feed/packages.git
2 years agoopenwisp-monitoring: added 0.1.1 18829/head
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 0419a797ae7442dff8a1536de404a2fc38337f2f)

2 years agosyslog-ng: update to version 3.37.1
Josef Schlehofer [Fri, 24 Jun 2022 12:25:57 +0000 (14:25 +0200)]
syslog-ng: update to version 3.37.1

- Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.37.1

- Bump config version

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ae7aefe111382630c7046cfb4539b3f1a72ff402)

2 years agoRevert "lxc: export systemd cgroups after install"
Stijn Tintel [Wed, 18 May 2022 10:46:01 +0000 (13:46 +0300)]
Revert "lxc: export systemd cgroups after install"

The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1

Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.

This reverts commit 2cde10b95053bf958a4001fb0a82c4563bf345e2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agolxc: export systemd cgroups after install
Michal Vasilek [Wed, 8 Jun 2022 12:48:22 +0000 (14:48 +0200)]
lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

originally committed in 2cde10b95053bf958a4001fb0a82c4563bf345e2
reverted in 039912dec5d3ba2b0f6f53ab8330ab9fea2f7adf

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7da73565399f915f516c6cdd74a58f984d519e4b)

2 years agobind: update to version 9.16.30
Josef Schlehofer [Fri, 24 Jun 2022 09:46:35 +0000 (11:46 +0200)]
bind: update to version 9.16.30

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolibgd: install pkgconfig file
Michal Vasilek [Tue, 21 Jun 2022 15:46:36 +0000 (17:46 +0200)]
libgd: install pkgconfig file

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoluajit: backport softfloat ppc support
Rosen Penev [Tue, 21 Jun 2022 18:52:36 +0000 (11:52 -0700)]
luajit: backport softfloat ppc support

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 24c0007ea2561611776e50c8876a7b040ffd6fdc)

2 years agoluajit: fix build on macos (ldconfig issue)
Sergey V. Lobanov [Fri, 7 Jan 2022 22:48:08 +0000 (01:48 +0300)]
luajit: fix build on macos (ldconfig issue)

fix ldconfig build issue. This patch is a backport from upstream:
https://github.com/LuaJIT/LuaJIT/commit/18c9cf7d3788a8f7408df45df92fc4ae3bcc0d80

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 42c4d254552c04f41a2b93811147ef56af45bf9c)

2 years agoopenldap: drop use of HTTP in favor of HTTPS
W. Michael Petullo [Fri, 20 May 2022 13:14:33 +0000 (08:14 -0500)]
openldap: drop use of HTTP in favor of HTTPS

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit bab2f020eec5524984902c382591fc562b6e08aa)

2 years agobeep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532
Josef Schlehofer [Tue, 1 Jan 2019 02:38:00 +0000 (03:38 +0100)]
beep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532

1. Changed Git repository, which is used for Fedora packaging
https://github.com/johnath/beep/issues/11#issuecomment-450277122

Fixed CVEs:
CVE-2018-0492 - https://nvd.nist.gov/vuln/detail/CVE-2018-0492
CVE-2018-1000532 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000532

2. Fixed SPDX License Identifier

3. Add patch to comment out -D_FORTIFY_SOURCE
Otherwise, it can not be built by default.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 6488eaf2502c75ffc8ac11fffd539f5c070f77c3)

2 years agobeep: restore a dependency definition to the previous one on x86 target
Yanase Yuki [Thu, 3 Dec 2020 12:50:16 +0000 (21:50 +0900)]
beep: restore a dependency definition to the previous one on x86 target

Commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1 causes a dependency
problem with some out-of-tree packages which expect "DEPENDS:=+kmod-pcspkr".

To fix this problem, this commit restores a dependency definition to
the previous one on x86 target.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 8b1216fb49dbc4f444606d0fb8c32297d66336c0)

2 years agobeep: fix dependency to support non-x86 target and kmod-gpio-beeper
Yanase Yuki [Fri, 2 Oct 2020 08:06:25 +0000 (17:06 +0900)]
beep: fix dependency to support non-x86 target and kmod-gpio-beeper

Beep is a target-independent software that can handle buzzers controlled by kmod-gpio-beeper.

This change is useful for some non-x86 enterprise APs and development boards
that have a buzzer connected to GPIO.

