feed/packages.git
5 years agostubby: add reload_config to documentation
Jonathan G. Underwood [Sat, 27 Oct 2018 17:28:29 +0000 (18:28 +0100)]
stubby: add reload_config to documentation

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: fix loading of config file
Jonathan G. Underwood [Sat, 27 Oct 2018 10:29:22 +0000 (11:29 +0100)]
stubby: fix loading of config file

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: add uci support to init file
Jonathan G. Underwood [Sun, 30 Sep 2018 13:59:57 +0000 (14:59 +0100)]
stubby: add uci support to init file

This commit brings UCI support to the stubby package.

    o All options are documented in the README.md file.
    o The README.md file has been re-written to include a short usage
      manual.
    o The default configuration now includes more Cloudflare addresses.
    o The stubby service is (re)started using procd triggers from a
      specified interface with a configurable time delay.
    o Round robin use of upstream resolvers is now activated by
      default.
    o Client privacy is now activated by default.
    o Options are added for specifying the log level of the daemon and
      command line options passed to the stubby command.

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agostubby: bump PKG_RELEASE
Tony Ambardar [Tue, 18 Sep 2018 08:06:32 +0000 (01:06 -0700)]
stubby: bump PKG_RELEASE

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: remove unnecessary core limit
Tony Ambardar [Tue, 7 Aug 2018 11:08:29 +0000 (04:08 -0700)]
stubby: remove unnecessary core limit

Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add SPKI pin set for Cloudflare cert
Tony Ambardar [Tue, 7 Aug 2018 10:11:19 +0000 (03:11 -0700)]
stubby: add SPKI pin set for Cloudflare cert

Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.

Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add Cloudflare 1.0.0.1 and ::1001 servers
Tony Ambardar [Tue, 7 Aug 2018 09:35:31 +0000 (02:35 -0700)]
stubby: add Cloudflare 1.0.0.1 and ::1001 servers

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: use EDNS client-subnet privacy by default
Tony Ambardar [Tue, 7 Aug 2018 09:23:34 +0000 (02:23 -0700)]
stubby: use EDNS client-subnet privacy by default

Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: fix config file definition
Tony Ambardar [Tue, 7 Aug 2018 09:04:42 +0000 (02:04 -0700)]
stubby: fix config file definition

The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: rearrange Makefile for clarity
Tony Ambardar [Tue, 7 Aug 2018 09:03:08 +0000 (02:03 -0700)]
stubby: rearrange Makefile for clarity

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agostubby: add missing dependency on ca-certificates
Tony Ambardar [Tue, 7 Aug 2018 13:21:11 +0000 (06:21 -0700)]
stubby: add missing dependency on ca-certificates

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agogetdns: update to version 1.5.0
Jonathan G. Underwood [Thu, 3 Jan 2019 01:16:23 +0000 (01:16 +0000)]
getdns: update to version 1.5.0

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
5 years agogetdns: Remove iamperson347 from maintainer
David Mora [Sun, 30 Dec 2018 14:50:39 +0000 (09:50 -0500)]
getdns: Remove iamperson347 from maintainer

I am no longer able to support maintaining the getdns lib for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.

5 years agoMerge pull request #8094 from candrews/patch-2
Hannu Nyman [Thu, 31 Jan 2019 18:12:48 +0000 (20:12 +0200)]
Merge pull request #8094 from candrews/patch-2

getdns: fix missing libbsd dependency

5 years agogetdns: fix missing libbsd dependency
Craig Andrews [Thu, 31 Jan 2019 16:16:57 +0000 (11:16 -0500)]
getdns: fix missing libbsd dependency

Backport these commits from master to the 18.06 branch:
8365744b80c1c0c57fabe199aaa08e6bacef8063
035b22b2085c1dc5f5788a941a44f69de757826b
d0766135ade4409103cd5bfbd6180a41c4f2741a

Fixes https://github.com/openwrt/packages/issues/8093

Signed-off-by: Craig Andrews <candrews@integralblue.com>
5 years agoacme: Fix loading credentials
Adrien DAURIAT [Wed, 30 Jan 2019 22:32:51 +0000 (23:32 +0100)]
acme: Fix loading credentials

Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )

Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
5 years agoMerge pull request #8077 from BKPepe/openwrt-18.06
Hannu Nyman [Wed, 30 Jan 2019 21:09:39 +0000 (23:09 +0200)]
Merge pull request #8077 from BKPepe/openwrt-18.06

[openwrt-18.06] youtube-dl: update to version 2019.01.30.1

5 years agoyoutube-dl: update to version 2019.01.30.1
Josef Schlehofer [Wed, 30 Jan 2019 13:27:55 +0000 (14:27 +0100)]
youtube-dl: update to version 2019.01.30.1

Add Josef Schlehofer as Co-maintainer to be able to track issues

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #8048 from jefferyto/openwrt-18.06-python-idna
Hannu Nyman [Sun, 27 Jan 2019 21:05:41 +0000 (23:05 +0200)]
Merge pull request #8048 from jefferyto/openwrt-18.06-python-idna

[openwrt-18.06] python-idna: Add missing dependency on python(3)-codecs

5 years agopython-idna: Add missing dependency on python(3)-codecs
Jeffery To [Sun, 27 Jan 2019 12:26:48 +0000 (20:26 +0800)]
python-idna: Add missing dependency on python(3)-codecs

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agoMerge pull request #7945 from jefferyto/openwrt-18.06-python-lib2to3-pyc-fix
Hannu Nyman [Sun, 27 Jan 2019 09:58:13 +0000 (11:58 +0200)]
Merge pull request #7945 from jefferyto/openwrt-18.06-python-lib2to3-pyc-fix

[openwrt-18.06] python/python3: Fix lib2to3 fixes search

5 years agopython/python3: Fix lib2to3 fixes search
Jeffery To [Sat, 12 Jan 2019 22:14:36 +0000 (06:14 +0800)]
python/python3: Fix lib2to3 fixes search

This is the patch from c98b12d9a920ede376d1eaef0da0c0da9d26d6b3 (#7931),
applied for both python 2 and 3.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agoMerge pull request #7799 from cshoredaniel/pr-nut-runas-backport
Hannu Nyman [Wed, 2 Jan 2019 16:02:23 +0000 (18:02 +0200)]
Merge pull request #7799 from cshoredaniel/pr-nut-runas-backport

[18.06] nut: Default to run as root but fix alt runas

5 years agolibsndfile: update to 42132c543358cee9f7c3e9e9b15bb6c1063a608e
Peter Wagner [Wed, 2 Jan 2019 00:02:44 +0000 (01:02 +0100)]
libsndfile: update to 42132c543358cee9f7c3e9e9b15bb6c1063a608e

Fixes CVE-2018-19758

5 years agoMerge pull request #7757 from jefferyto/openwrt-18.06-python-dist-info
Hannu Nyman [Tue, 1 Jan 2019 19:55:43 +0000 (21:55 +0200)]
Merge pull request #7757 from jefferyto/openwrt-18.06-python-dist-info

[openwrt-18.06] python/python3: fix .dist-info missing for setuptools and pip

5 years agoMerge pull request #7820 from commodo/18-06-python3-CVE-2018-14647
Hannu Nyman [Mon, 31 Dec 2018 20:33:38 +0000 (22:33 +0200)]
Merge pull request #7820 from commodo/18-06-python3-CVE-2018-14647

[18.06] python3: backport CVE-2018-14647 patch from upstream

5 years agoMerge pull request #7819 from commodo/18-06-python-CVE-2018-14647
Hannu Nyman [Mon, 31 Dec 2018 20:32:58 +0000 (22:32 +0200)]
Merge pull request #7819 from commodo/18-06-python-CVE-2018-14647

[18.06] python: backport CVE-2018-14647 patches from upstream

5 years agopython3: backport CVE-2018-14647 patch from upstream [18.06]
Alexandru Ardelean [Mon, 31 Dec 2018 17:06:09 +0000 (19:06 +0200)]
python3: backport CVE-2018-14647 patch from upstream [18.06]

These patches are backports from Python 3.6 upstream.
The security issue is described here:
  https://nvd.nist.gov/vuln/detail/CVE-2018-14647

The Python bug report:
  https://bugs.python.org/issue34623

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
5 years agopython: backport CVE-2018-14647 patches from upstream [18.06]
Alexandru Ardelean [Mon, 31 Dec 2018 15:45:39 +0000 (17:45 +0200)]
python: backport CVE-2018-14647 patches from upstream [18.06]

