Hannu Nyman [Sun, 3 Oct 2021 18:05:06 +0000 (21:05 +0300)]
haveged: update to 1.9.15
Update haveged to version 1.9.15.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
1f3f63f5de7dfaea369f4832cdd061994fba1924)
Glenn Strauss [Wed, 6 Oct 2021 01:12:34 +0000 (21:12 -0400)]
lighttpd: update to lighttpd 1.4.55 release hash
update lighttpd in openwrt-19.07 branch from lighttpd 1.4.54 to 1.4.55
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Rosen Penev [Sat, 18 Sep 2021 22:05:14 +0000 (15:05 -0700)]
Merge pull request #16569 from turris-cz/19.07/tor-0.4.4.9
tor: update to version 0.4.4.9
Josef Schlehofer [Fri, 17 Sep 2021 14:20:57 +0000 (16:20 +0200)]
Merge pull request #16196 from miska/snort3-19.07
net/snort3: Include default configs and snort2lua
Stijn Tintel [Sat, 14 Aug 2021 19:45:21 +0000 (22:45 +0300)]
tcpreplay: avoid host lib leakage
On hosts that have pcapnav-config installed, there is host lib leakage.
From config.log:
LNAVLIB='-L/usr/lib64 -lpcapnav -lpcap'
LNAV_CFLAGS='-I/usr/include'
Fix this by disabling pcapnav-config, which isn't available anyway.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
e4b8fec79cd7d2ed092c51aa83683fa5b151ae2a)
Alexandru Ardelean [Tue, 4 May 2021 12:20:29 +0000 (15:20 +0300)]
tcpreplay: bump to version 4.3.4
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
7436d944fa44e27816401868a11a4c9115eb717d)
Rosen Penev [Sun, 10 Jan 2021 01:03:33 +0000 (17:03 -0800)]
tcpreplay: add libdnet support
On Arch Linux, tcpreplay is picking up the host dnet-config and adding
OS paths, thereby breaking compilation. The easiest solution is to add
libdnet support as the previous commit fixes dnet-config on OpenWrt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f9f216a06695aa81bb8cad76245a978bfa4683a0)
Rosen Penev [Wed, 23 Dec 2020 02:55:23 +0000 (18:55 -0800)]
tcpreplay: fix compilation with Arch Linux
It tries to link to host libraries for some reason. Add autoreconf to
fix. Also remove redundant prefixes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
87177eef7539d6cd092063dc0a1aa67726cff2a6)
Alexandru Ardelean [Thu, 25 Jun 2020 11:16:27 +0000 (14:16 +0300)]
tcpreplay: bump to version 4.3.3
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
c7153f22a74b3183bd7fb575e0ae045ecf2f0fff)
Michal Vasilek [Fri, 10 Sep 2021 14:11:02 +0000 (16:11 +0200)]
ntfs-3g: patch CVE-2019-9755
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Olivier Poitrey [Thu, 9 Sep 2021 15:57:44 +0000 (15:57 +0000)]
nextdns: Update to version 1.37.2
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Jo-Philipp Wich [Wed, 8 Sep 2021 20:22:35 +0000 (22:22 +0200)]
Merge pull request #16581 from jow-/openwrt-19.07
cgi-io: update to latest Git HEAD
Josef Schlehofer [Wed, 8 Sep 2021 09:34:17 +0000 (11:34 +0200)]
bind: update to version 9.16.20
1. Fixes: CVE-2021-25218
2. Add patch to bump API version, which was forgotten by BIND devs
Related to https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
Pointed out in https://www.openwall.com/lists/oss-security/2021/08/20/2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Jo-Philipp Wich [Wed, 8 Sep 2021 19:53:28 +0000 (21:53 +0200)]
cgi-io: update to latest Git HEAD
98cef9d Retry splice() syscall on EINTR
Fixes: https://github.com/openwrt/luci/issues/5342
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=4006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
db8e0fdea454c3b07d859935de5a7d3714fd72ac)
Petr Štetiar [Tue, 27 Oct 2020 22:08:00 +0000 (23:08 +0100)]
cgi-io: update to version 2020-10-27
Contains following list of changes:
ab4c3471b261 tests: add cram based unit tests
7b4e3241e1bd tests: add cgi-io built with clang sanitizers
21831f45d16d Disable session ACLs during unit testing
2f525417b5df Add initial GitLab CI support
57f1c4f18cb6 Add .gitignore
09f9ac5066ee Fix off-by-one in postdecode_fields
ed8ce0d5d28b Add fuzzing of utility functions
a61581819800 Add fuzzing of multipart_parser
6b0615b728ed Refactor utility functions into static library
a0ed2c9a7a72 Fix clang compiler errors
232659da19a4 Fix possible NULL dereference
8e5719b37a67 Fix warnings reported by clang-10 static analyzer
b99aa8a64cca Remove Makefile
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
351e4e01c597a13f7c20f76884310996e432e230)
Petr Štetiar [Sun, 11 Oct 2020 12:54:55 +0000 (14:54 +0200)]
cgi-io: move into out of tree project
No functional changes, just moved the sources into out of tree
project[1] so it's going to be easier to do CI with unit testing,
fuzzing etc.