Compile-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch
Run-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1)

2 years agobeep: add missing PKG_MIRROR_HASH
Yanase Yuki [Sat, 3 Oct 2020 05:09:01 +0000 (14:09 +0900)]
beep: add missing PKG_MIRROR_HASH

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit ac52356c0bdb11127013e291ad10add6b44784b2)

2 years agoMerge pull request #18696 from BKPepe/netatalk-1907
Josef Schlehofer [Wed, 8 Jun 2022 15:30:21 +0000 (17:30 +0200)]
Merge pull request #18696 from BKPepe/netatalk-1907

[19.07] netatalk: re-introduce 3.1.13 and backport pending fixes

2 years agonetatalk: backport pending PR to fix segfaults 18696/head
Šimon Bořek [Thu, 28 Apr 2022 15:31:09 +0000 (17:31 +0200)]
netatalk: backport pending PR to fix segfaults

This commit backports pending PR, which solves segfaults:
- https://github.com/Netatalk/Netatalk/pull/174

To fix issues with segfaults described here:
- https://github.com/openwrt/packages/issues/18571
- https://github.com/Netatalk/Netatalk/issues/175

Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit ab768578cd06364cc9327a1718631d16e8aa3e20)

2 years agoRevert "Revert "netatalk: update to version 3.1.13""
Josef Schlehofer [Mon, 6 Jun 2022 11:36:14 +0000 (13:36 +0200)]
Revert "Revert "netatalk: update to version 3.1.13""

This can be finally re-reverted, so we can use version 3.1.13, which
fixes multiple security vulnerabilities, but it segfaults almost
immediately. There is currently pending pull request, which fixes this,
and multiple users confirmed that it works on different GNU/Linux distributions.

This reverts commit bfe255064eeed30d06cbd969e4be36a89d76d0eb.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoMerge pull request #18671 from turris-cz/libxml_2.9.14_backport
Michael Heimpold [Thu, 2 Jun 2022 19:28:55 +0000 (21:28 +0200)]
Merge pull request #18671 from turris-cz/libxml_2.9.14_backport

libxml2: backport 2.9.14 version bump

2 years agolibxml2: update to 2.9.14 18671/head
Michael Heimpold [Sun, 29 May 2022 20:01:45 +0000 (22:01 +0200)]
libxml2: update to 2.9.14

This fixes CVE-2022-29824.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c12e1cfcab318d0a5b48d63d5952af418e62822e)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.13
Michael Heimpold [Tue, 15 Mar 2022 20:24:32 +0000 (21:24 +0100)]
libxml2: update to 2.9.13

This fixes CVE-2022-23308.

Also switch to GNOME as download source and xz tarball.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97aee93c8cfcb4ebbf901c2a99c3525c)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.12
Michael Heimpold [Tue, 18 May 2021 22:12:32 +0000 (00:12 +0200)]
libxml2: update to 2.9.12

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 6b932d3ff77c63fe01080139c147c86da12f0c88)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.10
Michael Heimpold [Mon, 25 Nov 2019 23:10:22 +0000 (00:10 +0100)]
libxml2: update to 2.9.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 10e867d0261a0e7d6a94a672104e7f25ae884eff)
[remove no longer needed CVE-2019-19956 patch (fixed in libxml2 2.9.10)]
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agodb47: don't depend on libxml2 at run-time
Daniel Golle [Sat, 9 Jan 2021 15:14:57 +0000 (15:14 +0000)]
db47: don't depend on libxml2 at run-time

libxml2 seems to be required only during build, hence no need to
depend on it in run-time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1f3585a3872e253d38d202274965cf05938efc3a)

2 years agomuninlite: update to new upstream release (2.1.2)
Lars Kruse [Wed, 14 Jul 2021 11:47:01 +0000 (13:47 +0200)]
muninlite: update to new upstream release (2.1.2)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: update to new upstream release (2.1.1)
Kim B. Heino [Mon, 19 Oct 2020 12:54:33 +0000 (15:54 +0300)]
muninlite: update to new upstream release (2.1.1)

Signed-off-by: Kim B. Heino <b@bbbs.net>
2 years agomuninlite: update to new upstream release (2.1.0)
Lars Kruse [Thu, 8 Oct 2020 12:44:08 +0000 (14:44 +0200)]
muninlite: update to new upstream release (2.1.0)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: Bump PKG_RELEASE
Francois Dechery [Mon, 28 Sep 2020 08:15:16 +0000 (10:15 +0200)]
muninlite: Bump PKG_RELEASE

Signed-off-by: Francois Dechery <wxopwx@gmail.com>
2 years agomuninlite: Fixes munin xinetd service not launching.
Francois Dechery [Sat, 26 Sep 2020 23:55:21 +0000 (01:55 +0200)]
muninlite: Fixes munin xinetd service not launching.

