feed/packages.git
17 months agopython3: Update to 3.7.17 21348/head
Jeffery To [Mon, 12 Jun 2023 09:35:45 +0000 (17:35 +0800)]
python3: Update to 3.7.17

This includes an updated patch for pip, as the bundled pip was also
updated with this release.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
19 months agoMerge pull request #20676 from jefferyto/python-3.7.16-openwrt-19.07
Jeffery To [Thu, 30 Mar 2023 04:14:59 +0000 (12:14 +0800)]
Merge pull request #20676 from jefferyto/python-3.7.16-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.16, refresh patches

20 months agopython3: Update to 3.7.16, refresh patches 20676/head
Jeffery To [Thu, 16 Mar 2023 07:05:35 +0000 (15:05 +0800)]
python3: Update to 3.7.16, refresh patches

Includes fixes:

* 3.7.14:
  * CVE-2020-10735: Prevent DoS by large int<->str conversions
  * CVE-2021-28861: http.server: Open Redirection if the URL path starts with //

* 3.7.16:
  * CVE-2022-45061: Slow IDNA decoding with large strings
  * CVE-2022-37454: Buffer overflow in the _sha3 module
  * CVE-2015-20107: mailcap.findmatch: document shell command Injection danger in filename parameter

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
21 months agobind: bump to 9.16.37
Noah Meyerhans [Sat, 28 Jan 2023 20:03:31 +0000 (12:03 -0800)]
bind: bump to 9.16.37

Fixes multiple CVEs. Upstream changelog is
https://ftp.isc.org/isc/bind9/9.16.37/CHANGES

CVEs fixed:

CVE-2022-3924: Fix serve-stale crash when recursive clients soft quota
is reached.

CVE-2022-3736: Handle RRSIG lookups when serve-stale is active.

CVE-2022-3094: An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2 years agolibwebsockets: fix recursive dependency
Josef Schlehofer [Wed, 26 Oct 2022 07:12:38 +0000 (09:12 +0200)]
libwebsockets: fix recursive dependency

While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl

It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.

Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a4e8cbb89a48729b3c3ad615765549628d495b0f)

2 years agolibwebsockets: OpenSSL and mbedTLS variants should conflict
Josef Schlehofer [Tue, 25 Oct 2022 10:14:25 +0000 (12:14 +0200)]
libwebsockets: OpenSSL and mbedTLS variants should conflict

They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 676c5c72b5eeb583da2603e399fac085fa442c59)

2 years agolibwebsockets: full variant provides OpenSSL
Josef Schlehofer [Tue, 25 Oct 2022 05:52:15 +0000 (07:52 +0200)]
libwebsockets: full variant provides OpenSSL

For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.

Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 77e682a11c53f4dcd0e76bdea5ee82de77eaacfe)

2 years agonss: disable PKG_BUILD_PARALLEL
Josef Schlehofer [Mon, 26 Sep 2022 18:39:07 +0000 (20:39 +0200)]
nss: disable PKG_BUILD_PARALLEL

This is similar to commit f303e87a1e0cb384ed7c3ef66752479a4c43afd2
("nss: update to 3.67") as there is something wrong with NSS build
system and otherwise this package fails to compile. Let's compile it
single threaded.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agobind: update to version 9.16.33
Josef Schlehofer [Sun, 25 Sep 2022 10:16:10 +0000 (12:16 +0200)]
bind: update to version 9.16.33

Changelog:
https://downloads.isc.org/isc/bind9/9.16.33/RELEASE-NOTES-bind-9.16.33.html

Fixes:
- multiple CVEs
(CVE-2022-2795, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agosyslog-ng: update to version 3.38.1
Josef Schlehofer [Wed, 7 Sep 2022 10:00:59 +0000 (12:00 +0200)]
syslog-ng: update to version 3.38.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1

- Update the configuration file to use version 4.0 as mentioned in the
  release notes to try the latest changes

Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 34b7af9e0859418bb85e7d3ca131101dd912ae53)

2 years agolibedit: update to version 20210522-3.1
Jan Hak [Mon, 21 Jun 2021 08:51:13 +0000 (10:51 +0200)]
libedit: update to version 20210522-3.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 0b8f3ea81a3186f1189def218a3553dea2b572f8)

