Sebastian Kemper [Tue, 19 Mar 2019 07:48:55 +0000 (08:48 +0100)]
libssh2: version bump/CVE fixes
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rosen Penev [Sun, 11 Nov 2018 03:38:41 +0000 (19:38 -0800)]
Jinja2: Update to 2.10
Switch URL to a deterministic one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Luiz Angelo Daros de Luca [Mon, 18 Mar 2019 17:35:39 +0000 (14:35 -0300)]
ruby: update to 2.5.5
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma
2.5.4: Fixes multiple vulnerabilities:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Fri, 8 Feb 2019 03:38:33 +0000 (01:38 -0200)]
ruby: fix build for uclibc
Backporting upstream fix. Closes #8051.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
f9b16dea51b34e6fbced77a81096cf1fb82f39ce)
Daniel Gimpelevich [Sat, 9 Mar 2019 11:17:47 +0000 (03:17 -0800)]
vpnc: fix IPv6-triggered inoperability
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from
ca56324 and PKG_MIRROR_HASH removal from
494ce71)
Hannu Nyman [Sun, 17 Mar 2019 08:33:25 +0000 (10:33 +0200)]
postgresql: Revert adding build dependency to zlib/host
Revert the addition of build dependency in commit
2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
https://github.com/openwrt/openwrt/commit/
8dcd941d8b934891676a8d4bbef1ee78e89a4bf7#diff-
1ed408c61d79f9c6c5d197333e94ce8d
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that
2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
d8e61d49da52e86994492c9c274da35dd3b214fc)
Hannu Nyman [Sat, 16 Mar 2019 06:01:50 +0000 (08:01 +0200)]
Merge pull request #8403 from BKPepe/transmission_openwrt-18.06
[OpenWrt 18.06] Transmission: update to version 2.94
Hannu Nyman [Sat, 16 Mar 2019 06:00:39 +0000 (08:00 +0200)]
Merge pull request #8402 from BKPepe/netdata_openwrt-18.06
[OpenWrt 18.06] Netdata: update to version 1.12.2
Hannu Nyman [Wed, 13 Mar 2019 15:24:28 +0000 (17:24 +0200)]
Merge pull request #8395 from EricLuehrsen/unbound_191_1806
[openwrt-18.06] unbound: update to 1.9.1
Rosen Penev [Wed, 13 Mar 2019 14:28:09 +0000 (15:28 +0100)]
transmission: update to version 2.94
Add LTO support
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Josef Schlehofer [Wed, 13 Mar 2019 13:49:27 +0000 (14:49 +0100)]
Netdata: update to version 1.12.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Ted Hess [Wed, 13 Mar 2019 12:39:17 +0000 (08:39 -0400)]
libtalloc: Merge 2.1.14 from master (remove libbsd dependency)
Signed-off-by: Ted Hess <thess@kitschensync.net>
Eric Luehrsen [Wed, 13 Mar 2019 01:26:53 +0000 (21:26 -0400)]
unbound: update to 1.9.1
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Hannu Nyman [Tue, 12 Mar 2019 15:49:32 +0000 (17:49 +0200)]
Merge pull request #8386 from wvdakker/openwrt-18.06
Openwrt 18.06: Shorewall Bump to 5.2.0.5 (issue #8382)
W. van den Akker [Mon, 11 Mar 2019 19:46:16 +0000 (20:46 +0100)]
Shorewall6: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:45:17 +0000 (20:45 +0100)]
Shorewall: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:44:18 +0000 (20:44 +0100)]
Shorewall6-lite: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:42:53 +0000 (20:42 +0100)]
Shorewall-lite: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Mon, 11 Mar 2019 19:40:49 +0000 (20:40 +0100)]
Shorewall-core: Bump to 5.2.0.5.
