feed/packages.git
8 years agoBB: freeradius2: bump package release
Jo-Philipp Wich [Sun, 10 Jan 2016 12:58:53 +0000 (13:58 +0100)]
BB: freeradius2: bump package release

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agoBB: freeradius2: fix disabling of OpenSSL version check
Jo-Philipp Wich [Sun, 10 Jan 2016 12:53:45 +0000 (13:53 +0100)]
BB: freeradius2: fix disabling of OpenSSL version check

The previously added patch for removing the check accidentally disabled
the library init as well.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agolibpng: update to 1.2.56
Oliver Middleton [Tue, 29 Dec 2015 12:08:21 +0000 (12:08 +0000)]
libpng: update to 1.2.56

Fixes CVE-2015-8126 and CVE-2015-8540.

Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
8 years agolibpng: update to 1.2.54
Oliver Middleton [Sun, 22 Nov 2015 15:15:26 +0000 (15:15 +0000)]
libpng: update to 1.2.54

Includes fixes for CVE-2015-7981 and CVE-2015-8126.

Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
8 years agolibpng: update to 1.2.52
Ian Leonard [Mon, 8 Dec 2014 10:22:22 +0000 (02:22 -0800)]
libpng: update to 1.2.52

Signed-off-by: Ian Leonard <antonlacon@gmail.com>
8 years agoMerge pull request #2194 from jow-/for-14.07
Jo-Philipp Wich [Mon, 4 Jan 2016 08:06:34 +0000 (09:06 +0100)]
Merge pull request #2194 from jow-/for-14.07

BB: freeradius2: completely disable runtime OpenSSL version checks

8 years agofreeradius2: completely disable runtime OpenSSL version checks 2194/head
Jo-Philipp Wich [Mon, 28 Dec 2015 14:19:43 +0000 (15:19 +0100)]
freeradius2: completely disable runtime OpenSSL version checks

Whenever we ship fixed libopenssl binaries in BB, the Freeradius daemon fails
at startup because it detects a mismatch of the build time and runtime OpenSSL
version.

Since our OpenSSL updates for BB are ABI compatible we do not need or even want
this superflous check. Removing it saves us the effort to rebuild Freeradius
after every OpenSSL version bump.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agosqm-scripts: Bump to v1.0.3.
Toke Høiland-Jørgensen [Thu, 3 Sep 2015 13:37:11 +0000 (15:37 +0200)]
sqm-scripts: Bump to v1.0.3.

Backported changes from master.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
9 years agolibevent: update to 1.4.15 (fixes CVE-2014-6272)
Jan Čermák [Tue, 1 Sep 2015 09:26:54 +0000 (11:26 +0200)]
libevent: update to 1.4.15 (fixes CVE-2014-6272)

This update fixes CVE-2014-6272. Change of source URL was needed,
because the older location does not contain the latest version.

Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
9 years agofreeradius2: backport fix for CVE-2015-4680
Jo-Philipp Wich [Mon, 20 Jul 2015 08:32:21 +0000 (10:32 +0200)]
freeradius2: backport fix for CVE-2015-4680

Backport upstream commit 5e698b407dcac2bc45cf03484bac4398109d25c3 to fix
missing intermediate certificate validation in Freeradius2.

Advisory:

The FreeRADIUS server relies on OpenSSL to perform certificate validation,
including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of
OpenSSL, in CRL application, limits the checks to leaf certificates,
therefore not detecting revocation of intermediate CA certificates.

An unexpired client certificate, issued by an intermediate CA with a revoked
certificate, is therefore accepted by FreeRADIUS.

Specifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate CRL
checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks on the
complete trust chain.

The FreeRADIUS project advises that the recommended configuration is to use
self-signed CAs for all EAP-TLS methods.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years ago[SQM/luci-app-sqm] Fix SQM GUI help messages.
Sebastian Moeller [Wed, 17 Jun 2015 19:03:33 +0000 (21:03 +0200)]
[SQM/luci-app-sqm] Fix SQM GUI help messages.

Make clear that configuration options guarded by checkboxes are only
effective as long as those boxes are checked.

