Hans Dedecker [Tue, 18 Apr 2017 13:42:49 +0000 (15:42 +0200)]
net-snmp: add notification config options
Add config support which allow snmpd to take a more active role by sending
traps.
Following config options are supported which map directly on snmpd directives:
-trapcommunity
-trapsink
-trap2sink
-informsink
-authtrapenable
-v1trapaddress
-trapsess
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Tue, 30 May 2017 14:01:40 +0000 (16:01 +0200)]
Merge pull request #4208 from dedeckeh/pr-netsnmp-fw
net-snmp: add inbound firewall rule support
Stijn Tintel [Tue, 30 May 2017 13:12:08 +0000 (15:12 +0200)]
strongswan: add curve25519 plugin
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Tue, 30 May 2017 12:32:01 +0000 (14:32 +0200)]
strongswan: bump to 5.5.3
Fixes CVE-2017-9022, CVE-2017-9023.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hannu Nyman [Tue, 30 May 2017 07:49:09 +0000 (10:49 +0300)]
Merge pull request #4381 from commodo/ovs-fix
openvswitch: fix build for ovs python libs & related packages
Hannu Nyman [Tue, 30 May 2017 07:48:19 +0000 (10:48 +0300)]
Merge pull request #4380 from commodo/python-six-host-build
python-six: add host-side build
Peter Wagner [Mon, 29 May 2017 19:19:31 +0000 (21:19 +0200)]
alsa-lib: update urls
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Karl Palsson [Mon, 29 May 2017 10:49:08 +0000 (10:49 +0000)]
net/mosquitto: bump to 1.4.12 for CVE-2017-7650
Dot release, primarily due to CVE-2017-7650 but also rolls up some
earlier patches.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Thomas Heil [Sun, 28 May 2017 17:05:10 +0000 (19:05 +0200)]
Merge pull request #4379 from val-kulkov/nginx-package
nginx: update to 1.12.0, the latest stable version
Ted Hess [Sun, 28 May 2017 16:59:07 +0000 (12:59 -0400)]
libaudiofile: Multiple bug fixes, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839, CVE-2015-7747 & GCC6 patches
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Sat, 27 May 2017 20:03:30 +0000 (16:03 -0400)]
Merge pull request #4392 from antonlacon/ffmpeg-3.2.x
ffmpeg: update to 3.2.5
Hannu Nyman [Sat, 27 May 2017 10:36:54 +0000 (13:36 +0300)]
Merge pull request #4393 from damianorenfer/hotfix-dnscrypt-proxy-init
net/dnscrypt-proxy: fix block_ipv6 param in init script
Damiano Renfer [Sat, 27 May 2017 09:12:47 +0000 (11:12 +0200)]
net/dnscrypt-proxy: fix block_ipv6 param in init script
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
Ian Leonard [Sat, 27 May 2017 01:51:17 +0000 (18:51 -0700)]
ffmpeg: update to 3.2.5
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Peter Wagner [Sat, 27 May 2017 00:34:29 +0000 (02:34 +0200)]
git: update to 2.13.0
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Hannu Nyman [Fri, 26 May 2017 15:22:59 +0000 (18:22 +0300)]
Merge pull request #4389 from sartura/netopeer2-openssl-dependency
netopeer2-keystored: add new dependency
Antonio Paunovic [Fri, 26 May 2017 14:07:54 +0000 (14:07 +0000)]
netopeer2-keystored: add new dependency
Signed-off-by: Antonio Paunovic <antonio.paunovic@sartura.hr>
Alexandru Ardelean [Thu, 25 May 2017 13:31:25 +0000 (16:31 +0300)]
openvswitch: disable built-in kernel module build
Since we're using the kernel's module, this is
un-necessary.