2 years agolibedit: update to version 20210419-3.1
Jan Hak [Tue, 27 Apr 2021 11:08:21 +0000 (13:08 +0200)]
libedit: update to version 20210419-3.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit b0870d792b3fd013137d2071c150248e85262d66)

2 years agoknot: update to 3.1.7
Jan Hák [Fri, 1 Apr 2022 11:16:00 +0000 (13:16 +0200)]
knot: update to 3.1.7

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit f30da8c572c7f1acf34d60c468a3a1cceafbf426)

2 years agoknot: update to 3.1.6
Jan Hák [Wed, 9 Feb 2022 13:16:04 +0000 (14:16 +0100)]
knot: update to 3.1.6

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 4de863e418f80cd52293e1ae0de153dcc2cb7141)

2 years agoknot: update to 3.1.5
Jan Hák [Tue, 21 Dec 2021 14:44:57 +0000 (15:44 +0100)]
knot: update to 3.1.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 2a56e478f57faad7a4346f5aef843bae517027e7)

2 years agoknot: update to 3.1.4
Jan Hák [Mon, 8 Nov 2021 09:43:16 +0000 (10:43 +0100)]
knot: update to 3.1.4

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 60a80b31fbf3585d52b64ab0b9bf5a4aa844a032)

2 years agoknot: update to version 3.1.3
Jan Hák [Mon, 25 Oct 2021 08:58:04 +0000 (10:58 +0200)]
knot: update to version 3.1.3

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 175087bf250d1e1043ecad1ee352297398816d51)

2 years agoknot: update to version 3.1.2
Jan Hák [Thu, 9 Sep 2021 08:44:46 +0000 (10:44 +0200)]
knot: update to version 3.1.2

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 2d2f1e56445a4a7fe06aa6ed073964ca607040f9)

2 years agoknot: update to version 3.1.1
Jan Hak [Thu, 12 Aug 2021 11:24:47 +0000 (13:24 +0200)]
knot: update to version 3.1.1

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 7aee9d130818ab2b21d28b3c2615d678f0417102)

2 years agoknot: update to version 3.1.0
Michal Vasilek [Thu, 5 Aug 2021 12:10:54 +0000 (14:10 +0200)]
knot: update to version 3.1.0

* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 81e0fcb76fd886dd0188d5da341e6fb7c38677c5)

2 years agovim: variants conflict with each other
Karel Kočí [Mon, 22 Aug 2022 12:31:21 +0000 (14:31 +0200)]
vim: variants conflict with each other

This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.

Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.

Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468aeaf7747c2e94e579020aa7f595c649)

2 years agocgi-io: update to latest Git HEAD
Jo-Philipp Wich [Wed, 10 Aug 2022 21:52:19 +0000 (23:52 +0200)]
cgi-io: update to latest Git HEAD

901b0f0 main: fix two one-byte overreads in header_value()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 443c6c1c17e29466cc81f44504602d66d993bf86)

2 years agoluajit: patch: PPC/e500 SPE: use soft float instead of failing
Šimon Bořek [Sat, 16 Jul 2022 16:56:32 +0000 (18:56 +0200)]
luajit: patch: PPC/e500 SPE: use soft float instead of failing

makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible

Quoting inner commit message:

This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.

While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.

Therefore I see no need to prevent them from running LuaJit
explicitly.

[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a4a484fbca5c185456cf5ac26e6f47c03ca426e9)

2 years agobind: update to version 9.16.31
Josef Schlehofer [Tue, 2 Aug 2022 14:43:23 +0000 (16:43 +0200)]
bind: update to version 9.16.31

Release notes:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/notes.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agocyrus-sasl: install pkg-config file and fine-tune installed files
Michael Heimpold [Tue, 3 Dec 2019 21:34:25 +0000 (22:34 +0100)]
cyrus-sasl: install pkg-config file and fine-tune installed files

Installing the .pc files helps other programs to detect
the presence of libsasl2.