Signed-off-by: Francois Dechery <wxopwx@gmail.com>
2 years agomuninlite: remove patch "hostname"
Lars Kruse [Sun, 19 Apr 2020 12:26:55 +0000 (14:26 +0200)]
muninlite: remove patch "hostname"

Since muninlite 2.0 the unpatched upstream also uses
/proc/sys/kernel/hostname.  Thus the patch is not necessary anymore.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: remove unused sections from Makefile
Lars Kruse [Wed, 15 Apr 2020 14:12:12 +0000 (16:12 +0200)]
muninlite: remove unused sections from Makefile

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: update to 2.0.1
Lars Kruse [Sun, 12 Apr 2020 17:18:31 +0000 (19:18 +0200)]
muninlite: update to 2.0.1

* follow upstream ressources to github
* rename /usr/sbin/munin-node to /usr/sbin/muninlite
  (following the chane of upstream)
* change plugin directory from /usr/sbin/munin-node-plugin.d/
  to /etc/munin/plugins (compatible to upstream / munin-node)
* all patches (except one OpenWrt-specific patch) were merged
  upstream

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agoopenwisp-config: update to 1.0.0
Federico Capoano [Sat, 28 May 2022 18:49:30 +0000 (14:49 -0400)]
openwisp-config: update to 1.0.0

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
2 years agoRevert "netatalk: update to version 3.1.13"
Josef Schlehofer [Wed, 20 Apr 2022 19:52:44 +0000 (21:52 +0200)]
Revert "netatalk: update to version 3.1.13"

We received a report from Turris user on Turris support department that
netatalk version 3.1.13 does not work properly.

Process afpd says: INTERNAL ERROR Signal 11
because of that Apple Time Machine does not work as it should

This was already reported to netatalk by different people on various
GNU/Linux distributions like CentOS, AlmaLinux [1] [2]

netatalk developer states [3]:
```
Generally, at this point I can only advice to stop using Netatalk. There
are more pending CVEs that I currently don't have the bandwidth to work on.
```

[1] https://sourceforge.net/p/netatalk/bugs/669/
[2] https://sourceforge.net/p/netatalk/bugs/670/
[3] https://sourceforge.net/p/netatalk/mailman/message/37638871/

This reverts commit 165c5625a3c696a37665d62b849eaa85b4d3815a.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolxc: export systemd cgroups after install
Michal Vasilek [Fri, 8 Apr 2022 20:49:53 +0000 (22:49 +0200)]
lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2cde10b95053bf958a4001fb0a82c4563bf345e2)

2 years agopostgresql: security update to 11.16
Michal Vasilek [Fri, 13 May 2022 16:37:52 +0000 (18:37 +0200)]
postgresql: security update to 11.16

* fixes CVE-2022-1552

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoyoutube-dl: update to 2021.12.17
Michal Vasilek [Fri, 6 May 2022 12:28:46 +0000 (14:28 +0200)]
youtube-dl: update to 2021.12.17

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit ef29bf0163669257c137ebf4e459757b37ddce96)

2 years agoyoutube-dl: update to version 2021.6.6
Josef Schlehofer [Tue, 6 Jul 2021 15:09:41 +0000 (17:09 +0200)]
youtube-dl: update to version 2021.6.6

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit fbe30791792f47e6b925f80ca32f6b4573f4fb0d)

2 years agoecdsautils: update to v0.4.1
Matthias Schiffer [Thu, 5 May 2022 16:33:00 +0000 (18:33 +0200)]
ecdsautils: update to v0.4.1

This fixes CVE-2022-24884.