Should speed up the build a bit.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Hannu Nyman [Thu, 25 May 2017 07:44:07 +0000 (10:44 +0300)]
Merge pull request #4383 from kuoruan/aria2
Aria2: Bump version
kuoruan [Thu, 25 May 2017 03:34:41 +0000 (11:34 +0800)]
webui-aria2: Bump to 2017-05-21
Signed-off-by: kuoruan <kuoruan@gmail.com>
kuoruan [Thu, 25 May 2017 03:12:39 +0000 (11:12 +0800)]
yaaw: Bump to 2017-04-11
Signed-off-by: kuoruan <kuoruan@gmail.com>
kuoruan [Thu, 25 May 2017 03:11:43 +0000 (11:11 +0800)]
aria2: Update to v1.32.0
Signed-off-by: kuoruan <kuoruan@gmail.com>
Alexandru Ardelean [Wed, 24 May 2017 20:18:04 +0000 (23:18 +0300)]
openvswitch: fix build for ovs python libs & related packages
Admittedly I never used those Python libs.
And the setup I was trying it on, did not have
the Python interpreter packaged, so these build failures
went un-noticed.
That's my fault for not trying it out properly on
a full LEDE repo, with all packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Luka Perkov [Wed, 24 May 2017 20:14:24 +0000 (22:14 +0200)]
Merge pull request #4378 from sartura/sysrepo_update
sysrepo update
Alexandru Ardelean [Wed, 24 May 2017 16:26:07 +0000 (19:26 +0300)]
python-six: add host-side build
Needed for Open vSwitch's python libs.
And build.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Val Kulkov [Wed, 24 May 2017 15:48:29 +0000 (11:48 -0400)]
nginx: update to 1.12.0, the latest stable version
This is a straightforward update to the latest stable version.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Mislav Novakovic [Wed, 24 May 2017 12:03:42 +0000 (14:03 +0200)]
netopeer2-server: modified init script
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Wed, 24 May 2017 15:08:19 +0000 (17:08 +0200)]
sysrepo: merge sysrepod and sysrepo-plugind
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 13:36:47 +0000 (15:36 +0200)]
netopeer2: change default ssh key handling
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 11:16:21 +0000 (13:16 +0200)]
netopeer2-server: edited init script
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 10:46:36 +0000 (12:46 +0200)]
netopeer2: modified uci-default script
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 10:46:12 +0000 (12:46 +0200)]
sysrepo: modified uci-default script
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 10:10:44 +0000 (12:10 +0200)]
netopeer2-server: add custom config file
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Tue, 23 May 2017 09:57:19 +0000 (11:57 +0200)]
netopeer2-server: add sysrepod dependency
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Hans Dedecker [Mon, 27 Mar 2017 13:35:29 +0000 (15:35 +0200)]
net-snmp: add inbound firewall rule support
Add UCI section general which holds the uci parameter network defining on
which interface(s) the snmp agent is reachable for inbound snmp requests
in case the firewall zone does not allow INPUT traffic by default.
For the different zones to which the different interfaces belong firewall
procd input rules are created making the snmp agent reachable on udp port
161.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hannu Nyman [Wed, 24 May 2017 08:25:23 +0000 (11:25 +0300)]
Merge pull request #4361 from EricLuehrsen/unbound_may2017
unbound: add option for dhcp UCI domain mx srv and cname
Hannu Nyman [Wed, 24 May 2017 06:23:19 +0000 (09:23 +0300)]
Merge pull request #4320 from TouchStar/gpsd-fix-darwinbuild
utils/gpsd: Set manbuild=no for build (disable building help/html docs)
Hannu Nyman [Wed, 24 May 2017 06:17:06 +0000 (09:17 +0300)]
Merge pull request #4049 from hbl0307106015/master
libndpi: add new package
Peter Wagner [Wed, 24 May 2017 00:32:38 +0000 (02:32 +0200)]
alsa-lib: update to 1.1.4
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Eric Luehrsen [Wed, 10 May 2017 02:46:39 +0000 (22:46 -0400)]
unbound: add option for dhcp UCI domain mx srv and cname
Base LEDE/OpenWrt UCI for dnsmasq provides for DNS override in
/etc/config/dhcp. It is desired to be able to use dnsmasq and
Unbound as transparently as possible. Option 'add_extra_dns'
will pull 'domain', 'mxhost', 'srvhost, and 'cname' from base.
netifd/procd have an interaction with DHCPv6/RA on WAN (FS#713).
