Merge pull request #21348 from jefferyto/python-3.7.17-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.17

python3: Update to 3.7.17

This includes an updated patch for pip, as the bundled pip was also
updated with this release.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

Merge pull request #20676 from jefferyto/python-3.7.16-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.16, refresh patches

python3: Update to 3.7.16, refresh patches

Includes fixes:

* 3.7.14:
  * CVE-2020-10735: Prevent DoS by large int<->str conversions
  * CVE-2021-28861: http.server: Open Redirection if the URL path starts with //

* 3.7.16:
  * CVE-2022-45061: Slow IDNA decoding with large strings
  * CVE-2022-37454: Buffer overflow in the _sha3 module
  * CVE-2015-20107: mailcap.findmatch: document shell command Injection danger in filename parameter

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

bind: bump to 9.16.37

Fixes multiple CVEs. Upstream changelog is
https://ftp.isc.org/isc/bind9/9.16.37/CHANGES

CVEs fixed:

CVE-2022-3924: Fix serve-stale crash when recursive clients soft quota
is reached.

CVE-2022-3736: Handle RRSIG lookups when serve-stale is active.

CVE-2022-3094: An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

libwebsockets: fix recursive dependency

While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl

It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.

Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a4e8cbb89a48729b3c3ad615765549628d495b0f)

libwebsockets: OpenSSL and mbedTLS variants should conflict

They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 676c5c72b5eeb583da2603e399fac085fa442c59)

libwebsockets: full variant provides OpenSSL

For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.

Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 77e682a11c53f4dcd0e76bdea5ee82de77eaacfe)

nss: disable PKG_BUILD_PARALLEL

This is similar to commit f303e87a1e0cb384ed7c3ef66752479a4c43afd2
("nss: update to 3.67") as there is something wrong with NSS build
system and otherwise this package fails to compile. Let's compile it
single threaded.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

bind: update to version 9.16.33

Changelog:
https://downloads.isc.org/isc/bind9/9.16.33/RELEASE-NOTES-bind-9.16.33.html

Fixes:
- multiple CVEs
(CVE-2022-2795, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

syslog-ng: update to version 3.38.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1

- Update the configuration file to use version 4.0 as mentioned in the
  release notes to try the latest changes

Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 34b7af9e0859418bb85e7d3ca131101dd912ae53)

libedit: update to version 20210522-3.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 0b8f3ea81a3186f1189def218a3553dea2b572f8)

libedit: update to version 20210419-3.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit b0870d792b3fd013137d2071c150248e85262d66)

knot: update to 3.1.7

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit f30da8c572c7f1acf34d60c468a3a1cceafbf426)

knot: update to 3.1.6

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 4de863e418f80cd52293e1ae0de153dcc2cb7141)

knot: update to 3.1.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 2a56e478f57faad7a4346f5aef843bae517027e7)

knot: update to 3.1.4

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 60a80b31fbf3585d52b64ab0b9bf5a4aa844a032)

knot: update to version 3.1.3

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 175087bf250d1e1043ecad1ee352297398816d51)

knot: update to version 3.1.2

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 2d2f1e56445a4a7fe06aa6ed073964ca607040f9)

knot: update to version 3.1.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 7aee9d130818ab2b21d28b3c2615d678f0417102)

knot: update to version 3.1.0

* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 81e0fcb76fd886dd0188d5da341e6fb7c38677c5)

vim: variants conflict with each other

This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.

Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.

Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468aeaf7747c2e94e579020aa7f595c649)

cgi-io: update to latest Git HEAD

901b0f0 main: fix two one-byte overreads in header_value()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 443c6c1c17e29466cc81f44504602d66d993bf86)

luajit: patch: PPC/e500 SPE: use soft float instead of failing

makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible

Quoting inner commit message:

This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.

While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.

Therefore I see no need to prevent them from running LuaJit
explicitly.

[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a4a484fbca5c185456cf5ac26e6f47c03ca426e9)

bind: update to version 9.16.31

Release notes:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/notes.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

cyrus-sasl: install pkg-config file and fine-tune installed files

Installing the .pc files helps other programs to detect
the presence of libsasl2.