These patches are backports from Python 2.7 upstream.
The security issue is described here:
  https://nvd.nist.gov/vuln/detail/CVE-2018-14647

The Python bug report:
  https://bugs.python.org/issue34623

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
5 years agonut: Default to run as root but fix alt runas
Daniel F. Dickinson [Fri, 28 Dec 2018 21:09:08 +0000 (16:09 -0500)]
nut: Default to run as root but fix alt runas

Since the new hotplug script in master was not backport (new feature),
for 18.06 branch revert the old behavior of running NUT daemons and
drivers as root by default to avoid permisions problems, but backport
fix the support for running as another user for those who can set the
appropriate permissions on the USB (or other) device.

Closes: #7742
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
5 years agolibsndfile: update to 8ddc442d539ca775d80cdbc7af17a718634a743f
Peter Wagner [Tue, 25 Dec 2018 03:03:28 +0000 (04:03 +0100)]
libsndfile: update to 8ddc442d539ca775d80cdbc7af17a718634a743f
a/ulaw: fix multiple buffer overflows

Signed-off-by: Peter Wagner <tripolar@gmx.at>
5 years agopython/python3: fix .dist-info missing for setuptools and pip
Jeffery To [Sat, 22 Dec 2018 14:16:52 +0000 (22:16 +0800)]
python/python3: fix .dist-info missing for setuptools and pip

Without .dist-info (similar to .egg-info), setuptools and pip are not
discoverable by pkg_resources.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agoMerge pull request #7733 from micmac1/openwrt-18.06-sqlite-fpic
champtar [Thu, 20 Dec 2018 18:08:45 +0000 (19:08 +0100)]
Merge pull request #7733 from micmac1/openwrt-18.06-sqlite-fpic

(18.06) sqlite3: remove fpic, change maintainer

5 years agosqlite3: change maintainer
Sebastian Kemper [Wed, 19 Dec 2018 19:25:50 +0000 (20:25 +0100)]
sqlite3: change maintainer

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agosqlite3: remove $(FPIC)
Sebastian Kemper [Wed, 19 Dec 2018 19:24:12 +0000 (20:24 +0100)]
sqlite3: remove $(FPIC)

Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:

https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals

The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agoMerge pull request #7726 from micmac1/openwrt-18.06-sqlite3
champtar [Tue, 18 Dec 2018 21:46:08 +0000 (22:46 +0100)]
Merge pull request #7726 from micmac1/openwrt-18.06-sqlite3

(18.06) sqlite3 security bump

6 years agosqlite3: security bump
Sebastian Kemper [Tue, 18 Dec 2018 20:12:46 +0000 (21:12 +0100)]
sqlite3: security bump

A remote code execution vuln has been found in sqlite. Infos available
here:

https://blade.tencent.com/magellan/index_en.html

sqlite 3.26.0 contains the fix.

This commit also changes source URL to https.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agonet/mosquitto: bump to 1.5.5
Karl Palsson [Mon, 17 Dec 2018 10:55:34 +0000 (10:55 +0000)]
net/mosquitto: bump to 1.5.5

Security and bug fix.  Full changelog available at: https://mosquitto.org/ChangeLog.txt

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agoCircleCI: [18.06] branch specific version.
Ted Hess [Sat, 8 Dec 2018 22:12:08 +0000 (17:12 -0500)]
CircleCI: [18.06] branch specific version.

Add package checks and HASH verify from Travis. Fix build log generation.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #7638 from cshoredaniel/pr-nut-backport
Hannu Nyman [Tue, 11 Dec 2018 16:42:14 +0000 (18:42 +0200)]
Merge pull request #7638 from cshoredaniel/pr-nut-backport

[18.06] nut: Backport fixes from master

6 years agonut: Backport fixes from master
Daniel F. Dickinson [Tue, 21 Aug 2018 00:06:31 +0000 (20:06 -0400)]
nut: Backport fixes from master

Backport and squash the following commits from master:

