Oliver Middleton [Tue, 29 Dec 2015 12:08:21 +0000 (12:08 +0000)]
libpng: update to 1.2.56
Fixes CVE-2015-8126 and CVE-2015-8540.
Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
Oliver Middleton [Sun, 22 Nov 2015 15:15:26 +0000 (15:15 +0000)]
libpng: update to 1.2.54
Includes fixes for CVE-2015-7981 and CVE-2015-8126.
Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
Ian Leonard [Mon, 8 Dec 2014 10:22:22 +0000 (02:22 -0800)]
libpng: update to 1.2.52
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Jo-Philipp Wich [Mon, 4 Jan 2016 08:06:34 +0000 (09:06 +0100)]
Merge pull request #2194 from jow-/for-14.07
BB: freeradius2: completely disable runtime OpenSSL version checks
Jo-Philipp Wich [Mon, 28 Dec 2015 14:19:43 +0000 (15:19 +0100)]
freeradius2: completely disable runtime OpenSSL version checks
Whenever we ship fixed libopenssl binaries in BB, the Freeradius daemon fails
at startup because it detects a mismatch of the build time and runtime OpenSSL
version.
Since our OpenSSL updates for BB are ABI compatible we do not need or even want
this superflous check. Removing it saves us the effort to rebuild Freeradius
after every OpenSSL version bump.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Toke Høiland-Jørgensen [Thu, 3 Sep 2015 13:37:11 +0000 (15:37 +0200)]
sqm-scripts: Bump to v1.0.3.
Backported changes from master.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Jan Čermák [Tue, 1 Sep 2015 09:26:54 +0000 (11:26 +0200)]
libevent: update to 1.4.15 (fixes CVE-2014-6272)
This update fixes CVE-2014-6272. Change of source URL was needed,
because the older location does not contain the latest version.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
Jo-Philipp Wich [Mon, 20 Jul 2015 08:32:21 +0000 (10:32 +0200)]
freeradius2: backport fix for CVE-2015-4680
Backport upstream commit
5e698b407dcac2bc45cf03484bac4398109d25c3 to fix
missing intermediate certificate validation in Freeradius2.
Advisory:
The FreeRADIUS server relies on OpenSSL to perform certificate validation,
including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of
OpenSSL, in CRL application, limits the checks to leaf certificates,
therefore not detecting revocation of intermediate CA certificates.
An unexpired client certificate, issued by an intermediate CA with a revoked
certificate, is therefore accepted by FreeRADIUS.
Specifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate CRL
checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks on the
complete trust chain.
The FreeRADIUS project advises that the recommended configuration is to use
self-signed CAs for all EAP-TLS methods.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Sebastian Moeller [Wed, 17 Jun 2015 19:03:33 +0000 (21:03 +0200)]
[SQM/luci-app-sqm] Fix SQM GUI help messages.
Make clear that configuration options guarded by checkboxes are only
effective as long as those boxes are checked.
The sqm gui has giarded some advanced configuration options behind exposing
checkboxes, meaning these optiopn's values were only used as long
as those boxes were checked. This commit just improves the description of
the checkboxes to included this useage instruction...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Sebastian Moeller [Wed, 17 Jun 2015 18:45:35 +0000 (20:45 +0200)]
[SQM/luci-app-sqm] Enable sqm initiscript if a single sqm instance gets enabled
The SQM gui has confused its users with an enable button, that only served to
selecively activate/de-activate sqm instances instead of controlling sqm's
initscript (which needs to be enabled so the sqm properly starts up after a reboot
and also for hotplug to work properly). luci-app-sqm will now enable sqm's
initscript when a single sqm instance get enabled. It also informs the user about
this fact in the top margin of the sqm page. Note sqm will not disable the
initscript behind the user's back if sqm instances get disabled.
While I would have prefered this notice to be more prominent an attentive user
should notice, and most users should not care anyway. This also increases the
package release number.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
heil [Sun, 12 Jul 2015 19:58:21 +0000 (21:58 +0200)]
haproxy: bump to version 1.5.14
- this fixes CVE-2015-3281 and CVE-2014-6269
Signed-off-by: heil <heil@terminal-consulting.de>
Nikos Mavrogiannopoulos [Sun, 12 Jul 2015 19:44:45 +0000 (21:44 +0200)]
gnutls: updated to 3.3.16
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Cezary Jackiewicz [Sun, 28 Jun 2015 20:02:08 +0000 (22:02 +0200)]
[packages] vsftpd: CVE-2015-1419 Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
Hannu Nyman [Tue, 16 Jun 2015 18:50:04 +0000 (21:50 +0300)]
vsftpd: fix musl compatibility
Make vsftpd to compile with musl, while preserving uclibc compatibility.