Also update the package URL to match the source repository.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit de5671e58226a4cd062e92c2b12e20dcd7854e82)

2 years agobind: update to version 9.16.28
Josef Schlehofer [Sun, 24 Apr 2022 13:15:19 +0000 (15:15 +0200)]
bind: update to version 9.16.28

Changelog:
https://downloads.isc.org/isc/bind9/9.16.28/RELEASE-NOTES-bind-9.16.28.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoruby: update to 2.6.10
Luiz Angelo Daros de Luca [Tue, 19 Apr 2022 18:50:16 +0000 (15:50 -0300)]
ruby: update to 2.6.10

Fixes from 2.6.9:
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of
  Date Parsing Methods
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Fixes from 2.6.10:
- CVE-2022-28739: Buffer overrun in String-to-Float conversion

After this release, Ruby 2.6 reaches EOL.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 years agosane-backends: revert BUILDONLY flag
Luiz Angelo Daros de Luca [Fri, 15 Jan 2021 03:03:18 +0000 (00:03 -0300)]
sane-backends: revert BUILDONLY flag

BUILDONLY was disabling SANE backends (drivers) build.

Closes #14484

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit bf4340e19ecd85e44d9b5a08719dd0e531d2c20a)

2 years agozabbix: update to version 4.0.37
Josef Schlehofer [Wed, 29 Dec 2021 22:36:42 +0000 (23:36 +0100)]
zabbix: update to version 4.0.37

- Fixes CVE-2020-15803, CVE-2021-27927

- SourceForge does not provide tarball for version 4.0.37 and it was
necessary to use Zabbix CDN to download it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agonano: provide nano-full with most features enabled
Hannu Nyman [Tue, 22 Mar 2022 15:59:48 +0000 (17:59 +0200)]
nano: provide nano-full with most features enabled

Provide a new variant, nano-full, that enables almost
all functionality of nano. Only libmagic file type detection
has been left out.

Ship with a minimal /etc/nanorc that the user can modify.
nanorc documentation at
https://www.nano-editor.org/dist/latest/nanorc.5.html

Provide color highlighting for the uci config files.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6a51794638a64e5d72a2c0b69d70b8402fc316aa)

2 years agonetatalk: update to version 3.1.13
Daniel Golle [Thu, 24 Mar 2022 17:34:44 +0000 (17:34 +0000)]
netatalk: update to version 3.1.13

Please update to this latest release as soon as possible as this
releases fixes the following major security issues: CVE-2021-31439,
CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,
CVE-2022-23125 and CVE-2022-0194.

For a summary of news and a detailed list of changes see the
ReleaseNotes[1].

[1]: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 951ef67479dbf52af124671d367dd5e1a6d16121)

2 years agocoova-chilli: add dependency for miniportal
Sungbo Eo [Thu, 2 Jan 2020 13:19:41 +0000 (22:19 +0900)]
coova-chilli: add dependency for miniportal

If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 532088818af2eb2b1481420b93b649a10d14c724)

2 years agocoova-chilli: clean up Makefile
Sungbo Eo [Thu, 2 Jan 2020 13:17:13 +0000 (22:17 +0900)]
coova-chilli: clean up Makefile

- add missing configs to PKG_CONFIG_DEPENDS and sort it
- remove redundant INSTALL_DIR

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 2c71fb2065fdefdaca301943da48e93b59e54d82)

2 years agocoova-chilli: remove dnslog option
Sungbo Eo [Thu, 2 Jan 2020 13:14:11 +0000 (22:14 +0900)]
coova-chilli: remove dnslog option

dnslog feature has been removed since v1.4.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 95954b84f5f4b4fc114da5d96a04e704946cc9ea)

2 years agocoova-chili: Fix version
Rosen Penev [Wed, 1 Jan 2020 05:12:13 +0000 (21:12 -0800)]
coova-chili: Fix version

Upstream was sloppy when cutting the release.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit df20377ee92a9ea5085771aee4ddefe12da1746c)

2 years agocoova-chilli: Update to 1.5
Rosen Penev [Wed, 4 Dec 2019 03:40:14 +0000 (19:40 -0800)]
coova-chilli: Update to 1.5

Remove upstreamed patches.

