feed/packages.git
2 years agoMerge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07
Josef Schlehofer [Wed, 23 Mar 2022 08:11:02 +0000 (09:11 +0100)]
Merge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.13, refresh patches

2 years agopython3: Update to 3.7.13, refresh patches 18127/head
Jeffery To [Mon, 21 Mar 2022 18:16:36 +0000 (02:16 +0800)]
python3: Update to 3.7.13, refresh patches

Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
  CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agobind: bump to 9.16.27
Noah Meyerhans [Fri, 18 Mar 2022 17:11:08 +0000 (10:11 -0700)]
bind: bump to 9.16.27

Fixes security issues:

 * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.

 * CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2 years agosyslog-ng: update to version 3.36.1
Josef Schlehofer [Thu, 10 Mar 2022 15:19:19 +0000 (16:19 +0100)]
syslog-ng: update to version 3.36.1

- Bump version in config file

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.36.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 110d46eb370b9ea5962944386fb06c2abd1d50f1)

2 years agoexpat: import patches for CVEs
Michal Vasilek [Wed, 23 Feb 2022 20:34:58 +0000 (21:34 +0100)]
expat: import patches for CVEs

* import patches for CVEs from alpine 3.13

CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990
CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 584c0c43782bf173c29e7406756335c11b6f73e6)

2 years agoexpat: update to 2.2.10
Rosen Penev [Thu, 8 Oct 2020 00:35:52 +0000 (17:35 -0700)]
expat: update to 2.2.10

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c69160e6aea07da47a202418cd1b5195875f6694)

2 years agohtpdate: drop www.freebsd.org from default server list
Jo-Philipp Wich [Tue, 22 Feb 2022 22:28:55 +0000 (23:28 +0100)]
htpdate: drop freebsd.org from default server list

The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.

Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e8713180026e0cf1c9d1421e3b664fee3fa4df12)

2 years agonano: update to 6.2
Hannu Nyman [Tue, 22 Feb 2022 17:21:01 +0000 (19:21 +0200)]
nano: update to 6.2

Update nano to 6.2.
Remove inactive second maintainer.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3f14c51149ff0c3604baf130987ee2bf5203edb)
[removed AUTORELEASE]

2 years agonano: update to 6.1
Hannu Nyman [Wed, 9 Feb 2022 16:26:49 +0000 (18:26 +0200)]
nano: update to 6.1

Update nano to version 6.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 717efb8c9622cc73bc8ab1c4ac2e67252b9c4401)
[removed aurorelease]

2 years agoruby: update to 2.6.9
Michal Vasilek [Fri, 4 Feb 2022 13:52:11 +0000 (14:52 +0100)]
ruby: update to 2.6.9

* fixes CVE-2021-41817 and CVE-2021-41819

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoMerge pull request #17778 from turris-cz/bind-19.07
Josef Schlehofer [Wed, 2 Feb 2022 20:19:21 +0000 (21:19 +0100)]
Merge pull request #17778 from turris-cz/bind-19.07

bind: update to version 9.16.25

2 years agobind: update to version 9.16.25 17778/head
Josef Schlehofer [Wed, 2 Feb 2022 17:17:27 +0000 (18:17 +0100)]
bind: update to version 9.16.25

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoCI: fix runtime testing for non master branch
Paul Spooren [Thu, 13 Jan 2022 23:55:36 +0000 (00:55 +0100)]
CI: fix runtime testing for non master branch

The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit f535d770901674d7d9f3d8cd9abe566d9db63ebe)

2 years agoMerge pull request #17756 from BKPepe/nss-cve-2021-43527
Josef Schlehofer [Wed, 2 Feb 2022 17:23:45 +0000 (18:23 +0100)]
Merge pull request #17756 from BKPepe/nss-cve-2021-43527

nss: backport patch for CVE-2021-43527

2 years agonano: Add a plus variant with more features
Hannu Nyman [Tue, 1 Feb 2022 21:44:21 +0000 (23:44 +0200)]
nano: Add a plus variant with more features

Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.

