Tianling Shen [Tue, 13 Jun 2023 03:01:00 +0000 (11:01 +0800)]
Merge pull request #21348 from jefferyto/python-3.7.17-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.17
Jeffery To [Mon, 12 Jun 2023 09:35:45 +0000 (17:35 +0800)]
python3: Update to 3.7.17
This includes an updated patch for pip, as the bundled pip was also
updated with this release.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 30 Mar 2023 04:14:59 +0000 (12:14 +0800)]
Merge pull request #20676 from jefferyto/python-3.7.16-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.16, refresh patches
Jeffery To [Thu, 16 Mar 2023 07:05:35 +0000 (15:05 +0800)]
python3: Update to 3.7.16, refresh patches
Includes fixes:
* 3.7.14:
* CVE-2020-10735: Prevent DoS by large int<->str conversions
* CVE-2021-28861: http.server: Open Redirection if the URL path starts with //
* 3.7.16:
* CVE-2022-45061: Slow IDNA decoding with large strings
* CVE-2022-37454: Buffer overflow in the _sha3 module
* CVE-2015-20107: mailcap.findmatch: document shell command Injection danger in filename parameter
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Noah Meyerhans [Sat, 28 Jan 2023 20:03:31 +0000 (12:03 -0800)]
bind: bump to 9.16.37
Fixes multiple CVEs. Upstream changelog is
https://ftp.isc.org/isc/bind9/9.16.37/CHANGES
CVEs fixed:
CVE-2022-3924: Fix serve-stale crash when recursive clients soft quota
is reached.
CVE-2022-3736: Handle RRSIG lookups when serve-stale is active.
CVE-2022-3094: An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Josef Schlehofer [Wed, 26 Oct 2022 07:12:38 +0000 (09:12 +0200)]
libwebsockets: fix recursive dependency
While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl
It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.
Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a4e8cbb89a48729b3c3ad615765549628d495b0f)
Josef Schlehofer [Tue, 25 Oct 2022 10:14:25 +0000 (12:14 +0200)]
libwebsockets: OpenSSL and mbedTLS variants should conflict
They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
676c5c72b5eeb583da2603e399fac085fa442c59)
Josef Schlehofer [Tue, 25 Oct 2022 05:52:15 +0000 (07:52 +0200)]
libwebsockets: full variant provides OpenSSL
For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.
Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
77e682a11c53f4dcd0e76bdea5ee82de77eaacfe)
Josef Schlehofer [Mon, 26 Sep 2022 18:39:07 +0000 (20:39 +0200)]
nss: disable PKG_BUILD_PARALLEL
This is similar to commit
f303e87a1e0cb384ed7c3ef66752479a4c43afd2
("nss: update to 3.67") as there is something wrong with NSS build
system and otherwise this package fails to compile. Let's compile it
single threaded.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Sun, 25 Sep 2022 10:16:10 +0000 (12:16 +0200)]
bind: update to version 9.16.33
Changelog:
https://downloads.isc.org/isc/bind9/9.16.33/RELEASE-NOTES-bind-9.16.33.html
Fixes:
- multiple CVEs
(CVE-2022-2795, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Wed, 7 Sep 2022 10:00:59 +0000 (12:00 +0200)]
syslog-ng: update to version 3.38.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1
- Update the configuration file to use version 4.0 as mentioned in the
release notes to try the latest changes
Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
34b7af9e0859418bb85e7d3ca131101dd912ae53)
Jan Hak [Mon, 21 Jun 2021 08:51:13 +0000 (10:51 +0200)]
libedit: update to version
20210522-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
0b8f3ea81a3186f1189def218a3553dea2b572f8)
Jan Hak [Tue, 27 Apr 2021 11:08:21 +0000 (13:08 +0200)]
libedit: update to version
20210419-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
b0870d792b3fd013137d2071c150248e85262d66)