The sqm gui has giarded some advanced configuration options behind exposing
checkboxes, meaning these optiopn's values were only used as long
as those boxes were checked. This commit just improves the description of
the checkboxes to included this useage instruction...

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years ago[SQM/luci-app-sqm] Enable sqm initiscript if a single sqm instance gets enabled
Sebastian Moeller [Wed, 17 Jun 2015 18:45:35 +0000 (20:45 +0200)]
[SQM/luci-app-sqm] Enable sqm initiscript if a single sqm instance gets enabled

The SQM gui has confused its users with an enable button, that only served to
selecively activate/de-activate sqm instances instead of controlling sqm's
initscript (which needs to be enabled so the sqm properly starts up after a reboot
and also for hotplug to work properly). luci-app-sqm will now enable sqm's
initscript when a single sqm instance get enabled. It also informs the user about
this fact in the top margin of the sqm page. Note sqm will not disable the
initscript behind the user's back if sqm instances get disabled.
While I would have prefered this notice to be more prominent an attentive user
should notice, and most users should not care anyway. This also increases the
package release number.

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years agohaproxy: bump to version 1.5.14
heil [Sun, 12 Jul 2015 19:58:21 +0000 (21:58 +0200)]
haproxy: bump to version 1.5.14

 - this fixes CVE-2015-3281 and CVE-2014-6269

Signed-off-by: heil <heil@terminal-consulting.de>
9 years agognutls: updated to 3.3.16
Nikos Mavrogiannopoulos [Sun, 12 Jul 2015 19:44:45 +0000 (21:44 +0200)]
gnutls: updated to 3.3.16

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago[packages] vsftpd: CVE-2015-1419 Unspecified vulnerability in vsftp 3.0.2 and earlier...
Cezary Jackiewicz [Sun, 28 Jun 2015 20:02:08 +0000 (22:02 +0200)]
[packages] vsftpd: CVE-2015-1419 Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

9 years agovsftpd: fix musl compatibility
Hannu Nyman [Tue, 16 Jun 2015 18:50:04 +0000 (21:50 +0300)]
vsftpd: fix musl compatibility

Make vsftpd to compile with musl, while preserving uclibc compatibility.

When using musl:
* disable UTMPX functionality
* disable -lnsl option in upstream Makefile

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
9 years agostrongswan: fix musl builds, reenable lost modules
Steven Barth [Fri, 19 Jun 2015 16:38:44 +0000 (18:38 +0200)]
strongswan: fix musl builds, reenable lost modules

Signed-off-by: Steven Barth <steven@midlink.org>
9 years ago[sqm-scripts/luci-app-sqm] Document how to disable shaping on a per direction basis
Toke Høiland-Jørgensen [Wed, 17 Jun 2015 11:03:03 +0000 (13:03 +0200)]
[sqm-scripts/luci-app-sqm] Document how to disable shaping on a per direction basis

sqm-scripts for a long time interprets a "Down- or Upload speed" of zero as
an indication that the shaper should be disabled. Note that really shaping
an individual direction down  o zero will make the link effectively dead
for tcp (think reverse ACK traffic). Son instead of allowing the user to
configure something broken, 0 was "over-loaded" to denote no shaping
since several years, but that information has not been documented visibly
to the users. This commit aims at fixing that oversight.

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years agostrongswan: bump to 5.3.2
Steven Barth [Mon, 8 Jun 2015 16:09:43 +0000 (18:09 +0200)]
strongswan: bump to 5.3.2

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: update to 5.3.1, cleanup broken modules
Steven Barth [Mon, 8 Jun 2015 05:48:08 +0000 (07:48 +0200)]
strongswan: update to 5.3.1, cleanup broken modules

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: add missing dependency
Steven Barth [Tue, 7 Apr 2015 10:07:27 +0000 (12:07 +0200)]
strongswan: add missing dependency

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: bump to 5.3.0
Steven Barth [Mon, 6 Apr 2015 10:23:27 +0000 (12:23 +0200)]
strongswan: bump to 5.3.0