1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
08be3279423ed19554905d9cf00a508be0586107)
Christian Lachner [Wed, 8 Sep 2021 07:43:40 +0000 (09:43 +0200)]
haproxy: Update HAProxy to v2.0.25
- This update fixes CVE-2021-40346; see: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Josef Schlehofer [Wed, 8 Sep 2021 11:05:22 +0000 (13:05 +0200)]
python3: update to version 3.7.12
Fixes: CVE-2013-0340 (Windows and MacOS only) and smtplib multiple CRLF injection
Changelog: https://www.python.org/downloads/release/python-3712/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Wed, 8 Sep 2021 09:53:18 +0000 (11:53 +0200)]
tor: update to version 0.4.4.9
Fixes:
- CVE-2021-34548
- CVE-2021-34549
- CVE-2021-34550
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Mon, 19 Jul 2021 03:54:55 +0000 (20:54 -0700)]
irssi: update to 1.2.3
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
752656c6be242d266d689078cc3ed1d76cb0143f)
Olivier Poitrey [Tue, 7 Sep 2021 21:17:27 +0000 (21:17 +0000)]
nextdns: Update to version 1.37.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Olivier Poitrey [Tue, 7 Sep 2021 16:12:04 +0000 (16:12 +0000)]
nextdns: Update to version 1.37.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Dennis Schüsselbauer [Sat, 28 Aug 2021 02:42:51 +0000 (04:42 +0200)]
acme: Fix uhttpd restart to load new certificates
Fixes issue #16256
Bump PKG_RELEASE to 4.
Signed-off-by: Dennis Schüsselbauer <scde@users.noreply.github.com>
(cherry picked from commit
d69534751e2cf15aa7add8e8db713fd7131edd1f)
Josef Schlehofer [Tue, 5 Mar 2019 23:16:15 +0000 (00:16 +0100)]
click: update to version 7.0
- Change URL of the website and for PKG_SOURCE_URL
- Change TITLE and description
- Remove PKG_BUILD_DEPENDS, PKG_UNPACK as they are not necessary
- Add src package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
25e8b2cda2efda171929a33b9d52dbf108ca67b7)
Eneas U de Queiroz [Thu, 12 Mar 2020 12:09:28 +0000 (09:09 -0300)]
dnsdist: fix default SSL lib spelling
This is cosmetic only, since openssl is the first one being defined, but
it avoids a warning in scripts/config, after upgrading to kconfig-v5.6:
tmp/.config-package.in:102839:warning: choice default symbol
'DNSDIST_OPENSSSL' is not contained in the choice
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
dbe11776ed820505d65d2572d372e5c1cfa1ff48)
Rosen Penev [Thu, 2 Sep 2021 00:16:20 +0000 (17:16 -0700)]
Merge pull request #16518 from jefferyto/golang-packages-remove-strip-ldflags-openwrt-19.07
[openwrt-19.07] treewide: Remove GO_PKG_LDFLAGS for stripping binaries
Jeffery To [Wed, 1 Sep 2021 22:36:01 +0000 (06:36 +0800)]
treewide: Remove GO_PKG_LDFLAGS for stripping binaries
The "-s -w" flags in GO_PKG_LDFLAGS tells the Go compiler to strip the
binaries it produces. Since the default Go package build process will
strip binaries when CONFIG_USE_STRIP or CONFIG_USE_SSTRIP are selected,
these flags are unnecessary.