Jan Hák [Fri, 1 Apr 2022 11:16:00 +0000 (13:16 +0200)]
knot: update to 3.1.7
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
f30da8c572c7f1acf34d60c468a3a1cceafbf426)
Jan Hák [Wed, 9 Feb 2022 13:16:04 +0000 (14:16 +0100)]
knot: update to 3.1.6
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
4de863e418f80cd52293e1ae0de153dcc2cb7141)
Jan Hák [Tue, 21 Dec 2021 14:44:57 +0000 (15:44 +0100)]
knot: update to 3.1.5
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
2a56e478f57faad7a4346f5aef843bae517027e7)
Jan Hák [Mon, 8 Nov 2021 09:43:16 +0000 (10:43 +0100)]
knot: update to 3.1.4
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
60a80b31fbf3585d52b64ab0b9bf5a4aa844a032)
Jan Hák [Mon, 25 Oct 2021 08:58:04 +0000 (10:58 +0200)]
knot: update to version 3.1.3
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
175087bf250d1e1043ecad1ee352297398816d51)
Jan Hák [Thu, 9 Sep 2021 08:44:46 +0000 (10:44 +0200)]
knot: update to version 3.1.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
2d2f1e56445a4a7fe06aa6ed073964ca607040f9)
Jan Hak [Thu, 12 Aug 2021 11:24:47 +0000 (13:24 +0200)]
knot: update to version 3.1.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
7aee9d130818ab2b21d28b3c2615d678f0417102)
Michal Vasilek [Thu, 5 Aug 2021 12:10:54 +0000 (14:10 +0200)]
knot: update to version 3.1.0
* refresh patches
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
81e0fcb76fd886dd0188d5da341e6fb7c38677c5)
Karel Kočí [Mon, 22 Aug 2022 12:31:21 +0000 (14:31 +0200)]
vim: variants conflict with each other
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit
46c058468aeaf7747c2e94e579020aa7f595c649)
Jo-Philipp Wich [Wed, 10 Aug 2022 21:52:19 +0000 (23:52 +0200)]
cgi-io: update to latest Git HEAD
901b0f0 main: fix two one-byte overreads in header_value()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
443c6c1c17e29466cc81f44504602d66d993bf86)
Šimon Bořek [Sat, 16 Jul 2022 16:56:32 +0000 (18:56 +0200)]
luajit: patch: PPC/e500 SPE: use soft float instead of failing
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
a4a484fbca5c185456cf5ac26e6f47c03ca426e9)
Josef Schlehofer [Tue, 2 Aug 2022 14:43:23 +0000 (16:43 +0200)]
bind: update to version 9.16.31
Release notes:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/notes.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michael Heimpold [Tue, 3 Dec 2019 21:34:25 +0000 (22:34 +0100)]
cyrus-sasl: install pkg-config file and fine-tune installed files
Installing the .pc files helps other programs to detect
the presence of libsasl2.
While at, reduce the glob pattern a little bit to not
include unneeded symlinks.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
c9ce769b1aab4abbacaf54fd4074e1ab8fbfd93a)
Michal Vasilek [Sat, 16 Jul 2022 20:43:08 +0000 (22:43 +0200)]
postfix: fix download failure
cdn.postfix.johnriley.me serves a certificate for a different domain
name.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
d4feef97e6ee7b6477d53c28c9b151ae0c8974d8)
Petr Štetiar [Thu, 16 Jun 2022 11:38:11 +0000 (13:38 +0200)]
libarchive: fix ext2fs build race error condition
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=
f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
797945dfaa0e7de8d6b0ada472bda63bb27f0cdc)
Florian Eckert [Mon, 4 Jul 2022 07:09:05 +0000 (09:09 +0200)]
Merge pull request #18846 from nemesisdesign/monitoring-openwrt-19
[19.07] openwisp-monitoring: added 0.1.1
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit
0419a797ae7442dff8a1536de404a2fc38337f2f)
Hannu Nyman [Mon, 11 Apr 2022 15:24:28 +0000 (18:24 +0300)]
haveged: update to 1.9.18
Update haveged to version 1.9.18
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
8579494bbbfaf5c47049e9365ccfb7b553621d15)