Add a new nano-plus variant that enables selected additional
features in the build config:
 * multiple files (multibuffer)
 * Unicode/utf8
 * justify
 * .nanorc support
 * help
 * also some key bindings get enabled as "tiny" configure option
   is removed.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d81af3c549406d5f42080ed58be9b9b0)

2 years agonss: backport patch for CVE-2021-43527 17756/head
Josef Schlehofer [Mon, 31 Jan 2022 10:45:37 +0000 (11:45 +0100)]
nss: backport patch for CVE-2021-43527

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoprosody: update to version 0.11.13
Josef Schlehofer [Fri, 28 Jan 2022 14:48:47 +0000 (15:48 +0100)]
prosody: update to version 0.11.13

Fixes CVEs:
- CVE-2022-0217
- CVE-2021-37601
- CVE-2021-32918
- CVE-2021-32920
- CVE-2021-32921
- CVE-2021-32917
- CVE-2021-32919

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit dcedbe802744102b215835f1dd53bc2bb5756807)

2 years agoprosody: fix shellcheck warnings
Rosen Penev [Thu, 15 Oct 2020 03:07:58 +0000 (20:07 -0700)]
prosody: fix shellcheck warnings

Remove paxctl stuff. pax is not packaged in OpenWrt.

Add reload support.

Install lua cfg file as 644. It's needed to be readable as prosody user

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eb46e231cd2a1fb816f06cf7d630adc864296abc)

2 years agoprosody: update to 0.11.7
Rosen Penev [Thu, 15 Oct 2020 02:40:00 +0000 (19:40 -0700)]
prosody: update to 0.11.7

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68a3a06e98c234069afaffbc59bcc169e9205e93)

2 years agoprosody: update to 0.11.5
Vieno Hakkerinen [Tue, 21 Apr 2020 03:57:56 +0000 (05:57 +0200)]
prosody: update to 0.11.5

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
(cherry picked from commit bc500293e37b806e6b880ede492c0c9b9f42268d)

2 years agoprosody: /etc/prosody permissions fix
Sergio E. Nemirowski [Mon, 30 Mar 2020 12:20:21 +0000 (15:20 +0300)]
prosody: /etc/prosody permissions fix

Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
(cherry picked from commit 838306cb37aaede5c0db61559166b06737bf5c6b)

2 years agoprosody: Update to 0.11.3
Rosen Penev [Wed, 4 Dec 2019 18:39:58 +0000 (10:39 -0800)]
prosody: Update to 0.11.3

Several Makefile rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 73d29b9fd7b4abf4276b261fd113af2a1dcc4e2a)

2 years agotvheadend: fix conffiles section
Josef Schlehofer [Mon, 24 Jan 2022 22:04:13 +0000 (23:04 +0100)]
tvheadend: fix conffiles section

The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`

It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 752d1ffc28971b9b641162498a877750fa687bbd)

2 years agodomoticz: backport patch to fix compilation with uClibc-ng
Josef Schlehofer [Thu, 6 Jan 2022 15:56:58 +0000 (16:56 +0100)]
domoticz: backport patch to fix compilation with uClibc-ng

This helps to compile domoticz on arc target.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agodomoticz: bump to 4.10717
Stijn Tintel [Thu, 26 Sep 2019 22:35:14 +0000 (01:35 +0300)]
domoticz: bump to 4.10717

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 7e50722145943e36bb687bc7462f8e483c8652b6)

2 years agodomoticz: Fix compilation without deprecated OpenSSL APIs
Rosen Penev [Thu, 27 Jun 2019 07:28:25 +0000 (00:28 -0700)]
domoticz: Fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8c77bcc19f4283813cdbb99842bb1c330fadf124)

2 years agonetdata: Update init script to use -D rather than -nd
James White [Fri, 31 Dec 2021 16:45:25 +0000 (16:45 +0000)]
netdata: Update init script to use -D rather than -nd

The current init script is using the deprecated -nd flag. This updates netdata to be started with -D.

Signed-off-by: James White <james@jmwhite.co.uk>
(cherry picked from commit cf9d5a887031f245fbae6f8bcd3366078996f123)

2 years agoapache: security bump to 2.4.51
Sebastian Kemper [Sun, 24 Oct 2021 13:32:06 +0000 (15:32 +0200)]
apache: security bump to 2.4.51

Fixes (see [1] for details):

  CVE-2021-33193
  CVE-2021-41524
  CVE-2021-41773
  CVE-2021-42013

[1] https://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit da4b1ca8d65b788d85489cd3ca83d91b0fd72f0f)

2 years agohaveged: update to 1.9.17
Hannu Nyman [Sun, 9 Jan 2022 17:00:24 +0000 (19:00 +0200)]
haveged: update to 1.9.17

Update havged to version 1.9.17.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e065ccda94aff9ac39d0aeac0449e9cd2cecc703)
(Autorelease removed)