When CONFIG_NO_STRIP is selected, these flags override the user's
intention of building unstripped packages.
This removes these flags for all relevant packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Peter Stadler [Sun, 4 Jul 2021 19:09:23 +0000 (21:09 +0200)]
nginx: add PROVIDES nginx-ssl to nginx-all-module
fix issue when installing luci-ssl-nginx
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Josef Schlehofer [Mon, 19 Jul 2021 11:55:52 +0000 (13:55 +0200)]
Revert "net/miniupnpd: ext_ip_reserved_ignore support"
This patch is causing several issues [1], which then were reported to
upstream [2] and it was not accepted by upstream [3]. This results that
nobody maintain this custom patch and it is not useful as it is changing
addr_is_reserved behavior.
[1] https://github.com/openwrt/packages/issues/15258
[2] https://github.com/miniupnp/miniupnp/issues/542
[3] https://github.com/miniupnp/miniupnp/pull/511
This reverts commit
b76aa9919489f49b472a8f939f6d46ca33d05f64.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
107f3376b5114cd17c115e25026b031bd439e9be)
Rosen Penev [Fri, 27 Aug 2021 08:05:32 +0000 (01:05 -0700)]
Merge pull request #16410 from paper42/git-2.26.3-19
[19.07] git: update to 2.26.3
Michal Vasilek [Mon, 23 Aug 2021 11:37:53 +0000 (13:37 +0200)]
apr: patch CVE-2021-35940
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
0777e40b7472a0b0b77531b6797448f8c15bd586)
Rosen Penev [Wed, 25 Aug 2021 02:04:13 +0000 (19:04 -0700)]
Merge pull request #16444 from paper42/postgresql-fix-hardening
[19.07] postgresql: disable PIC
Stan Grishin [Wed, 25 Aug 2021 00:07:57 +0000 (17:07 -0700)]
Merge pull request #16455 from rs/nextdns-1.36.0-openwrt-19.07
[19.07] nextdns: Update to version 1.36.0
Olivier Poitrey [Tue, 24 Aug 2021 23:40:31 +0000 (23:40 +0000)]
nextdns: Update to version 1.36.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Michal Vasilek [Tue, 24 Aug 2021 10:43:39 +0000 (12:43 +0200)]
postgresql: disable PIC
with PIC enabled, build fails with
ld: access/gist/gistproc.o: in function `rtree_internal_consistent':
gistproc.c:(.text+0x188): relocation truncated to fit: R_AARCH64_LD64_GOTPAGE_LO15 against symbol `DirectFunctionCall2Coll' defined in .text section in utils/fmgr/fmgr.o
ld: gistproc.c:(.text+0x188): warning: too many GOT entries for -fpic, please recompile with -fPIC
ld: final link failed: symbol needs debug section which does not exist
collect2: error: ld returned 1 exit status
Related-to: 8e9ad7bb5117edea4df08cd9a2de62685103a4b3
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Rosen Penev [Mon, 23 Aug 2021 12:58:04 +0000 (05:58 -0700)]
Merge pull request #16411 from paper42/file-5.38-19
[19.07] file: update to 5.38
Michal Vasilek [Fri, 20 Aug 2021 10:23:32 +0000 (12:23 +0200)]
file: update to 5.38
* fixes CVE-2019-18218
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Josef Schlehofer [Sun, 22 Aug 2021 07:34:58 +0000 (09:34 +0200)]
Merge pull request #16412 from paper42/tar-cve-19
[19.07] tar: fix CVE-2021-20193
Etienne Champetier [Fri, 20 Aug 2021 19:33:27 +0000 (15:33 -0400)]
https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
This fixes compilation issues with ASLR PIE enabled
We were compiling with '-g -DDEBUG'
https-dns-proxy_2021-07-29-*_arm_cortex-a9_vfpv3-d16.ipk
shrink from 19514 to 19095
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit
374e1dd56e1742273b261f25a69fd3d46741e357)
Michal Vasilek [Fri, 20 Aug 2021 14:12:09 +0000 (16:12 +0200)]
tar: fix CVE-2021-20193