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: fix IKEv1 support
Steven Barth [Mon, 9 Mar 2015 12:40:29 +0000 (13:40 +0100)]
strongswan: fix IKEv1 support

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agofreeradius2: add mirror for older releases
Mislav Novakovic [Mon, 25 May 2015 22:42:24 +0000 (00:42 +0200)]
freeradius2: add mirror for older releases

Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
9 years agomosquitto: upgrade 1.3.4 to 1.3.5
Karl Palsson [Fri, 8 May 2015 10:13:46 +0000 (10:13 +0000)]
mosquitto: upgrade 1.3.4 to 1.3.5

Minor bugfix release

Full changelog http://mosquitto.org/2014/10/version-1-3-5-released/

Signed-off-by: Karl Palsson <karlp@remake.is>
9 years agognutls: updated to 3.3.15
Nikos Mavrogiannopoulos [Tue, 5 May 2015 06:04:52 +0000 (08:04 +0200)]
gnutls: updated to 3.3.15

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agosqm-scripts: Only run on hotplug if the init script is enabled.
Toke Høiland-Jørgensen [Tue, 28 Apr 2015 09:05:42 +0000 (11:05 +0200)]
sqm-scripts: Only run on hotplug if the init script is enabled.

Fixes #1202.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
9 years agoRemove dependeny on iptables-mod-filter from sqm-scripts
Sebastian Moeller [Sun, 19 Apr 2015 10:48:33 +0000 (12:48 +0200)]
Remove dependeny on iptables-mod-filter from sqm-scripts

As Hnyman noted in https://github.com/dtaht/ceropackages-3.10/issues/13
we carry a few unnecessary dependecies in sqm-scripts, so remove one of
them (iptables-mod-filter) as we neither use it nor plan to use it.

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years agolibtasn1: updated to 4.4 1120/head
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 19:01:42 +0000 (21:01 +0200)]
libtasn1: updated to 4.4

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoopenconnect: list the defaultroute option
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 06:22:54 +0000 (08:22 +0200)]
openconnect: list the defaultroute option

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoMerge pull request #1079 from wlanslovenija/for-14.07
Ted Hess [Fri, 27 Mar 2015 20:38:39 +0000 (16:38 -0400)]
Merge pull request #1079 from wlanslovenija/for-14.07

mjpg-streamer: Fixed cambozola MD5 sum.

9 years agomjpg-streamer: Fixed cambozola MD5 sum. 1079/head
Jernej Kos [Fri, 27 Mar 2015 06:41:41 +0000 (07:41 +0100)]
mjpg-streamer: Fixed cambozola MD5 sum.

Signed-off-by: Jernej Kos <jernej@kos.mx>
9 years agosqm-scripts: clean up interface selection for hotplugging
Sebastian Moeller [Fri, 20 Mar 2015 21:47:45 +0000 (22:47 +0100)]
sqm-scripts: clean up interface selection for hotplugging

The initial conversion to restart sqm on interfaces it is configured
for in case of (transient) dis- and reappearance was half finished.
These changes clean up the handling of exlicitly passed interfaces
in run.sh: no second argument defaults to all configured interfaces
the alternative is an individual interface name passed as 2nd
argument to run.sh. The first argument either is start or stop.
No argument at all will behave as if start was passed.
Survives light testing...

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years agosqm-scripts: change default for qdisc target parameter
Sebastian Moeller [Fri, 20 Mar 2015 21:13:37 +0000 (22:13 +0100)]
sqm-scripts: change default for qdisc target parameter

Alan Jenkins noted a bug in the smq luci GUI that effectively
erased several configuration paramters if two checkboxes were deselected.
This behaviour seems consistent in luci but certainly has the potential
to confuse users. While confusion can not really be avoided generally
it seems wise to change the default interpretation for empty or non-existent
itarget and etarget variables from the qdisc's default (5ms in the case of
one of the codels) to automatic determination of tghis variable dependent on
the configured bandwidth, as codels target variable should be large enough
to contain at least one full packet. With this change sqm-scripts will
do the right thing by default, but will yet allow the user to specify
over-ridding values (as long as the user does not un-check the
entry-field exposing check boxes). Survives light testing...
This change set also changes the sqm-scripts luci gui to note the user
of the change. For compatibility with existing setups sqm-scripts
will still honor "auto" as an alternative explicit way of requesting
automatic target selection. This might turn into a warning in the future
and might be phased out...

Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
9 years agoMerge pull request #918 from hnyman/sqm-backport
Toke Høiland-Jørgensen [Wed, 25 Mar 2015 09:30:30 +0000 (10:30 +0100)]
Merge pull request #918 from hnyman/sqm-backport

Sqm-scripts backport to BB14.07

9 years agosqm-scripts: backport "make run.sh ignore spurious incomplete hotplug ifups" 918/head
Hannu Nyman [Thu, 5 Mar 2015 15:57:48 +0000 (17:57 +0200)]
sqm-scripts: backport "make run.sh ignore spurious incomplete hotplug ifups"

Backport from trunk the commit improving hotplug action.
https://github.com/openwrt/packages/commit/1b5afe8f464bae8fa38317548ec95fe303334c0d

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
9 years agosqm-scripts: backport from trunk "Teach SQM hotplug tricks"
Hannu Nyman [Wed, 4 Mar 2015 19:34:19 +0000 (21:34 +0200)]
sqm-scripts: backport from trunk "Teach SQM hotplug tricks"

Backport from trunk the commit that adds support for hotplug action.
https://github.com/openwrt/packages/commit/5b61cfba076c61cf09783a7f6ef4150e55b74a3f

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
9 years agoluci-app-sqm: backport package from trunk
Hannu Nyman [Tue, 17 Feb 2015 18:09:34 +0000 (20:09 +0200)]
luci-app-sqm: backport package from trunk

Backport of luci-app-sqm package from trunk.
I have been using it in my BB14.07 build without any problems.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
9 years agosqm-scripts: backport package from trunk
Hannu Nyman [Tue, 17 Feb 2015 18:07:30 +0000 (20:07 +0200)]
sqm-scripts: backport package from trunk

Backport of sqm-scripts package from trunk.
I have been using it in my BB14.07 build without any problems.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
9 years agogrep: Fix CVE-2015-1345 heap buffer overrun
Julen Landa Alustiza [Tue, 17 Feb 2015 11:50:51 +0000 (12:50 +0100)]
grep: Fix CVE-2015-1345 heap buffer overrun

Signed-off-by: Julen Landa Alustiza <julen@zokormazo.info>
9 years agogrep: update to 2.21, add license and maintainer
Julen Landa Alustiza [Thu, 18 Dec 2014 13:12:31 +0000 (14:12 +0100)]
grep: update to 2.21, add license and maintainer

Signed-off-by: Julen Landa Alustiza <julen@zokormazo.info>
9 years agoMerge pull request #914 from openwrt-es/for-14.07-next
Jo-Philipp Wich [Tue, 17 Feb 2015 11:44:49 +0000 (12:44 +0100)]
Merge pull request #914 from openwrt-es/for-14.07-next

unzip: patch CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 and CVE-2014-9636

9 years agounzip: patch CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 and CVE-2014-9636 914/head
Álvaro Fernández Rojas [Mon, 16 Feb 2015 14:04:23 +0000 (15:04 +0100)]
unzip: patch CVE-2014-8139, CVE-2014-8140, CVE-2014-8141 and CVE-2014-9636

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
9 years agorsync: patch CVE-2014-9512
Maxim Storchak [Sun, 15 Feb 2015 17:43:16 +0000 (19:43 +0200)]
rsync: patch CVE-2014-9512

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
9 years agostrongswan: bump to 5.2.2
Steven Barth [Sun, 11 Jan 2015 19:21:02 +0000 (20:21 +0100)]
strongswan: bump to 5.2.2

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: correctly install plugin include configs
Steven Barth [Thu, 4 Dec 2014 10:37:16 +0000 (11:37 +0100)]
strongswan: correctly install plugin include configs

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: update to 5.2.1
Steven Barth [Mon, 20 Oct 2014 07:16:18 +0000 (09:16 +0200)]
strongswan: update to 5.2.1

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agostrongswan: import, update, adopt
Steven Barth [Sun, 17 Aug 2014 08:11:02 +0000 (10:11 +0200)]
strongswan: import, update, adopt

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agolibtorrent: remove manual autoconf invocation
Jo-Philipp Wich [Sat, 7 Feb 2015 14:12:24 +0000 (15:12 +0100)]
libtorrent: remove manual autoconf invocation

The Makefile already uses the proper autoreconf fixup but leaves a manual
autoconf invocation in place.

