feed/packages.git
6 years agoMerge pull request #7484 from luizluca/mwan3-backports
Hannu Nyman [Wed, 21 Nov 2018 17:20:53 +0000 (19:20 +0200)]
Merge pull request #7484 from luizluca/mwan3-backports

[18.06] net/mwan3: fix NDP on ipv6 for ra services

6 years agonet/mwan3: fix NDP on ipv6 for ra services 7484/head
Florian Eckert [Wed, 23 May 2018 08:51:52 +0000 (10:51 +0200)]
net/mwan3: fix NDP on ipv6 for ra services

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b6249f1781efc4fefbdf87b661d53c0923ec7438)

6 years agostrongswan: backport upstream fixes for CVEs in gmp plugin
Magnus Kroken [Fri, 5 Oct 2018 23:23:32 +0000 (01:23 +0200)]
strongswan: backport upstream fixes for CVEs in gmp plugin

This fixes:
* CVE-2018-16151
* CVE-2018-16152
* CVE-2018-17540

Details:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
6 years agoCircleCI: Fix URL references and add BRANCH refs 7419/head
Ted Hess [Tue, 13 Nov 2018 17:11:20 +0000 (12:11 -0500)]
CircleCI: Fix URL references and add BRANCH refs

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #7366 from thess/ffmpeg-18.06
Ted Hess [Mon, 12 Nov 2018 19:35:50 +0000 (14:35 -0500)]
Merge pull request #7366 from thess/ffmpeg-18.06

[18.06] ffmpeg: work around hard/soft float configs for libffmpeg-full

6 years agoffmpeg: work around hard/soft float configs for libffmpeg-full 7366/head
Ted Hess [Fri, 9 Nov 2018 19:00:02 +0000 (14:00 -0500)]
ffmpeg: work around hard/soft float configs for libffmpeg-full

Hard float includes: mp3lame
Soft float includes: shine (mp3 encoder)

libx264 is included when selected iff BUILD_PATENTED is true.

fdk-aac will not be available in libffmpeg-full due to incompatible license with libx264.
Custom builds can override licensing restrictions but results may not be re-distributable.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #6932 from chris5560/radicale_18.06
Hannu Nyman [Sun, 11 Nov 2018 08:52:53 +0000 (10:52 +0200)]
Merge pull request #6932 from chris5560/radicale_18.06

radicale: [18.06] add extra command "export_storage" to init script

6 years agoadblock: fix adguard source
Dirk Brenken [Sat, 10 Nov 2018 16:39:08 +0000 (17:39 +0100)]
adblock: fix adguard source

* fix regex for adguard blocklist source

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ff139131a73f27ec57e0865ca0d3ad965f382577)

6 years agonet/mosquitto: bump to 1.5.4 7374/head
Karl Palsson [Fri, 9 Nov 2018 10:26:02 +0000 (10:26 +0000)]
net/mosquitto: bump to 1.5.4

Security and bugfix release.  Full release notes available at:
https://mosquitto.org/blog/2018/11/version-154-released/

Security:
* client certificates not validated for websockets listeners.

Bugfixes:
* wills with disconnected clients better handled
* bridge restart_timeout properly observed

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agohaveged: update to 1.9.4
Hannu Nyman [Sun, 4 Nov 2018 13:58:22 +0000 (15:58 +0200)]
haveged: update to 1.9.4

Version bump to 1.9.4

Development has moved to github.
 * old site: http://www.issihosts.com/haveged
 * new site: https://github.com/jirka-h/haveged

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit f316aaeab65c6f9291e18cb075ea77884520b51e)

6 years agoccrypt: Update to 1.11
Rosen Penev [Sun, 4 Nov 2018 19:34:53 +0000 (21:34 +0200)]
ccrypt: Update to 1.11

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2074901f33f6260a593d2ad3eeb1fdda28bb5e69)

6 years agoMerge pull request #7301 from micmac1/maria37
champtar [Sat, 3 Nov 2018 17:35:02 +0000 (13:35 -0400)]
Merge pull request #7301 from micmac1/maria37

(18.06) mariadb: security bump to 10.1.37

6 years agoMerge pull request #7231 from padre-lacroix/bandwidthd-18.06
champtar [Sat, 3 Nov 2018 17:32:12 +0000 (13:32 -0400)]
Merge pull request #7231 from padre-lacroix/bandwidthd-18.06

Bandwidthd 18.06: fix undefined references to inline functions

6 years agomariadb: security bump to 10.1.37 7301/head
Sebastian Kemper [Sat, 3 Nov 2018 12:15:43 +0000 (13:15 +0100)]
mariadb: security bump to 10.1.37

Notable Changes (copied from release notes):