2 years agoMerge pull request #17476 from BKPepe/buildonly
Josef Schlehofer [Mon, 3 Jan 2022 18:58:33 +0000 (19:58 +0100)]
Merge pull request #17476 from BKPepe/buildonly

treewide: add missing BUILDONLY

2 years agotreewide: add missing BUILDONLY 17476/head
Rosen Penev [Tue, 13 Oct 2020 00:40:44 +0000 (17:40 -0700)]
treewide: add missing BUILDONLY

Fixes Makefile warnings:

WARNING: skipping X -- package has no install section

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5a7148d112113544611ee358a7d062cec85c1629)

2 years agozsh: drop bash syntax in postinst
Karel Kočí [Thu, 19 Dec 2019 09:32:25 +0000 (10:32 +0100)]
zsh: drop bash syntax in postinst

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit c09d6042fe3b58d7eb0fdc65fc9968c47d98aea1)

2 years agozsh: fix invalid postrm script and little refactor of scripts
Karel Kočí [Wed, 18 Dec 2019 08:57:23 +0000 (09:57 +0100)]
zsh: fix invalid postrm script and little refactor of scripts

The postrm script was missing shebang. Postrm scripts are packaged and
executed directly and not sourced by default script (as in case of prerm
and postinst).

Also move some indents around to not confuse reader. The section in
postinst was indented to same level as grep "condition" but is on same
level as initial grep (not part of that "condition").

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit d2d193d81885cd2351e3bd53f6f4cc8ec092e26d)

2 years agonano: update to version 6.0
Hannu Nyman [Thu, 16 Dec 2021 18:32:41 +0000 (20:32 +0200)]
nano: update to version 6.0

Update nano editor to version 6.0

Version 6.0 enable toggling the display of the line numbers with
the shortcut key M-N (Alt-n). Also the cmdline option "-l" works.
Remove earlier patch regarding that.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from commits 0571f54009023845d5 and ae7f62d63)

2 years agoMerge pull request #17250 from ynezz/ynezz/cares-fix-CVE-2021-3672
Petr Štetiar [Sun, 12 Dec 2021 11:11:24 +0000 (12:11 +0100)]
Merge pull request #17250 from ynezz/ynezz/cares-fix-CVE-2021-3672

[19.07] libs/c-ares: fix domain hijacking CVE-2021-3672

2 years agoMerge pull request #17267 from BKPepe/postgresql-update
Daniel Golle [Sun, 12 Dec 2021 11:06:51 +0000 (11:06 +0000)]
Merge pull request #17267 from BKPepe/postgresql-update

[19.07] postgresql: security update to version 11.14

2 years agomsmtp: update to version 1.8.1.9
Josef Schlehofer [Tue, 30 Nov 2021 23:32:56 +0000 (00:32 +0100)]
msmtp: update to version 1.8.1.9

Changelog:
https://marlam.de/msmtp/news/msmtp-1-8-19/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 173faad3340772e1b2194c618fb8c1f13f81b9a9)

2 years agopostgresql: security update to version 11.14 17267/head
Josef Schlehofer [Fri, 3 Dec 2021 23:59:43 +0000 (00:59 +0100)]
postgresql: security update to version 11.14

Patch 001-configure_fixes does not apply anymore.
Other patches were refreshed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolibs/c-ares: fix domain hijacking CVE-2021-3672 17250/head
Petr Štetiar [Thu, 2 Dec 2021 12:54:42 +0000 (13:54 +0100)]
libs/c-ares: fix domain hijacking CVE-2021-3672

Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).

I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.

1. https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch

Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agomsmtp: update to version 1.8.17
Josef Schlehofer [Sun, 17 Oct 2021 07:24:29 +0000 (09:24 +0200)]
msmtp: update to version 1.8.17

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 18261fcd313b073e36a5ba39eeaf0aef808a1694)

2 years agosyslog-ng: update to version 3.35.1
Josef Schlehofer [Tue, 16 Nov 2021 13:22:44 +0000 (14:22 +0100)]
syslog-ng: update to version 3.35.1

Also bump the version in syslog-ng config file.
Removes this warning:

Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2d2fd36e28a40a63b1bd16c77cce57d446d656cc)

2 years agoMerge pull request #17209 from peci1/patch-1
Florian Eckert [Tue, 30 Nov 2021 11:40:50 +0000 (12:40 +0100)]
Merge pull request #17209 from peci1/patch-1

ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

2 years agoicu: Fix memory bug w/ baseName
Hirokazu MORIKAWA [Sun, 28 Nov 2021 00:42:25 +0000 (09:42 +0900)]
icu: Fix memory bug w/ baseName

CVE-2021-30535 : Double free in ICU
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
https://security-tracker.debian.org/tracker/CVE-2021-30535