Minor IP6 parameter updates can cause Unbound reload events every
few minutes. List option 'trigger' selects which interfaces may
cause reload. For example 'lan', 'wan' but not 'wan6'.
Squash other cosmetics.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Hannu Nyman [Mon, 22 May 2017 08:21:30 +0000 (11:21 +0300)]
Merge pull request #4375 from inindev/master
avro: Apache Avro C Library 1.8.2
John Clark [Mon, 22 May 2017 08:12:19 +0000 (04:12 -0400)]
avro: Apache Avro C Library 1.8.2
Signed-off-by: John Clark <inindev@gmail.com>
Tested-by: John Clark <inindev@gmail.com>
Yousong Zhou [Fri, 12 May 2017 13:05:07 +0000 (21:05 +0800)]
shadowsocks-libev: bump to version 3.0.6
Below are changes in the packaging method
- Use tarball provided by the upstream project maintainer instead of
cloning the whole git-repo
- Drop openssl variant as it was deprecated then removed by the
upstream project
- Add dependency on libev, libsodium, libudns as they are not bundled
with the source code anymore
Addresses issue #4191
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Fri, 12 May 2017 13:58:23 +0000 (21:58 +0800)]
udns: initial version 0.4
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hannu Nyman [Sun, 21 May 2017 18:38:44 +0000 (21:38 +0300)]
Merge pull request #4374 from damianorenfer/dnscrypt-proxy-1.9.5_plugins
net/dnscrypt-proxy: ignore parameters requiring plugins support if no…
Damiano Renfer [Sun, 21 May 2017 17:55:18 +0000 (19:55 +0200)]
net/dnscrypt-proxy: ignore parameters requiring plugins support if not available
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
Ted Hess [Sat, 20 May 2017 15:43:17 +0000 (11:43 -0400)]
faad2: Upgrade to lastest Debian patches, cleanup build procs
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Sat, 20 May 2017 15:34:06 +0000 (11:34 -0400)]
mpc: Upgrade mpd client to 0.28
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Sat, 20 May 2017 15:32:05 +0000 (11:32 -0400)]
libmpdclient: Upgrade to 2.11
Signed-off-by: Ted Hess <thess@kitschensync.net>
Ted Hess [Sat, 20 May 2017 15:30:38 +0000 (11:30 -0400)]
mpd: Upgrade Music Player Daemon to 0.20.8
Signed-off-by: Ted Hess <thess@kitschensync.net>
Kevin Darbyshire-Bryant [Sat, 20 May 2017 08:16:21 +0000 (09:16 +0100)]
miniupnpc: bump to 2.0.
20170509 (#4362)
Fix CVE-2017-8798
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Daniel Golle [Sat, 20 May 2017 01:39:12 +0000 (03:39 +0200)]
Merge pull request #4237 from dangowrt/isc-dhcp-procd
isc-dhcp: use procd and generate configuration from UCI
Daniel Golle [Wed, 5 Apr 2017 11:21:54 +0000 (13:21 +0200)]
isc-dhcp: integrate IPv4 DHCP service with procd and netifd
Convert init-script to procd and allow to configure
isc-dhcp-server via UCI. Allow most by-network and by-host options
supported by dnsmasq.
User-defined dhcp-options are not supported yet, neither are tags.