While at, reduce the glob pattern a little bit to not
include unneeded symlinks.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c9ce769b1aab4abbacaf54fd4074e1ab8fbfd93a)

postfix: fix download failure

cdn.postfix.johnriley.me serves a certificate for a different domain
name.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit d4feef97e6ee7b6477d53c28c9b151ae0c8974d8)

libarchive: fix ext2fs build race error condition

libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:

 libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory

As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.

Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 797945dfaa0e7de8d6b0ada472bda63bb27f0cdc)

Merge pull request #18846 from nemesisdesign/monitoring-openwrt-19

[19.07] openwisp-monitoring: added 0.1.1

openwisp-monitoring: added 0.1.1

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 0419a797ae7442dff8a1536de404a2fc38337f2f)

haveged: update to 1.9.18

Update haveged to version 1.9.18

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 8579494bbbfaf5c47049e9365ccfb7b553621d15)

Merge pull request #18829 from nemesisdesign/openwrt-19.07

[19.07] openwisp-config: update to 1.0.1

openwisp-monitoring: added 0.1.1

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 0419a797ae7442dff8a1536de404a2fc38337f2f)

syslog-ng: update to version 3.37.1

- Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.37.1

- Bump config version

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ae7aefe111382630c7046cfb4539b3f1a72ff402)

Revert "lxc: export systemd cgroups after install"

The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1

Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.

This reverts commit 2cde10b95053bf958a4001fb0a82c4563bf345e2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

originally committed in 2cde10b95053bf958a4001fb0a82c4563bf345e2
reverted in 039912dec5d3ba2b0f6f53ab8330ab9fea2f7adf

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7da73565399f915f516c6cdd74a58f984d519e4b)

bind: update to version 9.16.30

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

libgd: install pkgconfig file

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

luajit: backport softfloat ppc support

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 24c0007ea2561611776e50c8876a7b040ffd6fdc)

luajit: fix build on macos (ldconfig issue)

fix ldconfig build issue. This patch is a backport from upstream:
https://github.com/LuaJIT/LuaJIT/commit/18c9cf7d3788a8f7408df45df92fc4ae3bcc0d80

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 42c4d254552c04f41a2b93811147ef56af45bf9c)

openldap: drop use of HTTP in favor of HTTPS

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit bab2f020eec5524984902c382591fc562b6e08aa)

beep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532

1. Changed Git repository, which is used for Fedora packaging
https://github.com/johnath/beep/issues/11#issuecomment-450277122

Fixed CVEs:
CVE-2018-0492 - https://nvd.nist.gov/vuln/detail/CVE-2018-0492
CVE-2018-1000532 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000532

2. Fixed SPDX License Identifier

3. Add patch to comment out -D_FORTIFY_SOURCE
Otherwise, it can not be built by default.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 6488eaf2502c75ffc8ac11fffd539f5c070f77c3)

beep: restore a dependency definition to the previous one on x86 target

Commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1 causes a dependency
problem with some out-of-tree packages which expect "DEPENDS:=+kmod-pcspkr".

To fix this problem, this commit restores a dependency definition to
the previous one on x86 target.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 8b1216fb49dbc4f444606d0fb8c32297d66336c0)

beep: fix dependency to support non-x86 target and kmod-gpio-beeper

Beep is a target-independent software that can handle buzzers controlled by kmod-gpio-beeper.

This change is useful for some non-x86 enterprise APs and development boards
that have a buzzer connected to GPIO.

Compile-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch
Run-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1)

beep: add missing PKG_MIRROR_HASH

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit ac52356c0bdb11127013e291ad10add6b44784b2)

Merge pull request #18696 from BKPepe/netatalk-1907

[19.07] netatalk: re-introduce 3.1.13 and backport pending fixes

netatalk: backport pending PR to fix segfaults

This commit backports pending PR, which solves segfaults:
- https://github.com/Netatalk/Netatalk/pull/174

To fix issues with segfaults described here:
- https://github.com/openwrt/packages/issues/18571
- https://github.com/Netatalk/Netatalk/issues/175

Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit ab768578cd06364cc9327a1718631d16e8aa3e20)

Revert "Revert "netatalk: update to version 3.1.13""

This can be finally re-reverted, so we can use version 3.1.13, which
fixes multiple security vulnerabilities, but it segfaults almost
immediately. There is currently pending pull request, which fixes this,
and multiple users confirmed that it works on different GNU/Linux distributions.