Florian Eckert [Fri, 1 Jul 2022 08:18:11 +0000 (10:18 +0200)]
Merge pull request #18829 from nemesisdesign/openwrt-19.07
[19.07] openwisp-config: update to 1.0.1
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit
0419a797ae7442dff8a1536de404a2fc38337f2f)
Josef Schlehofer [Fri, 24 Jun 2022 12:25:57 +0000 (14:25 +0200)]
syslog-ng: update to version 3.37.1
- Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.37.1
- Bump config version
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ae7aefe111382630c7046cfb4539b3f1a72ff402)
Stijn Tintel [Wed, 18 May 2022 10:46:01 +0000 (13:46 +0300)]
Revert "lxc: export systemd cgroups after install"
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
This reverts commit
2cde10b95053bf958a4001fb0a82c4563bf345e2.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Michal Vasilek [Wed, 8 Jun 2022 12:48:22 +0000 (14:48 +0200)]
lxc: export systemd cgroups after install
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
originally committed in
2cde10b95053bf958a4001fb0a82c4563bf345e2
reverted in
039912dec5d3ba2b0f6f53ab8330ab9fea2f7adf
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
7da73565399f915f516c6cdd74a58f984d519e4b)
Josef Schlehofer [Fri, 24 Jun 2022 09:46:35 +0000 (11:46 +0200)]
bind: update to version 9.16.30
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Vasilek [Tue, 21 Jun 2022 15:46:36 +0000 (17:46 +0200)]
libgd: install pkgconfig file
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Rosen Penev [Tue, 21 Jun 2022 18:52:36 +0000 (11:52 -0700)]
luajit: backport softfloat ppc support
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
24c0007ea2561611776e50c8876a7b040ffd6fdc)
Sergey V. Lobanov [Fri, 7 Jan 2022 22:48:08 +0000 (01:48 +0300)]
luajit: fix build on macos (ldconfig issue)
fix ldconfig build issue. This patch is a backport from upstream:
https://github.com/LuaJIT/LuaJIT/commit/
18c9cf7d3788a8f7408df45df92fc4ae3bcc0d80
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit
42c4d254552c04f41a2b93811147ef56af45bf9c)
W. Michael Petullo [Fri, 20 May 2022 13:14:33 +0000 (08:14 -0500)]
openldap: drop use of HTTP in favor of HTTPS
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
bab2f020eec5524984902c382591fc562b6e08aa)
Josef Schlehofer [Tue, 1 Jan 2019 02:38:00 +0000 (03:38 +0100)]
beep: change git repository to fix CVE-2018-0492 and CVE-2018-
1000532
1. Changed Git repository, which is used for Fedora packaging
https://github.com/johnath/beep/issues/11#issuecomment-
450277122
Fixed CVEs:
CVE-2018-0492 - https://nvd.nist.gov/vuln/detail/CVE-2018-0492
CVE-2018-
1000532 - https://nvd.nist.gov/vuln/detail/CVE-2018-
1000532
2. Fixed SPDX License Identifier
3. Add patch to comment out -D_FORTIFY_SOURCE
Otherwise, it can not be built by default.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
6488eaf2502c75ffc8ac11fffd539f5c070f77c3)
Yanase Yuki [Thu, 3 Dec 2020 12:50:16 +0000 (21:50 +0900)]
beep: restore a dependency definition to the previous one on x86 target
Commit
9bcea2de2cf552d544786d1e4b82f55cda7015b1 causes a dependency
problem with some out-of-tree packages which expect "DEPENDS:=+kmod-pcspkr".
To fix this problem, this commit restores a dependency definition to
the previous one on x86 target.
Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit
8b1216fb49dbc4f444606d0fb8c32297d66336c0)
Yanase Yuki [Fri, 2 Oct 2020 08:06:25 +0000 (17:06 +0900)]
beep: fix dependency to support non-x86 target and kmod-gpio-beeper
Beep is a target-independent software that can handle buzzers controlled by kmod-gpio-beeper.
This change is useful for some non-x86 enterprise APs and development boards
that have a buzzer connected to GPIO.