  Various fixes from MySQL 5.6.42: MDEV-17533, MDEV-17532, MDEV-17531
  MDEV-16465: fixed a bug with DDL and FOREIGN KEY
  Fulltext index fixes:
    MDEV-12547: extended the range of innodb_ft_result_cache_limit on 64-bit systems
    MDEV-16865: InnoDB fts_query() ignores KILL
  Fixes for the following security vulnerabilities:
    CVE-2018-3282
    CVE-2016-9843
    CVE-2018-3174
    CVE-2018-3143
    CVE-2018-3156
    CVE-2018-3251

OpenWrt changes:
  - dropped obsolete ucontext patch (issue fixed upstream)
  - refreshed 130-c11_atomics.patch

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agobandwidthd: [18.06] fix undefined references to inline functions 7231/head
Jean-Michel Lacroix [Sun, 21 Oct 2018 18:40:38 +0000 (14:40 -0400)]
bandwidthd: [18.06] fix undefined references to inline functions
This is basically same commit that took place in master 3 weeks ago.
gcc-7 with -Os makes inline functions disappeard. It is caused by
the new C11 inline semantics. pass option -fgnu89-inline to gcc let
it use gnu inline semantics.
see https://wiki.debian.org/GCC7#Porting_help

Compile tested on 18.06.  Run tested on OpenWrt 18.06.1 r7258-5eb055306f
QEMU Virtual CPU version (cpu64-rhel6)

Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
6 years agobuild,circleci: fix container digest
Etienne Champetier [Sat, 3 Nov 2018 12:49:50 +0000 (08:49 -0400)]
build,circleci: fix container digest

I used podman/buildah to build this image, and the local sha256 is not the same than
the docker hub sha256. The layers are the same, so maybe just docker hub changing the manifest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agobuild,circleci: add 'time' to container build image
Etienne Champetier [Sat, 3 Nov 2018 04:02:23 +0000 (00:02 -0400)]
build,circleci: add 'time' to container build image

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agoisc-dhcp: drop .conf suffix on dhcrelay config file 7296/head
Philip Prindeville [Sun, 28 Oct 2018 20:38:56 +0000 (14:38 -0600)]
isc-dhcp: drop .conf suffix on dhcrelay config file

Resolves issue #7235

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b0e73634f757141e07044596d71c4138d60a88eb)

6 years agobuild,circleci: copy and adjust config from master
Etienne Champetier [Tue, 30 Oct 2018 01:00:04 +0000 (21:00 -0400)]
build,circleci: copy and adjust config from master

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agoglib2: update to 2.58.1 7276/head
Peter Wagner [Sun, 28 Oct 2018 15:56:11 +0000 (16:56 +0100)]
glib2: update to 2.58.1

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agoruby: bump to 2.5.3
Luiz Angelo Daros de Luca [Mon, 22 Oct 2018 00:25:06 +0000 (21:25 -0300)]
ruby: bump to 2.5.3

Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
  and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
  correctly

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 74216a55e1fb3e6d748e7e769c0a308eaf4c7859)

6 years agolibssh: mark as BROKEN due to CVE-2018-10933
Kevin Darbyshire-Bryant [Fri, 19 Oct 2018 11:38:41 +0000 (12:38 +0100)]
libssh: mark as BROKEN due to CVE-2018-10933

The only known user of this library is currently unable to get their
application to work with with the fixed 0.7.6 release of this library.

To prevent accidental use by unknown parties of a flawed library, mark
it as BROKEN.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 14ad4cb9765b43c630605a20c29beb76383e9239)

6 years agopatch: Add missing CVE-2018-6951 patch
Rosen Penev [Mon, 15 Oct 2018 17:04:50 +0000 (10:04 -0700)]
patch: Add missing CVE-2018-6951 patch

The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed

Reordered patches by date

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 394ff73e5390599545412d14d48e9185a927dc21)

6 years agopatch: Fix CVE-2018-6952 and CVE-2018-1000156
Rosen Penev [Wed, 10 Oct 2018 20:06:03 +0000 (13:06 -0700)]
patch: Fix CVE-2018-6952 and CVE-2018-1000156

Patches taken from official git repository.

Added PKG_CPE_ID for proper CVE tracking.

Added PKG_BUILD_PARALLEL for faster compilation.