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
Daniel Golle [Thu, 7 Mar 2019 12:06:26 +0000 (13:06 +0100)]
postgresql: add HOST_BUILD_DEPENDS:=zlib/host
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit
2d1694ff7cd9e4517483f1012d9deed1b2b710c4)
Daniel Golle [Wed, 6 Mar 2019 00:42:43 +0000 (01:42 +0100)]
gnurl: update to version 7.64.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit
78adac5930f8b2613b77a0e803465396a42947b0)
Daniel Golle [Thu, 7 Mar 2019 02:20:50 +0000 (03:20 +0100)]
libgabe: add package
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 7 Mar 2019 00:39:24 +0000 (01:39 +0100)]
libpbc: add new package
cherry-pick commit
4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 5 Mar 2019 18:05:35 +0000 (19:05 +0100)]
Merge pull request #8346 from Cynerd/jinja2-missing-dep-18.06
Jinja2: add missing dependency on markupsafe
Karel Kočí [Tue, 5 Mar 2019 16:20:36 +0000 (17:20 +0100)]
Jinja2: add missing dependency on markupsafe
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Daniel Golle [Tue, 5 Mar 2019 01:02:36 +0000 (02:02 +0100)]
gnunet: revert accidentally applied libmicrohttpd changes
revert
7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
which was accidentally merged from master while the rename of the
libmicrohttpd* packages has happened only on master.
Revert it for openwrt-18.06.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 3 Mar 2019 01:58:35 +0000 (02:58 +0100)]
gnunet-secushare: add package (replacing gnunet-social package)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 2 Mar 2019 19:27:02 +0000 (20:27 +0100)]
gnunet: GNUnet v0.11.0 release
Backport and squash the following commits from master:
4dcd1d4d0 gnunet: update to 0.12 pre-release snapshot
acc59d3a0 gnunet: fix uclibc build issue
f546ac9b8 gnunet: remove iconv hack
b5b271a39 gnunet: update to gnunet 0.11 release candidate source as of
20180929
1459c3513 gnunet: update source
0b548cb73 gnunet: adapt uci-defaults to renamed namestore-flat -> -heap
effc8b5bf gnunet: update to source to
20190128
7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
1d5af8f9e gnunet: fix PKG_MIRROR_HASH
77191eddb gnunet: GNUnet v0.11 release
1c658e5f3 gnunet-secushare: auto-configure database backend
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 3 Mar 2019 01:56:38 +0000 (02:56 +0100)]
postgresql: update to version 9.6.12
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 2 Mar 2019 19:12:48 +0000 (20:12 +0100)]
libextractor: update to version 1.9
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Daniel Golle [Sat, 2 Mar 2019 19:08:23 +0000 (20:08 +0100)]
gnurl: update to version 7.63.0
Backport and squash the following commits from master:
af06f6fd5 gnurl: update to version 7.61.1
7cdbb7569 gnurl: build without libpsl
d34eda733 gnurl: update to version 7.63.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yousong Zhou [Wed, 27 Feb 2019 10:31:35 +0000 (10:31 +0000)]
openvswitch: bump to version 2.8.5
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Stijn Tintel [Sun, 17 Feb 2019 15:47:54 +0000 (17:47 +0200)]
vallumd: bump to 0.1.4
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
d89cd30a79c7219b25e0d81d6f3faabcad9bb544)
Hannu Nyman [Thu, 14 Feb 2019 16:25:51 +0000 (18:25 +0200)]
Merge pull request #8207 from commodo/18.06-CVE-2018-20406
[18.06] python3: fix [CVE-2018-20406]
Karl Palsson [Thu, 14 Feb 2019 11:14:13 +0000 (11:14 +0000)]
mosquitto: update to 1.5.7
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
Peter Wagner [Wed, 13 Feb 2019 22:05:54 +0000 (23:05 +0100)]
irssi: update to 1.2.0
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Alexandru Ardelean [Wed, 13 Feb 2019 08:14:50 +0000 (10:14 +0200)]
[18.06] python3: fix [CVE-2018-20406]
Link to Python bug:
https://bugs.python.org/issue34656
Upstream commit:
https://github.com/python/cpython/commit/
71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc
OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Yousong Zhou [Mon, 11 Feb 2019 13:21:04 +0000 (13:21 +0000)]
shadowsocks-libev: flush ss rules on entry
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Karl Palsson [Thu, 7 Feb 2019 14:02:27 +0000 (14:02 +0000)]
mosquitto: bump to 1.5.6
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
Hannu Nyman [Thu, 7 Feb 2019 18:49:29 +0000 (20:49 +0200)]
Merge pull request #8143 from micmac1/18.06-bump-maria38
mariadb: security bump to 10.1.38
Sebastian Kemper [Wed, 6 Feb 2019 22:32:46 +0000 (23:32 +0100)]
mariadb: bump to 10.1.38
Upstream Release Notes:
- MDEV-17475: Maximum value of table_definition_cache is now
2097152
- MDEV-13671: InnoDB should use case-insensitive column name comparisons
like the rest of the server
- ALTER TABLE fixes: MDEV-17230, MDEV-16499, MDEV-17904, MDEV-17833,
MDEV-17470, MDEV-18237, MDEV-18016
- Improvements to InnoDB page checksum, recovery, and Mariabackup:
MDEV-17957, MDEV-12112, MDEV-18025, MDEV-18279, MDEV-18183
- Galera
- MDEV-15740: Galera durability fix
- New configuration variable wsrep_certification_rules, used for
controlling whether to use new/optimized
(--wsrep_certification_rules=optimized) certification rules or the
old/classic ones (--wsrep_certification_rules=strict). Setting the
variable to strict can cause more certification failures.