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Michal Vasilek [Fri, 20 Aug 2021 08:06:42 +0000 (10:06 +0200)]
mc: add a missing Syntax file
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
312caff03b17241d2e383eb254b41d35e9225294)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Michal Vasilek [Fri, 20 Aug 2021 09:29:36 +0000 (11:29 +0200)]
git: update to 2.26.3
* fixes CVE-2021-21300
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Josef Schlehofer [Thu, 19 Aug 2021 15:33:36 +0000 (17:33 +0200)]
Merge pull request #16398 from paper42/mc-1907
[19.07] mc: update to 2.8.27
Michal Vasilek [Tue, 17 Aug 2021 14:40:37 +0000 (16:40 +0200)]
mc: update to 2.8.27
* fixes CVE-2021-36370
* refresh patches
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Eneas U de Queiroz [Wed, 11 Aug 2021 14:04:50 +0000 (11:04 -0300)]
unixodbc: use 'install' when copying host binaries
'cp' fails with a text file busy error if it tries to overwrite an
executable file that is running. 'install' unlinks the file first, so
it will not cause the problem.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
47f98d7030f1023e7b2ed118c7774c6100fc979b)
Eneas U de Queiroz [Wed, 11 Aug 2021 13:57:23 +0000 (10:57 -0300)]
perl: perlmod.mk: use 'install' for host binaries
When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'. However, if the binary is running in a
parallel job, cp will fail with a text file busy error. Use
$(INSTALL_BIN), which unliks the file first to avoid the error.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
19c7496648cb25500ca7007a7c1578a426c23a09)
Stan Grishin [Wed, 4 Aug 2021 05:14:19 +0000 (22:14 -0700)]
Merge pull request #16254 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: update to 2021-07-29-1
Jan Hak [Mon, 19 Jul 2021 14:50:43 +0000 (16:50 +0200)]
knot: update to version 3.0.8
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
5f374929cfdf59fd1b2ec558cd024f5b301d3169)
Jan Hak [Mon, 21 Jun 2021 08:52:32 +0000 (10:52 +0200)]
knot: update to version 3.0.7
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
8d66f49baef164e6c7a621dd7e72328f62f242f4)
Jan Hak [Thu, 13 May 2021 07:32:01 +0000 (09:32 +0200)]
knot: update to version 3.0.6
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
d578f60818b9dd53cc3285cc4deff32fb09f7a89)
Jan Hak [Mon, 29 Mar 2021 09:48:21 +0000 (11:48 +0200)]
knot: update to version 3.0.5
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
d92a2cd21bbc41ceba9ac2b7a8ccc96a0bd2a249)
Hauke Mehrtens [Sun, 1 Aug 2021 16:09:24 +0000 (16:09 +0000)]
Merge pull request #15108 from neheb/ksmbd
ksmbd updates for 19.07
Stan Grishin [Fri, 30 Jul 2021 00:02:52 +0000 (00:02 +0000)]
https-dns-proxy: update to 2021-07-29-01
* update binary to the latest commit (2021-07-29) to fix #16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace
Signed-off-by: Stan Grishin <stangri@melmac.net>
Olivier Poitrey [Thu, 29 Jul 2021 23:34:22 +0000 (23:34 +0000)]
nextdns: Update to version 1.35.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Dirk Brenken [Wed, 28 Jul 2021 06:01:44 +0000 (08:01 +0200)]
adblock: bugfix 4.0.7-9
* fix regex to prepare google safesearch domains
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Thu, 22 Jul 2021 22:25:50 +0000 (15:25 -0700)]
librouteros: don't build docs
Fixes compilation without host pod2man.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e41fd1794be2e8cc78c3df4bc4f4e05100eda959)
Michal Hrusecky [Thu, 22 Jul 2021 11:44:07 +0000 (13:44 +0200)]
net/snort3: Include default configs and snort2lua
Include default configuration files to have something to start from.