When using musl:
* disable UTMPX functionality
* disable -lnsl option in upstream Makefile
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Steven Barth [Fri, 19 Jun 2015 16:38:44 +0000 (18:38 +0200)]
strongswan: fix musl builds, reenable lost modules
Signed-off-by: Steven Barth <steven@midlink.org>
Toke Høiland-Jørgensen [Wed, 17 Jun 2015 11:03:03 +0000 (13:03 +0200)]
[sqm-scripts/luci-app-sqm] Document how to disable shaping on a per direction basis
sqm-scripts for a long time interprets a "Down- or Upload speed" of zero as
an indication that the shaper should be disabled. Note that really shaping
an individual direction down o zero will make the link effectively dead
for tcp (think reverse ACK traffic). Son instead of allowing the user to
configure something broken, 0 was "over-loaded" to denote no shaping
since several years, but that information has not been documented visibly
to the users. This commit aims at fixing that oversight.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Steven Barth [Mon, 8 Jun 2015 16:09:43 +0000 (18:09 +0200)]
strongswan: bump to 5.3.2
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Mon, 8 Jun 2015 05:48:08 +0000 (07:48 +0200)]
strongswan: update to 5.3.1, cleanup broken modules
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Tue, 7 Apr 2015 10:07:27 +0000 (12:07 +0200)]
strongswan: add missing dependency
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Mon, 6 Apr 2015 10:23:27 +0000 (12:23 +0200)]
strongswan: bump to 5.3.0
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Mon, 9 Mar 2015 12:40:29 +0000 (13:40 +0100)]
strongswan: fix IKEv1 support
Signed-off-by: Steven Barth <steven@midlink.org>
Mislav Novakovic [Mon, 25 May 2015 22:42:24 +0000 (00:42 +0200)]
freeradius2: add mirror for older releases
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Karl Palsson [Fri, 8 May 2015 10:13:46 +0000 (10:13 +0000)]
mosquitto: upgrade 1.3.4 to 1.3.5
Minor bugfix release
Full changelog http://mosquitto.org/2014/10/version-1-3-5-released/
Signed-off-by: Karl Palsson <karlp@remake.is>
Nikos Mavrogiannopoulos [Tue, 5 May 2015 06:04:52 +0000 (08:04 +0200)]
gnutls: updated to 3.3.15
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Toke Høiland-Jørgensen [Tue, 28 Apr 2015 09:05:42 +0000 (11:05 +0200)]
sqm-scripts: Only run on hotplug if the init script is enabled.
Fixes #1202.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Sebastian Moeller [Sun, 19 Apr 2015 10:48:33 +0000 (12:48 +0200)]
Remove dependeny on iptables-mod-filter from sqm-scripts
As Hnyman noted in https://github.com/dtaht/ceropackages-3.10/issues/13
we carry a few unnecessary dependecies in sqm-scripts, so remove one of
them (iptables-mod-filter) as we neither use it nor plan to use it.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 19:01:42 +0000 (21:01 +0200)]
libtasn1: updated to 4.4
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 06:22:54 +0000 (08:22 +0200)]
openconnect: list the defaultroute option
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Ted Hess [Fri, 27 Mar 2015 20:38:39 +0000 (16:38 -0400)]
Merge pull request #1079 from wlanslovenija/for-14.07
mjpg-streamer: Fixed cambozola MD5 sum.
Jernej Kos [Fri, 27 Mar 2015 06:41:41 +0000 (07:41 +0100)]
mjpg-streamer: Fixed cambozola MD5 sum.
Signed-off-by: Jernej Kos <jernej@kos.mx>
Sebastian Moeller [Fri, 20 Mar 2015 21:47:45 +0000 (22:47 +0100)]
sqm-scripts: clean up interface selection for hotplugging
The initial conversion to restart sqm on interfaces it is configured
for in case of (transient) dis- and reappearance was half finished.
These changes clean up the handling of exlicitly passed interfaces
in run.sh: no second argument defaults to all configured interfaces
the alternative is an individual interface name passed as 2nd
argument to run.sh. The first argument either is start or stop.