This reverts commit bfe255064eeed30d06cbd969e4be36a89d76d0eb.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

Merge pull request #18671 from turris-cz/libxml_2.9.14_backport

libxml2: backport 2.9.14 version bump

libxml2: update to 2.9.14

This fixes CVE-2022-29824.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c12e1cfcab318d0a5b48d63d5952af418e62822e)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>

libxml2: update to 2.9.13

This fixes CVE-2022-23308.

Also switch to GNOME as download source and xz tarball.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97aee93c8cfcb4ebbf901c2a99c3525c)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>

libxml2: update to 2.9.12

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 6b932d3ff77c63fe01080139c147c86da12f0c88)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>

libxml2: update to 2.9.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 10e867d0261a0e7d6a94a672104e7f25ae884eff)
[remove no longer needed CVE-2019-19956 patch (fixed in libxml2 2.9.10)]
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>

db47: don't depend on libxml2 at run-time

libxml2 seems to be required only during build, hence no need to
depend on it in run-time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1f3585a3872e253d38d202274965cf05938efc3a)

muninlite: update to new upstream release (2.1.2)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

muninlite: update to new upstream release (2.1.1)

Signed-off-by: Kim B. Heino <b@bbbs.net>

muninlite: update to new upstream release (2.1.0)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

muninlite: Bump PKG_RELEASE

Signed-off-by: Francois Dechery <wxopwx@gmail.com>

muninlite: Fixes munin xinetd service not launching.

Signed-off-by: Francois Dechery <wxopwx@gmail.com>

muninlite: remove patch "hostname"

Since muninlite 2.0 the unpatched upstream also uses
/proc/sys/kernel/hostname.  Thus the patch is not necessary anymore.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

muninlite: remove unused sections from Makefile

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

muninlite: update to 2.0.1

* follow upstream ressources to github
* rename /usr/sbin/munin-node to /usr/sbin/muninlite
  (following the chane of upstream)
* change plugin directory from /usr/sbin/munin-node-plugin.d/
  to /etc/munin/plugins (compatible to upstream / munin-node)
* all patches (except one OpenWrt-specific patch) were merged
  upstream

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

openwisp-config: update to 1.0.0

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>

Revert "netatalk: update to version 3.1.13"

We received a report from Turris user on Turris support department that
netatalk version 3.1.13 does not work properly.

Process afpd says: INTERNAL ERROR Signal 11
because of that Apple Time Machine does not work as it should

This was already reported to netatalk by different people on various
GNU/Linux distributions like CentOS, AlmaLinux [1] [2]

netatalk developer states [3]:
```
Generally, at this point I can only advice to stop using Netatalk. There
are more pending CVEs that I currently don't have the bandwidth to work on.
```

[1] https://sourceforge.net/p/netatalk/bugs/669/
[2] https://sourceforge.net/p/netatalk/bugs/670/
[3] https://sourceforge.net/p/netatalk/mailman/message/37638871/

This reverts commit 165c5625a3c696a37665d62b849eaa85b4d3815a.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2cde10b95053bf958a4001fb0a82c4563bf345e2)

postgresql: security update to 11.16

* fixes CVE-2022-1552

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

youtube-dl: update to 2021.12.17

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit ef29bf0163669257c137ebf4e459757b37ddce96)

youtube-dl: update to version 2021.6.6

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit fbe30791792f47e6b925f80ca32f6b4573f4fb0d)

ecdsautils: update to v0.4.1

This fixes CVE-2022-24884.

Also update the package URL to match the source repository.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit de5671e58226a4cd062e92c2b12e20dcd7854e82)

bind: update to version 9.16.28

Changelog:
https://downloads.isc.org/isc/bind9/9.16.28/RELEASE-NOTES-bind-9.16.28.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

ruby: update to 2.6.10

Fixes from 2.6.9:
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of
  Date Parsing Methods
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Fixes from 2.6.10:
- CVE-2022-28739: Buffer overrun in String-to-Float conversion

After this release, Ruby 2.6 reaches EOL.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

sane-backends: revert BUILDONLY flag

BUILDONLY was disabling SANE backends (drivers) build.

Closes #14484

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit bf4340e19ecd85e44d9b5a08719dd0e531d2c20a)

zabbix: update to version 4.0.37

- Fixes CVE-2020-15803, CVE-2021-27927

- SourceForge does not provide tarball for version 4.0.37 and it was
necessary to use Zabbix CDN to download it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

nano: provide nano-full with most features enabled

Provide a new variant, nano-full, that enables almost
all functionality of nano. Only libmagic file type detection
has been left out.