ICU-21587 : Fix memory bug w/ baseName
https://github.com/unicode-org/icu/pull/1698

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2 years agoddns-scripts: Fix wrong whitespace in preinst and postinst scripts 17209/head
Martin Pecka [Fri, 26 Nov 2021 07:34:12 +0000 (08:34 +0100)]
ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

Signed-off-by: Martin Pecka <peckama2@fel.cvut.cz>
3 years agobind: update to version 9.16.23
Josef Schlehofer [Thu, 18 Nov 2021 14:54:15 +0000 (15:54 +0100)]
bind: update to version 9.16.23

Changelog:
https://downloads.isc.org/isc/bind9/9.16.23/RELEASE-NOTES-bind-9.16.23.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoMerge pull request #17114 from paper42/cve-2019-19906-19
Josef Schlehofer [Sun, 14 Nov 2021 23:24:00 +0000 (00:24 +0100)]
Merge pull request #17114 from paper42/cve-2019-19906-19

[19.07] cyrus-sasl: patch CVE-2019-19906

3 years agocyrus-sasl: patch CVE-2019-19906 17114/head
Michal Vasilek [Fri, 12 Nov 2021 17:09:39 +0000 (18:09 +0100)]
cyrus-sasl: patch CVE-2019-19906

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit f7717bd382d4f03c6353beaaf198d29a34c8e6ab)

3 years agoMerge pull request #17110 from thg2k/pr/19_php72_ini_1
Michael Heimpold [Fri, 12 Nov 2021 06:39:46 +0000 (07:39 +0100)]
Merge pull request #17110 from thg2k/pr/19_php72_ini_1

[19.07] php7: Update and clean up distributed php7.ini

3 years agophp7: Clean up and update distributed php.ini for php 7.2.34 17110/head
Giovanni Giacobbi [Thu, 11 Nov 2021 09:29:14 +0000 (09:29 +0000)]
php7: Clean up and update distributed php.ini for php 7.2.34

Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.2.34
- Added '~E_DEPRECATED' to 'error_reporting'

Directives removed that no longer exist as of PHP 7.2.34:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
3 years agosyslog-ng: update to version 3.34.1
Josef Schlehofer [Sat, 16 Oct 2021 20:45:27 +0000 (22:45 +0200)]
syslog-ng: update to version 3.34.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d8e88ef51ec85c3f459fb4e8bf0e08fa26cffb29)

3 years agoffmpeg: update to version 3.4.9 (security fix)
Josef Schlehofer [Wed, 27 Oct 2021 12:39:16 +0000 (14:39 +0200)]
ffmpeg: update to version 3.4.9 (security fix)

Fixes:
CVE-2020-13904
CVE-2020-2044
CVE-2020-20453
CVE-2020-22015
CVE-2020-22019
CVE-2020-22033
CVE-2020-22021
CVE-2020-22037
CVE-2020-35965
CVE-2021-38114
CVE-2021-38171
CVE-2021-38291

Refresh patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agobind: Bump to 9.16.22
Noah Meyerhans [Fri, 29 Oct 2021 03:28:18 +0000 (20:28 -0700)]
bind: Bump to 9.16.22

The following CVEs are addressed:

* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
  effectively disables the lame server cache, as it could previously
  be abused by an attacker to significantly degrade resolver performance.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
3 years agotvheadend: update libhdhomerun
Josef Schlehofer [Wed, 27 Oct 2021 06:48:42 +0000 (08:48 +0200)]
tvheadend: update libhdhomerun

Recently, silicondust (developers of hdhomerun) did some cleanup and
removed old versions for hdhomerun library.

```
WGET            http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz
http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz:
2021-10-26 05:15:14 ERROR 404: Not Found.
```

And because of that, it is not possible to compile tvheadend, it ends
with following error:

```
In file included from src/input/mpegts/tvhdhomerun/tvhdhomerun.c:25:0:
src/input/mpegts/tvhdhomerun/tvhdhomerun_private.h:27:10: fatal error: libhdhomerun/hdhomerun.h: No such file or directory
 #include <libhdhomerun/hdhomerun.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
```

Let's fix it by updating libdhdhomerun to newer version.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agobind: update to version 9.16.21
Josef Schlehofer [Sat, 16 Oct 2021 19:56:02 +0000 (21:56 +0200)]
bind: update to version 9.16.21