- Fixes for the following security vulnerabilities:
- CVE-2019-2537
- CVE-2019-2529
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu Nyman [Fri, 1 Feb 2019 14:37:58 +0000 (16:37 +0200)]
Merge pull request #8098 from jonathanunderwood/openwrt-18.06-getdns-stubby-from-master
[18.06] Cherry pick getdns and stubby commits from master
Jonathan G. Underwood [Thu, 3 Jan 2019 15:10:47 +0000 (15:10 +0000)]
stubby: update to version 0.2.4
This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.
This commit also includes a number of clean-ups:
o change START=50 to START=30 in init file
Starting earlier in the boot means less chance of missing interface
trigger events. See: https://github.com/openwrt/packages/pull/4675
o remove unused variables from init file
o separate local declarations and assignments in init file
o add defensive quoting in init file
o use default values for procd respawn in init file
o make use of {} in variables consistent in init file
o remove unused variable from init file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
David Mora [Sun, 30 Dec 2018 14:50:36 +0000 (09:50 -0500)]
stubby: Remove iamperson347 from maintainer
I am no longer able to support maintaining the stubby daemon for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
jonathanunderwood [Sun, 4 Nov 2018 10:49:52 +0000 (10:49 +0000)]
stubby: add Jonathan Underwood as co-maintainer (#7307)
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sat, 27 Oct 2018 17:28:29 +0000 (18:28 +0100)]
stubby: add reload_config to documentation
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sat, 27 Oct 2018 10:29:22 +0000 (11:29 +0100)]
stubby: fix loading of config file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Sun, 30 Sep 2018 13:59:57 +0000 (14:59 +0100)]
stubby: add uci support to init file
This commit brings UCI support to the stubby package.
o All options are documented in the README.md file.
o The README.md file has been re-written to include a short usage
manual.
o The default configuration now includes more Cloudflare addresses.
o The stubby service is (re)started using procd triggers from a
specified interface with a configurable time delay.
o Round robin use of upstream resolvers is now activated by
default.
o Client privacy is now activated by default.
o Options are added for specifying the log level of the daemon and
command line options passed to the stubby command.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Tony Ambardar [Tue, 18 Sep 2018 08:06:32 +0000 (01:06 -0700)]
stubby: bump PKG_RELEASE
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 11:08:29 +0000 (04:08 -0700)]
stubby: remove unnecessary core limit
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 10:11:19 +0000 (03:11 -0700)]
stubby: add SPKI pin set for Cloudflare cert
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.
Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:35:31 +0000 (02:35 -0700)]
stubby: add Cloudflare 1.0.0.1 and ::1001 servers
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:23:34 +0000 (02:23 -0700)]
stubby: use EDNS client-subnet privacy by default
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:04:42 +0000 (02:04 -0700)]
stubby: fix config file definition
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 09:03:08 +0000 (02:03 -0700)]
stubby: rearrange Makefile for clarity
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Tue, 7 Aug 2018 13:21:11 +0000 (06:21 -0700)]
stubby: add missing dependency on ca-certificates
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Jonathan G. Underwood [Thu, 3 Jan 2019 01:16:23 +0000 (01:16 +0000)]
getdns: update to version 1.5.0
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
David Mora [Sun, 30 Dec 2018 14:50:39 +0000 (09:50 -0500)]
getdns: Remove iamperson347 from maintainer
I am no longer able to support maintaining the getdns lib for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
Hannu Nyman [Thu, 31 Jan 2019 18:12:48 +0000 (20:12 +0200)]
Merge pull request #8094 from candrews/patch-2
getdns: fix missing libbsd dependency
Craig Andrews [Thu, 31 Jan 2019 16:16:57 +0000 (11:16 -0500)]
getdns: fix missing libbsd dependency
Backport these commits from master to the 18.06 branch:
8365744b80c1c0c57fabe199aaa08e6bacef8063
035b22b2085c1dc5f5788a941a44f69de757826b
d0766135ade4409103cd5bfbd6180a41c4f2741a
Fixes https://github.com/openwrt/packages/issues/8093
Signed-off-by: Craig Andrews <candrews@integralblue.com>
Adrien DAURIAT [Wed, 30 Jan 2019 22:32:51 +0000 (23:32 +0100)]
acme: Fix loading credentials
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
Hannu Nyman [Wed, 30 Jan 2019 21:09:39 +0000 (23:09 +0200)]
Merge pull request #8077 from BKPepe/openwrt-18.06
[openwrt-18.06] youtube-dl: update to version 2019.01.30.1
Josef Schlehofer [Wed, 30 Jan 2019 13:27:55 +0000 (14:27 +0100)]
youtube-dl: update to version 2019.01.30.1
Add Josef Schlehofer as Co-maintainer to be able to track issues
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hannu Nyman [Sun, 27 Jan 2019 21:05:41 +0000 (23:05 +0200)]
Merge pull request #8048 from jefferyto/openwrt-18.06-python-idna
[openwrt-18.06] python-idna: Add missing dependency on python(3)-codecs
Jeffery To [Sun, 27 Jan 2019 12:26:48 +0000 (20:26 +0800)]
python-idna: Add missing dependency on python(3)-codecs
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hannu Nyman [Sun, 27 Jan 2019 09:58:13 +0000 (11:58 +0200)]
Merge pull request #7945 from jefferyto/openwrt-18.06-python-lib2to3-pyc-fix
[openwrt-18.06] python/python3: Fix lib2to3 fixes search
Jeffery To [Sat, 12 Jan 2019 22:14:36 +0000 (06:14 +0800)]
python/python3: Fix lib2to3 fixes search
This is the patch from
c98b12d9a920ede376d1eaef0da0c0da9d26d6b3 (#7931),
applied for both python 2 and 3.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hannu Nyman [Wed, 2 Jan 2019 16:02:23 +0000 (18:02 +0200)]
Merge pull request #7799 from cshoredaniel/pr-nut-runas-backport
[18.06] nut: Default to run as root but fix alt runas
Peter Wagner [Wed, 2 Jan 2019 00:02:44 +0000 (01:02 +0100)]
libsndfile: update to
42132c543358cee9f7c3e9e9b15bb6c1063a608e
Fixes CVE-2018-19758
Hannu Nyman [Tue, 1 Jan 2019 19:55:43 +0000 (21:55 +0200)]
Merge pull request #7757 from jefferyto/openwrt-18.06-python-dist-info
[openwrt-18.06] python/python3: fix .dist-info missing for setuptools and pip
Hannu Nyman [Mon, 31 Dec 2018 20:33:38 +0000 (22:33 +0200)]
Merge pull request #7820 from commodo/18-06-python3-CVE-2018-14647
[18.06] python3: backport CVE-2018-14647 patch from upstream
Hannu Nyman [Mon, 31 Dec 2018 20:32:58 +0000 (22:32 +0200)]
Merge pull request #7819 from commodo/18-06-python-CVE-2018-14647
[18.06] python: backport CVE-2018-14647 patches from upstream
Alexandru Ardelean [Mon, 31 Dec 2018 17:06:09 +0000 (19:06 +0200)]
python3: backport CVE-2018-14647 patch from upstream [18.06]
These patches are backports from Python 3.6 upstream.
