Glen Huang [Tue, 21 Nov 2023 03:07:07 +0000 (11:07 +0800)]
strongswan: add empty config
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
John Audia [Thu, 4 Jan 2024 20:21:50 +0000 (15:21 -0500)]
snort3: build against hyperscan
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Hirokazu MORIKAWA [Fri, 16 Feb 2024 09:33:14 +0000 (18:33 +0900)]
libuv: fix CVE-2024-24806
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6
0f2d7e7,
3530bcc and
e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:49:13 +0000 (15:49 +0200)]
ocserv: updated config
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:48:12 +0000 (15:48 +0200)]
ocserv: use better separator for sed
This prevents clashes with network addresses that
contain '/'.
Resolves: #18589
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Mon, 19 Feb 2024 12:24:20 +0000 (13:24 +0100)]
Merge pull request #23348 from nmav/bug/23185
openconnect: make host dependency more resilient
Michael Heimpold [Mon, 19 Feb 2024 06:31:02 +0000 (07:31 +0100)]
Merge pull request #23463 from mhei/fix-apr
apr/subversion: fix subversion build and apache-mod-php8 build regres…
Rosen Penev [Sun, 18 Feb 2024 22:59:02 +0000 (14:59 -0800)]
mariadb: fix compilation with newer fmt
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 18 Feb 2024 21:48:49 +0000 (13:48 -0800)]
libfmt: fix compilation with mariadb
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Peter van Dijk [Fri, 16 Feb 2024 14:29:04 +0000 (15:29 +0100)]
h2o: remove, nothing depends on it anymore
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Peter van Dijk [Thu, 15 Feb 2024 15:35:28 +0000 (16:35 +0100)]
dnsdist: update to 1.9.0
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Vladimir Ermakov [Sat, 23 Dec 2023 11:12:33 +0000 (12:12 +0100)]
qemu: update to 8.2.0
- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
krant [Fri, 16 Feb 2024 12:46:45 +0000 (14:46 +0200)]
openblas: enable ARM-specific optimizations
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Alexander Egorenkov [Sun, 31 Dec 2023 10:57:42 +0000 (11:57 +0100)]
yt-dlp: bump to version 2023.12.30
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Christian Lachner [Fri, 16 Feb 2024 07:43:35 +0000 (08:43 +0100)]
haproxy: update to v2.8.6
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 08:17:51 +0000 (10:17 +0200)]
podman: update to 4.9.3
Changelogs: https://github.com/containers/podman/releases
Patches refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 08:01:25 +0000 (10:01 +0200)]
conmon: update to 2.1.10
bug fixes:
- Fix incorrect free in conn_sock
- logging: Respect log-size-max immediately after open
- fix some issues flagged by SAST scan
- src: fix write after end of buffer
- src: open all files with O_CLOEXEC
- oom-score: restore oom score before running exit command
new features:
- Forward more messages on the sd-notify socket
- logging: -l passthrough accepts TTYs
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Michael Heimpold [Fri, 16 Feb 2024 23:21:49 +0000 (00:21 +0100)]
apr/subversion: fix subversion build and apache-mod-php8 build regression (fixes #23460)
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf632 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Stan Grishin [Fri, 16 Feb 2024 23:12:40 +0000 (16:12 -0700)]
Merge pull request #23406 from stangri/master-adblock-fast
adblock-fast: add force_dns_interface setting
Oskari Rauta [Fri, 16 Feb 2024 07:52:32 +0000 (09:52 +0200)]
slirp4netns: update to 1.2.3
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Noah Meyerhans [Thu, 15 Feb 2024 17:36:41 +0000 (09:36 -0800)]
bind: bump to 9.18.24
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Oskari Rauta [Fri, 16 Feb 2024 07:33:02 +0000 (09:33 +0200)]
aardvark-dns: update to 1.10.0
changelogs: https://github.com/containers/aardvark-dns/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Hirokazu MORIKAWA [Fri, 16 Feb 2024 06:14:51 +0000 (15:14 +0900)]
node: February 14 2024 Security Releases
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Florian Eckert [Fri, 16 Feb 2024 14:03:03 +0000 (15:03 +0100)]
Merge pull request #23457 from TDT-AG/pr/
20240216-procps-ng
procps-ng: update to version 4.0.4 and rename old version 3.3.16 to procps-ng3
Florian Eckert [Fri, 16 Feb 2024 14:01:26 +0000 (15:01 +0100)]
Merge pull request #23459 from TDT-AG/pr/
20240216-glib2
glib2: revert latest changes to get back to working version 2.74.0
krant [Thu, 15 Feb 2024 11:16:21 +0000 (13:16 +0200)]
procps-ng: Re-add procps-ng with API version 4
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 15 Feb 2024 11:11:09 +0000 (13:11 +0200)]
procps-ng3: update to 3.3.17 and install library only
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
krant [Thu, 15 Feb 2024 11:05:43 +0000 (13:05 +0200)]
procps-ng: rename procps-ng to procps-ng3
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
krant [Thu, 1 Feb 2024 15:34:58 +0000 (17:34 +0200)]
Revert "procps-ng: update to 4.0.4"
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit
81629ba5918f48a0886e6f601d63d0b016ef8c1e.