- Remove patch, which is part of this release, it was backported from
  upstream

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agonextdns: Update to version 1.37.3
Olivier Poitrey [Fri, 22 Oct 2021 13:29:24 +0000 (13:29 +0000)]
nextdns: Update to version 1.37.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #16903 from jefferyto/python-package-host-dependencies-openwrt...
Alexandru Ardelean [Mon, 18 Oct 2021 06:25:33 +0000 (09:25 +0300)]
Merge pull request #16903 from jefferyto/python-package-host-dependencies-openwrt-19.07

[openwrt-19.07] python-packages: Fix host package build dependencies

3 years agoMerge pull request #16906 from stangri/openwrt-19.07
Stan Grishin [Sun, 17 Oct 2021 15:07:23 +0000 (08:07 -0700)]
Merge pull request #16906 from stangri/openwrt-19.07

[19.07] vpn-policy-routing: downgrade to 0.2.1-13

3 years agovpn-policy-routing: downgrade to 0.2.1-13 16906/head
Stan Grishin [Mon, 4 May 2020 22:47:32 +0000 (22:47 +0000)]
vpn-policy-routing: downgrade to 0.2.1-13

* there are reports that newer versions don't work on 19.07.x
* revert to older README to describe this older version

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 7bb2ccd4e173486d1c51a72374c55398c9c7e725)

3 years agopython-dateutil: Add missing HOST_PYTHON3_PACKAGE_BUILD_DEPENDS 16903/head
Jeffery To [Sat, 16 Oct 2021 17:08:02 +0000 (01:08 +0800)]
python-dateutil: Add missing HOST_PYTHON3_PACKAGE_BUILD_DEPENDS

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agopython-importlib-metadata: Pin setuptools-scm version
Jeffery To [Sat, 16 Oct 2021 17:01:52 +0000 (01:01 +0800)]
python-importlib-metadata: Pin setuptools-scm version

While a pinned/working version of setuptools-scm is installed (by
python-zipp) by the time this package is compiled, pinning the version
in this package is still the correct thing to do.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoMerge pull request #16900 from stangri/openwrt-19.07
Stan Grishin [Fri, 15 Oct 2021 22:29:08 +0000 (15:29 -0700)]
Merge pull request #16900 from stangri/openwrt-19.07

[19.07] simple-adblock: update to 1.8.8-1

3 years agosimple-adblock: update to 1.8.8-1 16900/head
Stan Grishin [Fri, 15 Oct 2021 21:25:08 +0000 (21:25 +0000)]
simple-adblock: update to 1.8.8-1

* update 'check' function

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit d11f310230497ea81cf207f9214528bd9d221eee)

3 years agoMerge pull request #16879 from turris-cz/19.07-zipp
Alexandru Ardelean [Thu, 14 Oct 2021 07:50:19 +0000 (10:50 +0300)]
Merge pull request #16879 from turris-cz/19.07-zipp

python-zipp: pin setuptools-scm version

3 years agoMerge pull request #16885 from stangri/openwrt-19.07
Stan Grishin [Thu, 14 Oct 2021 05:08:32 +0000 (22:08 -0700)]
Merge pull request #16885 from stangri/openwrt-19.07

[19.07] https-dns-proxy: update to 2021-09-27

3 years agohttps-dns-proxy: update to 2021-09-27 16885/head
Stan Grishin [Thu, 30 Sep 2021 18:44:30 +0000 (18:44 +0000)]
https-dns-proxy: update to 2021-09-27

* update to [2021-09-27](https://github.com/aarond10/https_dns_proxy/commit/da2501f542a732167a78f1851a511d9c0abc2fd8)
* fixes https://github.com/aarond10/https_dns_proxy/issues/125
* restart instead of reload on interface hotplug
* fixes https://github.com/openwrt/packages/issues/16794
* produce output and log entries on service start/stop
* prevent unnecessary dnsmasq restarts if service has previously updated dnsmasq settings
* allow both named and typed dnsmasq instance settings to be updated
* update 010-fix-cmakelists patch file

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit f8d16338da979ad20908bd2a16ca62857a902e91)

3 years agotor: update to 0.4.5.10
Michal Vasilek [Mon, 11 Oct 2021 09:07:47 +0000 (11:07 +0200)]
tor: update to 0.4.5.10

* 0.4.4 is not an LTS series, people running tor relays with 0.4.4 will
  be evicted from the tor network. 0.4.5 is an LTS series
* fix building without OpenSSL engine support (from e30f0480c829cf0340a16fe8499a95c7c2fd6f89)
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agopython-zipp: pin setuptools-scm version 16879/head
Josef Schlehofer [Wed, 13 Oct 2021 10:37:59 +0000 (12:37 +0200)]
python-zipp: pin setuptools-scm version

The recent version of setuptools-scm depends on tomli, which has some build issues.
Older one works.