While at, reduce the glob pattern a little bit to not
include unneeded symlinks.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c9ce769b1aab4abbacaf54fd4074e1ab8fbfd93a)

2 years agopostfix: fix download failure
Michal Vasilek [Sat, 16 Jul 2022 20:43:08 +0000 (22:43 +0200)]
postfix: fix download failure

cdn.postfix.johnriley.me serves a certificate for a different domain
name.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit d4feef97e6ee7b6477d53c28c9b151ae0c8974d8)

2 years agolibarchive: fix ext2fs build race error condition
Petr Štetiar [Thu, 16 Jun 2022 11:38:11 +0000 (13:38 +0200)]
libarchive: fix ext2fs build race error condition

libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:

 libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory

As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.

Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 797945dfaa0e7de8d6b0ada472bda63bb27f0cdc)

2 years agoMerge pull request #18846 from nemesisdesign/monitoring-openwrt-19
Florian Eckert [Mon, 4 Jul 2022 07:09:05 +0000 (09:09 +0200)]
Merge pull request #18846 from nemesisdesign/monitoring-openwrt-19

[19.07] openwisp-monitoring: added 0.1.1

2 years agoopenwisp-monitoring: added 0.1.1 18846/head
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 0419a797ae7442dff8a1536de404a2fc38337f2f)

2 years agohaveged: update to 1.9.18
Hannu Nyman [Mon, 11 Apr 2022 15:24:28 +0000 (18:24 +0300)]
haveged: update to 1.9.18

Update haveged to version 1.9.18

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 8579494bbbfaf5c47049e9365ccfb7b553621d15)

2 years agoMerge pull request #18829 from nemesisdesign/openwrt-19.07
Florian Eckert [Fri, 1 Jul 2022 08:18:11 +0000 (10:18 +0200)]
Merge pull request #18829 from nemesisdesign/openwrt-19.07

[19.07] openwisp-config: update to 1.0.1

2 years agoopenwisp-monitoring: added 0.1.1 18829/head
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 0419a797ae7442dff8a1536de404a2fc38337f2f)

2 years agosyslog-ng: update to version 3.37.1
Josef Schlehofer [Fri, 24 Jun 2022 12:25:57 +0000 (14:25 +0200)]
syslog-ng: update to version 3.37.1

- Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.37.1

- Bump config version

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ae7aefe111382630c7046cfb4539b3f1a72ff402)

2 years agoRevert "lxc: export systemd cgroups after install"
Stijn Tintel [Wed, 18 May 2022 10:46:01 +0000 (13:46 +0300)]
Revert "lxc: export systemd cgroups after install"

The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1

Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.

This reverts commit 2cde10b95053bf958a4001fb0a82c4563bf345e2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agolxc: export systemd cgroups after install
Michal Vasilek [Wed, 8 Jun 2022 12:48:22 +0000 (14:48 +0200)]
lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

originally committed in 2cde10b95053bf958a4001fb0a82c4563bf345e2
reverted in 039912dec5d3ba2b0f6f53ab8330ab9fea2f7adf

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7da73565399f915f516c6cdd74a58f984d519e4b)

2 years agobind: update to version 9.16.30
Josef Schlehofer [Fri, 24 Jun 2022 09:46:35 +0000 (11:46 +0200)]
bind: update to version 9.16.30

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolibgd: install pkgconfig file
Michal Vasilek [Tue, 21 Jun 2022 15:46:36 +0000 (17:46 +0200)]
libgd: install pkgconfig file

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoluajit: backport softfloat ppc support
Rosen Penev [Tue, 21 Jun 2022 18:52:36 +0000 (11:52 -0700)]
luajit: backport softfloat ppc support

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 24c0007ea2561611776e50c8876a7b040ffd6fdc)

2 years agoluajit: fix build on macos (ldconfig issue)
Sergey V. Lobanov [Fri, 7 Jan 2022 22:48:08 +0000 (01:48 +0300)]
luajit: fix build on macos (ldconfig issue)

fix ldconfig build issue. This patch is a backport from upstream:
https://github.com/LuaJIT/LuaJIT/commit/18c9cf7d3788a8f7408df45df92fc4ae3bcc0d80

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 42c4d254552c04f41a2b93811147ef56af45bf9c)

2 years agoopenldap: drop use of HTTP in favor of HTTPS
W. Michael Petullo [Fri, 20 May 2022 13:14:33 +0000 (08:14 -0500)]
openldap: drop use of HTTP in favor of HTTPS