Florian Eckert [Fri, 16 Feb 2024 09:55:47 +0000 (10:55 +0100)]
glib2: update to version 2.74.7
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Fri, 16 Feb 2024 09:52:05 +0000 (10:52 +0100)]
glib2: do not set default meson options
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Fri, 16 Feb 2024 09:17:59 +0000 (10:17 +0100)]
Revert "glib2: update to 2.78.4"
So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit
08c7b0dfcae48114176762e93aa1b4ce5d42f8ad.
Florian Eckert [Fri, 16 Feb 2024 09:16:10 +0000 (10:16 +0100)]
Revert "glib2: use internal pcre2"
This is must also get revert to get back to working glib2 version 2.74.0
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit
9f57ef2d6e339231278f36614d9b2fdd275a9339.
Oskari Rauta [Fri, 16 Feb 2024 06:50:40 +0000 (08:50 +0200)]
crun: update to 1.14.1
Changelogs: https://github.com/containers/crun/releases
Previous version was 1.12
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 07:29:15 +0000 (09:29 +0200)]
netavark: update to 1.10.3
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 06:39:41 +0000 (08:39 +0200)]
netbird: update to 0.25.8
changes: https://github.com/netbirdio/netbird/compare/v0.25.2...v0.25.8
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Javier Marcet [Thu, 15 Feb 2024 18:32:48 +0000 (19:32 +0100)]
docker-compose: Update to version 2.24.6
Signed-off-by: Javier Marcet <javier@marcet.info>
Oskari Rauta [Fri, 16 Feb 2024 05:46:19 +0000 (07:46 +0200)]
efivar: disable mold linker
efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Nikos Mavrogiannopoulos [Sat, 10 Feb 2024 13:30:12 +0000 (14:30 +0100)]
openconnect: make host dependency more resilient
Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.
Resolves: #23185
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Peter van Dijk [Tue, 13 Feb 2024 13:19:43 +0000 (14:19 +0100)]
pdns-recursor: update to 5.0.2 (fixes CVE-2023-50387, CVE-2023-50868)
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Etienne Champetier [Thu, 15 Feb 2024 03:59:27 +0000 (22:59 -0500)]
Merge pull request #23316 from dhewg/prom
prometheus-node-exporter-ucode: fix sporadic wifi errors and warnings
Rosen Penev [Thu, 15 Feb 2024 00:28:48 +0000 (16:28 -0800)]
mpd: update to 0.23.15
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Thu, 15 Feb 2024 00:41:59 +0000 (16:41 -0800)]
zmq: update to 4.3.5
Remove GCC13 backport.
Refresh other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Thu, 15 Feb 2024 00:37:09 +0000 (16:37 -0800)]
taglib: update to 2.0
Switched to local tarball as the utf8cpp subproject needs to be used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:20:53 +0000 (14:20 -0800)]
libcap-ng: update to 0.84
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:19:06 +0000 (14:19 -0800)]
hidapi: update to 0.14.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:30:30 +0000 (14:30 -0800)]
libnpupnp: update to 6.1.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 23:24:06 +0000 (15:24 -0800)]
mpc: update to 0.35
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:38:52 +0000 (14:38 -0800)]
libxerces-c: update to 3.2.5
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 23:21:58 +0000 (15:21 -0800)]
libupnp: update to 1.14.18
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:37:29 +0000 (14:37 -0800)]
libtins: update to 4.5
Remove upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:32:42 +0000 (14:32 -0800)]
log4cplus: update to 2.1.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Paul Donald [Wed, 14 Feb 2024 22:58:07 +0000 (23:58 +0100)]
p910nd: bump release
Signed-off-by: Paul Donald <newtwen@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:10:24 +0000 (14:10 -0800)]
libv4l: update to 1.26.1
meson now available.