Ship with a minimal /etc/nanorc that the user can modify.
nanorc documentation at
https://www.nano-editor.org/dist/latest/nanorc.5.html

Provide color highlighting for the uci config files.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6a51794638a64e5d72a2c0b69d70b8402fc316aa)

netatalk: update to version 3.1.13

Please update to this latest release as soon as possible as this
releases fixes the following major security issues: CVE-2021-31439,
CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,
CVE-2022-23125 and CVE-2022-0194.

For a summary of news and a detailed list of changes see the
ReleaseNotes[1].

[1]: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 951ef67479dbf52af124671d367dd5e1a6d16121)

coova-chilli: add dependency for miniportal

If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 532088818af2eb2b1481420b93b649a10d14c724)

coova-chilli: clean up Makefile

- add missing configs to PKG_CONFIG_DEPENDS and sort it
- remove redundant INSTALL_DIR

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 2c71fb2065fdefdaca301943da48e93b59e54d82)

coova-chilli: remove dnslog option

dnslog feature has been removed since v1.4.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 95954b84f5f4b4fc114da5d96a04e704946cc9ea)

coova-chili: Fix version

Upstream was sloppy when cutting the release.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit df20377ee92a9ea5085771aee4ddefe12da1746c)

coova-chilli: Update to 1.5

Remove upstreamed patches.

Added patch to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68b5a71883ab8b421c2ce4e0a9486ec1d391e7f8)

Merge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.13, refresh patches

python3: Update to 3.7.13, refresh patches

Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
  CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

bind: bump to 9.16.27

Fixes security issues:

 * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.

 * CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

syslog-ng: update to version 3.36.1

- Bump version in config file

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.36.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 110d46eb370b9ea5962944386fb06c2abd1d50f1)

expat: import patches for CVEs

* import patches for CVEs from alpine 3.13

CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990
CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 584c0c43782bf173c29e7406756335c11b6f73e6)

expat: update to 2.2.10

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c69160e6aea07da47a202418cd1b5195875f6694)

htpdate: drop freebsd.org from default server list

The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.

Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e8713180026e0cf1c9d1421e3b664fee3fa4df12)

nano: update to 6.2

Update nano to 6.2.
Remove inactive second maintainer.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3f14c51149ff0c3604baf130987ee2bf5203edb)
[removed AUTORELEASE]

nano: update to 6.1

Update nano to version 6.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 717efb8c9622cc73bc8ab1c4ac2e67252b9c4401)
[removed aurorelease]

ruby: update to 2.6.9

* fixes CVE-2021-41817 and CVE-2021-41819

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

Merge pull request #17778 from turris-cz/bind-19.07

bind: update to version 9.16.25

bind: update to version 9.16.25

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

CI: fix runtime testing for non master branch

The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit f535d770901674d7d9f3d8cd9abe566d9db63ebe)

Merge pull request #17756 from BKPepe/nss-cve-2021-43527

nss: backport patch for CVE-2021-43527

nano: Add a plus variant with more features

Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.

Add a new nano-plus variant that enables selected additional
features in the build config:
 * multiple files (multibuffer)
 * Unicode/utf8
 * justify
 * .nanorc support
 * help
 * also some key bindings get enabled as "tiny" configure option
   is removed.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d81af3c549406d5f42080ed58be9b9b0)

nss: backport patch for CVE-2021-43527

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

prosody: update to version 0.11.13

Fixes CVEs:
- CVE-2022-0217
- CVE-2021-37601
- CVE-2021-32918
- CVE-2021-32920
- CVE-2021-32921
- CVE-2021-32917
- CVE-2021-32919

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit dcedbe802744102b215835f1dd53bc2bb5756807)

prosody: fix shellcheck warnings

Remove paxctl stuff. pax is not packaged in OpenWrt.

Add reload support.

Install lua cfg file as 644. It's needed to be readable as prosody user

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eb46e231cd2a1fb816f06cf7d630adc864296abc)

prosody: update to 0.11.7

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68a3a06e98c234069afaffbc59bcc169e9205e93)

prosody: update to 0.11.5

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
(cherry picked from commit bc500293e37b806e6b880ede492c0c9b9f42268d)