Added patch to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68b5a71883ab8b421c2ce4e0a9486ec1d391e7f8)

2 years agoMerge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07
Josef Schlehofer [Wed, 23 Mar 2022 08:11:02 +0000 (09:11 +0100)]
Merge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.13, refresh patches

2 years agopython3: Update to 3.7.13, refresh patches 18127/head
Jeffery To [Mon, 21 Mar 2022 18:16:36 +0000 (02:16 +0800)]
python3: Update to 3.7.13, refresh patches

Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
  CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agobind: bump to 9.16.27
Noah Meyerhans [Fri, 18 Mar 2022 17:11:08 +0000 (10:11 -0700)]
bind: bump to 9.16.27

Fixes security issues:

 * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.

 * CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2 years agosyslog-ng: update to version 3.36.1
Josef Schlehofer [Thu, 10 Mar 2022 15:19:19 +0000 (16:19 +0100)]
syslog-ng: update to version 3.36.1

- Bump version in config file

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.36.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 110d46eb370b9ea5962944386fb06c2abd1d50f1)

2 years agoexpat: import patches for CVEs
Michal Vasilek [Wed, 23 Feb 2022 20:34:58 +0000 (21:34 +0100)]
expat: import patches for CVEs

* import patches for CVEs from alpine 3.13

CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990
CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 584c0c43782bf173c29e7406756335c11b6f73e6)

2 years agoexpat: update to 2.2.10
Rosen Penev [Thu, 8 Oct 2020 00:35:52 +0000 (17:35 -0700)]
expat: update to 2.2.10

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c69160e6aea07da47a202418cd1b5195875f6694)

2 years agohtpdate: drop www.freebsd.org from default server list
Jo-Philipp Wich [Tue, 22 Feb 2022 22:28:55 +0000 (23:28 +0100)]
htpdate: drop freebsd.org from default server list

The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.

Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e8713180026e0cf1c9d1421e3b664fee3fa4df12)

2 years agonano: update to 6.2
Hannu Nyman [Tue, 22 Feb 2022 17:21:01 +0000 (19:21 +0200)]
nano: update to 6.2

Update nano to 6.2.
Remove inactive second maintainer.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3f14c51149ff0c3604baf130987ee2bf5203edb)
[removed AUTORELEASE]

2 years agonano: update to 6.1
Hannu Nyman [Wed, 9 Feb 2022 16:26:49 +0000 (18:26 +0200)]
nano: update to 6.1

Update nano to version 6.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 717efb8c9622cc73bc8ab1c4ac2e67252b9c4401)
[removed aurorelease]

2 years agoruby: update to 2.6.9
Michal Vasilek [Fri, 4 Feb 2022 13:52:11 +0000 (14:52 +0100)]
ruby: update to 2.6.9

* fixes CVE-2021-41817 and CVE-2021-41819

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoMerge pull request #17778 from turris-cz/bind-19.07
Josef Schlehofer [Wed, 2 Feb 2022 20:19:21 +0000 (21:19 +0100)]
Merge pull request #17778 from turris-cz/bind-19.07

bind: update to version 9.16.25

2 years agobind: update to version 9.16.25 17778/head
Josef Schlehofer [Wed, 2 Feb 2022 17:17:27 +0000 (18:17 +0100)]
bind: update to version 9.16.25

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoCI: fix runtime testing for non master branch
Paul Spooren [Thu, 13 Jan 2022 23:55:36 +0000 (00:55 +0100)]
CI: fix runtime testing for non master branch

The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit f535d770901674d7d9f3d8cd9abe566d9db63ebe)

2 years agoMerge pull request #17756 from BKPepe/nss-cve-2021-43527
Josef Schlehofer [Wed, 2 Feb 2022 17:23:45 +0000 (18:23 +0100)]
Merge pull request #17756 from BKPepe/nss-cve-2021-43527

nss: backport patch for CVE-2021-43527

2 years agonano: Add a plus variant with more features
Hannu Nyman [Tue, 1 Feb 2022 21:44:21 +0000 (23:44 +0200)]
nano: Add a plus variant with more features

Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.