Also include snort2lua to help convert snort2 rules to snort3 to also
help with bootstrapping the configuration.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Josef Schlehofer [Wed, 21 Jul 2021 21:28:05 +0000 (23:28 +0200)]
syslog-ng: update to version 3.33.2
Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
4b06f9ff4c3c5abe54ccd9248de9cf52f198d63d)
George Iv [Mon, 19 Jul 2021 12:46:16 +0000 (15:46 +0300)]
yggdrasil: bump to 0.4.0
- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
e135c4c86764f84339bba44d87153ed7db14d396)
Rosen Penev [Wed, 21 Jul 2021 03:56:00 +0000 (20:56 -0700)]
Merge pull request #16166 from stangri/19.07-vpnbypass
[19.07] vpnbypass: update to 1.3.2-1
Stan Grishin [Sun, 18 Jul 2021 19:45:46 +0000 (19:45 +0000)]
vpnbypass: updates to 1.3.2-1
bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Fri, 16 Jul 2021 14:59:08 +0000 (16:59 +0200)]
Merge pull request #16095 from turris-cz/bind-update
bind: update to version 9.16.18
Luiz Angelo Daros de Luca [Thu, 15 Jul 2021 17:49:50 +0000 (14:49 -0300)]
ruby: update to 2.6.8
This release includes security fixes like:
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc
We ordinally do not fix Ruby 2.6 except security fixes, but this release
also includes some regressed bugs and build problem fixes.
Ruby 2.6 is now under the state of the security maintenance phase, until
the end of March of 2022. After that date, maintenance of Ruby 2.6 will
be ended.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Rosen Penev [Thu, 15 Jul 2021 18:42:18 +0000 (11:42 -0700)]
Merge pull request #16133 from jefferyto/addrwatch-fixes-openwrt-19.07
[openwrt-19.07] addrwatch: Update to 1.0.2 and various fixes
Jeffery To [Fri, 18 Jun 2021 08:33:55 +0000 (16:33 +0800)]
addrwatch: Various fixes
Makefile changes include:
* Include syslog output module
* Move main binary (back) to /usr/sbin, as it is system administration
related and requires superuser privileges
New patches:
* 003-add-space-for-null-byte.patch - from
https://github.com/fln/addrwatch/commit/
374cfd2cabe4db9882d8a210adff430cc579f859
* 004-more-specific-library-linking.patch - from
https://github.com/fln/addrwatch/commit/
27b57d9da322fc16c6904d8e35aae4557a3e517b
* 005-use-c99-format-macro-constants.patch - from
https://github.com/fln/addrwatch/pull/28
Init script changes include:
* Fix command-line option names and format (from
https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)
* Always use the --quiet command-line option, as the procd instance is
not configured to capture stdout/stderr
* Change the syslog config option to start the syslog output module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 15 Jul 2021 08:05:33 +0000 (16:05 +0800)]
addrwatch: fix broken conffiles
This is
704e733e51071c864265ff55a8568be3edb82c1f but applied for
addrwatch only.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Thu, 27 Feb 2020 04:54:28 +0000 (20:54 -0800)]
addrwatch: update to 1.0.2
Switch to standard tarball to avoid autoreconfig.
Fix license information.
Add PKG_BUILD_PARALLEL for faster compilation.
Add PKG_INSTALL for consistency with other packages.