No argument at all will behave as if start was passed.
Survives light testing...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Sebastian Moeller [Fri, 20 Mar 2015 21:13:37 +0000 (22:13 +0100)]
sqm-scripts: change default for qdisc target parameter
Alan Jenkins noted a bug in the smq luci GUI that effectively
erased several configuration paramters if two checkboxes were deselected.
This behaviour seems consistent in luci but certainly has the potential
to confuse users. While confusion can not really be avoided generally
it seems wise to change the default interpretation for empty or non-existent
itarget and etarget variables from the qdisc's default (5ms in the case of
one of the codels) to automatic determination of tghis variable dependent on
the configured bandwidth, as codels target variable should be large enough
to contain at least one full packet. With this change sqm-scripts will
do the right thing by default, but will yet allow the user to specify
over-ridding values (as long as the user does not un-check the
entry-field exposing check boxes). Survives light testing...
This change set also changes the sqm-scripts luci gui to note the user
of the change. For compatibility with existing setups sqm-scripts
will still honor "auto" as an alternative explicit way of requesting
automatic target selection. This might turn into a warning in the future
and might be phased out...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Toke Høiland-Jørgensen [Wed, 25 Mar 2015 09:30:30 +0000 (10:30 +0100)]
Merge pull request #918 from hnyman/sqm-backport
Sqm-scripts backport to BB14.07
Hannu Nyman [Thu, 5 Mar 2015 15:57:48 +0000 (17:57 +0200)]
sqm-scripts: backport "make run.sh ignore spurious incomplete hotplug ifups"
Backport from trunk the commit improving hotplug action.
https://github.com/openwrt/packages/commit/
1b5afe8f464bae8fa38317548ec95fe303334c0d
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Wed, 4 Mar 2015 19:34:19 +0000 (21:34 +0200)]
sqm-scripts: backport from trunk "Teach SQM hotplug tricks"
Backport from trunk the commit that adds support for hotplug action.
https://github.com/openwrt/packages/commit/
5b61cfba076c61cf09783a7f6ef4150e55b74a3f
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Tue, 17 Feb 2015 18:09:34 +0000 (20:09 +0200)]
luci-app-sqm: backport package from trunk
Backport of luci-app-sqm package from trunk.
I have been using it in my BB14.07 build without any problems.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Tue, 17 Feb 2015 18:07:30 +0000 (20:07 +0200)]
sqm-scripts: backport package from trunk
Backport of sqm-scripts package from trunk.
I have been using it in my BB14.07 build without any problems.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Julen Landa Alustiza [Tue, 17 Feb 2015 11:50:51 +0000 (12:50 +0100)]
grep: Fix CVE-2015-1345 heap buffer overrun
Signed-off-by: Julen Landa Alustiza <julen@zokormazo.info>
Julen Landa Alustiza [Thu, 18 Dec 2014 13:12:31 +0000 (14:12 +0100)]
grep: update to 2.21, add license and maintainer
Signed-off-by: Julen Landa Alustiza <julen@zokormazo.info>
Jo-Philipp Wich [Tue, 17 Feb 2015 11:44:49 +0000 (12:44 +0100)]
Merge pull request #914 from openwrt-es/for-14.07-next
unzip: patch CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 and CVE-2014-9636
Álvaro Fernández Rojas [Mon, 16 Feb 2015 14:04:23 +0000 (15:04 +0100)]
unzip: patch CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 and CVE-2014-9636
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Maxim Storchak [Sun, 15 Feb 2015 17:43:16 +0000 (19:43 +0200)]
rsync: patch CVE-2014-9512
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Steven Barth [Sun, 11 Jan 2015 19:21:02 +0000 (20:21 +0100)]
strongswan: bump to 5.2.2
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Thu, 4 Dec 2014 10:37:16 +0000 (11:37 +0100)]
strongswan: correctly install plugin include configs
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Mon, 20 Oct 2014 07:16:18 +0000 (09:16 +0200)]
strongswan: update to 5.2.1
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Sun, 17 Aug 2014 08:11:02 +0000 (10:11 +0200)]
strongswan: import, update, adopt
Signed-off-by: Steven Barth <steven@midlink.org>
Jo-Philipp Wich [Sat, 7 Feb 2015 14:12:24 +0000 (15:12 +0100)]
libtorrent: remove manual autoconf invocation
The Makefile already uses the proper autoreconf fixup but leaves a manual
autoconf invocation in place.