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit bab2f020eec5524984902c382591fc562b6e08aa)

2 years agobeep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532
Josef Schlehofer [Tue, 1 Jan 2019 02:38:00 +0000 (03:38 +0100)]
beep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532

1. Changed Git repository, which is used for Fedora packaging
https://github.com/johnath/beep/issues/11#issuecomment-450277122

Fixed CVEs:
CVE-2018-0492 - https://nvd.nist.gov/vuln/detail/CVE-2018-0492
CVE-2018-1000532 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000532

2. Fixed SPDX License Identifier

3. Add patch to comment out -D_FORTIFY_SOURCE
Otherwise, it can not be built by default.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 6488eaf2502c75ffc8ac11fffd539f5c070f77c3)

2 years agobeep: restore a dependency definition to the previous one on x86 target
Yanase Yuki [Thu, 3 Dec 2020 12:50:16 +0000 (21:50 +0900)]
beep: restore a dependency definition to the previous one on x86 target

Commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1 causes a dependency
problem with some out-of-tree packages which expect "DEPENDS:=+kmod-pcspkr".

To fix this problem, this commit restores a dependency definition to
the previous one on x86 target.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 8b1216fb49dbc4f444606d0fb8c32297d66336c0)

2 years agobeep: fix dependency to support non-x86 target and kmod-gpio-beeper
Yanase Yuki [Fri, 2 Oct 2020 08:06:25 +0000 (17:06 +0900)]
beep: fix dependency to support non-x86 target and kmod-gpio-beeper

Beep is a target-independent software that can handle buzzers controlled by kmod-gpio-beeper.

This change is useful for some non-x86 enterprise APs and development boards
that have a buzzer connected to GPIO.

Compile-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch
Run-tested: ath79, ELECOM WAB-I1750-PS, 3fab4ac + device support patch

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 9bcea2de2cf552d544786d1e4b82f55cda7015b1)

2 years agobeep: add missing PKG_MIRROR_HASH
Yanase Yuki [Sat, 3 Oct 2020 05:09:01 +0000 (14:09 +0900)]
beep: add missing PKG_MIRROR_HASH

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit ac52356c0bdb11127013e291ad10add6b44784b2)

2 years agoMerge pull request #18696 from BKPepe/netatalk-1907
Josef Schlehofer [Wed, 8 Jun 2022 15:30:21 +0000 (17:30 +0200)]
Merge pull request #18696 from BKPepe/netatalk-1907

[19.07] netatalk: re-introduce 3.1.13 and backport pending fixes

2 years agonetatalk: backport pending PR to fix segfaults 18696/head
Šimon Bořek [Thu, 28 Apr 2022 15:31:09 +0000 (17:31 +0200)]
netatalk: backport pending PR to fix segfaults

This commit backports pending PR, which solves segfaults:
- https://github.com/Netatalk/Netatalk/pull/174

To fix issues with segfaults described here:
- https://github.com/openwrt/packages/issues/18571
- https://github.com/Netatalk/Netatalk/issues/175

Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit ab768578cd06364cc9327a1718631d16e8aa3e20)

2 years agoRevert "Revert "netatalk: update to version 3.1.13""
Josef Schlehofer [Mon, 6 Jun 2022 11:36:14 +0000 (13:36 +0200)]
Revert "Revert "netatalk: update to version 3.1.13""

This can be finally re-reverted, so we can use version 3.1.13, which
fixes multiple security vulnerabilities, but it segfaults almost
immediately. There is currently pending pull request, which fixes this,
and multiple users confirmed that it works on different GNU/Linux distributions.

This reverts commit bfe255064eeed30d06cbd969e4be36a89d76d0eb.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoMerge pull request #18671 from turris-cz/libxml_2.9.14_backport
Michael Heimpold [Thu, 2 Jun 2022 19:28:55 +0000 (21:28 +0200)]
Merge pull request #18671 from turris-cz/libxml_2.9.14_backport

libxml2: backport 2.9.14 version bump

2 years agolibxml2: update to 2.9.14 18671/head
Michael Heimpold [Sun, 29 May 2022 20:01:45 +0000 (22:01 +0200)]
libxml2: update to 2.9.14

This fixes CVE-2022-29824.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c12e1cfcab318d0a5b48d63d5952af418e62822e)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.13
Michael Heimpold [Tue, 15 Mar 2022 20:24:32 +0000 (21:24 +0100)]
libxml2: update to 2.9.13

This fixes CVE-2022-23308.