Removed upstreamed patches. Refresh remaining one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f1a7d509b5ba1b784c96b24f47c9e0b40da57a3f)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Thu, 28 Nov 2019 07:33:24 +0000 (23:33 -0800)]
addrwatch: Add missing limits header for PATH_MAX
Fixes compilation on musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
8003eea2b9e70cc2850e9489f47403c86586bdcd)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Mon, 1 Mar 2021 22:46:44 +0000 (14:46 -0800)]
luajit: for powerpc, add FPU dependency
powerpc support as of 2.1 does not work with soft float.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d23ca0010c7c67bd6883a00cf92e90e0bbd08c77)
Rosen Penev [Sat, 20 Mar 2021 22:23:22 +0000 (15:23 -0700)]
luajit: fix compilation with host clang
It errors out with this section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0e620f1fa147a7d510f6c499e5062d5dec063dcb)
Donald Hoskins [Mon, 22 Jun 2020 04:03:34 +0000 (00:03 -0400)]
[LuaJIT] Allow MIPS64 support
Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit
d325fbffbe9a06ff8e7682c974d82e371b0da811)
Rosen Penev [Fri, 17 Jan 2020 02:07:52 +0000 (18:07 -0800)]
luajit: do not install static libraries to InstallDev
The dynamic library change removed static libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
51de4b2e35607ab9561b58d581b832fcaa8978b5)
Rosen Penev [Wed, 15 Jan 2020 04:07:05 +0000 (20:07 -0800)]
luajit: use dynamic buildmode
Reduces package size with about 50%
Fixes: https://github.com/openwrt/packages/issues/10848
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d9487590c64e3636cc4bfa845964c1c3e90e066c)
Rosen Penev [Thu, 15 Jul 2021 02:23:31 +0000 (19:23 -0700)]
Merge pull request #16062 from miska/snort3
snort3: Backport update to the stable version
James Vorderbruggen [Sun, 13 Jun 2021 16:09:57 +0000 (12:09 -0400)]
yggdrasil: allow HTTPS connections
Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
(cherry picked from commit
ffff3473966c42133b8faed7d8a120739c5451d4)
George Iv [Sun, 28 Mar 2021 17:39:44 +0000 (13:39 -0400)]
yggdrasil: bump to 0.3.16
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
76b642b50ff8a606780c43eef2bb030a60dcdb17)
George Iv [Mon, 28 Sep 2020 10:04:14 +0000 (06:04 -0400)]
yggdrasil: bump to 0.3.15
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
6b2b73018107a8b588756f09c1fde78a305d3692)
William Fleurant [Fri, 24 Jul 2020 03:35:18 +0000 (23:35 -0400)]
yggdrasil: Ygg-over-ygg bugfix
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
1d78e7dc3157b113f3026ffdacff09a63d18755c)
George Iv [Fri, 3 Apr 2020 14:25:35 +0000 (10:25 -0400)]
yggdrasil: bump to 0.3.14
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
860f1a111351407b3982e268215edf08123516ae)
William Fleurant [Sun, 23 Feb 2020 03:31:04 +0000 (22:31 -0500)]
yggdrasil: bump to 0.3.13
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
0642927d5dfc4dfe5fa1daa7d61d875677fbfa9c)
William Fleurant [Mon, 25 Nov 2019 00:18:53 +0000 (19:18 -0500)]
yggdrasil: bump to 0.3.12
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
be4fe496ce7135bd4978cb7be7a563639babea69)
George Iv [Thu, 14 Nov 2019 09:16:02 +0000 (04:16 -0500)]
yggdrasil: Change package configuration to UCI
Signed-off-by: George Iv <57254463+zhoreeq@users.noreply.github.com>
(cherry picked from commit
6857fd45c8498ea1fa97cfe8370ecaab2db03e5b)
William Fleurant [Mon, 11 Nov 2019 05:10:48 +0000 (00:10 -0500)]
yggdrasil: fixes build name and version #10309
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
bd415bc7bfd368f4dace5123cb6664344fc3011b)
William Fleurant [Sat, 26 Oct 2019 17:41:13 +0000 (13:41 -0400)]
yggdrasil: uci firewall Section name and cover both IP versions
- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
2baab77b77c3db5cb8bb61e5697373e5b8e9ac58)
William Fleurant [Sat, 26 Oct 2019 04:24:30 +0000 (00:24 -0400)]
yggdrasil: bump to 0.3.11
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
06bdd7aebfc5b84382af6f89e52aa96e6559d1d4)
Rosen Penev [Tue, 13 Jul 2021 06:15:11 +0000 (23:15 -0700)]
Merge pull request #16109 from nxhack/1907_libuv
[19.07] libuv: fix CVE-2021-22918
Josef Schlehofer [Mon, 12 Jul 2021 14:14:31 +0000 (16:14 +0200)]
syslog-ng: disable mqtt
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e319e89fde0f3c6b3c8ecfffe9bd759c9a44ac15)
Hirokazu MORIKAWA [Mon, 12 Jul 2021 06:13:13 +0000 (15:13 +0900)]
libuv: fix CVE-2021-22918
idna: fix OOB read in punycode decoder
libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.