Added 2 patches to fix missing intl dependency and musl support.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:24:38 +0000 (14:24 -0800)]
libmpdclient: update to 2.22
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:17:18 +0000 (14:17 -0800)]
faad2: update to 2.11.1
CMake is used now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Feb 2024 22:22:35 +0000 (14:22 -0800)]
libidn: update to 1.42
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 02:32:12 +0000 (18:32 -0800)]
vala: remove pcre2 patch
Issue was avoided with glib2.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 02:20:13 +0000 (18:20 -0800)]
glib2: use internal pcre2
For some strange reason, glib2 does not link properly with a static
pcre2. Work around by bundling own copy.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Michael Heimpold [Wed, 14 Feb 2024 21:49:59 +0000 (22:49 +0100)]
Merge pull request #23400 from Rondom/rondom-fix-libstrophe-license
libstrophe: Specify correct PKG_LICENSE
Rosen Penev [Sat, 10 Feb 2024 23:28:11 +0000 (15:28 -0800)]
python-aiohttp: update to 3.9.3
Fixes CVE-2023-47627
Signed-off-by: Rosen Penev <rosenp@gmail.com>
krant [Sun, 11 Feb 2024 21:38:44 +0000 (23:38 +0200)]
moreutils: update to 0.68
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 13 Feb 2024 08:48:58 +0000 (10:48 +0200)]
imagemagick: update to 7.1.1-28
- Use .xz for PKG_SOURCE
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Thomas Winkler [Wed, 10 Jan 2024 15:04:00 +0000 (16:04 +0100)]
softethervpn5: version update to 5.02.5181 (incl. vulnerability fixes)
softethervpn5: The softethervpn5 package is due for an update from recent source. This PR implements a Makefile update to pull December 2023 release, which includes fixes for recently-disclosed vulnerabilities. The build patches are also updated accordingly.
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
Andreas Gnau [Tue, 13 Feb 2024 13:41:28 +0000 (14:41 +0100)]
libstrophe: Specify correct PKG_LICENSE
libstrophe is dual-licensed as MIT OR GPL-3.0-only, which is also
reflected by the SPDX-License-Identifier lines in the source files.
Correct PKG_LICENSE in the Makefile accordingly.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Daniel Bermond [Tue, 13 Feb 2024 21:06:31 +0000 (18:06 -0300)]
proxychains-ng: update to version 4.17
Maintainer : myself
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r25151-
2a2abed0be)
Run tested : r7800 OpenWrt git master (r25151-
2a2abed0be)
Signed-off-by: Daniel Bermond <dbermond@archlinux.org>
Eric Fahlgren [Wed, 7 Feb 2024 23:09:37 +0000 (15:09 -0800)]
snort3: clean up ucode usage
- Add missing 'ucode' package dependency
- Proto-ify the ConfigItem objects
- Fix indentation and tab usage
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Tianling Shen [Wed, 14 Feb 2024 04:51:13 +0000 (12:51 +0800)]
yq: Update to 4.40.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Wed, 14 Feb 2024 04:51:05 +0000 (12:51 +0800)]
cloudflared: Update to 2024.2.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Wed, 14 Feb 2024 04:50:54 +0000 (12:50 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Stan Grishin [Wed, 14 Feb 2024 04:40:42 +0000 (04:40 +0000)]
adblock-fast: add force_dns_interface setting
* allow users to specify list of interfaces/networks to force the
DNS Hijacking on
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Daniel Golle [Tue, 13 Feb 2024 03:58:51 +0000 (03:58 +0000)]
stlink: add packages
stlink is an open source toolset to program and debug STM32 devices
and boards manufactured by STMicroelectronics.