Add a new nano-plus variant that enables selected additional
features in the build config:
 * multiple files (multibuffer)
 * Unicode/utf8
 * justify
 * .nanorc support
 * help
 * also some key bindings get enabled as "tiny" configure option
   is removed.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d81af3c549406d5f42080ed58be9b9b0)

2 years agonss: backport patch for CVE-2021-43527 17756/head
Josef Schlehofer [Mon, 31 Jan 2022 10:45:37 +0000 (11:45 +0100)]
nss: backport patch for CVE-2021-43527

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoprosody: update to version 0.11.13
Josef Schlehofer [Fri, 28 Jan 2022 14:48:47 +0000 (15:48 +0100)]
prosody: update to version 0.11.13

Fixes CVEs:
- CVE-2022-0217
- CVE-2021-37601
- CVE-2021-32918
- CVE-2021-32920
- CVE-2021-32921
- CVE-2021-32917
- CVE-2021-32919

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit dcedbe802744102b215835f1dd53bc2bb5756807)

2 years agoprosody: fix shellcheck warnings
Rosen Penev [Thu, 15 Oct 2020 03:07:58 +0000 (20:07 -0700)]
prosody: fix shellcheck warnings

Remove paxctl stuff. pax is not packaged in OpenWrt.

Add reload support.

Install lua cfg file as 644. It's needed to be readable as prosody user

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eb46e231cd2a1fb816f06cf7d630adc864296abc)

2 years agoprosody: update to 0.11.7
Rosen Penev [Thu, 15 Oct 2020 02:40:00 +0000 (19:40 -0700)]
prosody: update to 0.11.7

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68a3a06e98c234069afaffbc59bcc169e9205e93)

2 years agoprosody: update to 0.11.5
Vieno Hakkerinen [Tue, 21 Apr 2020 03:57:56 +0000 (05:57 +0200)]
prosody: update to 0.11.5

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
(cherry picked from commit bc500293e37b806e6b880ede492c0c9b9f42268d)

2 years agoprosody: /etc/prosody permissions fix
Sergio E. Nemirowski [Mon, 30 Mar 2020 12:20:21 +0000 (15:20 +0300)]
prosody: /etc/prosody permissions fix

Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
(cherry picked from commit 838306cb37aaede5c0db61559166b06737bf5c6b)

2 years agoprosody: Update to 0.11.3
Rosen Penev [Wed, 4 Dec 2019 18:39:58 +0000 (10:39 -0800)]
prosody: Update to 0.11.3

Several Makefile rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 73d29b9fd7b4abf4276b261fd113af2a1dcc4e2a)

2 years agotvheadend: fix conffiles section
Josef Schlehofer [Mon, 24 Jan 2022 22:04:13 +0000 (23:04 +0100)]
tvheadend: fix conffiles section

The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`

It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 752d1ffc28971b9b641162498a877750fa687bbd)

2 years agodomoticz: backport patch to fix compilation with uClibc-ng
Josef Schlehofer [Thu, 6 Jan 2022 15:56:58 +0000 (16:56 +0100)]
domoticz: backport patch to fix compilation with uClibc-ng

This helps to compile domoticz on arc target.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agodomoticz: bump to 4.10717
Stijn Tintel [Thu, 26 Sep 2019 22:35:14 +0000 (01:35 +0300)]
domoticz: bump to 4.10717

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 7e50722145943e36bb687bc7462f8e483c8652b6)

2 years agodomoticz: Fix compilation without deprecated OpenSSL APIs
Rosen Penev [Thu, 27 Jun 2019 07:28:25 +0000 (00:28 -0700)]
domoticz: Fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8c77bcc19f4283813cdbb99842bb1c330fadf124)

2 years agonetdata: Update init script to use -D rather than -nd
James White [Fri, 31 Dec 2021 16:45:25 +0000 (16:45 +0000)]
netdata: Update init script to use -D rather than -nd

The current init script is using the deprecated -nd flag. This updates netdata to be started with -D.