libuv/libuv@
b7466e3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Josef Schlehofer [Sun, 11 Jul 2021 18:16:47 +0000 (20:16 +0200)]
syslog-ng: update to version 3.33.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
2b4be08a8c4fbe3d6dec90b91726375e9b38db61)
Josef Schlehofer [Sun, 11 Jul 2021 18:44:23 +0000 (20:44 +0200)]
Merge pull request #16087 from turris-cz/19.07/lxc-update-gpg-keyserver
lxc: add patch to switch GPG server
Josef Schlehofer [Sun, 11 Jul 2021 17:38:48 +0000 (19:38 +0200)]
czmq: disable nss
While bumping czmq to version 4.2.1 from master branch into OpenWrt
19.07, it automatically detects nss when compiled before czmq.
These steps can verify this:
make package/nss/compile V=s
make package/czmq/compile V=s
Then czmq requires many dependencies:
Package czmq is missing dependencies for the following libraries:
libnspr4.so
libnss3.so
libnssutil3.so
libplc4.so
libplds4.so
libsmime3.so
libsoftokn3.so
libssl3.so
And this fails. If you are using SDK and wants to have just a few
packages then czmq gets compiled if any of those packages are not
present in build system.
This was also mentioned in the release notes for czmq 4.2.1:
https://github.com/zeromq/czmq/releases/tag/v4.2.1
> Note for packagers: NSS can now be used and linked against to avoid using
an internal embedded reimplementation of SHA. It is enabled by default if
present.
NSS was disabled before, so let's disable it.
This is required only for OpenWrt 19.07 as this is done differently in OpenWrt 21.02 and OpenWrt
master and czmq is compiled there.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Wed, 16 Jun 2021 01:36:03 +0000 (18:36 -0700)]
apache: update to 2.4.48
Fixes:
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(partially cherry picked from commit
6dfd07097de4e737444cf70c62d34453bbf84f7a)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[removed patch, which is not in OpenWrt 19.07 branch, used integer in
PKG_RELEASE instead of autorelease]
Jan Pavlinec [Fri, 22 Jan 2021 12:25:56 +0000 (13:25 +0100)]
czmq: update to version 4.2.1
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
39b4c6454561e09d51e8ec062920727c584dca08)
Josef Schlehofer [Sat, 10 Jul 2021 21:01:58 +0000 (23:01 +0200)]
bind: update to version 9.16.18
Changelog:
https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-18
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Hrusecky [Wed, 7 Jul 2021 10:39:31 +0000 (12:39 +0200)]
snort3: Backport stable version from 21.02
Update snort3 from beta to the stable version available in 21.02 version
of feeds.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Michal Hrusecky [Wed, 7 Jul 2021 10:36:20 +0000 (12:36 +0200)]
libdaq3: New package, dependency of snort3
Backport from 21.02 in order to satisfy dependencies of snort3 to allow
upgrade to stable version of snort3 from beta available now.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Josef Schlehofer [Sun, 30 May 2021 22:37:42 +0000 (00:37 +0200)]
msmtp: update to version 1.8.15
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
110abfb9f6a1718d1817a27cab96c28db4ee6012)
Josef Schlehofer [Tue, 6 Jul 2021 14:20:02 +0000 (16:20 +0200)]
Merge pull request #16051 from BKPepe/openwrt-19.07
python3: update to version 3.7.11
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
701ded952a2505d3c39184767d2d55d1e299ec0f)
projects / feed / packages.git / log