  5790053eb nut: Add missing conffiles
  ceff68837 nut: Reorganize nut-server to clarify nut-driver
  f6a2a97d2 nut: Use 'real' procd init for nut-monitor
  918a62f91 nut: Make FSD really work
  a2f64b3ba nut: Reduce user error with POWERDOWNFLAG
  461393810 nut: Use quotes around filenames
  1b6dbe7a7 nut: Remove duplicate/extraneous lines
  0a49d0ffb nut: Fix checking for path before it exists
  3b5a8eee8 nut: Various startup fixes for monitor and server
  44e57d4bd nut: Fix variables for NUT drivers
  36fd59dc7 nut: Fix extraneous config_get
  192b0f164 nut: Fix a typo in setting a driver parameter
  f48b060fa nut: Fix upsd runs as root

And bump PKG_RELEASE

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
6 years agolibsndfile: Fix MIRROR_HASH
Rosen Penev [Thu, 6 Dec 2018 23:17:51 +0000 (15:17 -0800)]
libsndfile: Fix MIRROR_HASH

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agoMerge pull request #7554 from micmac1/tiff-4010-18.06
Hannu Nyman [Thu, 6 Dec 2018 08:36:21 +0000 (10:36 +0200)]
Merge pull request #7554 from micmac1/tiff-4010-18.06

(openwrt-18.06) tiff: security bump to 4.0.10

6 years agolibsndfile: add PKG_SOURCE_DATE
Peter Wagner [Mon, 3 Dec 2018 22:09:50 +0000 (23:09 +0100)]
libsndfile: add PKG_SOURCE_DATE

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agolibsndfile: switch to cmake
Peter Wagner [Sun, 2 Dec 2018 10:42:07 +0000 (11:42 +0100)]
libsndfile: switch to cmake

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agolibsndfile: switch to git
Peter Wagner [Sat, 1 Dec 2018 12:48:37 +0000 (13:48 +0100)]
libsndfile: switch to git

Fixes CVEs:
CVE-2017-6892
CVE-2017-8361
CVE-2017-8362
CVE-2017-8363
CVE-2017-8365
CVE-2017-12562
CVE-2017-14245
CVE-2017-14246
CVE-2017-14634
CVE-2018-13139
CVE-2018-13419

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agotiff: security bump to 4.0.10
Sebastian Kemper [Sun, 2 Dec 2018 10:31:15 +0000 (11:31 +0100)]
tiff: security bump to 4.0.10

This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:

CVE-2017-17095
CVE-2018-17101
CVE-2018-18557

The update is 100% backwards compatible, no symbol changes.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agotree: Update to 1.8.0
Rosen Penev [Sat, 1 Dec 2018 11:29:16 +0000 (13:29 +0200)]
tree: Update to 1.8.0

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit dbe1c48c53aebd97a51f06334307224aaf7107a7)

6 years agonet/mosquitto: support more acl plugin options
Karl Palsson [Tue, 27 Nov 2018 16:46:12 +0000 (16:46 +0000)]
net/mosquitto: support more acl plugin options

Adds support for acl_plugin, and acl_opt_* options.
acl_opt_* requires some care as it relies on the internal behaviour of
cfg_load setting environment variables in a certain form.  However,
given that _all_ of the cfg_load infrastructure relies on that, we can
be pretty sure that it won't change in a way that will hurt us.

Originally reported as: https://github.com/openwrt/packages/pull/7434

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agoMerge pull request #7481 from padre-lacroix/darkstat-18.06
champtar [Tue, 27 Nov 2018 00:57:01 +0000 (19:57 -0500)]
Merge pull request #7481 from padre-lacroix/darkstat-18.06

darkstat: [18.06] procd init script and enabling additional parameters

6 years agodarkstat: [18.06] procd init script and enabling additional parameters
Jean-Michel Lacroix [Mon, 19 Nov 2018 23:44:13 +0000 (18:44 -0500)]
darkstat: [18.06] procd init script and enabling additional parameters
This is the same change as the one on master
This is to change the init script to a procd init script
This also enable some additional parameters in the binary that
were present but not enabled:
The export file (option export_file)
The import file (option import_file)
The daylog (option daylog_file)
These are disabled by default.  Also, the option to run as a daemon
is removed, as not compatible with procd.

There is no change in the binary.

Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
6 years agoprometheus-node-exporter-lua: close io.popen files to reap zombies
Leonid Evdokimov [Sun, 25 Nov 2018 13:57:27 +0000 (16:57 +0300)]
prometheus-node-exporter-lua: close io.popen files to reap zombies

Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>
6 years agobuild,circleci: Updates with additional checks from travis scripts.
Ted Hess [Sat, 17 Nov 2018 20:13:19 +0000 (15:13 -0500)]
build,circleci: Updates with additional checks from travis scripts.

Checking:
- Pull request does not contain unwanted merges
- signed-off-by tag exists and matches author
- Subject line has package name
- Author name has 'firstname lastname' (no nicknames)

Signed-off-by: Ted Hess <thess@kitschensync.net>
[Use git instead of CircleCI variables]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agobuild,circleci: add curl & wget to base image
Etienne Champetier [Sun, 25 Nov 2018 01:45:04 +0000 (20:45 -0500)]
build,circleci: add curl & wget to base image

curl was present in latest image but seems to have been remove from latest debian:9

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agonano: update to 3.2
Hannu Nyman [Sat, 24 Nov 2018 14:48:03 +0000 (16:48 +0200)]
nano: update to 3.2

Update nano to version 3.2

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit ea656e25a2c3c70fde00e46bb42b236064ece752)

6 years agocollectd: update to 5.8.1
Hannu Nyman [Sat, 24 Nov 2018 14:47:21 +0000 (16:47 +0200)]
collectd: update to 5.8.1

Update collectd to version 5.8.1

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 29eac13d8fe4b3147fd63840f1ff11875e87776d)

6 years agocollectd: remove obsolete references to avr32
Hannu Nyman [Sat, 24 Nov 2018 14:45:34 +0000 (16:45 +0200)]
collectd: remove obsolete references to avr32

Backport the collectd portion of the treewide changes
made by e38c10061 in master

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
6 years agocollectd: include nls.mk for mysql plugin
Sebastian Kemper [Fri, 13 Jul 2018 20:46:47 +0000 (22:46 +0200)]
collectd: include nls.mk for mysql plugin

libmariadb 10.2 needs to be linked in together with iconv.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit b695c1150ac7c3d7a8248b670866555824185e0f)

6 years agoutils/collectd: run with low priority
Marc Benoit [Thu, 5 Apr 2018 21:56:10 +0000 (17:56 -0400)]
utils/collectd: run with low priority

Even on a powerful platform a collectd process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
stats collection can wait a bit.

Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
Make niceness more moderate, bump version.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit b33ec70c95c298ba5e9583ecffe668a5f7473ec0)

6 years agoMerge pull request #7484 from luizluca/mwan3-backports
Hannu Nyman [Wed, 21 Nov 2018 17:20:53 +0000 (19:20 +0200)]
Merge pull request #7484 from luizluca/mwan3-backports

[18.06] net/mwan3: fix NDP on ipv6 for ra services

6 years agonet/mwan3: fix NDP on ipv6 for ra services
Florian Eckert [Wed, 23 May 2018 08:51:52 +0000 (10:51 +0200)]
net/mwan3: fix NDP on ipv6 for ra services

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b6249f1781efc4fefbdf87b661d53c0923ec7438)

6 years agostrongswan: backport upstream fixes for CVEs in gmp plugin
Magnus Kroken [Fri, 5 Oct 2018 23:23:32 +0000 (01:23 +0200)]
strongswan: backport upstream fixes for CVEs in gmp plugin

This fixes:
* CVE-2018-16151
* CVE-2018-16152
* CVE-2018-17540

Details:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
6 years agoCircleCI: Fix URL references and add BRANCH refs
Ted Hess [Tue, 13 Nov 2018 17:11:20 +0000 (12:11 -0500)]
CircleCI: Fix URL references and add BRANCH refs

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #7366 from thess/ffmpeg-18.06
Ted Hess [Mon, 12 Nov 2018 19:35:50 +0000 (14:35 -0500)]
Merge pull request #7366 from thess/ffmpeg-18.06

[18.06] ffmpeg: work around hard/soft float configs for libffmpeg-full

6 years agoffmpeg: work around hard/soft float configs for libffmpeg-full
Ted Hess [Fri, 9 Nov 2018 19:00:02 +0000 (14:00 -0500)]
ffmpeg: work around hard/soft float configs for libffmpeg-full