Also adjusted Makefile to be more similar to other projects.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6f0ff2550303083b51475c6481458bf9b1820936)

6 years agoMerge pull request #7160 from EricLuehrsen/o1806_ub_181
Hannu Nyman [Wed, 10 Oct 2018 17:29:22 +0000 (20:29 +0300)]
Merge pull request #7160 from EricLuehrsen/o1806_ub_181

[openwrt-18.06] unbound: update to 1.8.1

6 years agoMerge pull request #7164 from pacien/181009-1806-pkg-tinc
Hannu Nyman [Wed, 10 Oct 2018 17:28:12 +0000 (20:28 +0300)]
Merge pull request #7164 from pacien/181009-1806-pkg-tinc

tinc: update to 1.0.35 (security update) [openwrt-18.06]

6 years agowatchcat: make compatible with updated busybox ash array handling (fixes #7148)
Nuno Goncalves [Wed, 10 Oct 2018 06:15:23 +0000 (08:15 +0200)]
watchcat: make compatible with updated busybox ash array handling (fixes #7148)

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
6 years agotinc: update to 1.0.35 7164/head
Pacien TRAN-GIRARD [Mon, 8 Oct 2018 18:54:11 +0000 (20:54 +0200)]
tinc: update to 1.0.35

Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758

Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
6 years agounbound: update to 1.8.1 7160/head
Eric Luehrsen [Tue, 9 Oct 2018 00:20:28 +0000 (20:20 -0400)]
unbound: update to 1.8.1

bug fixes for memory leaks
bug fixes for DNS over TLS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years agoiotivity, i2pd, domoticz: Bump PKG_RELEASE to force re-build with Boost upgrade to...
Ted Hess [Thu, 4 Oct 2018 19:59:43 +0000 (15:59 -0400)]
iotivity, i2pd, domoticz: Bump PKG_RELEASE to force re-build with Boost upgrade to 1.68

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agognutls: updated to 3.5.19
Nikos Mavrogiannopoulos [Sat, 29 Sep 2018 08:03:20 +0000 (10:03 +0200)]
gnutls: updated to 3.5.19

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6 years agomosquitto: bump to 1.5.3
Karl Palsson [Wed, 26 Sep 2018 10:42:46 +0000 (10:42 +0000)]
mosquitto: bump to 1.5.3

Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt

Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS

Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
  connection. Closes #701.
- Fix duplicate clients being added to by_id hash before the old client was
  removed. Closes #645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
  Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
  Closes #965.

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agosendmail: fix confLIBSEARCHPATH to $(STAGING_DIR)
Guo Li [Wed, 26 Sep 2018 04:14:10 +0000 (12:14 +0800)]
sendmail: fix confLIBSEARCHPATH to $(STAGING_DIR)

This fix issue 'cannot find -lnsl' on build server which has libnsl.so in
/usr/lib

Signed-off-by: Guo Li <uxgood.org@gmail.com>
6 years agojamvm: Use <fenv.h> instead of <fpu_control.h>
Guo Li [Sun, 2 Sep 2018 10:27:59 +0000 (18:27 +0800)]
jamvm: Use <fenv.h> instead of <fpu_control.h>

musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
header, which is used in src/os/linux/{i386,x86_64}/init.c files to
setup the floating point precision. This patch makes it use the
standard C <fenv.h> header instead.

Original patch at Felix Janda at
https://sourceforge.net/p/jamvm/patches/6/

Signed-off-by: Guo Li <uxgood.org@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agofdm: Merge latest version and build fixes from master
Ted Hess [Wed, 26 Sep 2018 14:08:40 +0000 (10:08 -0400)]
fdm: Merge latest version and build fixes from master

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoboost: Merge updates (1.68.0) and build fixes from master
Ted Hess [Wed, 26 Sep 2018 13:43:36 +0000 (09:43 -0400)]
boost: Merge updates (1.68.0) and build fixes from master

Makefile and package changes to support builds with both Python 2.x and Python 3.x versions.

Python versioning is automatically configured from lang/python repository xxx-version.mk files.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #7084 from brianjmurrell/add-foolsm-to-18.06
Jo-Philipp Wich [Tue, 25 Sep 2018 14:25:16 +0000 (16:25 +0200)]
Merge pull request #7084 from brianjmurrell/add-foolsm-to-18.06

foolsm: Add package foolsm

6 years agocshark: update to latest git HEAD
Rob Mosher [Mon, 20 Aug 2018 21:35:34 +0000 (17:35 -0400)]
cshark: update to latest git HEAD

This fixes GCC8 compile due to buffer overrun

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
(cherry picked from commit e3144f00a3c5c05987680fd647f73349bd376076)

6 years agostrongswan: refresh patches
Hans Dedecker [Thu, 13 Sep 2018 12:21:00 +0000 (14:21 +0200)]
strongswan: refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 3bc3949e28aa16f74fd63fc8c5bddc4277081f21)

6 years agostrongswan: fix OpenWrt hotplug script handling
Hans Dedecker [Thu, 13 Sep 2018 10:26:20 +0000 (12:26 +0200)]
strongswan: fix OpenWrt hotplug script handling