The bad autoconf call leads to the following build error in the SDK:

configure.ac:3: installing `./config.guess'
configure.ac:3: installing `./config.sub'
configure.ac:20: installing `./install-sh'
configure.ac:20: installing `./missing'
src/Makefile.am: installing `./depcomp'
autoreconf: Leaving directory `.'
aclocal...
autoheader...
libtoolize... libtoolize nor glibtoolize not found
make[2]: *** [.../.configured_] Error 1

Remove the entire Build/Configure override to let libtorrent build correctly.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agortorrent: remove manual autoconf invocation
Jo-Philipp Wich [Sat, 7 Feb 2015 19:38:17 +0000 (20:38 +0100)]
rtorrent: remove manual autoconf invocation

The Makefile already uses the proper autoreconf fixup but leaves a manual
autoconf invocation in place.

The bad autoconf call leads to the following build error in the SDK:

( cd .../rtorrent-0.9.4-git; ./autogen.sh );
aclocal...
autoheader...
libtoolize... libtoolize nor glibtoolize not found
make[2]: *** [.../rtorrent-0.9.4-git/.configured_] Error 1

Remove the entire Build/Configure override to let rtorrent build correctly.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoMerge pull request #753 from wildoats/for-14.07
tripolar [Sun, 1 Feb 2015 16:12:11 +0000 (17:12 +0100)]
Merge pull request #753 from wildoats/for-14.07

rtorrent: reenable rtorrent-rpc in Barrier Breaker

Signed-off-by: Peter Wagner <tripolar@gmx.at>
9 years agoocserv: enable min-reauth-time in default configuration
Nikos Mavrogiannopoulos [Sat, 24 Jan 2015 13:00:48 +0000 (14:00 +0100)]
ocserv: enable min-reauth-time in default configuration

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agomwan3: update to version 1.5-10
Adze1502 [Thu, 15 Jan 2015 13:15:53 +0000 (14:15 +0100)]
mwan3: update to version 1.5-10

Fixed issue in mwan3 status output with mwan3 interfaces not yet configuerd in network config
Removed nexthop argument as it is no longer used

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
9 years agortorrent: Reenable rtorrent-rpc in Barrier Breaker 753/head
wildoats [Wed, 7 Jan 2015 22:13:43 +0000 (14:13 -0800)]
rtorrent: Reenable rtorrent-rpc in Barrier Breaker

Signed-off-by: Jan Ulrich <jan@janulrich.org>
9 years agoopenconnect: use openconnect.upgrade to save configured files
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:46:12 +0000 (22:46 +0100)]
openconnect: use openconnect.upgrade to save configured files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoRevert "openconnect: move certificate files to config/ to add graceful upgrade"
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:37:43 +0000 (22:37 +0100)]
Revert "openconnect: move certificate files to config/ to add graceful upgrade"

This reverts commit b53e5bfe875d673fc8a57a4766d7af6fc1b3e074.

9 years agoRevert "openconnect: cmdline parameter for CA not moved"
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:37:29 +0000 (22:37 +0100)]
Revert "openconnect: cmdline parameter for CA not moved"

This reverts commit fa8f5479458ee5163c9907ee3e92d8bd6b62389b.

9 years agoocserv: prevent ocpasswd from using sha2crypt
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 20:39:25 +0000 (21:39 +0100)]
ocserv: prevent ocpasswd from using sha2crypt

That doesn't cope well with uclibc.
https://bugs.busybox.net/show_bug.cgi?id=7808

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoocserv: use ocserv.upgrade to save configured files
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:52:42 +0000 (22:52 +0100)]
ocserv: use ocserv.upgrade to save configured files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoRevert "ocserv: store permanent config files in /etc/config"
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 21:47:25 +0000 (22:47 +0100)]
Revert "ocserv: store permanent config files in /etc/config"

This reverts commit 1c40fc1022377e565b037df92391b2b5ade110c8.