Suggested-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoperl: perlmod.mk: use flock when hostpkg/perl used
Eneas U de Queiroz [Mon, 16 Aug 2021 14:07:35 +0000 (11:07 -0300)]
perl: perlmod.mk: use flock when hostpkg/perl used

Avoid parallel relinking and usage of the host perl binary by wrapping
its usage around flock calls.

Sometimes, two packages will try to relink the static host perl binary
at the same time.  Neither of them will have the other's module linked
in, and one of them will unavoidably clobber the other one's binary.

This will lead to errors when a package will not be able to find a
module that was supposed to be installed.

To fix that, an exclusive flock is used when relinking, with a 900
seconds timeout to avoid locking up the build process forever.

This is not enough because the binary may be concurrently used to build
another module package; perl is used in Configure, Compile, and Install
procedures.  If timing is right, a package will fail with a "permission
denied" error.

So a shared flock call is added in Configure, Compile, and Install
definitions for host and target, with a shorter, 300 seconds timeout.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1e18c4324fd1fb43764057fb8f4e9c1ea4a17553)

3 years agonano: update to 5.9
Hannu Nyman [Wed, 6 Oct 2021 18:46:47 +0000 (21:46 +0300)]
nano: update to 5.9

Update nano editor to version 5.9.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 38143e6f8b9d1ff0a3e33a15d655306cc9f74c27)
(cherry picked from commit e155b3d29392459eb3dcc2822dda4045dd99f3af)

3 years agohaveged: update to 1.9.15
Hannu Nyman [Sun, 3 Oct 2021 18:05:06 +0000 (21:05 +0300)]
haveged: update to 1.9.15

Update haveged to version 1.9.15.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 1f3f63f5de7dfaea369f4832cdd061994fba1924)

3 years agolighttpd: update to lighttpd 1.4.55 release hash
Glenn Strauss [Wed, 6 Oct 2021 01:12:34 +0000 (21:12 -0400)]
lighttpd: update to lighttpd 1.4.55 release hash

update lighttpd in openwrt-19.07 branch from lighttpd 1.4.54 to 1.4.55

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
3 years agoMerge pull request #16569 from turris-cz/19.07/tor-0.4.4.9
Rosen Penev [Sat, 18 Sep 2021 22:05:14 +0000 (15:05 -0700)]
Merge pull request #16569 from turris-cz/19.07/tor-0.4.4.9

tor: update to version 0.4.4.9

3 years agoMerge pull request #16196 from miska/snort3-19.07
Josef Schlehofer [Fri, 17 Sep 2021 14:20:57 +0000 (16:20 +0200)]
Merge pull request #16196 from miska/snort3-19.07

net/snort3: Include default configs and snort2lua

3 years agotcpreplay: avoid host lib leakage
Stijn Tintel [Sat, 14 Aug 2021 19:45:21 +0000 (22:45 +0300)]
tcpreplay: avoid host lib leakage

On hosts that have pcapnav-config installed, there is host lib leakage.
From config.log:

LNAVLIB='-L/usr/lib64 -lpcapnav -lpcap'
LNAV_CFLAGS='-I/usr/include'

Fix this by disabling pcapnav-config, which isn't available anyway.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e4b8fec79cd7d2ed092c51aa83683fa5b151ae2a)

3 years agotcpreplay: bump to version 4.3.4
Alexandru Ardelean [Tue, 4 May 2021 12:20:29 +0000 (15:20 +0300)]
tcpreplay: bump to version 4.3.4

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 7436d944fa44e27816401868a11a4c9115eb717d)

3 years agotcpreplay: add libdnet support
Rosen Penev [Sun, 10 Jan 2021 01:03:33 +0000 (17:03 -0800)]
tcpreplay: add libdnet support

On Arch Linux, tcpreplay is picking up the host dnet-config and adding
OS paths, thereby breaking compilation. The easiest solution is to add
libdnet support as the previous commit fixes dnet-config on OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9f216a06695aa81bb8cad76245a978bfa4683a0)

3 years agotcpreplay: fix compilation with Arch Linux
Rosen Penev [Wed, 23 Dec 2020 02:55:23 +0000 (18:55 -0800)]
tcpreplay: fix compilation with Arch Linux

It tries to link to host libraries for some reason. Add autoreconf to
fix. Also remove redundant prefixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 87177eef7539d6cd092063dc0a1aa67726cff2a6)