Commit 6cd8fcabe added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d0ac611bf0dbf10d16e1b3dae6ba1d3ea80befc6)

6 years agostrongswan: add openwrt hotplug script handling
Florian Eckert [Thu, 5 Jul 2018 10:57:27 +0000 (12:57 +0200)]
strongswan: add openwrt hotplug script handling

Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6cd8fcabe6d1727192bf447c7adc8e1eb42ab8f7)

6 years agostrongswan: include nls.mk for mysql plugin
Sebastian Kemper [Fri, 13 Jul 2018 20:30:40 +0000 (22:30 +0200)]
strongswan: include nls.mk for mysql plugin

ibmariadb 10.2 needs to be linked in together with iconv.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 7a0aebbff299c8eaeffb1f78be458ce88c6af8ea)

6 years agonet-snmp: fix inbound firewall rule support
Hans Dedecker [Mon, 6 Nov 2017 10:39:14 +0000 (11:39 +0100)]
net-snmp: fix inbound firewall rule support

Commit ae5ee6ba6c506b42d942c98349b3a54181790ec8 added support for inbound
firewall rule support but some corner cases were not covered.

In case net-snmp is started and the network interface is already up
the procd firewall rule is created but not applied by fw3 as
service_started calling procd_set_config_changed firewall was missing.

When stopping net-snmp clean up the net-snmp inbound firewall rules in
iptables by calling procd_set_config_changed firewall in stop_service
which will trigger fw3 to remove the inbound firewall rules.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 0bd19db0498780c3ac1e69ebc16c1334a609e285)

6 years agotdb: Remove libbsd dependency
Rosen Penev [Fri, 31 Aug 2018 23:48:35 +0000 (16:48 -0700)]
tdb: Remove libbsd dependency

libbsd gets picked up since it's no longer limited to glibc.

Patch identical to libtalloc one. Same codebase.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 33dc529e0050519d45b73a05527fa04614482ae9)

6 years agotdb: bump to latest version
BangLang Huang [Mon, 16 Jul 2018 03:05:00 +0000 (11:05 +0800)]
tdb: bump to latest version

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit d1804d38d45e1ed3ff4684278498fc3b8c3d761a)

6 years agotdb: avoid installing duplicate files
Eneas U de Queiroz [Wed, 23 May 2018 17:16:09 +0000 (14:16 -0300)]
tdb: avoid installing duplicate files

Use $(CP) instead of $(INSTALL) so that libtdb.so.1 is installed as
symlink, and not duplicated.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 75d9ab331ddcd62a91789ad93da16d7c56e55bf6)

6 years agonode: Fix incorrect detection of arm_version and arm_fpu
Hirokazu MORIKAWA [Thu, 17 May 2018 06:16:52 +0000 (15:16 +0900)]
node: Fix incorrect detection of arm_version and arm_fpu

Automatic detection of the arm architecture does not work well.

http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt

```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
 #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
   ^~~~~
```

https://github.com/openwrt/packages/issues/5728

Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".

(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```

Also specifying an option lines compactly.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3482320c2a4bdca5f090fdc3ddfa3273d2b9c805)

6 years agonode: fix host build fail
Hirokazu MORIKAWA [Mon, 7 May 2018 06:48:15 +0000 (15:48 +0900)]
node: fix host build fail

modify patch.
 https://github.com/nodejs/node/pull/19196

made not to use libressl headers
 fix to include path not to use "host/include"

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 818770d27364f31ba7a984d7f49374789463fc29)

6 years agonano: update to 3.1
Hannu Nyman [Sun, 23 Sep 2018 15:42:29 +0000 (18:42 +0300)]
nano: update to 3.1

* Update nano editor to 3.1
* Apply a post-release upstream patch to fix compilation

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit af86b170648dabec0d245753347d6b37b05fd1c7)

6 years agoNano: Update to 3.0
Jonathan Bennett [Sun, 9 Sep 2018 21:50:43 +0000 (16:50 -0500)]
Nano: Update to 3.0
Signed-off-by: Jonathan Bennett <jbennett@incomsystems.biz>
(cherry picked from commit 0ceaa4e32cdcbbc9036a4bb5143f22252dc33f75)

6 years agofoolsm: Add package foolsm 7084/head
Brian J. Murrell [Wed, 13 Dec 2017 12:48:01 +0000 (07:48 -0500)]
foolsm: Add package foolsm

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit 5cff94399d39016790921552a13719214cb46d73)

6 years agoMerge pull request #7053 from mlichvar/chrony-fix-ipv6-allow-18.06
Hannu Nyman [Mon, 17 Sep 2018 17:32:23 +0000 (20:32 +0300)]
Merge pull request #7053 from mlichvar/chrony-fix-ipv6-allow-18.06

chrony: fix configuration of IPv6 client access (18.06)

6 years agochrony: fix configuration of IPv6 client access 7053/head
Miroslav Lichvar [Mon, 17 Sep 2018 09:11:25 +0000 (11:11 +0200)]
chrony: fix configuration of IPv6 client access

Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.