The bad autoconf call leads to the following build error in the SDK:
configure.ac:3: installing `./config.guess'
configure.ac:3: installing `./config.sub'
configure.ac:20: installing `./install-sh'
configure.ac:20: installing `./missing'
src/Makefile.am: installing `./depcomp'
autoreconf: Leaving directory `.'
aclocal...
autoheader...
libtoolize... libtoolize nor glibtoolize not found
make[2]: *** [.../.configured_] Error 1
Remove the entire Build/Configure override to let libtorrent build correctly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Sat, 7 Feb 2015 19:38:17 +0000 (20:38 +0100)]
rtorrent: remove manual autoconf invocation
The Makefile already uses the proper autoreconf fixup but leaves a manual
autoconf invocation in place.
The bad autoconf call leads to the following build error in the SDK:
( cd .../rtorrent-0.9.4-git; ./autogen.sh );
aclocal...
autoheader...
libtoolize... libtoolize nor glibtoolize not found
make[2]: *** [.../rtorrent-0.9.4-git/.configured_] Error 1
Remove the entire Build/Configure override to let rtorrent build correctly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
tripolar [Sun, 1 Feb 2015 16:12:11 +0000 (17:12 +0100)]
Merge pull request #753 from wildoats/for-14.07
rtorrent: reenable rtorrent-rpc in Barrier Breaker
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Nikos Mavrogiannopoulos [Sat, 24 Jan 2015 13:00:48 +0000 (14:00 +0100)]
ocserv: enable min-reauth-time in default configuration
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Adze1502 [Thu, 15 Jan 2015 13:15:53 +0000 (14:15 +0100)]
mwan3: update to version 1.5-10
Fixed issue in mwan3 status output with mwan3 interfaces not yet configuerd in network config
Removed nexthop argument as it is no longer used
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
wildoats [Wed, 7 Jan 2015 22:13:43 +0000 (14:13 -0800)]
rtorrent: Reenable rtorrent-rpc in Barrier Breaker
Signed-off-by: Jan Ulrich <jan@janulrich.org>
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:46:12 +0000 (22:46 +0100)]
openconnect: use openconnect.upgrade to save configured files
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:37:43 +0000 (22:37 +0100)]
Revert "openconnect: move certificate files to config/ to add graceful upgrade"
This reverts commit
b53e5bfe875d673fc8a57a4766d7af6fc1b3e074.
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:37:29 +0000 (22:37 +0100)]
Revert "openconnect: cmdline parameter for CA not moved"
This reverts commit
fa8f5479458ee5163c9907ee3e92d8bd6b62389b.
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 20:39:25 +0000 (21:39 +0100)]
ocserv: prevent ocpasswd from using sha2crypt
That doesn't cope well with uclibc.
https://bugs.busybox.net/show_bug.cgi?id=7808
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:52:42 +0000 (22:52 +0100)]
ocserv: use ocserv.upgrade to save configured files
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:47:25 +0000 (22:47 +0100)]
Revert "ocserv: store permanent config files in /etc/config"
This reverts commit
1c40fc1022377e565b037df92391b2b5ade110c8.
Nikos Mavrogiannopoulos [Sat, 17 Jan 2015 08:15:23 +0000 (09:15 +0100)]
openconnect: bumped version
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Jasper [Fri, 16 Jan 2015 16:21:44 +0000 (17:21 +0100)]
openconnect: cmdline parameter for CA not moved
The location for the server CA file was moved in
b53e5bfe875d673fc8a57a4766d7af6fc1b3e074, but the corresponding command line option for opeconnect not updated.
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 18:50:13 +0000 (19:50 +0100)]
ocserv: store permanent config files in /etc/config
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Jo-Philipp Wich [Sat, 10 Jan 2015 22:58:36 +0000 (23:58 +0100)]
protobuf-c: use generic autoreconf fixup
Invoke the generic autoreconf fixup instead of calling the shipped autogen.sh.
This ensures that proper variants of libtoolize, autoconf, automake etc. are
used, otherwise it is not possible to rebuild protobuf-c in the SDK env.
The change requires backport to BB as it currently blocks the rebuild of ocerv.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Michael Heimpold [Sat, 10 Jan 2015 15:33:32 +0000 (16:33 +0100)]
libxml2: fix compilation on archlinux and gentoo
Compilation of libxml2 on some distributions is problematic (at least
archlinux) for OpenWrt. This commit fixes the issue. Issue is caused
because configuration for some reason does not find gzopen from zlib.