Compile-tested: ath79, ELECOM WAB-I1750-PS,
3fab4ac + device support patch
Run-tested: ath79, ELECOM WAB-I1750-PS,
3fab4ac + device support patch
Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit
9bcea2de2cf552d544786d1e4b82f55cda7015b1)
Yanase Yuki [Sat, 3 Oct 2020 05:09:01 +0000 (14:09 +0900)]
beep: add missing PKG_MIRROR_HASH
Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit
ac52356c0bdb11127013e291ad10add6b44784b2)
Josef Schlehofer [Wed, 8 Jun 2022 15:30:21 +0000 (17:30 +0200)]
Merge pull request #18696 from BKPepe/netatalk-1907
[19.07] netatalk: re-introduce 3.1.13 and backport pending fixes
Šimon Bořek [Thu, 28 Apr 2022 15:31:09 +0000 (17:31 +0200)]
netatalk: backport pending PR to fix segfaults
This commit backports pending PR, which solves segfaults:
- https://github.com/Netatalk/Netatalk/pull/174
To fix issues with segfaults described here:
- https://github.com/openwrt/packages/issues/18571
- https://github.com/Netatalk/Netatalk/issues/175
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
ab768578cd06364cc9327a1718631d16e8aa3e20)
Josef Schlehofer [Mon, 6 Jun 2022 11:36:14 +0000 (13:36 +0200)]
Revert "Revert "netatalk: update to version 3.1.13""
This can be finally re-reverted, so we can use version 3.1.13, which
fixes multiple security vulnerabilities, but it segfaults almost
immediately. There is currently pending pull request, which fixes this,
and multiple users confirmed that it works on different GNU/Linux distributions.
This reverts commit
bfe255064eeed30d06cbd969e4be36a89d76d0eb.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michael Heimpold [Thu, 2 Jun 2022 19:28:55 +0000 (21:28 +0200)]
Merge pull request #18671 from turris-cz/libxml_2.9.14_backport
libxml2: backport 2.9.14 version bump
Michael Heimpold [Sun, 29 May 2022 20:01:45 +0000 (22:01 +0200)]
libxml2: update to 2.9.14
This fixes CVE-2022-29824.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
c12e1cfcab318d0a5b48d63d5952af418e62822e)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Michael Heimpold [Tue, 15 Mar 2022 20:24:32 +0000 (21:24 +0100)]
libxml2: update to 2.9.13
This fixes CVE-2022-23308.
Also switch to GNOME as download source and xz tarball.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
81fd836f97aee93c8cfcb4ebbf901c2a99c3525c)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Michael Heimpold [Tue, 18 May 2021 22:12:32 +0000 (00:12 +0200)]
libxml2: update to 2.9.12
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
6b932d3ff77c63fe01080139c147c86da12f0c88)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Michael Heimpold [Mon, 25 Nov 2019 23:10:22 +0000 (00:10 +0100)]
libxml2: update to 2.9.10
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
10e867d0261a0e7d6a94a672104e7f25ae884eff)
[remove no longer needed CVE-2019-19956 patch (fixed in libxml2 2.9.10)]
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Daniel Golle [Sat, 9 Jan 2021 15:14:57 +0000 (15:14 +0000)]
db47: don't depend on libxml2 at run-time
libxml2 seems to be required only during build, hence no need to
depend on it in run-time.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
1f3585a3872e253d38d202274965cf05938efc3a)
Lars Kruse [Wed, 14 Jul 2021 11:47:01 +0000 (13:47 +0200)]
muninlite: update to new upstream release (2.1.2)
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Kim B. Heino [Mon, 19 Oct 2020 12:54:33 +0000 (15:54 +0300)]
muninlite: update to new upstream release (2.1.1)
Signed-off-by: Kim B. Heino <b@bbbs.net>
Lars Kruse [Thu, 8 Oct 2020 12:44:08 +0000 (14:44 +0200)]
muninlite: update to new upstream release (2.1.0)
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Francois Dechery [Mon, 28 Sep 2020 08:15:16 +0000 (10:15 +0200)]
muninlite: Bump PKG_RELEASE
Signed-off-by: Francois Dechery <wxopwx@gmail.com>
Francois Dechery [Sat, 26 Sep 2020 23:55:21 +0000 (01:55 +0200)]
muninlite: Fixes munin xinetd service not launching.