The security issue is described here:
https://nvd.nist.gov/vuln/detail/CVE-2018-14647
The Python bug report:
https://bugs.python.org/issue34623
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 31 Dec 2018 15:45:39 +0000 (17:45 +0200)]
python: backport CVE-2018-14647 patches from upstream [18.06]
These patches are backports from Python 2.7 upstream.
The security issue is described here:
https://nvd.nist.gov/vuln/detail/CVE-2018-14647
The Python bug report:
https://bugs.python.org/issue34623
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel F. Dickinson [Fri, 28 Dec 2018 21:09:08 +0000 (16:09 -0500)]
nut: Default to run as root but fix alt runas
Since the new hotplug script in master was not backport (new feature),
for 18.06 branch revert the old behavior of running NUT daemons and
drivers as root by default to avoid permisions problems, but backport
fix the support for running as another user for those who can set the
appropriate permissions on the USB (or other) device.
Closes: #7742
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Peter Wagner [Tue, 25 Dec 2018 03:03:28 +0000 (04:03 +0100)]
libsndfile: update to
8ddc442d539ca775d80cdbc7af17a718634a743f
a/ulaw: fix multiple buffer overflows
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Jeffery To [Sat, 22 Dec 2018 14:16:52 +0000 (22:16 +0800)]
python/python3: fix .dist-info missing for setuptools and pip
Without .dist-info (similar to .egg-info), setuptools and pip are not
discoverable by pkg_resources.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
champtar [Thu, 20 Dec 2018 18:08:45 +0000 (19:08 +0100)]
Merge pull request #7733 from micmac1/openwrt-18.06-sqlite-fpic
(18.06) sqlite3: remove fpic, change maintainer
Sebastian Kemper [Wed, 19 Dec 2018 19:25:50 +0000 (20:25 +0100)]
sqlite3: change maintainer
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sebastian Kemper [Wed, 19 Dec 2018 19:24:12 +0000 (20:24 +0100)]
sqlite3: remove $(FPIC)
Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:
https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
champtar [Tue, 18 Dec 2018 21:46:08 +0000 (22:46 +0100)]
Merge pull request #7726 from micmac1/openwrt-18.06-sqlite3
(18.06) sqlite3 security bump
Sebastian Kemper [Tue, 18 Dec 2018 20:12:46 +0000 (21:12 +0100)]
sqlite3: security bump
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Karl Palsson [Mon, 17 Dec 2018 10:55:34 +0000 (10:55 +0000)]
net/mosquitto: bump to 1.5.5
Security and bug fix. Full changelog available at: https://mosquitto.org/ChangeLog.txt
Signed-off-by: Karl Palsson <karlp@etactica.com>
Ted Hess [Sat, 8 Dec 2018 22:12:08 +0000 (17:12 -0500)]
CircleCI: [18.06] branch specific version.