Also switch to GNOME as download source and xz tarball.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97aee93c8cfcb4ebbf901c2a99c3525c)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.12
Michael Heimpold [Tue, 18 May 2021 22:12:32 +0000 (00:12 +0200)]
libxml2: update to 2.9.12

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 6b932d3ff77c63fe01080139c147c86da12f0c88)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agolibxml2: update to 2.9.10
Michael Heimpold [Mon, 25 Nov 2019 23:10:22 +0000 (00:10 +0100)]
libxml2: update to 2.9.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 10e867d0261a0e7d6a94a672104e7f25ae884eff)
[remove no longer needed CVE-2019-19956 patch (fixed in libxml2 2.9.10)]
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2 years agodb47: don't depend on libxml2 at run-time
Daniel Golle [Sat, 9 Jan 2021 15:14:57 +0000 (15:14 +0000)]
db47: don't depend on libxml2 at run-time

libxml2 seems to be required only during build, hence no need to
depend on it in run-time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1f3585a3872e253d38d202274965cf05938efc3a)

2 years agomuninlite: update to new upstream release (2.1.2)
Lars Kruse [Wed, 14 Jul 2021 11:47:01 +0000 (13:47 +0200)]
muninlite: update to new upstream release (2.1.2)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: update to new upstream release (2.1.1)
Kim B. Heino [Mon, 19 Oct 2020 12:54:33 +0000 (15:54 +0300)]
muninlite: update to new upstream release (2.1.1)

Signed-off-by: Kim B. Heino <b@bbbs.net>
2 years agomuninlite: update to new upstream release (2.1.0)
Lars Kruse [Thu, 8 Oct 2020 12:44:08 +0000 (14:44 +0200)]
muninlite: update to new upstream release (2.1.0)

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: Bump PKG_RELEASE
Francois Dechery [Mon, 28 Sep 2020 08:15:16 +0000 (10:15 +0200)]
muninlite: Bump PKG_RELEASE

Signed-off-by: Francois Dechery <wxopwx@gmail.com>
2 years agomuninlite: Fixes munin xinetd service not launching.
Francois Dechery [Sat, 26 Sep 2020 23:55:21 +0000 (01:55 +0200)]
muninlite: Fixes munin xinetd service not launching.

Signed-off-by: Francois Dechery <wxopwx@gmail.com>
2 years agomuninlite: remove patch "hostname"
Lars Kruse [Sun, 19 Apr 2020 12:26:55 +0000 (14:26 +0200)]
muninlite: remove patch "hostname"

Since muninlite 2.0 the unpatched upstream also uses
/proc/sys/kernel/hostname.  Thus the patch is not necessary anymore.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: remove unused sections from Makefile
Lars Kruse [Wed, 15 Apr 2020 14:12:12 +0000 (16:12 +0200)]
muninlite: remove unused sections from Makefile

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agomuninlite: update to 2.0.1
Lars Kruse [Sun, 12 Apr 2020 17:18:31 +0000 (19:18 +0200)]
muninlite: update to 2.0.1

* follow upstream ressources to github
* rename /usr/sbin/munin-node to /usr/sbin/muninlite
  (following the chane of upstream)
* change plugin directory from /usr/sbin/munin-node-plugin.d/
  to /etc/munin/plugins (compatible to upstream / munin-node)
* all patches (except one OpenWrt-specific patch) were merged
  upstream

Signed-off-by: Lars Kruse <devel@sumpfralle.de>
2 years agoopenwisp-config: update to 1.0.0
Federico Capoano [Sat, 28 May 2022 18:49:30 +0000 (14:49 -0400)]
openwisp-config: update to 1.0.0

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
2 years agoRevert "netatalk: update to version 3.1.13"
Josef Schlehofer [Wed, 20 Apr 2022 19:52:44 +0000 (21:52 +0200)]
Revert "netatalk: update to version 3.1.13"

We received a report from Turris user on Turris support department that
netatalk version 3.1.13 does not work properly.