3 years agotcpreplay: bump to version 4.3.3
Alexandru Ardelean [Thu, 25 Jun 2020 11:16:27 +0000 (14:16 +0300)]
tcpreplay: bump to version 4.3.3

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit c7153f22a74b3183bd7fb575e0ae045ecf2f0fff)

3 years agontfs-3g: patch CVE-2019-9755
Michal Vasilek [Fri, 10 Sep 2021 14:11:02 +0000 (16:11 +0200)]
ntfs-3g: patch CVE-2019-9755

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agonextdns: Update to version 1.37.2
Olivier Poitrey [Thu, 9 Sep 2021 15:57:44 +0000 (15:57 +0000)]
nextdns: Update to version 1.37.2

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #16581 from jow-/openwrt-19.07
Jo-Philipp Wich [Wed, 8 Sep 2021 20:22:35 +0000 (22:22 +0200)]
Merge pull request #16581 from jow-/openwrt-19.07

cgi-io: update to latest Git HEAD

3 years agobind: update to version 9.16.20
Josef Schlehofer [Wed, 8 Sep 2021 09:34:17 +0000 (11:34 +0200)]
bind: update to version 9.16.20

1. Fixes: CVE-2021-25218

2. Add patch to bump API version, which was forgotten by BIND devs
Related to https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
Pointed out in https://www.openwall.com/lists/oss-security/2021/08/20/2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agocgi-io: update to latest Git HEAD 16581/head
Jo-Philipp Wich [Wed, 8 Sep 2021 19:53:28 +0000 (21:53 +0200)]
cgi-io: update to latest Git HEAD

98cef9d Retry splice() syscall on EINTR

Fixes: https://github.com/openwrt/luci/issues/5342
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=4006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit db8e0fdea454c3b07d859935de5a7d3714fd72ac)

3 years agocgi-io: update to version 2020-10-27
Petr Štetiar [Tue, 27 Oct 2020 22:08:00 +0000 (23:08 +0100)]
cgi-io: update to version 2020-10-27

Contains following list of changes:

 ab4c3471b261 tests: add cram based unit tests
 7b4e3241e1bd tests: add cgi-io built with clang sanitizers
 21831f45d16d Disable session ACLs during unit testing
 2f525417b5df Add initial GitLab CI support
 57f1c4f18cb6 Add .gitignore
 09f9ac5066ee Fix off-by-one in postdecode_fields
 ed8ce0d5d28b Add fuzzing of utility functions
 a61581819800 Add fuzzing of multipart_parser
 6b0615b728ed Refactor utility functions into static library
 a0ed2c9a7a72 Fix clang compiler errors
 232659da19a4 Fix possible NULL dereference
 8e5719b37a67 Fix warnings reported by clang-10 static analyzer
 b99aa8a64cca Remove Makefile

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 351e4e01c597a13f7c20f76884310996e432e230)

3 years agocgi-io: move into out of tree project
Petr Štetiar [Sun, 11 Oct 2020 12:54:55 +0000 (14:54 +0200)]
cgi-io: move into out of tree project

No functional changes, just moved the sources into out of tree
project[1] so it's going to be easier to do CI with unit testing,
fuzzing etc.

1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 08be3279423ed19554905d9cf00a508be0586107)

3 years agohaproxy: Update HAProxy to v2.0.25
Christian Lachner [Wed, 8 Sep 2021 07:43:40 +0000 (09:43 +0200)]
haproxy: Update HAProxy to v2.0.25

- This update fixes CVE-2021-40346; see: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agopython3: update to version 3.7.12 16570/head
Josef Schlehofer [Wed, 8 Sep 2021 11:05:22 +0000 (13:05 +0200)]
python3: update to version 3.7.12

Fixes: CVE-2013-0340 (Windows and MacOS only) and smtplib multiple CRLF injection
Changelog: https://www.python.org/downloads/release/python-3712/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agotor: update to version 0.4.4.9 16569/head
Josef Schlehofer [Wed, 8 Sep 2021 09:53:18 +0000 (11:53 +0200)]
tor: update to version 0.4.4.9

Fixes:
- CVE-2021-34548
- CVE-2021-34549
- CVE-2021-34550

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoirssi: update to 1.2.3
Rosen Penev [Mon, 19 Jul 2021 03:54:55 +0000 (20:54 -0700)]
irssi: update to 1.2.3

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 752656c6be242d266d689078cc3ed1d76cb0143f)

3 years agonextdns: Update to version 1.37.1
Olivier Poitrey [Tue, 7 Sep 2021 21:17:27 +0000 (21:17 +0000)]
nextdns: Update to version 1.37.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agonextdns: Update to version 1.37.0
Olivier Poitrey [Tue, 7 Sep 2021 16:12:04 +0000 (16:12 +0000)]
nextdns: Update to version 1.37.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoacme: Fix uhttpd restart to load new certificates
Dennis Schüsselbauer [Sat, 28 Aug 2021 02:42:51 +0000 (04:42 +0200)]
acme: Fix uhttpd restart to load new certificates

Fixes issue #16256

Bump PKG_RELEASE to 4.