Fixes issue #7039.

Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
6 years agoadblock: bugfix 3.5.5v2 7052/head
Dirk Brenken [Wed, 5 Sep 2018 15:39:57 +0000 (17:39 +0200)]
adblock: bugfix 3.5.5v2

* fix uci wrapper calls
* fix link in readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cd3f925210f243cc07106d87c9e3664a7cbe448c)

6 years agoadblock: update 3.5.5
Dirk Brenken [Sat, 1 Sep 2018 06:35:35 +0000 (08:35 +0200)]
adblock: update 3.5.5

* accept only ascii aka punycode chars in blocklists to prevent possible
dns backend warnings
* fix cornercase issues in json parsing (backend & frontend)
* slightly optimize tld compression performance
* refine logging
* use uci wrapper where possible
* change indentation from spaces to tabs (saves 8kb)
* add experimental youtube blocklist source

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4987f066f9c7face7a35804ef53798786ff8155f)

6 years agoradicale[18.06]: add extra command "export_storage" to init script 6932/head
Christian Schoenebeck [Sun, 2 Sep 2018 14:59:20 +0000 (16:59 +0200)]
radicale[18.06]: add extra command "export_storage" to init script

add extra command "export_storage" to export data for use with Radicale 2.x.x
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
6 years agosocat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC
Ted Hess [Thu, 30 Aug 2018 18:00:05 +0000 (14:00 -0400)]
socat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agosqm-scripts: Bump to v1.2.4
Toke Høiland-Jørgensen [Tue, 28 Aug 2018 10:12:57 +0000 (12:12 +0200)]
sqm-scripts: Bump to v1.2.4

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6 years agophp7: update to 7.2.9
Michael Heimpold [Thu, 23 Aug 2018 20:11:24 +0000 (22:11 +0200)]
php7: update to 7.2.9

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
6 years agophp7: add dependency to hash for mysqlnd
Michael Heimpold [Thu, 23 Aug 2018 20:04:31 +0000 (22:04 +0200)]
php7: add dependency to hash for mysqlnd

The following error shows that mysqlnd depends on functions
provided by hash:

root@OpenWrt:/etc/php7# php-cli -m
PHP Warning:  PHP Startup: Unable to load dynamic library
'mysqlnd.so' (tried: /usr/lib/php/mysqlnd.so (Error
relocating /usr/lib/php/mysqlnd.so: PHP_SHA256Final: symbol
not found), /usr/lib/php/mysqlnd.so.so (Error loading shared
library /usr/lib/php/mysqlnd.so.so: No such file or
directory)) in Unknown on line 0

So let's model this dep in package metadata.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
6 years agolibxml2: add cpe id for CVE tracking
Michael Heimpold [Tue, 21 Aug 2018 19:19:01 +0000 (21:19 +0200)]
libxml2: add cpe id for CVE tracking

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
6 years agoMerge pull request #6834 from micmac1/xml2-cve-18.06
Michael Heimpold [Tue, 21 Aug 2018 19:07:48 +0000 (21:07 +0200)]
Merge pull request #6834 from micmac1/xml2-cve-18.06

libxml2: fix CVE-2018-9251 and CVE-2018-14567

6 years agolibxml2: fix CVE-2018-9251 and CVE-2018-14567 6834/head
Sebastian Kemper [Tue, 21 Aug 2018 18:29:17 +0000 (20:29 +0200)]
libxml2: fix CVE-2018-9251 and CVE-2018-14567

Backport from master.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agonet/mosquitto: update to 1.5.1
Karl Palsson [Mon, 20 Aug 2018 09:30:12 +0000 (09:30 +0000)]
net/mosquitto: update to 1.5.1

Bugfix release.  Full changelog at:
https://mosquitto.org/blog/2018/08/version-151-released/

Of most interest to OpenWrt:
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined.
* Fix IPv6 addresses not being able to be used as bridge addresses.
* Fix problem opening listeners on Pi caused by unsigned char being default.
* Fix segfault on startup if bridge CA certificates could not be read.
* Fix possible endian issue when reading the memory_limit option.
* library and client bugfixes including: https://github.com/openwrt/packages/issues/6765