This patch issues linker to include zlib anyway, if host system doesn't
have this issue, it is not a problem as linker should not link libs
twice anyway.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Backported to BB to fix https://dev.openwrt.org/ticket/18295
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 20:30:05 +0000 (21:30 +0100)]
ocserv: updated to 0.8.9
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 10:23:21 +0000 (11:23 +0100)]
openconnect: removed obsolete patch
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 10:04:19 +0000 (11:04 +0100)]
openconnect: update to 7.03
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Etienne CHAMPETIER [Fri, 26 Dec 2014 19:06:56 +0000 (20:06 +0100)]
zabbix: update to 2.4.3
run-tested on ar71xx
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Adze1502 [Mon, 22 Dec 2014 07:44:41 +0000 (08:44 +0100)]
mwan3: update to version 1.5-9
Fix issue where config file would be overwritten in some cases
Fix issue where local address of wan point-to-point links were unreachable from lan
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Etienne CHAMPETIER [Mon, 15 Dec 2014 21:37:41 +0000 (22:37 +0100)]
sqlite3: update to 3.8.7.4
compile tested on ar71xx
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:30:43 +0000 (23:30 +0100)]
sqlite3: update to 3.8.7.1
Run tested on ar71xx
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:27:03 +0000 (23:27 +0100)]
zabbix: update to 2.4.2
Remove 001-cross_compile.patch, it's fixed upstream (ZBX-5561)
Run tested on ar71xx
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Tue, 16 Sep 2014 21:28:20 +0000 (23:28 +0200)]
admin/zabbix: put myself as maintainer
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Christoph König [Fri, 12 Sep 2014 17:09:18 +0000 (19:09 +0200)]
zabbix: update to 2.4.0, refresh patches
Signed-off-by: Christoph König <christoph.koenig@gmail.com>
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:36:01 +0000 (23:36 +0100)]
monit: update to 5.10
Run tested on ar71xx
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Christoph König [Thu, 25 Sep 2014 20:23:57 +0000 (22:23 +0200)]
monit: Update to 5.9
Signed-off-by: Christoph König <christoph.koenig@gmail.com>
Ian Leonard [Sat, 2 Aug 2014 08:09:29 +0000 (01:09 -0700)]
monit: add PKG_LICENSE_FILES
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Aedan ARFETT Renner [Sat, 4 Oct 2014 22:56:28 +0000 (15:56 -0700)]
mwan3-luci: update to 1.3-5
new naming/wording - more generically mwan than mwan3
renamed cryptic variables/functions/etc everywhere
removed unused and unnecessary variables everywhere
cleaned up ugly and inefficient Lua and Javascript
Signed-off-by: Aedan Renner chipdankly@gmail.com
Aedan Renner [Tue, 30 Sep 2014 22:41:13 +0000 (15:41 -0700)]
mwan3-luci: update to 1.3-4
put dummy echo command back in hotplug script send_alert function to avoid errors
Signed-off-by: Aedan Renner chipdankly@gmail.com
Aedan Renner [Tue, 30 Sep 2014 15:50:31 +0000 (08:50 -0700)]
mwan3-luci: update to 1.3-3
corrected name of last_resort option from "main" to "default"
added blackhole option to policy selection on rule configuration
Signed-off-by: Aedan Renner <chipdankly@gmail.com>
Aedan ARFETT Renner [Tue, 30 Sep 2014 02:32:02 +0000 (19:32 -0700)]
mwan3-luci: update to 1.3-2
added support for new last_resort option for policy configuration
added dependencies for luci-mod-admin-full and luci-lib-nixio
shortened length of menuconfig description lines
reworded things on various pages
changed date formatting in custom hotplug script
default route checks now verify both destination/netmask are 0.0.0.0
condensed messy javascript lines and removed -F' ' from awk commands
Signed-off-by: Aedan Renner <chipdankly@gmail.com>
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 18:51:59 +0000 (19:51 +0100)]
gnutls: updated to address CVE-2014-8564
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nicolas Thill [Sat, 25 Oct 2014 07:30:33 +0000 (09:30 +0200)]
gnutls: force rebuuld when config changes
Signed-off-by: Nicolas Thill <nico@openwrt.org>
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 07:20:31 +0000 (09:20 +0200)]
gnutls: updated to 3.3.9
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Jo-Philipp Wich [Mon, 20 Oct 2014 15:32:26 +0000 (17:32 +0200)]
freeradius2: relax SSL version checks
Merge upstream commit
5ae2a70a135062a025d8fabc104eeae3a2c53a7a to relax the
SSL library version check at runtime.