Hard float includes: mp3lame
Soft float includes: shine (mp3 encoder)

libx264 is included when selected iff BUILD_PATENTED is true.

fdk-aac will not be available in libffmpeg-full due to incompatible license with libx264.
Custom builds can override licensing restrictions but results may not be re-distributable.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #6932 from chris5560/radicale_18.06
Hannu Nyman [Sun, 11 Nov 2018 08:52:53 +0000 (10:52 +0200)]
Merge pull request #6932 from chris5560/radicale_18.06

radicale: [18.06] add extra command "export_storage" to init script

6 years agoadblock: fix adguard source
Dirk Brenken [Sat, 10 Nov 2018 16:39:08 +0000 (17:39 +0100)]
adblock: fix adguard source

* fix regex for adguard blocklist source

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ff139131a73f27ec57e0865ca0d3ad965f382577)

6 years agonet/mosquitto: bump to 1.5.4
Karl Palsson [Fri, 9 Nov 2018 10:26:02 +0000 (10:26 +0000)]
net/mosquitto: bump to 1.5.4

Security and bugfix release.  Full release notes available at:
https://mosquitto.org/blog/2018/11/version-154-released/

Security:
* client certificates not validated for websockets listeners.

Bugfixes:
* wills with disconnected clients better handled
* bridge restart_timeout properly observed

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agohaveged: update to 1.9.4
Hannu Nyman [Sun, 4 Nov 2018 13:58:22 +0000 (15:58 +0200)]
haveged: update to 1.9.4

Version bump to 1.9.4

Development has moved to github.
 * old site: http://www.issihosts.com/haveged
 * new site: https://github.com/jirka-h/haveged

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit f316aaeab65c6f9291e18cb075ea77884520b51e)

6 years agoccrypt: Update to 1.11
Rosen Penev [Sun, 4 Nov 2018 19:34:53 +0000 (21:34 +0200)]
ccrypt: Update to 1.11

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2074901f33f6260a593d2ad3eeb1fdda28bb5e69)

6 years agoMerge pull request #7301 from micmac1/maria37
champtar [Sat, 3 Nov 2018 17:35:02 +0000 (13:35 -0400)]
Merge pull request #7301 from micmac1/maria37

(18.06) mariadb: security bump to 10.1.37

6 years agoMerge pull request #7231 from padre-lacroix/bandwidthd-18.06
champtar [Sat, 3 Nov 2018 17:32:12 +0000 (13:32 -0400)]
Merge pull request #7231 from padre-lacroix/bandwidthd-18.06

Bandwidthd 18.06: fix undefined references to inline functions

6 years agomariadb: security bump to 10.1.37
Sebastian Kemper [Sat, 3 Nov 2018 12:15:43 +0000 (13:15 +0100)]
mariadb: security bump to 10.1.37

Notable Changes (copied from release notes):

  Various fixes from MySQL 5.6.42: MDEV-17533, MDEV-17532, MDEV-17531
  MDEV-16465: fixed a bug with DDL and FOREIGN KEY
  Fulltext index fixes:
    MDEV-12547: extended the range of innodb_ft_result_cache_limit on 64-bit systems
    MDEV-16865: InnoDB fts_query() ignores KILL
  Fixes for the following security vulnerabilities:
    CVE-2018-3282
    CVE-2016-9843
    CVE-2018-3174
    CVE-2018-3143
    CVE-2018-3156
    CVE-2018-3251

OpenWrt changes:
  - dropped obsolete ucontext patch (issue fixed upstream)
  - refreshed 130-c11_atomics.patch

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
6 years agobandwidthd: [18.06] fix undefined references to inline functions
Jean-Michel Lacroix [Sun, 21 Oct 2018 18:40:38 +0000 (14:40 -0400)]
bandwidthd: [18.06] fix undefined references to inline functions
This is basically same commit that took place in master 3 weeks ago.
gcc-7 with -Os makes inline functions disappeard. It is caused by
the new C11 inline semantics. pass option -fgnu89-inline to gcc let
it use gnu inline semantics.
see https://wiki.debian.org/GCC7#Porting_help

Compile tested on 18.06.  Run tested on OpenWrt 18.06.1 r7258-5eb055306f
QEMU Virtual CPU version (cpu64-rhel6)

Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
6 years agobuild,circleci: fix container digest
Etienne Champetier [Sat, 3 Nov 2018 12:49:50 +0000 (08:49 -0400)]
build,circleci: fix container digest

I used podman/buildah to build this image, and the local sha256 is not the same than
the docker hub sha256. The layers are the same, so maybe just docker hub changing the manifest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agobuild,circleci: add 'time' to container build image
Etienne Champetier [Sat, 3 Nov 2018 04:02:23 +0000 (00:02 -0400)]
build,circleci: add 'time' to container build image

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agoisc-dhcp: drop .conf suffix on dhcrelay config file
Philip Prindeville [Sun, 28 Oct 2018 20:38:56 +0000 (14:38 -0600)]
isc-dhcp: drop .conf suffix on dhcrelay config file

Resolves issue #7235

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b0e73634f757141e07044596d71c4138d60a88eb)

6 years agobuild,circleci: copy and adjust config from master
Etienne Champetier [Tue, 30 Oct 2018 01:00:04 +0000 (21:00 -0400)]
build,circleci: copy and adjust config from master

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
6 years agoglib2: update to 2.58.1
Peter Wagner [Sun, 28 Oct 2018 15:56:11 +0000 (16:56 +0100)]
glib2: update to 2.58.1

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agoruby: bump to 2.5.3
Luiz Angelo Daros de Luca [Mon, 22 Oct 2018 00:25:06 +0000 (21:25 -0300)]
ruby: bump to 2.5.3

Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
  and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
  correctly

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 74216a55e1fb3e6d748e7e769c0a308eaf4c7859)

6 years agolibssh: mark as BROKEN due to CVE-2018-10933
Kevin Darbyshire-Bryant [Fri, 19 Oct 2018 11:38:41 +0000 (12:38 +0100)]
libssh: mark as BROKEN due to CVE-2018-10933

The only known user of this library is currently unable to get their
application to work with with the fixed 0.7.6 release of this library.

To prevent accidental use by unknown parties of a flawed library, mark
it as BROKEN.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 14ad4cb9765b43c630605a20c29beb76383e9239)

6 years agopatch: Add missing CVE-2018-6951 patch
Rosen Penev [Mon, 15 Oct 2018 17:04:50 +0000 (10:04 -0700)]
patch: Add missing CVE-2018-6951 patch

The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed

Reordered patches by date

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 394ff73e5390599545412d14d48e9185a927dc21)

6 years agopatch: Fix CVE-2018-6952 and CVE-2018-1000156
Rosen Penev [Wed, 10 Oct 2018 20:06:03 +0000 (13:06 -0700)]
patch: Fix CVE-2018-6952 and CVE-2018-1000156

Patches taken from official git repository.

Added PKG_CPE_ID for proper CVE tracking.

Added PKG_BUILD_PARALLEL for faster compilation.

Also adjusted Makefile to be more similar to other projects.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6f0ff2550303083b51475c6481458bf9b1820936)

6 years agoMerge pull request #7160 from EricLuehrsen/o1806_ub_181
Hannu Nyman [Wed, 10 Oct 2018 17:29:22 +0000 (20:29 +0300)]
Merge pull request #7160 from EricLuehrsen/o1806_ub_181

[openwrt-18.06] unbound: update to 1.8.1

6 years agoMerge pull request #7164 from pacien/181009-1806-pkg-tinc
Hannu Nyman [Wed, 10 Oct 2018 17:28:12 +0000 (20:28 +0300)]
Merge pull request #7164 from pacien/181009-1806-pkg-tinc

tinc: update to 1.0.35 (security update) [openwrt-18.06]

6 years agowatchcat: make compatible with updated busybox ash array handling (fixes #7148)
Nuno Goncalves [Wed, 10 Oct 2018 06:15:23 +0000 (08:15 +0200)]
watchcat: make compatible with updated busybox ash array handling (fixes #7148)

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
6 years agotinc: update to 1.0.35
Pacien TRAN-GIRARD [Mon, 8 Oct 2018 18:54:11 +0000 (20:54 +0200)]
tinc: update to 1.0.35

Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758

Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
6 years agounbound: update to 1.8.1
Eric Luehrsen [Tue, 9 Oct 2018 00:20:28 +0000 (20:20 -0400)]
unbound: update to 1.8.1

bug fixes for memory leaks
bug fixes for DNS over TLS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
6 years agoiotivity, i2pd, domoticz: Bump PKG_RELEASE to force re-build with Boost upgrade to...
Ted Hess [Thu, 4 Oct 2018 19:59:43 +0000 (15:59 -0400)]
iotivity, i2pd, domoticz: Bump PKG_RELEASE to force re-build with Boost upgrade to 1.68

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agognutls: updated to 3.5.19
Nikos Mavrogiannopoulos [Sat, 29 Sep 2018 08:03:20 +0000 (10:03 +0200)]
gnutls: updated to 3.5.19

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6 years agomosquitto: bump to 1.5.3
Karl Palsson [Wed, 26 Sep 2018 10:42:46 +0000 (10:42 +0000)]
mosquitto: bump to 1.5.3

Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt

Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS

Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
  connection. Closes #701.
- Fix duplicate clients being added to by_id hash before the old client was
  removed. Closes #645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
  Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
  Closes #965.

Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years agosendmail: fix confLIBSEARCHPATH to $(STAGING_DIR)
Guo Li [Wed, 26 Sep 2018 04:14:10 +0000 (12:14 +0800)]
sendmail: fix confLIBSEARCHPATH to $(STAGING_DIR)

This fix issue 'cannot find -lnsl' on build server which has libnsl.so in
/usr/lib

Signed-off-by: Guo Li <uxgood.org@gmail.com>
6 years agojamvm: Use <fenv.h> instead of <fpu_control.h>
Guo Li [Sun, 2 Sep 2018 10:27:59 +0000 (18:27 +0800)]
jamvm: Use <fenv.h> instead of <fpu_control.h>

musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
header, which is used in src/os/linux/{i386,x86_64}/init.c files to
setup the floating point precision. This patch makes it use the
standard C <fenv.h> header instead.

Original patch at Felix Janda at
https://sourceforge.net/p/jamvm/patches/6/

Signed-off-by: Guo Li <uxgood.org@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agofdm: Merge latest version and build fixes from master
Ted Hess [Wed, 26 Sep 2018 14:08:40 +0000 (10:08 -0400)]
fdm: Merge latest version and build fixes from master

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoboost: Merge updates (1.68.0) and build fixes from master
Ted Hess [Wed, 26 Sep 2018 13:43:36 +0000 (09:43 -0400)]
boost: Merge updates (1.68.0) and build fixes from master

Makefile and package changes to support builds with both Python 2.x and Python 3.x versions.

Python versioning is automatically configured from lang/python repository xxx-version.mk files.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoMerge pull request #7084 from brianjmurrell/add-foolsm-to-18.06
Jo-Philipp Wich [Tue, 25 Sep 2018 14:25:16 +0000 (16:25 +0200)]
Merge pull request #7084 from brianjmurrell/add-foolsm-to-18.06

foolsm: Add package foolsm

6 years agocshark: update to latest git HEAD
Rob Mosher [Mon, 20 Aug 2018 21:35:34 +0000 (17:35 -0400)]
cshark: update to latest git HEAD

This fixes GCC8 compile due to buffer overrun

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
(cherry picked from commit e3144f00a3c5c05987680fd647f73349bd376076)

6 years agostrongswan: refresh patches
Hans Dedecker [Thu, 13 Sep 2018 12:21:00 +0000 (14:21 +0200)]
strongswan: refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 3bc3949e28aa16f74fd63fc8c5bddc4277081f21)

6 years agostrongswan: fix OpenWrt hotplug script handling
Hans Dedecker [Thu, 13 Sep 2018 10:26:20 +0000 (12:26 +0200)]
strongswan: fix OpenWrt hotplug script handling

Commit 6cd8fcabe added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d0ac611bf0dbf10d16e1b3dae6ba1d3ea80befc6)

6 years agostrongswan: add openwrt hotplug script handling
Florian Eckert [Thu, 5 Jul 2018 10:57:27 +0000 (12:57 +0200)]
strongswan: add openwrt hotplug script handling

Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6cd8fcabe6d1727192bf447c7adc8e1eb42ab8f7)