Resulting binary packages:
* stlink - library and shared chip info data
* st-info - a programmer and chip information tool
* st-flash - a flash manipulation tool
* st-trace - a logging tool to record information on execution
* st-util - a GDB server
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rosen Penev [Sun, 11 Feb 2024 22:58:16 +0000 (14:58 -0800)]
redis: update to 6.2.14
Fixes CVE-2022-24735 and CVE-2022-24736
Signed-off-by: Rosen Penev <rosenp@gmail.com>
krant [Mon, 12 Feb 2024 15:34:58 +0000 (17:34 +0200)]
tio: update to 2.7
- Switch to Meson build
- Fix license file name
- Add libinih dependency
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 12 Feb 2024 09:09:54 +0000 (11:09 +0200)]
minisatip: update to 1.3.2
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 12 Feb 2024 12:00:53 +0000 (14:00 +0200)]
libusb-compat: update to 0.1.8
- Update package URL
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 22:44:58 +0000 (14:44 -0800)]
zlog: update to 1.2.17
Rework to use local tarballs. Smaller and more stable.
Build with cmake. Faster and simpler. Needs a small patch though.
License was updated.
Fixes CVE-2021-43521
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 22:54:01 +0000 (14:54 -0800)]
libmicrohttpd: update to 0.9.77
Fixes CVE-2023-27371
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 22:36:01 +0000 (14:36 -0800)]
libao: backport fix for CVE-2017-11548
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 22:27:25 +0000 (14:27 -0800)]
yajl: backport CVE-2023-33460 fix
Removed old uclibc patches. Not relevant with modern musl or glibc.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 11 Feb 2024 23:23:36 +0000 (15:23 -0800)]
postgesql: update to 15.6
Fixes CVE-2023-39417 and CVE-2023-39418
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Paul Donald [Sun, 11 Feb 2024 17:41:23 +0000 (18:41 +0100)]
p910nd: hotplug shellcheck fixes
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 18:28:38 +0000 (19:28 +0100)]
p910nd: init: check device (/dev/usb/lpX) existence
this prevents the daemon exiting when a configured device
is not plugged in.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sat, 10 Feb 2024 21:02:58 +0000 (22:02 +0100)]
p910nd: init: partial fix for openwrt/packages#10496
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 03:13:53 +0000 (04:13 +0100)]
p910nd: hotplug+init: include extra ieee1284 properties
Apple and macOS GUI co-opts the mDNS note= param as "Location"
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 18:02:57 +0000 (19:02 +0100)]
p910nd: hotplug: minor bug fixes
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 17:43:43 +0000 (18:43 +0100)]
p910nd: hotplug: small refactor
replace -a with &&
shorten uci commands via variables
add optional ieee1284_id parameters
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 17:33:03 +0000 (18:33 +0100)]
p910nd: init: add txtvers=1 to mDNS properties
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sun, 11 Feb 2024 02:30:56 +0000 (03:30 +0100)]
p910nd: init: line-break and conditionalize mDNS properties
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sat, 10 Feb 2024 17:37:00 +0000 (18:37 +0100)]
p910nd: init: only run mDNS changes if mdns is set to on
i.e. don't do the extra work unless mdns setting is enabled
Signed-off-by: Paul Donald <newtwen@gmail.com>
Paul Donald [Sat, 10 Feb 2024 17:35:35 +0000 (18:35 +0100)]
p910nd: init script
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Fabian Lipken [Sun, 11 Feb 2024 14:36:03 +0000 (15:36 +0100)]
restic: update to 0.16.4
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
krant [Sun, 11 Feb 2024 19:03:43 +0000 (21:03 +0200)]
dmidecode: update to 3.5
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 11 Feb 2024 16:44:07 +0000 (18:44 +0200)]
bash: update to 5.2.21
- Switch package URL to HTTPS
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 11 Feb 2024 21:13:17 +0000 (23:13 +0200)]
gawk: update to 5.3.0
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Alexandru Ardelean [Sun, 11 Feb 2024 10:29:34 +0000 (12:29 +0200)]
Merge pull request #23354 from neheb/2
tcpreplay: backport CVE fix
Rosen Penev [Sat, 10 Feb 2024 23:21:05 +0000 (15:21 -0800)]
confuse: fix CVE-2022-40320
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Michael Gerlach [Sat, 10 Feb 2024 23:34:43 +0000 (00:34 +0100)]
iodine: bump version to 0.8.0
Signed-off-by: Michael Gerlach <n3ph@cccfr.de>
Rosen Penev [Sat, 10 Feb 2024 23:46:21 +0000 (15:46 -0800)]
giflib: fix CVEs
Patches taken from Fedora
Signed-off-by: Rosen Penev <rosenp@gmail.com>