Signed-off-by: Dennis Schüsselbauer <scde@users.noreply.github.com>
(cherry picked from commit d69534751e2cf15aa7add8e8db713fd7131edd1f)

3 years agoclick: update to version 7.0
Josef Schlehofer [Tue, 5 Mar 2019 23:16:15 +0000 (00:16 +0100)]
click: update to version 7.0

- Change URL of the website and for PKG_SOURCE_URL
- Change TITLE and description
- Remove PKG_BUILD_DEPENDS, PKG_UNPACK as they are not necessary
- Add src package

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25e8b2cda2efda171929a33b9d52dbf108ca67b7)

3 years agodnsdist: fix default SSL lib spelling
Eneas U de Queiroz [Thu, 12 Mar 2020 12:09:28 +0000 (09:09 -0300)]
dnsdist: fix default SSL lib spelling

This is cosmetic only, since openssl is the first one being defined, but
it avoids a warning in scripts/config, after upgrading to kconfig-v5.6:
tmp/.config-package.in:102839:warning: choice default symbol
'DNSDIST_OPENSSSL' is not contained in the choice

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit dbe11776ed820505d65d2572d372e5c1cfa1ff48)

3 years agoMerge pull request #16518 from jefferyto/golang-packages-remove-strip-ldflags-openwrt...
Rosen Penev [Thu, 2 Sep 2021 00:16:20 +0000 (17:16 -0700)]
Merge pull request #16518 from jefferyto/golang-packages-remove-strip-ldflags-openwrt-19.07

[openwrt-19.07] treewide: Remove GO_PKG_LDFLAGS for stripping binaries

3 years agotreewide: Remove GO_PKG_LDFLAGS for stripping binaries 16518/head
Jeffery To [Wed, 1 Sep 2021 22:36:01 +0000 (06:36 +0800)]
treewide: Remove GO_PKG_LDFLAGS for stripping binaries

The "-s -w" flags in GO_PKG_LDFLAGS tells the Go compiler to strip the
binaries it produces. Since the default Go package build process will
strip binaries when CONFIG_USE_STRIP or CONFIG_USE_SSTRIP are selected,
these flags are unnecessary.

When CONFIG_NO_STRIP is selected, these flags override the user's
intention of building unstripped packages.

This removes these flags for all relevant packages.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agonginx: add PROVIDES nginx-ssl to nginx-all-module
Peter Stadler [Sun, 4 Jul 2021 19:09:23 +0000 (21:09 +0200)]
nginx: add PROVIDES nginx-ssl to nginx-all-module

fix issue when installing luci-ssl-nginx

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
3 years agoRevert "net/miniupnpd: ext_ip_reserved_ignore support"
Josef Schlehofer [Mon, 19 Jul 2021 11:55:52 +0000 (13:55 +0200)]
Revert "net/miniupnpd: ext_ip_reserved_ignore support"

This patch is causing several issues [1], which then were reported to
upstream [2] and it was not accepted by upstream [3]. This results that
nobody maintain this custom patch and it is not useful as it is changing
addr_is_reserved behavior.

[1] https://github.com/openwrt/packages/issues/15258
[2] https://github.com/miniupnp/miniupnp/issues/542
[3] https://github.com/miniupnp/miniupnp/pull/511

This reverts commit b76aa9919489f49b472a8f939f6d46ca33d05f64.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 107f3376b5114cd17c115e25026b031bd439e9be)

3 years agoMerge pull request #16410 from paper42/git-2.26.3-19
Rosen Penev [Fri, 27 Aug 2021 08:05:32 +0000 (01:05 -0700)]
Merge pull request #16410 from paper42/git-2.26.3-19

[19.07] git: update to 2.26.3

3 years agoapr: patch CVE-2021-35940
Michal Vasilek [Mon, 23 Aug 2021 11:37:53 +0000 (13:37 +0200)]
apr: patch CVE-2021-35940

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 0777e40b7472a0b0b77531b6797448f8c15bd586)