9 years agoopenconnect: bumped version
Nikos Mavrogiannopoulos [Sat, 17 Jan 2015 08:15:23 +0000 (09:15 +0100)]
openconnect: bumped version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoopenconnect: cmdline parameter for CA not moved
Jasper [Fri, 16 Jan 2015 16:21:44 +0000 (17:21 +0100)]
openconnect: cmdline parameter for CA not moved

The location for the server CA file was moved in b53e5bfe875d673fc8a57a4766d7af6fc1b3e074, but the corresponding command line option for opeconnect not updated.

9 years agoocserv: store permanent config files in /etc/config
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 18:50:13 +0000 (19:50 +0100)]
ocserv: store permanent config files in /etc/config

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoprotobuf-c: use generic autoreconf fixup
Jo-Philipp Wich [Sat, 10 Jan 2015 22:58:36 +0000 (23:58 +0100)]
protobuf-c: use generic autoreconf fixup

Invoke the generic autoreconf fixup instead of calling the shipped autogen.sh.

This ensures that proper variants of libtoolize, autoconf, automake etc. are
used, otherwise it is not possible to rebuild protobuf-c in the SDK env.

The change requires backport to BB as it currently blocks the rebuild of ocerv.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agolibxml2: fix compilation on archlinux and gentoo
Michael Heimpold [Sat, 10 Jan 2015 15:33:32 +0000 (16:33 +0100)]
libxml2: fix compilation on archlinux and gentoo

Compilation of libxml2 on some distributions is problematic (at least
archlinux) for OpenWrt. This commit fixes the issue. Issue is caused
because configuration for some reason does not find gzopen from zlib.
This patch issues linker to include zlib anyway, if host system doesn't
have this issue, it is not a problem as linker should not link libs
twice anyway.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Backported to BB to fix https://dev.openwrt.org/ticket/18295

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
9 years agoocserv: updated to 0.8.9
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 20:30:05 +0000 (21:30 +0100)]
ocserv: updated to 0.8.9

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoopenconnect: removed obsolete patch
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 10:23:21 +0000 (11:23 +0100)]
openconnect: removed obsolete patch

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoopenconnect: update to 7.03
Nikos Mavrogiannopoulos [Sat, 10 Jan 2015 10:04:19 +0000 (11:04 +0100)]
openconnect: update to 7.03

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agozabbix: update to 2.4.3
Etienne CHAMPETIER [Fri, 26 Dec 2014 19:06:56 +0000 (20:06 +0100)]
zabbix: update to 2.4.3

run-tested on ar71xx

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agomwan3: update to version 1.5-9
Adze1502 [Mon, 22 Dec 2014 07:44:41 +0000 (08:44 +0100)]
mwan3: update to version 1.5-9

Fix issue where config file would be overwritten in some cases
Fix issue where local address of wan point-to-point links were unreachable from lan

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
9 years agosqlite3: update to 3.8.7.4
Etienne CHAMPETIER [Mon, 15 Dec 2014 21:37:41 +0000 (22:37 +0100)]
sqlite3: update to 3.8.7.4

compile tested on ar71xx

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agosqlite3: update to 3.8.7.1
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:30:43 +0000 (23:30 +0100)]
sqlite3: update to 3.8.7.1

Run tested on ar71xx

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agozabbix: update to 2.4.2
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:27:03 +0000 (23:27 +0100)]
zabbix: update to 2.4.2

Remove 001-cross_compile.patch, it's fixed upstream (ZBX-5561)
Run tested on ar71xx

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agoadmin/zabbix: put myself as maintainer
Etienne CHAMPETIER [Tue, 16 Sep 2014 21:28:20 +0000 (23:28 +0200)]
admin/zabbix: put myself as maintainer