The objective is to avoid the need for rebuilding freeradius2 whenever we push
binary updates for libopenssl. See https://dev.openwrt.org/ticket/18169 for
reference.
Please backport this change to the for-14.07 branch as well.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Wed, 29 Oct 2014 21:08:07 +0000 (22:08 +0100)]
wget: update to v1.16
The update fixes CVE-2014-4877 which allows malicious FTP servers
to modify local filesystem contents through specificially crafted
symlinks.
Please backport to for-14.07 too.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Marcel Denia [Sat, 11 Oct 2014 14:53:38 +0000 (16:53 +0200)]
perl: Don't link against libnsl, fix PPC signedness
perl: Don't try to link against libnsl
And also remove all other references to avoid confusion.
libnsl isn't really needed. Removing it allows glibc based
toolchains to build perl.
perl: Make I8/I16/I32 types explicitly signed for PPC
Type signedness is undefined for char. char may actually be unsigned for
some CPUs.
This fixes various bugs on PPC, like negative array indices.
Signed-off-by: Marcel Denia <naoir@gmx.net>
Steven Barth [Mon, 20 Oct 2014 08:57:42 +0000 (10:57 +0200)]
libxml2: update to 2.9.2
fixes CVE-2014-3660, CVE-2014-0191 among other issues
Signed-off-by: Steven Barth <steven@midlink.org>
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 20:14:34 +0000 (22:14 +0200)]
openconnect: fixed description of ca file location
Resolves #407
Thomas Heil [Tue, 7 Oct 2014 18:54:26 +0000 (20:54 +0200)]
Merge pull request #406 from npodolak/patch-1
fix apr-util URL
npodolak [Tue, 7 Oct 2014 18:51:04 +0000 (14:51 -0400)]
fix apr-util URL
apr-util 1.5.3 is no longer hosted on biblio.org. Get it from archive.apache.org.
Adze1502 [Tue, 7 Oct 2014 09:23:02 +0000 (11:23 +0200)]
mwan3: update to version 1.5-8
Fix bug introduced in version 1.5-7; args were not parsed to script.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Adze1502 [Thu, 2 Oct 2014 07:57:50 +0000 (09:57 +0200)]
mwan3: update to version 1.5-7
Fixed issue where an manual ifup-ed interface would immediatly go down again
Remove from init as mwan3 is not a service
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Adze1502 [Thu, 25 Sep 2014 09:27:54 +0000 (11:27 +0200)]
mwan3: update to version 1.5-6
Fixed issue where mwan3 would not immediately set interface down on link-loss event
Added feature to define last-resort action on policies with no members
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Adze1502 [Tue, 9 Sep 2014 09:20:02 +0000 (11:20 +0200)]
mwan3: update to version 1.5-4
Fix issue with more than one link route on a wan interface
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
sbyx [Tue, 7 Oct 2014 05:59:54 +0000 (07:59 +0200)]
Merge pull request #400 from Naoir/bash-4.2
bash: Update to 4.2.53
Marcel Denia [Mon, 6 Oct 2014 07:27:22 +0000 (09:27 +0200)]
bash: Update to 4.2.53
Includes the latest bunch of security fixes
Signed-off-by: Marcel Denia <naoir@gmx.net>
sbyx [Mon, 6 Oct 2014 08:23:23 +0000 (10:23 +0200)]
Merge pull request #364 from br101/for-14.07
horst: Add horst version 4.2
Bruno Randolf [Fri, 1 Aug 2014 13:45:41 +0000 (14:45 +0100)]
horst: Add horst version 4.2
horst 3.0 from oldpackages does not work well with the new mac80211 drivers
of 14.07, so please consider to merge this...
Signed-off-by: Bruno Randolf <br1@einfach.org>
Nikos Mavrogiannopoulos [Sun, 28 Sep 2014 16:26:26 +0000 (18:26 +0200)]
openconnect: increased the timeout value for retrying
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Naoir [Fri, 26 Sep 2014 14:54:15 +0000 (16:54 +0200)]
Merge pull request #358 from Naoir/bash-bb
bash: Import from oldpackages, update to 4.2.49