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agoMerge pull request #6805 from micmac1/tiff-18.06
Jiri Slachta [Sun, 19 Aug 2018 17:12:28 +0000 (19:12 +0200)]
Merge pull request #6805 from micmac1/tiff-18.06

tiff: fix remaining CVEs

6 years agotiff: fix remaining CVEs 6805/head
Sebastian Kemper [Sun, 19 Aug 2018 08:39:02 +0000 (10:39 +0200)]
tiff: fix remaining CVEs

Backport Rosen's commit in master to 18.06 to address open CVEs. This
fixes:

CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agoMerge pull request #6782 from EricLuehrsen/unbound_odhcpd_fix
Dirk Brenken [Sat, 18 Aug 2018 17:53:04 +0000 (19:53 +0200)]
Merge pull request #6782 from EricLuehrsen/unbound_odhcpd_fix

[openwrt-18.06] unbound: drop odhcpd leases with wrong field count

6 years agounbound: drop odhcpd leases with wrong field count 6782/head
Eric Luehrsen [Fri, 17 Aug 2018 01:37:43 +0000 (21:37 -0400)]
unbound: drop odhcpd leases with wrong field count

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry pick commit: 59617f076d7cbdd04a341bf7cfb5f3d9772b5765)

6 years agoffmpeg: Add build overrides for some specific CPUs: Octeon, X86 and 24kf.
Ted Hess [Wed, 15 Aug 2018 12:58:40 +0000 (08:58 -0400)]
ffmpeg: Add build overrides for some specific CPUs: Octeon, X86 and 24kf.

Octeon: Rename octeonplus to oction+
MIPS 24kf: Inline ASM fails to build (unknown reason)
X86: Configure finds NASM and assumes YASM if name explictly set (wrong switches)

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoffmpeg: Add cpu_type to configure opts. Upgrade to 3.2.12
Ted Hess [Sun, 12 Aug 2018 21:36:28 +0000 (17:36 -0400)]
ffmpeg: Add cpu_type to configure opts. Upgrade to 3.2.12

Fixes certain combinations of architecture/cpu_type failing builds

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #6759 from micmac1/postgresql-18.06
Daniel Golle [Wed, 15 Aug 2018 18:07:49 +0000 (20:07 +0200)]
Merge pull request #6759 from micmac1/postgresql-18.06

postgresql: security bump to 9.6.10 for 18.06

6 years agopostgresql: security bump to 9.6.10 6759/head
Sebastian Kemper [Wed, 15 Aug 2018 15:00:18 +0000 (17:00 +0200)]
postgresql: security bump to 9.6.10

This update includes fixes for the following CVEs:

- CVE-2018-1115
- CVE-2018-10925
- CVE-2018-10915

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agoperl: version modules and non-base packages
Philip Prindeville [Tue, 7 Aug 2018 22:00:19 +0000 (16:00 -0600)]
perl: version modules and non-base packages

Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.

For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell.  This changes all of
that by embedding the ABI number into the filename.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0d9584724ff1c011f587540c2d25be8a90a81413)

6 years agoMerge pull request #6736 from micmac1/maria-1806-10.1.35-cve
Dirk Brenken [Sun, 12 Aug 2018 06:53:49 +0000 (08:53 +0200)]
Merge pull request #6736 from micmac1/maria-1806-10.1.35-cve

mariadb[18.06]: security bump to 10.1.35

6 years agomariadb: security bump to 10.1.35 6736/head
Sebastian Kemper [Sat, 11 Aug 2018 20:59:22 +0000 (22:59 +0200)]
mariadb: security bump to 10.1.35

Bump minor version. Bugfix release. 100% backward compatible.

Includes fixes for:

CVE-2018-3064
CVE-2018-3063
CVE-2018-3058
CVE-2018-3066

Also includes CPPFLAGS fix from master (to get fortify-source headers
etc.).

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agotravelmate: update 1.2.2
Dirk Brenken [Fri, 10 Aug 2018 13:46:53 +0000 (15:46 +0200)]
travelmate: update 1.2.2

* fix restart behaviour after successful connection
* fix labeling of faulty stations
* optimize re-connect behaviour at locations where multiple uplinks with
the same SSID are in range
* use procd pidfile handling
* refine logging
* small fixes

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit bc78ad82007947ead7361cfe00d989737f76a002)

6 years agousbip: remove nonshared flag (#6681)
Jo-Philipp Wich [Sun, 5 Aug 2018 08:49:33 +0000 (10:49 +0200)]
usbip: remove nonshared flag (#6681)

Since https://git.openwrt.org/d0e0b7049f88774e67c3d5ad6b573f7070e5f900,
OpenWrt SDKs ship the appropriate sources for building usbip userspace
packages, so special nonshared handling is not required anymore.