Signed-off-by: James White <james@jmwhite.co.uk>
(cherry picked from commit cf9d5a887031f245fbae6f8bcd3366078996f123)

2 years agoapache: security bump to 2.4.51
Sebastian Kemper [Sun, 24 Oct 2021 13:32:06 +0000 (15:32 +0200)]
apache: security bump to 2.4.51

Fixes (see [1] for details):

  CVE-2021-33193
  CVE-2021-41524
  CVE-2021-41773
  CVE-2021-42013

[1] https://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit da4b1ca8d65b788d85489cd3ca83d91b0fd72f0f)

2 years agohaveged: update to 1.9.17
Hannu Nyman [Sun, 9 Jan 2022 17:00:24 +0000 (19:00 +0200)]
haveged: update to 1.9.17

Update havged to version 1.9.17.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e065ccda94aff9ac39d0aeac0449e9cd2cecc703)
(Autorelease removed)

2 years agoMerge pull request #17476 from BKPepe/buildonly
Josef Schlehofer [Mon, 3 Jan 2022 18:58:33 +0000 (19:58 +0100)]
Merge pull request #17476 from BKPepe/buildonly

treewide: add missing BUILDONLY

2 years agotreewide: add missing BUILDONLY 17476/head
Rosen Penev [Tue, 13 Oct 2020 00:40:44 +0000 (17:40 -0700)]
treewide: add missing BUILDONLY

Fixes Makefile warnings:

WARNING: skipping X -- package has no install section

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5a7148d112113544611ee358a7d062cec85c1629)

2 years agozsh: drop bash syntax in postinst
Karel Kočí [Thu, 19 Dec 2019 09:32:25 +0000 (10:32 +0100)]
zsh: drop bash syntax in postinst

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit c09d6042fe3b58d7eb0fdc65fc9968c47d98aea1)

2 years agozsh: fix invalid postrm script and little refactor of scripts
Karel Kočí [Wed, 18 Dec 2019 08:57:23 +0000 (09:57 +0100)]
zsh: fix invalid postrm script and little refactor of scripts

The postrm script was missing shebang. Postrm scripts are packaged and
executed directly and not sourced by default script (as in case of prerm
and postinst).

Also move some indents around to not confuse reader. The section in
postinst was indented to same level as grep "condition" but is on same
level as initial grep (not part of that "condition").

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit d2d193d81885cd2351e3bd53f6f4cc8ec092e26d)

2 years agonano: update to version 6.0
Hannu Nyman [Thu, 16 Dec 2021 18:32:41 +0000 (20:32 +0200)]
nano: update to version 6.0

Update nano editor to version 6.0

Version 6.0 enable toggling the display of the line numbers with
the shortcut key M-N (Alt-n). Also the cmdline option "-l" works.
Remove earlier patch regarding that.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from commits 0571f54009023845d5 and ae7f62d63)

2 years agoMerge pull request #17250 from ynezz/ynezz/cares-fix-CVE-2021-3672
Petr Štetiar [Sun, 12 Dec 2021 11:11:24 +0000 (12:11 +0100)]
Merge pull request #17250 from ynezz/ynezz/cares-fix-CVE-2021-3672

[19.07] libs/c-ares: fix domain hijacking CVE-2021-3672

2 years agoMerge pull request #17267 from BKPepe/postgresql-update
Daniel Golle [Sun, 12 Dec 2021 11:06:51 +0000 (11:06 +0000)]
Merge pull request #17267 from BKPepe/postgresql-update

[19.07] postgresql: security update to version 11.14

2 years agomsmtp: update to version 1.8.1.9
Josef Schlehofer [Tue, 30 Nov 2021 23:32:56 +0000 (00:32 +0100)]
msmtp: update to version 1.8.1.9

Changelog:
https://marlam.de/msmtp/news/msmtp-1-8-19/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 173faad3340772e1b2194c618fb8c1f13f81b9a9)

2 years agopostgresql: security update to version 11.14 17267/head
Josef Schlehofer [Fri, 3 Dec 2021 23:59:43 +0000 (00:59 +0100)]
postgresql: security update to version 11.14

Patch 001-configure_fixes does not apply anymore.
Other patches were refreshed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolibs/c-ares: fix domain hijacking CVE-2021-3672 17250/head
Petr Štetiar [Thu, 2 Dec 2021 12:54:42 +0000 (13:54 +0100)]
libs/c-ares: fix domain hijacking CVE-2021-3672

Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).

I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.