Add package checks and HASH verify from Travis. Fix build log generation.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Hannu Nyman [Tue, 11 Dec 2018 16:42:14 +0000 (18:42 +0200)]
Merge pull request #7638 from cshoredaniel/pr-nut-backport
[18.06] nut: Backport fixes from master
Daniel F. Dickinson [Tue, 21 Aug 2018 00:06:31 +0000 (20:06 -0400)]
nut: Backport fixes from master
Backport and squash the following commits from master:
5790053eb nut: Add missing conffiles
ceff68837 nut: Reorganize nut-server to clarify nut-driver
f6a2a97d2 nut: Use 'real' procd init for nut-monitor
918a62f91 nut: Make FSD really work
a2f64b3ba nut: Reduce user error with POWERDOWNFLAG
461393810 nut: Use quotes around filenames
1b6dbe7a7 nut: Remove duplicate/extraneous lines
0a49d0ffb nut: Fix checking for path before it exists
3b5a8eee8 nut: Various startup fixes for monitor and server
44e57d4bd nut: Fix variables for NUT drivers
36fd59dc7 nut: Fix extraneous config_get
192b0f164 nut: Fix a typo in setting a driver parameter
f48b060fa nut: Fix upsd runs as root
And bump PKG_RELEASE
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Rosen Penev [Thu, 6 Dec 2018 23:17:51 +0000 (15:17 -0800)]
libsndfile: Fix MIRROR_HASH
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hannu Nyman [Thu, 6 Dec 2018 08:36:21 +0000 (10:36 +0200)]
Merge pull request #7554 from micmac1/tiff-4010-18.06
(openwrt-18.06) tiff: security bump to 4.0.10
Peter Wagner [Mon, 3 Dec 2018 22:09:50 +0000 (23:09 +0100)]
libsndfile: add PKG_SOURCE_DATE
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner [Sun, 2 Dec 2018 10:42:07 +0000 (11:42 +0100)]
libsndfile: switch to cmake
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner [Sat, 1 Dec 2018 12:48:37 +0000 (13:48 +0100)]
libsndfile: switch to git
Fixes CVEs:
CVE-2017-6892
CVE-2017-8361
CVE-2017-8362
CVE-2017-8363
CVE-2017-8365
CVE-2017-12562
CVE-2017-14245
CVE-2017-14246
CVE-2017-14634
CVE-2018-13139
CVE-2018-13419
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Sebastian Kemper [Sun, 2 Dec 2018 10:31:15 +0000 (11:31 +0100)]
tiff: security bump to 4.0.10
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rosen Penev [Sat, 1 Dec 2018 11:29:16 +0000 (13:29 +0200)]
tree: Update to 1.8.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
dbe1c48c53aebd97a51f06334307224aaf7107a7)
Karl Palsson [Tue, 27 Nov 2018 16:46:12 +0000 (16:46 +0000)]
net/mosquitto: support more acl plugin options
Adds support for acl_plugin, and acl_opt_* options.
acl_opt_* requires some care as it relies on the internal behaviour of
cfg_load setting environment variables in a certain form. However,
given that _all_ of the cfg_load infrastructure relies on that, we can
be pretty sure that it won't change in a way that will hurt us.
Originally reported as: https://github.com/openwrt/packages/pull/7434
Signed-off-by: Karl Palsson <karlp@etactica.com>
champtar [Tue, 27 Nov 2018 00:57:01 +0000 (19:57 -0500)]
Merge pull request #7481 from padre-lacroix/darkstat-18.06
darkstat: [18.06] procd init script and enabling additional parameters
Jean-Michel Lacroix [Mon, 19 Nov 2018 23:44:13 +0000 (18:44 -0500)]
darkstat: [18.06] procd init script and enabling additional parameters
This is the same change as the one on master
This is to change the init script to a procd init script
This also enable some additional parameters in the binary that
were present but not enabled:
The export file (option export_file)
The import file (option import_file)
The daylog (option daylog_file)
These are disabled by default. Also, the option to run as a daemon
is removed, as not compatible with procd.
There is no change in the binary.
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
Leonid Evdokimov [Sun, 25 Nov 2018 13:57:27 +0000 (16:57 +0300)]
prometheus-node-exporter-lua: close io.popen files to reap zombies
Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>
Ted Hess [Sat, 17 Nov 2018 20:13:19 +0000 (15:13 -0500)]
build,circleci: Updates with additional checks from travis scripts.
Checking:
- Pull request does not contain unwanted merges
- signed-off-by tag exists and matches author
- Subject line has package name
- Author name has 'firstname lastname' (no nicknames)
Signed-off-by: Ted Hess <thess@kitschensync.net>
[Use git instead of CircleCI variables]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne Champetier [Sun, 25 Nov 2018 01:45:04 +0000 (20:45 -0500)]
build,circleci: add curl & wget to base image
curl was present in latest image but seems to have been remove from latest debian:9
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Hannu Nyman [Sat, 24 Nov 2018 14:48:03 +0000 (16:48 +0200)]
nano: update to 3.2
Update nano to version 3.2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
ea656e25a2c3c70fde00e46bb42b236064ece752)
projects / feed / packages.git / log