Sucessfully tested by compiling usbip utilities for various architectures
using self built SDKs after applying the change linked above.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit eded6ed7cfb15ad31c0a6b0623ef992d61895fd9)

6 years agoperl: update to 5.28
Philip Prindeville [Sun, 1 Jul 2018 17:34:19 +0000 (11:34 -0600)]
perl: update to 5.28

Refresh patches 900 and 910.

Add fix (920) for improperly gated variable.

Add workaround (020) for Storable's run-time check for stacksize.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b94744496ffc56df20088fe3be862f9b9ee47f0e)

6 years agotravis: don't need git cloning progress
Philip Prindeville [Mon, 2 Jul 2018 00:57:09 +0000 (18:57 -0600)]
travis: don't need git cloning progress

Since Travis runs as a batch job and logs are typically looked at
after-the-fact (if at all), there's not any point to seeing progress
when cloning git repos.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit fc3beffeff252bb1d1efd43ff8a63687d16ac0b2)

6 years agoisc-dhcp: write resolv.conf per network & dhcp settings
Philip Prindeville [Sun, 10 Jun 2018 21:36:22 +0000 (15:36 -0600)]
isc-dhcp: write resolv.conf per network & dhcp settings

The internal nameservers and the DHCP default domain should be
squirted into /tmp/resolv.conf.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit db6adb616de20b8942069c1935276baf6557ac04)

6 years agoperl: build with -fno-strict-liasing and -fwrapv
Philip Prindeville [Wed, 1 Aug 2018 00:28:41 +0000 (18:28 -0600)]
perl: build with -fno-strict-liasing and -fwrapv

Looking at Configure and Porting/config.sh, it seems that Perl
requires both of these options to build correctly.

Should fix FS #1464.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agonut: Fix for nut-upsmon without nut-server
Daniel F. Dickinson [Thu, 2 Aug 2018 09:10:18 +0000 (05:10 -0400)]
nut: Fix for nut-upsmon without nut-server

nut-monitor failed to create required dir /var/etc/nut, as
well as failing to set appropriate user on the directory and
conf files.  Fixing this closes
https://github.com/openwrt/packages/issues/6644

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit 98fdf16ecb9c8e24fd7c534cd0696105d472ccbb)

6 years agonut: Update my email
Daniel F. Dickinson [Thu, 5 Jul 2018 03:51:28 +0000 (23:51 -0400)]
nut: Update my email

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit b4fe49d2b246ef49b0cb3812a5e9da49f308ea30)

6 years agonut: Add PKG_FIXUP:=autoreconf
Eneas U de Queiroz [Wed, 13 Jun 2018 19:33:47 +0000 (16:33 -0300)]
nut: Add PKG_FIXUP:=autoreconf

We need to force this since a *.m4 file is patched.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 6543859dab03b62abca73d2c7fcd8e6420965f77)

6 years agonut: added compatibility with openssl-1.1
Eneas U de Queiroz [Fri, 1 Jun 2018 15:04:32 +0000 (12:04 -0300)]
nut: added compatibility with openssl-1.1

Also added a fix in a check for empty string.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 1a9a7cc28024d94ae3aa983aa609a72f40c1ebc3)

6 years agoMerge pull request #6638 from chris5560/ddns-18.06
Hannu Nyman [Wed, 1 Aug 2018 16:06:46 +0000 (19:06 +0300)]
Merge pull request #6638 from chris5560/ddns-18.06

ddns-scripts[18.06]: bump to version 2.7.8-1

6 years agoddns-scripts[18.06]: bump to version 2.7.8-1 6638/head
Christian Schoenebeck [Wed, 1 Aug 2018 07:56:04 +0000 (09:56 +0200)]
ddns-scripts[18.06]: bump to version 2.7.8-1

- synchronize with "master" incl. add service FreeDNS.42.pl
- remove Cloudflare v1 protocol support #6084 #6519
- fix goip.de update url #6448 #6519
- change Cloudflare v4 to read "Proxied" from current setting at Cloudflare Dashboard #5097 #6364 #6505
- fix replace of password inside logfile #6568
- remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
6 years agoprivoxy: fix uci configuration parsing after upstream OpenWrt changes
Jo-Philipp Wich [Sat, 21 Jul 2018 19:16:03 +0000 (21:16 +0200)]
privoxy: fix uci configuration parsing after upstream OpenWrt changes

OpenWrt changed the way the uci shell parsing functions deal with list
configuration items.

This change broke the generation of the privoxy runtime configuration
because no callbacks were emitted anymore.

Fix the problem by defining a list_cb() that simply calls the existing
option_cb() to deal with list item values.