Process afpd says: INTERNAL ERROR Signal 11
because of that Apple Time Machine does not work as it should

This was already reported to netatalk by different people on various
GNU/Linux distributions like CentOS, AlmaLinux [1] [2]

netatalk developer states [3]:
```
Generally, at this point I can only advice to stop using Netatalk. There
are more pending CVEs that I currently don't have the bandwidth to work on.
```

[1] https://sourceforge.net/p/netatalk/bugs/669/
[2] https://sourceforge.net/p/netatalk/bugs/670/
[3] https://sourceforge.net/p/netatalk/mailman/message/37638871/

This reverts commit 165c5625a3c696a37665d62b849eaa85b4d3815a.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agolxc: export systemd cgroups after install
Michal Vasilek [Fri, 8 Apr 2022 20:49:53 +0000 (22:49 +0200)]
lxc: export systemd cgroups after install

otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2cde10b95053bf958a4001fb0a82c4563bf345e2)

2 years agopostgresql: security update to 11.16
Michal Vasilek [Fri, 13 May 2022 16:37:52 +0000 (18:37 +0200)]
postgresql: security update to 11.16

* fixes CVE-2022-1552

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoyoutube-dl: update to 2021.12.17
Michal Vasilek [Fri, 6 May 2022 12:28:46 +0000 (14:28 +0200)]
youtube-dl: update to 2021.12.17

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit ef29bf0163669257c137ebf4e459757b37ddce96)

2 years agoyoutube-dl: update to version 2021.6.6
Josef Schlehofer [Tue, 6 Jul 2021 15:09:41 +0000 (17:09 +0200)]
youtube-dl: update to version 2021.6.6

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit fbe30791792f47e6b925f80ca32f6b4573f4fb0d)

2 years agoecdsautils: update to v0.4.1
Matthias Schiffer [Thu, 5 May 2022 16:33:00 +0000 (18:33 +0200)]
ecdsautils: update to v0.4.1

This fixes CVE-2022-24884.

Also update the package URL to match the source repository.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit de5671e58226a4cd062e92c2b12e20dcd7854e82)

2 years agobind: update to version 9.16.28
Josef Schlehofer [Sun, 24 Apr 2022 13:15:19 +0000 (15:15 +0200)]
bind: update to version 9.16.28

Changelog:
https://downloads.isc.org/isc/bind9/9.16.28/RELEASE-NOTES-bind-9.16.28.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoruby: update to 2.6.10
Luiz Angelo Daros de Luca [Tue, 19 Apr 2022 18:50:16 +0000 (15:50 -0300)]
ruby: update to 2.6.10

Fixes from 2.6.9:
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of
  Date Parsing Methods
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Fixes from 2.6.10:
- CVE-2022-28739: Buffer overrun in String-to-Float conversion

After this release, Ruby 2.6 reaches EOL.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 years agosane-backends: revert BUILDONLY flag
Luiz Angelo Daros de Luca [Fri, 15 Jan 2021 03:03:18 +0000 (00:03 -0300)]
sane-backends: revert BUILDONLY flag

BUILDONLY was disabling SANE backends (drivers) build.

Closes #14484

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit bf4340e19ecd85e44d9b5a08719dd0e531d2c20a)

2 years agozabbix: update to version 4.0.37
Josef Schlehofer [Wed, 29 Dec 2021 22:36:42 +0000 (23:36 +0100)]
zabbix: update to version 4.0.37

- Fixes CVE-2020-15803, CVE-2021-27927

- SourceForge does not provide tarball for version 4.0.37 and it was
necessary to use Zabbix CDN to download it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agonano: provide nano-full with most features enabled
Hannu Nyman [Tue, 22 Mar 2022 15:59:48 +0000 (17:59 +0200)]
nano: provide nano-full with most features enabled

Provide a new variant, nano-full, that enables almost
all functionality of nano. Only libmagic file type detection
has been left out.