Signed-off-by: Francois Dechery <wxopwx@gmail.com>
Lars Kruse [Sun, 19 Apr 2020 12:26:55 +0000 (14:26 +0200)]
muninlite: remove patch "hostname"
Since muninlite 2.0 the unpatched upstream also uses
/proc/sys/kernel/hostname. Thus the patch is not necessary anymore.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Lars Kruse [Wed, 15 Apr 2020 14:12:12 +0000 (16:12 +0200)]
muninlite: remove unused sections from Makefile
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Lars Kruse [Sun, 12 Apr 2020 17:18:31 +0000 (19:18 +0200)]
muninlite: update to 2.0.1
* follow upstream ressources to github
* rename /usr/sbin/munin-node to /usr/sbin/muninlite
(following the chane of upstream)
* change plugin directory from /usr/sbin/munin-node-plugin.d/
to /etc/munin/plugins (compatible to upstream / munin-node)
* all patches (except one OpenWrt-specific patch) were merged
upstream
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Federico Capoano [Sat, 28 May 2022 18:49:30 +0000 (14:49 -0400)]
openwisp-config: update to 1.0.0
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
Josef Schlehofer [Wed, 20 Apr 2022 19:52:44 +0000 (21:52 +0200)]
Revert "netatalk: update to version 3.1.13"
We received a report from Turris user on Turris support department that
netatalk version 3.1.13 does not work properly.
Process afpd says: INTERNAL ERROR Signal 11
because of that Apple Time Machine does not work as it should
This was already reported to netatalk by different people on various
GNU/Linux distributions like CentOS, AlmaLinux [1] [2]
netatalk developer states [3]:
```
Generally, at this point I can only advice to stop using Netatalk. There
are more pending CVEs that I currently don't have the bandwidth to work on.
```
[1] https://sourceforge.net/p/netatalk/bugs/669/
[2] https://sourceforge.net/p/netatalk/bugs/670/
[3] https://sourceforge.net/p/netatalk/mailman/message/
37638871/
This reverts commit
165c5625a3c696a37665d62b849eaa85b4d3815a.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Vasilek [Fri, 8 Apr 2022 20:49:53 +0000 (22:49 +0200)]
lxc: export systemd cgroups after install
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
2cde10b95053bf958a4001fb0a82c4563bf345e2)
Michal Vasilek [Fri, 13 May 2022 16:37:52 +0000 (18:37 +0200)]
postgresql: security update to 11.16
* fixes CVE-2022-1552
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Michal Vasilek [Fri, 6 May 2022 12:28:46 +0000 (14:28 +0200)]
youtube-dl: update to 2021.12.17
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
ef29bf0163669257c137ebf4e459757b37ddce96)
Josef Schlehofer [Tue, 6 Jul 2021 15:09:41 +0000 (17:09 +0200)]
youtube-dl: update to version 2021.6.6
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
fbe30791792f47e6b925f80ca32f6b4573f4fb0d)
Matthias Schiffer [Thu, 5 May 2022 16:33:00 +0000 (18:33 +0200)]
ecdsautils: update to v0.4.1
This fixes CVE-2022-24884.
Also update the package URL to match the source repository.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
de5671e58226a4cd062e92c2b12e20dcd7854e82)
Josef Schlehofer [Sun, 24 Apr 2022 13:15:19 +0000 (15:15 +0200)]
bind: update to version 9.16.28
Changelog:
https://downloads.isc.org/isc/bind9/9.16.28/RELEASE-NOTES-bind-9.16.28.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Luiz Angelo Daros de Luca [Tue, 19 Apr 2022 18:50:16 +0000 (15:50 -0300)]
ruby: update to 2.6.10
Fixes from 2.6.9:
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of
Date Parsing Methods
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
Fixes from 2.6.10:
- CVE-2022-28739: Buffer overrun in String-to-Float conversion
After this release, Ruby 2.6 reaches EOL.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Fri, 15 Jan 2021 03:03:18 +0000 (00:03 -0300)]
sane-backends: revert BUILDONLY flag
BUILDONLY was disabling SANE backends (drivers) build.