Ref: c9c0fc28a9 ("base-files: fix UCI config parsing and callback handling")
Ref: https://forum.lede-project.org/t/openwrt-snapshot-privoxy-error/15919
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3113d62393fcd364a402aae55139eba4bf38fab8)

6 years agousbip: adapt package to new kernel/libudev
Eneas U de Queiroz [Wed, 23 May 2018 17:18:17 +0000 (14:18 -0300)]
usbip: adapt package to new kernel/libudev

The sources for usbip are within the kernel.  A patch that was included
with the package, which changed the old signal name SIGCLD to the new
one, SIGCHLD, was merged upstream.  However, different targets use
different kernel versions.  Current version 4.14 and 4.9 are fine, but
older versions do not have the patch applied.  So, I used
-DSIGCLD=SIGCHLD to please both worlds.

libudev-fbsd currently used by openwrt does not implement the
udev_device_get_devpath function.  eudev's implementation of libudev
sets it as (src/libudev/libudev-device.c):
udev_device->devpath = udev_device->syspath + strlen("/sys");
I used a command-line define to use the same logic, as it works with
new and old versions of the kernel--the use of ..devpath is quite
recent.

I also linked with libbsd, when using glibc.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 633fe0dbdf1d33d08589d9c299f7509a51b76b2b)

6 years agousbip: Remove obsolete patches
Eneas U de Queiroz [Wed, 16 May 2018 19:57:29 +0000 (16:57 -0300)]
usbip: Remove obsolete patches

These patches are obsolete and are never applied.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 0baaabb640c23149650fe5940b276069cea248a3)

6 years agoMerge pull request #6617 from dibdot/travelmate-18.06
Hannu Nyman [Mon, 30 Jul 2018 20:07:09 +0000 (23:07 +0300)]
Merge pull request #6617 from dibdot/travelmate-18.06

travelmate[18.06]: backport release 1.2.1 to 18.06 branch

6 years agoMerge pull request #6616 from dibdot/adblock-18.06
Hannu Nyman [Mon, 30 Jul 2018 20:06:58 +0000 (23:06 +0300)]
Merge pull request #6616 from dibdot/adblock-18.06

adblock[18.06]: backport release 3.5.4 to 18.06 branch

6 years agokrb5: update to 1.16.1
W. Michael Petullo [Fri, 6 Jul 2018 12:45:36 +0000 (08:45 -0400)]
krb5: update to 1.16.1

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 8256b967432f5d58fba121617026f16c1d6de864)

6 years agokrb5: set replay cache directory to /tmp
W. Michael Petullo [Sat, 2 Jun 2018 19:54:24 +0000 (15:54 -0400)]
krb5: set replay cache directory to /tmp

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 536d55545627ede5cb332c5f6bcec0e2effeafc1)

6 years agokrb5: update depends, adapt FS#1310
Andy Walsh [Mon, 29 Jan 2018 16:57:25 +0000 (17:57 +0100)]
krb5: update depends, adapt FS#1310

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry picked from commit ebc41d575903febd2a3cb4928f7529288179a24b)

6 years agotravelmate[18.06]: backport release 1.2.1 to 18.06 branch 6617/head
Dirk Brenken [Mon, 30 Jul 2018 11:58:40 +0000 (13:58 +0200)]
travelmate[18.06]: backport release 1.2.1 to 18.06 branch

Tested with latest 18.06 branch (OpenWrt 18.06-SNAPSHOT,
r7175+5-ca0c649a38)

Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years agoadblock[18.06]: backport release 3.5.4 to 18.06 branch 6616/head
Dirk Brenken [Mon, 30 Jul 2018 11:51:06 +0000 (13:51 +0200)]
adblock[18.06]: backport release 3.5.4 to 18.06 branch

Tested with latest 18.06 branch (OpenWrt 18.06-SNAPSHOT,
r7175+5-ca0c649a38)

Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years agolxc: nl: avoid NULL pointer dereference
Rafał Miłecki [Sun, 29 Jul 2018 19:08:05 +0000 (21:08 +0200)]
lxc: nl: avoid NULL pointer dereference

This backports upstream fix from the master branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 13d57a5e9f1996109416724ba145a33e07248fb6)
(cherry picked from commit 6e1104cc6da900bb5a014217fa79d964246f7a40)

6 years agoprometheus-node-exporter-lua: add conntrack collector
Etienne Champetier [Wed, 25 Jul 2018 18:43:44 +0000 (20:43 +0200)]
prometheus-node-exporter-lua: add conntrack collector

Also fix missing dependency of openwrt collector

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agoprometheus-node-exporter-lua: set myself as maintainer
Etienne Champetier [Wed, 25 Jul 2018 18:41:46 +0000 (20:41 +0200)]
prometheus-node-exporter-lua: set myself as maintainer

This was OKed sometimes ago by @simonswine
https://github.com/openwrt/packages/pull/5128

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>