr: update to 4.24
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
07f62dbe4661ff572434e415fff56342ac796820)
Lucian Cristian [Thu, 24 Oct 2019 10:48:40 +0000 (13:48 +0300)]
nspr: update to 4.23
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
d9bb633a4960e2dad7a9e75c365174e7cf26bb6b)
Lucian Cristian [Wed, 28 Aug 2019 13:39:23 +0000 (16:39 +0300)]
nspr: update to 4.22
drop upstreamed patches
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
af9209fb3199de995d0dcfbaa97189089698c696)
Lucian Cristian [Mon, 9 Dec 2019 22:29:35 +0000 (00:29 +0200)]
nss: update to 3.48
also package libnssckbi.so
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
4ad6e14ac8242708debea676fd6cd726d174a34b)
Lucian Cristian [Sun, 1 Dec 2019 10:48:18 +0000 (12:48 +0200)]
nss: update to 3.47.1 and fix xscale
also refresh patches
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
3bacf6e9cb8cadac7d76f773096ee69512abd36b)
Lucian Cristian [Thu, 24 Oct 2019 10:50:52 +0000 (13:50 +0300)]
nss: update to 3.47
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
801389374540120a2a86a230cece8e36ea2d9be5)
Lucian Cristian [Thu, 10 Oct 2019 16:06:15 +0000 (19:06 +0300)]
nss: update to 3.46.1
and clean some comments
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
4da3baea35dc41d1d04a58f38d83abd75f35cdde)
Lucian Cristian [Fri, 6 Sep 2019 15:53:15 +0000 (18:53 +0300)]
nss: update to 3.46
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
257351976f2997475b15178939a5c78e93e45fc3)
Rosen Penev [Fri, 19 Jul 2019 07:34:09 +0000 (00:34 -0700)]
nss: Replace usleep with nanosleep
usleep is deprecated and is optionally not available with uClibc-ng.
Added PKG_LICENSE_FILES.
Added PKG_CPE_ID for proper CVE tracking.
Other minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
1f1cec28b79d1bf2702f2db1917c1622d99db926)
Lucian Cristian [Sun, 14 Jul 2019 19:56:38 +0000 (22:56 +0300)]
nss: update to 3.45
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
80c7a5c119af80fff2e6bb33aac8e4c3d1c9c5cc)
Lucian Cristian [Thu, 27 Jun 2019 14:20:57 +0000 (17:20 +0300)]
nss: update to 3.44.1
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
9a4dae73b497b9ddfc57fcc04dab544912016170)
Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 20:24:45 +0000 (21:24 +0100)]
vpnc-script: bumped release version
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Michael Heimpold [Wed, 18 Dec 2019 19:57:14 +0000 (20:57 +0100)]
php7: update to 7.2.26
This fixes:
- CVE-2019-11046
- CVE-2019-11044
- CVE-2019-11045
- CVE-2019-11050
- CVE-2019-11047
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
d5c18b1d5e7171a23e17ec9fd3604f794a336f1e)
Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 20:21:37 +0000 (21:21 +0100)]
vpnc-script: enable reconnect
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Jo-Philipp Wich [Wed, 18 Dec 2019 08:32:38 +0000 (09:32 +0100)]
cgi-io: close pipe descriptors early
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
dde503da13d5d0541187e81eda15e7693f38cb4f)
Jo-Philipp Wich [Fri, 13 Dec 2019 08:08:51 +0000 (09:08 +0100)]
cgi-io: implement exec action
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
b2a890f6adb9014a6db38c0b4231c42598a8512d)
Daniel F. Dickinson [Wed, 18 Dec 2019 12:33:53 +0000 (07:33 -0500)]
msmtp-scripts: Remove as abandoning upstream; msmtp-queue works
I am upstream for msmtp-scripts and have decided to abandon the project. Therefore
remove msmtp-scripts from OpenWrt -- there is already msmtp-queue which is 'good enough'
for the use cases where msmtp-scripts had any relevance.
This backports to 19.07 so that it doesn't become something folks are depending on.
Due to changes in lock behaviour it never worked in 18.04.x, so ditching it now
keeps it from being picked up again by the userbase.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Stan Grishin [Tue, 10 Dec 2019 22:48:56 +0000 (15:48 -0700)]
https-dns-proxy: switch to https-dns-proxy package name
Signed-off-by: Stan Grishin <stangri@melmac.net>
Michael Heimpold [Tue, 17 Dec 2019 19:31:53 +0000 (20:31 +0100)]
Merge pull request #10809 from etactica/mb-1907
[19.07] libmodbus update to 3.1.6
Michael Heimpold [Sun, 15 Sep 2019 09:09:48 +0000 (11:09 +0200)]
libmodbus: update to 3.1.6
Also fix the license information: in older versions the test programs
were GPL 3 licensed, but meanwhile it changed to BSD license.
But since this package only packages the library itself, we can
safely focus only on the LGPL here which covers the library itself.
While at, fix a minor nitpick during library symlink installation.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jan Pavlinec [Mon, 16 Dec 2019 17:37:08 +0000 (19:37 +0200)]
tor: update to 0.4.1.6
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
390da39191736111516848af9687749f55cedb24)
Jan Pavlinec [Fri, 23 Aug 2019 12:23:11 +0000 (14:23 +0200)]
tor: update to version 0.4.1.5
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
1ac69ffc594fc8e3692ceb63a2013f909033307c)
Rosen Penev [Mon, 16 Dec 2019 15:53:20 +0000 (07:53 -0800)]
Merge pull request #10801 from gladiac1337/haproxy-2.0.11-openwrt-19.07
[openwrt-19.07] haproxy: Update HAProxy to v2.0.11
Christian Lachner [Sun, 15 Dec 2019 12:47:37 +0000 (13:47 +0100)]
haproxy: Update HAProxy to v2.0.11
- Update haproxy download URL and hash
- Remove obsolete patches
Signed-off-by: Christian Lachner <gladiac@gmail.com>