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agozabbix: update to 2.4.0, refresh patches
Christoph König [Fri, 12 Sep 2014 17:09:18 +0000 (19:09 +0200)]
zabbix: update to 2.4.0, refresh patches

Signed-off-by: Christoph König <christoph.koenig@gmail.com>
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agomonit: update to 5.10
Etienne CHAMPETIER [Tue, 11 Nov 2014 22:36:01 +0000 (23:36 +0100)]
monit: update to 5.10

Run tested on ar71xx

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
10 years agomonit: Update to 5.9
Christoph König [Thu, 25 Sep 2014 20:23:57 +0000 (22:23 +0200)]
monit: Update to 5.9

Signed-off-by: Christoph König <christoph.koenig@gmail.com>
10 years agomonit: add PKG_LICENSE_FILES
Ian Leonard [Sat, 2 Aug 2014 08:09:29 +0000 (01:09 -0700)]
monit: add PKG_LICENSE_FILES

Signed-off-by: Ian Leonard <antonlacon@gmail.com>
10 years agomwan3-luci: update to 1.3-5
Aedan ARFETT Renner [Sat, 4 Oct 2014 22:56:28 +0000 (15:56 -0700)]
mwan3-luci: update to 1.3-5

new naming/wording - more generically mwan than mwan3
renamed cryptic variables/functions/etc everywhere
removed unused and unnecessary variables everywhere
cleaned up ugly and inefficient Lua and Javascript

Signed-off-by: Aedan Renner chipdankly@gmail.com
10 years agomwan3-luci: update to 1.3-4
Aedan Renner [Tue, 30 Sep 2014 22:41:13 +0000 (15:41 -0700)]
mwan3-luci: update to 1.3-4

put dummy echo command back in hotplug script send_alert function to avoid errors

Signed-off-by: Aedan Renner chipdankly@gmail.com
10 years agomwan3-luci: update to 1.3-3
Aedan Renner [Tue, 30 Sep 2014 15:50:31 +0000 (08:50 -0700)]
mwan3-luci: update to 1.3-3

corrected name of last_resort option from "main" to "default"
added blackhole option to policy selection on rule configuration

Signed-off-by: Aedan Renner <chipdankly@gmail.com>
10 years agomwan3-luci: update to 1.3-2
Aedan ARFETT Renner [Tue, 30 Sep 2014 02:32:02 +0000 (19:32 -0700)]
mwan3-luci: update to 1.3-2

added support for new last_resort option for policy configuration
added dependencies for luci-mod-admin-full and luci-lib-nixio
shortened length of menuconfig description lines
reworded things on various pages
changed date formatting in custom hotplug script
default route checks now verify both destination/netmask are 0.0.0.0
condensed messy javascript lines and removed -F' ' from awk commands

Signed-off-by: Aedan Renner <chipdankly@gmail.com>
10 years agognutls: updated to address CVE-2014-8564
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 18:51:59 +0000 (19:51 +0100)]
gnutls: updated to address CVE-2014-8564

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agognutls: force rebuuld when config changes
Nicolas Thill [Sat, 25 Oct 2014 07:30:33 +0000 (09:30 +0200)]
gnutls: force rebuuld when config changes

Signed-off-by: Nicolas Thill <nico@openwrt.org>
10 years agognutls: updated to 3.3.9
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 07:20:31 +0000 (09:20 +0200)]
gnutls: updated to 3.3.9

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agofreeradius2: relax SSL version checks
Jo-Philipp Wich [Mon, 20 Oct 2014 15:32:26 +0000 (17:32 +0200)]
freeradius2: relax SSL version checks

Merge upstream commit 5ae2a70a135062a025d8fabc104eeae3a2c53a7a to relax the
SSL library version check at runtime.

The objective is to avoid the need for rebuilding freeradius2 whenever we push
binary updates for libopenssl. See https://dev.openwrt.org/ticket/18169 for
reference.

Please backport this change to the for-14.07 branch as well.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
10 years agowget: update to v1.16
Jo-Philipp Wich [Wed, 29 Oct 2014 21:08:07 +0000 (22:08 +0100)]
wget: update to v1.16

The update fixes CVE-2014-4877 which allows malicious FTP servers
to modify local filesystem contents through specificially crafted
symlinks.