Closes #14484
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
bf4340e19ecd85e44d9b5a08719dd0e531d2c20a)
Josef Schlehofer [Wed, 29 Dec 2021 22:36:42 +0000 (23:36 +0100)]
zabbix: update to version 4.0.37
- Fixes CVE-2020-15803, CVE-2021-27927
- SourceForge does not provide tarball for version 4.0.37 and it was
necessary to use Zabbix CDN to download it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hannu Nyman [Tue, 22 Mar 2022 15:59:48 +0000 (17:59 +0200)]
nano: provide nano-full with most features enabled
Provide a new variant, nano-full, that enables almost
all functionality of nano. Only libmagic file type detection
has been left out.
Ship with a minimal /etc/nanorc that the user can modify.
nanorc documentation at
https://www.nano-editor.org/dist/latest/nanorc.5.html
Provide color highlighting for the uci config files.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
6a51794638a64e5d72a2c0b69d70b8402fc316aa)
Daniel Golle [Thu, 24 Mar 2022 17:34:44 +0000 (17:34 +0000)]
netatalk: update to version 3.1.13
Please update to this latest release as soon as possible as this
releases fixes the following major security issues: CVE-2021-31439,
CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,
CVE-2022-23125 and CVE-2022-0194.
For a summary of news and a detailed list of changes see the
ReleaseNotes[1].
[1]: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
951ef67479dbf52af124671d367dd5e1a6d16121)
Sungbo Eo [Thu, 2 Jan 2020 13:19:41 +0000 (22:19 +0900)]
coova-chilli: add dependency for miniportal
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
532088818af2eb2b1481420b93b649a10d14c724)
Sungbo Eo [Thu, 2 Jan 2020 13:17:13 +0000 (22:17 +0900)]
coova-chilli: clean up Makefile
- add missing configs to PKG_CONFIG_DEPENDS and sort it
- remove redundant INSTALL_DIR
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
2c71fb2065fdefdaca301943da48e93b59e54d82)
Sungbo Eo [Thu, 2 Jan 2020 13:14:11 +0000 (22:14 +0900)]
coova-chilli: remove dnslog option
dnslog feature has been removed since v1.4.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
95954b84f5f4b4fc114da5d96a04e704946cc9ea)
Rosen Penev [Wed, 1 Jan 2020 05:12:13 +0000 (21:12 -0800)]
coova-chili: Fix version
Upstream was sloppy when cutting the release.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
df20377ee92a9ea5085771aee4ddefe12da1746c)
Rosen Penev [Wed, 4 Dec 2019 03:40:14 +0000 (19:40 -0800)]
coova-chilli: Update to 1.5
Remove upstreamed patches.
Added patch to fix compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
68b5a71883ab8b421c2ce4e0a9486ec1d391e7f8)
Josef Schlehofer [Wed, 23 Mar 2022 08:11:02 +0000 (09:11 +0100)]
Merge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.13, refresh patches
Jeffery To [Mon, 21 Mar 2022 18:16:36 +0000 (02:16 +0800)]
python3: Update to 3.7.13, refresh patches
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Noah Meyerhans [Fri, 18 Mar 2022 17:11:08 +0000 (10:11 -0700)]
bind: bump to 9.16.27
Fixes security issues:
* CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.
* CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Josef Schlehofer [Thu, 10 Mar 2022 15:19:19 +0000 (16:19 +0100)]
syslog-ng: update to version 3.36.1
- Bump version in config file
Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.36.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
110d46eb370b9ea5962944386fb06c2abd1d50f1)
Michal Vasilek [Wed, 23 Feb 2022 20:34:58 +0000 (21:34 +0100)]
expat: import patches for CVEs
* import patches for CVEs from alpine 3.13
CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990
CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
584c0c43782bf173c29e7406756335c11b6f73e6)
Rosen Penev [Thu, 8 Oct 2020 00:35:52 +0000 (17:35 -0700)]
expat: update to 2.2.10
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
c69160e6aea07da47a202418cd1b5195875f6694)
Jo-Philipp Wich [Tue, 22 Feb 2022 22:28:55 +0000 (23:28 +0100)]
htpdate: drop freebsd.org from default server list
The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.
Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
e8713180026e0cf1c9d1421e3b664fee3fa4df12)
Hannu Nyman [Tue, 22 Feb 2022 17:21:01 +0000 (19:21 +0200)]
nano: update to 6.2
Update nano to 6.2.
Remove inactive second maintainer.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
a3f14c51149ff0c3604baf130987ee2bf5203edb)
[removed AUTORELEASE]
Hannu Nyman [Wed, 9 Feb 2022 16:26:49 +0000 (18:26 +0200)]
nano: update to 6.1
Update nano to version 6.1.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
717efb8c9622cc73bc8ab1c4ac2e67252b9c4401)
[removed aurorelease]
Michal Vasilek [Fri, 4 Feb 2022 13:52:11 +0000 (14:52 +0100)]
ruby: update to 2.6.9
* fixes CVE-2021-41817 and CVE-2021-41819
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Josef Schlehofer [Wed, 2 Feb 2022 20:19:21 +0000 (21:19 +0100)]
Merge pull request #17778 from turris-cz/bind-19.07
bind: update to version 9.16.25
Josef Schlehofer [Wed, 2 Feb 2022 17:17:27 +0000 (18:17 +0100)]
bind: update to version 9.16.25
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Paul Spooren [Thu, 13 Jan 2022 23:55:36 +0000 (00:55 +0100)]
CI: fix runtime testing for non master branch
The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
f535d770901674d7d9f3d8cd9abe566d9db63ebe)
Josef Schlehofer [Wed, 2 Feb 2022 17:23:45 +0000 (18:23 +0100)]
Merge pull request #17756 from BKPepe/nss-cve-2021-43527
nss: backport patch for CVE-2021-43527
Hannu Nyman [Tue, 1 Feb 2022 21:44:21 +0000 (23:44 +0200)]
nano: Add a plus variant with more features
Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.
Add a new nano-plus variant that enables selected additional
features in the build config:
* multiple files (multibuffer)
* Unicode/utf8
* justify
* .nanorc support
* help
* also some key bindings get enabled as "tiny" configure option
is removed.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
85cb71d8d81af3c549406d5f42080ed58be9b9b0)
Josef Schlehofer [Mon, 31 Jan 2022 10:45:37 +0000 (11:45 +0100)]
nss: backport patch for CVE-2021-43527
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Fri, 28 Jan 2022 14:48:47 +0000 (15:48 +0100)]
prosody: update to version 0.11.13
Fixes CVEs:
- CVE-2022-0217
- CVE-2021-37601
- CVE-2021-32918
- CVE-2021-32920
- CVE-2021-32921
- CVE-2021-32917
- CVE-2021-32919
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
dcedbe802744102b215835f1dd53bc2bb5756807)
Rosen Penev [Thu, 15 Oct 2020 03:07:58 +0000 (20:07 -0700)]
prosody: fix shellcheck warnings
Remove paxctl stuff. pax is not packaged in OpenWrt.
Add reload support.
Install lua cfg file as 644. It's needed to be readable as prosody user
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
eb46e231cd2a1fb816f06cf7d630adc864296abc)
Rosen Penev [Thu, 15 Oct 2020 02:40:00 +0000 (19:40 -0700)]
prosody: update to 0.11.7
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
68a3a06e98c234069afaffbc59bcc169e9205e93)
Vieno Hakkerinen [Tue, 21 Apr 2020 03:57:56 +0000 (05:57 +0200)]
prosody: update to 0.11.5
Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
(cherry picked from commit
bc500293e37b806e6b880ede492c0c9b9f42268d)