Existing configurations with use-edited /etc/dhcpd.conf are still
respected, hence to enjoy the new features you have to migrate
your configuration to UCI and delete /etc/dhcpd.conf.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hannu Nyman [Fri, 19 May 2017 14:35:10 +0000 (17:35 +0300)]
Merge pull request #4371 from commodo/fix-pip3
python3-pip: fix package ; it was broken
Alexandru Ardelean [Fri, 19 May 2017 14:20:04 +0000 (17:20 +0300)]
python3-pip: override Package/python3-pip/install rule
This is in essence fixes pip3.
That means pip3 will ship without Python byte-codes
for a while, until I'll find a better way to fix it.
I couldn't think of a not-very hack-ish way of doing it.
The only draw-back of this, will be that pip3 will run
a bit slower ; but that should be ok for a while.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 19 May 2017 14:18:33 +0000 (17:18 +0300)]
python3: remove __pycache__ folders pip & setuptools
python3-pip & python3-setuptools have slightly
different installation mechanisms.
We need to remove the __pycache__ folders.
Seems they're generated.
This also reduces the size of the python3-pip &
python3-setuptools packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 19 May 2017 14:16:38 +0000 (17:16 +0300)]
python,python3: allow python packages to override Package/<pkg>/install rule
Python packages try to enforce their own.
For some cases this may not be desired.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Hannu Nyman [Fri, 19 May 2017 07:25:17 +0000 (10:25 +0300)]
Merge pull request #4368 from hmronline/master
dynapoint: Updated to latest version (Fixes to make it actually work)
hmronline [Thu, 18 May 2017 13:59:01 +0000 (10:59 -0300)]
dynapoint: Updated to latest version (Fixes to make it actually work)
Signed-off-by: hmronline <hmronline@gmail.com>
Hannu Nyman [Thu, 18 May 2017 07:48:58 +0000 (10:48 +0300)]
Merge pull request #4365 from commodo/python-groupping
python packages: move all things python under lang/python
Hannu Nyman [Wed, 17 May 2017 19:37:29 +0000 (22:37 +0300)]
Merge pull request #4367 from dibdot/adblock
adblock: maintenance update 2.6.4
Hannu Nyman [Wed, 17 May 2017 19:36:57 +0000 (22:36 +0300)]
Merge pull request #4366 from dibdot/travelmate
travelmate: maintenance update 0.7.4
Hannu Nyman [Wed, 17 May 2017 19:36:18 +0000 (22:36 +0300)]
Merge pull request #4341 from zx2c4/wg-psk-change
wireguard: update snapshot version to 0.0.
20170517
Dirk Brenken [Wed, 17 May 2017 19:28:12 +0000 (21:28 +0200)]
adblock: maintenance update 2.6.4
* made wget default parms compatible with older program versions
* shift dns detection routine to simplify dns override,
just set 'adb_dnslist' to force a particular backend priority
(default: 'dnsmasq unbound')
* reduce ubus polling during dns detection
Signed-off-by: Dirk Brenken <dev@brenken.org>
Dirk Brenken [Wed, 17 May 2017 19:24:07 +0000 (21:24 +0200)]
travelmate: maintenance update 0.7.4
* always update the connection status, even in case of an error
* merge multiple ubus network calls in central check routine
Signed-off-by: Dirk Brenken <dev@brenken.org>
Jason A. Donenfeld [Wed, 17 May 2017 18:21:30 +0000 (20:21 +0200)]
wireguard: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Luka Perkov [Wed, 17 May 2017 17:16:59 +0000 (19:16 +0200)]
Merge pull request #4364 from sartura/jq_fix_mips_compile_flags
jq fix mips compile flags
Alexandru Ardelean [Wed, 17 May 2017 13:45:48 +0000 (16:45 +0300)]
python packages: move all things python under lang/python
I admit this may be be a bit aggressive, but the lang
folder is getting cluttered/filled up with Python, PHP, Perl,
Ruby, etc. packages.
Makes sense to try to group them into per-lang folders.