Please backport to for-14.07 too.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
10 years agoperl: Don't link against libnsl, fix PPC signedness
Marcel Denia [Sat, 11 Oct 2014 14:53:38 +0000 (16:53 +0200)]
perl: Don't link against libnsl, fix PPC signedness

perl: Don't try to link against libnsl

And also remove all other references to avoid confusion.
libnsl isn't really needed. Removing it allows glibc based
toolchains to build perl.

perl: Make I8/I16/I32 types explicitly signed for PPC

Type signedness is undefined for char. char may actually be unsigned for
some CPUs.
This fixes various bugs on PPC, like negative array indices.

Signed-off-by: Marcel Denia <naoir@gmx.net>
10 years agolibxml2: update to 2.9.2
Steven Barth [Mon, 20 Oct 2014 08:57:42 +0000 (10:57 +0200)]
libxml2: update to 2.9.2

fixes CVE-2014-3660, CVE-2014-0191 among other issues

Signed-off-by: Steven Barth <steven@midlink.org>
10 years agoopenconnect: fixed description of ca file location
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 20:14:34 +0000 (22:14 +0200)]
openconnect: fixed description of ca file location

Resolves #407

10 years agoMerge pull request #406 from npodolak/patch-1 409/head
Thomas Heil [Tue, 7 Oct 2014 18:54:26 +0000 (20:54 +0200)]
Merge pull request #406 from npodolak/patch-1

fix apr-util URL

10 years agofix apr-util URL 406/head
npodolak [Tue, 7 Oct 2014 18:51:04 +0000 (14:51 -0400)]
fix apr-util URL

apr-util 1.5.3 is no longer hosted on biblio.org.  Get it from archive.apache.org.

10 years agomwan3: update to version 1.5-8
Adze1502 [Tue, 7 Oct 2014 09:23:02 +0000 (11:23 +0200)]
mwan3: update to version 1.5-8

Fix bug introduced in version 1.5-7; args were not parsed to script.

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
10 years agomwan3: update to version 1.5-7
Adze1502 [Thu, 2 Oct 2014 07:57:50 +0000 (09:57 +0200)]
mwan3: update to version 1.5-7

Fixed issue where an manual ifup-ed interface would immediatly go down again
Remove from init as mwan3 is not a service

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
10 years agomwan3: update to version 1.5-6
Adze1502 [Thu, 25 Sep 2014 09:27:54 +0000 (11:27 +0200)]
mwan3: update to version 1.5-6

Fixed issue where mwan3 would not immediately set interface down on link-loss event
Added feature to define last-resort action on policies with no members

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
10 years agomwan3: update to version 1.5-4
Adze1502 [Tue, 9 Sep 2014 09:20:02 +0000 (11:20 +0200)]
mwan3: update to version 1.5-4

Fix issue with more than one link route on a wan interface

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
10 years agoMerge pull request #400 from Naoir/bash-4.2
sbyx [Tue, 7 Oct 2014 05:59:54 +0000 (07:59 +0200)]
Merge pull request #400 from Naoir/bash-4.2

bash: Update to 4.2.53

10 years agobash: Update to 4.2.53 400/head
Marcel Denia [Mon, 6 Oct 2014 07:27:22 +0000 (09:27 +0200)]
bash: Update to 4.2.53

Includes the latest bunch of security fixes

Signed-off-by: Marcel Denia <naoir@gmx.net>
10 years agoMerge pull request #364 from br101/for-14.07
sbyx [Mon, 6 Oct 2014 08:23:23 +0000 (10:23 +0200)]
Merge pull request #364 from br101/for-14.07

horst: Add horst version 4.2

10 years agohorst: Add horst version 4.2 364/head
Bruno Randolf [Fri, 1 Aug 2014 13:45:41 +0000 (14:45 +0100)]
horst: Add horst version 4.2

horst 3.0 from oldpackages does not work well with the new mac80211 drivers
of 14.07, so please consider to merge this...

Signed-off-by: Bruno Randolf <br1@einfach.org>