1. https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch

Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agomsmtp: update to version 1.8.17
Josef Schlehofer [Sun, 17 Oct 2021 07:24:29 +0000 (09:24 +0200)]
msmtp: update to version 1.8.17

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 18261fcd313b073e36a5ba39eeaf0aef808a1694)

2 years agosyslog-ng: update to version 3.35.1
Josef Schlehofer [Tue, 16 Nov 2021 13:22:44 +0000 (14:22 +0100)]
syslog-ng: update to version 3.35.1

Also bump the version in syslog-ng config file.
Removes this warning:

Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2d2fd36e28a40a63b1bd16c77cce57d446d656cc)

2 years agoMerge pull request #17209 from peci1/patch-1
Florian Eckert [Tue, 30 Nov 2021 11:40:50 +0000 (12:40 +0100)]
Merge pull request #17209 from peci1/patch-1

ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

2 years agoicu: Fix memory bug w/ baseName
Hirokazu MORIKAWA [Sun, 28 Nov 2021 00:42:25 +0000 (09:42 +0900)]
icu: Fix memory bug w/ baseName

CVE-2021-30535 : Double free in ICU
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
https://security-tracker.debian.org/tracker/CVE-2021-30535

ICU-21587 : Fix memory bug w/ baseName
https://github.com/unicode-org/icu/pull/1698

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2 years agoddns-scripts: Fix wrong whitespace in preinst and postinst scripts 17209/head
Martin Pecka [Fri, 26 Nov 2021 07:34:12 +0000 (08:34 +0100)]
ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

Signed-off-by: Martin Pecka <peckama2@fel.cvut.cz>
3 years agobind: update to version 9.16.23
Josef Schlehofer [Thu, 18 Nov 2021 14:54:15 +0000 (15:54 +0100)]
bind: update to version 9.16.23

Changelog:
https://downloads.isc.org/isc/bind9/9.16.23/RELEASE-NOTES-bind-9.16.23.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoMerge pull request #17114 from paper42/cve-2019-19906-19
Josef Schlehofer [Sun, 14 Nov 2021 23:24:00 +0000 (00:24 +0100)]
Merge pull request #17114 from paper42/cve-2019-19906-19

[19.07] cyrus-sasl: patch CVE-2019-19906

3 years agocyrus-sasl: patch CVE-2019-19906 17114/head
Michal Vasilek [Fri, 12 Nov 2021 17:09:39 +0000 (18:09 +0100)]
cyrus-sasl: patch CVE-2019-19906

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit f7717bd382d4f03c6353beaaf198d29a34c8e6ab)

3 years agoMerge pull request #17110 from thg2k/pr/19_php72_ini_1
Michael Heimpold [Fri, 12 Nov 2021 06:39:46 +0000 (07:39 +0100)]
Merge pull request #17110 from thg2k/pr/19_php72_ini_1

[19.07] php7: Update and clean up distributed php7.ini

3 years agophp7: Clean up and update distributed php.ini for php 7.2.34 17110/head
Giovanni Giacobbi [Thu, 11 Nov 2021 09:29:14 +0000 (09:29 +0000)]
php7: Clean up and update distributed php.ini for php 7.2.34

Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.2.34
- Added '~E_DEPRECATED' to 'error_reporting'

Directives removed that no longer exist as of PHP 7.2.34:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
3 years agosyslog-ng: update to version 3.34.1
Josef Schlehofer [Sat, 16 Oct 2021 20:45:27 +0000 (22:45 +0200)]
syslog-ng: update to version 3.34.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d8e88ef51ec85c3f459fb4e8bf0e08fa26cffb29)

3 years agoffmpeg: update to version 3.4.9 (security fix)
Josef Schlehofer [Wed, 27 Oct 2021 12:39:16 +0000 (14:39 +0200)]
ffmpeg: update to version 3.4.9 (security fix)

Fixes:
CVE-2020-13904
CVE-2020-2044
CVE-2020-20453
CVE-2020-22015
CVE-2020-22019
CVE-2020-22033
CVE-2020-22021
CVE-2020-22037
CVE-2020-35965
CVE-2021-38114
CVE-2021-38171
CVE-2021-38291

Refresh patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agobind: Bump to 9.16.22
Noah Meyerhans [Fri, 29 Oct 2021 03:28:18 +0000 (20:28 -0700)]
bind: Bump to 9.16.22

The following CVEs are addressed:

* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
  effectively disables the lame server cache, as it could previously
  be abused by an attacker to significantly degrade resolver performance.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>