I took the Pythons.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Marko Ratkaj [Wed, 17 May 2017 12:21:38 +0000 (14:21 +0200)]
jq: import improvements from debian
Mitigate stack exhaustion when printing a very deeply nested term.
Fix heap buffer overflow in tokenadd()
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Marko Ratkaj [Wed, 17 May 2017 12:19:38 +0000 (14:19 +0200)]
jq: fix MIPS compile flags
There is a gcc related bug that causes the following issue on MIPS:
Assertion failed: jv_get_kind(a) == JV_KIND_STRING (jv.c: jvp_string_ptr: 435)
This patch will disable SRA optimizations on MIPS platform and prevent
the above issue.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Hannu Nyman [Tue, 16 May 2017 16:31:27 +0000 (19:31 +0300)]
Merge pull request #4358 from damianorenfer/dnscrypt-proxy-1.9.5
net/dnscrypt-proxy: update to 1.9.5
Hannu Nyman [Tue, 16 May 2017 16:30:38 +0000 (19:30 +0300)]
Merge pull request #4359 from damianorenfer/libsodium-1.0.12
libs/libsodium: update to 1.0.12
Michael Heimpold [Sun, 14 May 2017 20:30:44 +0000 (22:30 +0200)]
php7: update to 7.1.5
Remove patch 1006-fix-gettext.patch which was integrated upstream.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Damiano Renfer [Sun, 14 May 2017 09:37:19 +0000 (11:37 +0200)]
libs/libsodium: update to 1.0.12
* Update to 1.0.12
* Use PKG_HASH instead of PKG_MD5SUM
* Add libsodium github link in PKG_SOURCE_URL
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
Damiano Renfer [Sun, 14 May 2017 09:29:51 +0000 (11:29 +0200)]
net/dnscrypt-proxy: update to 1.9.5
* Update to 1.9.5
* Use PKG_HASH instead of PKG_MD5SUM
* Add dnscrypt-proxy github link in PKG_SOURCE_URL
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
Luka Perkov [Sat, 13 May 2017 23:01:34 +0000 (01:01 +0200)]
libssh: switch from git to release download
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Luka Perkov [Sat, 13 May 2017 22:41:23 +0000 (00:41 +0200)]
Merge pull request #4355 from sartura/sysrepo_mirror_hash
Sysrepo mirror hash
Luka Perkov [Sat, 13 May 2017 22:35:40 +0000 (00:35 +0200)]
libuv: bump to 1.11.0
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
champtar [Fri, 12 May 2017 22:11:50 +0000 (15:11 -0700)]
Merge pull request #4353 from TDT-GmbH/mwan3-fixes
Mwan3 fixes
Mislav Novakovic [Fri, 12 May 2017 14:43:44 +0000 (16:43 +0200)]
sysrepo: add PKG_MIRROR_HASH
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Fri, 12 May 2017 14:43:29 +0000 (16:43 +0200)]
netopeer2: add PKG_MIRROR_HASH
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Fri, 12 May 2017 14:43:16 +0000 (16:43 +0200)]
libnetconf2: add PKG_MIRROR_HASH
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Fri, 12 May 2017 14:42:32 +0000 (16:42 +0200)]
libyang: add PKG_MIRROR_HASH
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Florian Eckert [Fri, 12 May 2017 13:25:18 +0000 (15:25 +0200)]
net/mwan3: update Makefile version
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Fri, 12 May 2017 13:30:14 +0000 (15:30 +0200)]
net/mwan3: generate mwan3track run path folder on every run
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Fri, 12 May 2017 13:24:05 +0000 (15:24 +0200)]
net/mwan3: remove absolute path for bin files
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 8 May 2017 09:43:27 +0000 (11:43 +0200)]
net/mwan3: remove pid file use pgrep to get pid
If mwan3track will not stop immediately after sending the kill signal,
the clean_up handler will delete the pid file later while the new mwan3track is
already running.