Ship with a minimal /etc/nanorc that the user can modify.
nanorc documentation at
https://www.nano-editor.org/dist/latest/nanorc.5.html

Provide color highlighting for the uci config files.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6a51794638a64e5d72a2c0b69d70b8402fc316aa)

2 years agonetatalk: update to version 3.1.13
Daniel Golle [Thu, 24 Mar 2022 17:34:44 +0000 (17:34 +0000)]
netatalk: update to version 3.1.13

Please update to this latest release as soon as possible as this
releases fixes the following major security issues: CVE-2021-31439,
CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,
CVE-2022-23125 and CVE-2022-0194.

For a summary of news and a detailed list of changes see the
ReleaseNotes[1].

[1]: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 951ef67479dbf52af124671d367dd5e1a6d16121)

2 years agocoova-chilli: add dependency for miniportal
Sungbo Eo [Thu, 2 Jan 2020 13:19:41 +0000 (22:19 +0900)]
coova-chilli: add dependency for miniportal

If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 532088818af2eb2b1481420b93b649a10d14c724)

2 years agocoova-chilli: clean up Makefile
Sungbo Eo [Thu, 2 Jan 2020 13:17:13 +0000 (22:17 +0900)]
coova-chilli: clean up Makefile

- add missing configs to PKG_CONFIG_DEPENDS and sort it
- remove redundant INSTALL_DIR

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 2c71fb2065fdefdaca301943da48e93b59e54d82)

2 years agocoova-chilli: remove dnslog option
Sungbo Eo [Thu, 2 Jan 2020 13:14:11 +0000 (22:14 +0900)]
coova-chilli: remove dnslog option

dnslog feature has been removed since v1.4.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 95954b84f5f4b4fc114da5d96a04e704946cc9ea)

2 years agocoova-chili: Fix version
Rosen Penev [Wed, 1 Jan 2020 05:12:13 +0000 (21:12 -0800)]
coova-chili: Fix version

Upstream was sloppy when cutting the release.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit df20377ee92a9ea5085771aee4ddefe12da1746c)

2 years agocoova-chilli: Update to 1.5
Rosen Penev [Wed, 4 Dec 2019 03:40:14 +0000 (19:40 -0800)]
coova-chilli: Update to 1.5

Remove upstreamed patches.

Added patch to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68b5a71883ab8b421c2ce4e0a9486ec1d391e7f8)

2 years agoMerge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07
Josef Schlehofer [Wed, 23 Mar 2022 08:11:02 +0000 (09:11 +0100)]
Merge pull request #18127 from jefferyto/python-3.7.13-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.13, refresh patches

2 years agopython3: Update to 3.7.13, refresh patches 18127/head
Jeffery To [Mon, 21 Mar 2022 18:16:36 +0000 (02:16 +0800)]
python3: Update to 3.7.13, refresh patches

Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
  CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agobind: bump to 9.16.27
Noah Meyerhans [Fri, 18 Mar 2022 17:11:08 +0000 (10:11 -0700)]
bind: bump to 9.16.27

Fixes security issues:

 * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.

 * CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2 years agosyslog-ng: update to version 3.36.1
Josef Schlehofer [Thu, 10 Mar 2022 15:19:19 +0000 (16:19 +0100)]
syslog-ng: update to version 3.36.1

- Bump version in config file

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.36.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 110d46eb370b9ea5962944386fb06c2abd1d50f1)

2 years agoexpat: import patches for CVEs
Michal Vasilek [Wed, 23 Feb 2022 20:34:58 +0000 (21:34 +0100)]
expat: import patches for CVEs

* import patches for CVEs from alpine 3.13

CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990
CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 584c0c43782bf173c29e7406756335c11b6f73e6)

2 years agoexpat: update to 2.2.10
Rosen Penev [Thu, 8 Oct 2020 00:35:52 +0000 (17:35 -0700)]
expat: update to 2.2.10

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c69160e6aea07da47a202418cd1b5195875f6694)

2 years agohtpdate: drop www.freebsd.org from default server list
Jo-Philipp Wich [Tue, 22 Feb 2022 22:28:55 +0000 (23:28 +0100)]
htpdate: drop freebsd.org from default server list

The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.

Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e8713180026e0cf1c9d1421e3b664fee3fa4df12)

2 years agonano: update to 6.2
Hannu Nyman [Tue, 22 Feb 2022 17:21:01 +0000 (19:21 +0200)]
nano: update to 6.2

Update nano to 6.2.
Remove inactive second maintainer.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3f14c51149ff0c3604baf130987ee2bf5203edb)
[removed AUTORELEASE]

2 years agonano: update to 6.1
Hannu Nyman [Wed, 9 Feb 2022 16:26:49 +0000 (18:26 +0200)]
nano: update to 6.1

Update nano to version 6.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 717efb8c9622cc73bc8ab1c4ac2e67252b9c4401)
[removed aurorelease]

2 years agoruby: update to 2.6.9
Michal Vasilek [Fri, 4 Feb 2022 13:52:11 +0000 (14:52 +0100)]
ruby: update to 2.6.9

* fixes CVE-2021-41817 and CVE-2021-41819

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoMerge pull request #17778 from turris-cz/bind-19.07
Josef Schlehofer [Wed, 2 Feb 2022 20:19:21 +0000 (21:19 +0100)]
Merge pull request #17778 from turris-cz/bind-19.07

bind: update to version 9.16.25

2 years agobind: update to version 9.16.25 17778/head
Josef Schlehofer [Wed, 2 Feb 2022 17:17:27 +0000 (18:17 +0100)]
bind: update to version 9.16.25

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoCI: fix runtime testing for non master branch
Paul Spooren [Thu, 13 Jan 2022 23:55:36 +0000 (00:55 +0100)]
CI: fix runtime testing for non master branch

The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit f535d770901674d7d9f3d8cd9abe566d9db63ebe)

2 years agoMerge pull request #17756 from BKPepe/nss-cve-2021-43527
Josef Schlehofer [Wed, 2 Feb 2022 17:23:45 +0000 (18:23 +0100)]
Merge pull request #17756 from BKPepe/nss-cve-2021-43527

nss: backport patch for CVE-2021-43527

2 years agonano: Add a plus variant with more features
Hannu Nyman [Tue, 1 Feb 2022 21:44:21 +0000 (23:44 +0200)]
nano: Add a plus variant with more features

Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.

Add a new nano-plus variant that enables selected additional
features in the build config:
 * multiple files (multibuffer)
 * Unicode/utf8
 * justify
 * .nanorc support
 * help
 * also some key bindings get enabled as "tiny" configure option
   is removed.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d81af3c549406d5f42080ed58be9b9b0)

2 years agonss: backport patch for CVE-2021-43527 17756/head
Josef Schlehofer [Mon, 31 Jan 2022 10:45:37 +0000 (11:45 +0100)]
nss: backport patch for CVE-2021-43527

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoprosody: update to version 0.11.13
Josef Schlehofer [Fri, 28 Jan 2022 14:48:47 +0000 (15:48 +0100)]
prosody: update to version 0.11.13

Fixes CVEs:
- CVE-2022-0217
- CVE-2021-37601
- CVE-2021-32918
- CVE-2021-32920
- CVE-2021-32921
- CVE-2021-32917
- CVE-2021-32919

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit dcedbe802744102b215835f1dd53bc2bb5756807)

2 years agoprosody: fix shellcheck warnings
Rosen Penev [Thu, 15 Oct 2020 03:07:58 +0000 (20:07 -0700)]
prosody: fix shellcheck warnings

Remove paxctl stuff. pax is not packaged in OpenWrt.

Add reload support.

Install lua cfg file as 644. It's needed to be readable as prosody user

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eb46e231cd2a1fb816f06cf7d630adc864296abc)

2 years agoprosody: update to 0.11.7
Rosen Penev [Thu, 15 Oct 2020 02:40:00 +0000 (19:40 -0700)]
prosody: update to 0.11.7

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 68a3a06e98c234069afaffbc59bcc169e9205e93)

2 years agoprosody: update to 0.11.5
Vieno Hakkerinen [Tue, 21 Apr 2020 03:57:56 +0000 (05:57 +0200)]
prosody: update to 0.11.5

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
(cherry picked from commit bc500293e37b806e6b880ede492c0c9b9f42268d)

2 years agoprosody: /etc/prosody permissions fix
Sergio E. Nemirowski [Mon, 30 Mar 2020 12:20:21 +0000 (15:20 +0300)]
prosody: /etc/prosody permissions fix

Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
(cherry picked from commit 838306cb37aaede5c0db61559166b06737bf5c6b)