This could result in a situation that mwan3track is running
more then once because the old mwan3track service could not be killed,
because the pid file is missing.
Using pgrep to kill all mwan3track for the tracked interface and not using
pid file should fix this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Luka Perkov [Fri, 12 May 2017 08:56:38 +0000 (10:56 +0200)]
Merge pull request #4240 from sartura/jq_add_package
jq: add package
Luka Perkov [Thu, 11 May 2017 18:07:35 +0000 (20:07 +0200)]
Merge pull request #4351 from sartura/sysrepo_release
sysrepo packages
Mislav Novakovic [Wed, 10 May 2017 13:35:06 +0000 (15:35 +0200)]
add netopeer2
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Wed, 10 May 2017 13:34:53 +0000 (15:34 +0200)]
add sysrepo
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Wed, 10 May 2017 13:34:38 +0000 (15:34 +0200)]
add libnetconf2
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Wed, 10 May 2017 13:34:24 +0000 (15:34 +0200)]
add libyang
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Mislav Novakovic [Wed, 10 May 2017 15:36:39 +0000 (17:36 +0200)]
add libssh
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Noah Meyerhans [Thu, 11 May 2017 05:06:46 +0000 (22:06 -0700)]
bind: Update to bind-9.10.5
This change includes fixes for several security issues:
* CVE-2017-3138: rndc "" could trigger an assertion failure in named.
* CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
upstream queries could trigger assertion failures.
* CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
failure.
* CVE-2017-3135: If a server is configured with a response policy zone
(RPZ) that rewrites an answer with local data, and is also configured
for DNS64 address mapping, a NULL pointer can be read triggering a
server crash.
* CVE-2016-9444: named could mishandle authority sections with missing
RRSIGs, triggering an assertion failure.
* CVE-2016-9131: named mishandled some responses where covering RRSIG
records were returned without the requested data, resulting in an
assertion failure.
* CVE-2016-9131: named incorrectly tried to cache TKEY records which could
trigger an assertion failure when there was a class mismatch.
* CVE-2016-8864: It was possible to trigger assertions when processing
responses containing answers of type DNAME.
* CVE-2016-6170: Added the ability to specify the maximum number of
records permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk with
slave zones from other parties.
* CVE-2016-2776: It was possible to trigger an assertion when rendering a
message using a specially crafted request.
* CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
trigger an infinite recursion bug in lwresd or named with lwres
configured if, when combined with a search list entry from resolv.conf,
the resulting name is too long.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Hannu Nyman [Wed, 10 May 2017 21:10:00 +0000 (00:10 +0300)]
Merge pull request #4342 from michailf/perl-upgrade
lang/perl: Upgrade to Perl 5.24.1
Michail Frolov [Wed, 3 May 2017 19:26:08 +0000 (15:26 -0400)]
lang/perl: Upgraded to Perl 5.24.1
Signed-off-by: Michail Frolov <frolovm@pobox.com>
Hannu Nyman [Wed, 10 May 2017 15:12:32 +0000 (18:12 +0300)]
Merge pull request #4346 from dibdot/travelmate
travelmate: update 0.7.3
Dirk Brenken [Wed, 10 May 2017 14:49:24 +0000 (16:49 +0200)]
travelmate: update 0.7.3
backend:
* refine connection check (reduce ubus polling)
* further stabilize sta-/ap-handling
frontend (see LuCI repo):
* Automatically refresh the overview page after button onclick event,
e.g. 'Save & Apply'
Signed-off-by: Dirk Brenken <dev@brenken.org>
Aleksei Nosachev [Wed, 10 May 2017 12:30:43 +0000 (15:30 +0300)]
Fix acme-challenge ./well-known check / webroot detection (#4339)
fixes webroot to be defined as
_currentRoot='/www'
instead of being interpreted as
_currentRoot='"/www"'
Signed-off-by: Aleksei Nosachev <nos1609@hotmail.com>