feed/packages.git
5 years agolibvpx: backport security fixes
Luiz Angelo Daros de Luca [Mon, 9 Dec 2019 23:34:30 +0000 (20:34 -0300)]
libvpx: backport security fixes

Fixes CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433.

From: openwrt/telephony#492

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 years agoluajit: install libluajit-5.1.so.2
W. Michael Petullo [Thu, 9 Aug 2018 11:29:13 +0000 (07:29 -0400)]
luajit: install libluajit-5.1.so.2

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry-picked from commit 30d5958)

5 years agoluajit: add .hpp to InstallDev
W. Michael Petullo [Mon, 6 Aug 2018 00:21:52 +0000 (20:21 -0400)]
luajit: add .hpp to InstallDev

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry-picked from commit efb7d0be6dd7882748d337391c5568d829bf17f5)

5 years agonano: update to 4.6
Hannu Nyman [Sun, 1 Dec 2019 12:25:17 +0000 (14:25 +0200)]
nano: update to 4.6

Update nano editor to version 4.6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 421dae85a3525f9772bbada523758490a926be3c)

5 years agoMerge pull request #10678 from gladiac1337/haproxy-1.8.23-openwrt-18.06
Hannu Nyman [Fri, 29 Nov 2019 15:30:09 +0000 (17:30 +0200)]
Merge pull request #10678 from gladiac1337/haproxy-1.8.23-openwrt-18.06

[openwrt-18.06] haproxy: Update HAProxy to v1.8.23

5 years agohaproxy: Update HAProxy to v1.8.23
Christian Lachner [Fri, 29 Nov 2019 13:01:50 +0000 (14:01 +0100)]
haproxy: Update HAProxy to v1.8.23

- Update haproxy download URL and hash
- This fixes CVE-2019-19330 (See: https://nvd.nist.gov/vuln/detail/CVE-2019-19330)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
5 years agotransmission: sync with master branch
Daniel Golle [Thu, 28 Nov 2019 17:38:11 +0000 (18:38 +0100)]
transmission: sync with master branch

Fixes to init-script were not cherry-picked properly, sync it with
version found in master branch.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from a79d6df674db68637d10b9d353d028c206c50e18)

5 years agotor: update to version 4.1.6
Jan Pavlinec [Thu, 14 Nov 2019 14:12:58 +0000 (15:12 +0100)]
tor: update to version 4.1.6

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
5 years agoMerge pull request #9836 from cotequeiroz/grilo-plugins_xml
Rosen Penev [Wed, 27 Nov 2019 21:37:07 +0000 (13:37 -0800)]
Merge pull request #9836 from cotequeiroz/grilo-plugins_xml

[18.06] grilo plugins: fix build errors

5 years agogrilo-plugins: adjust CONFIGURE_ARGS
Eneas U de Queiroz [Mon, 26 Aug 2019 17:17:36 +0000 (14:17 -0300)]
grilo-plugins: adjust CONFIGURE_ARGS

Removed unused flags, and added --enable-compile-warnings=minimum to
avoid a build failure with fortify-headers:
In file included from [staging_dir/target]/usr/include/libxml2/libxml/tree.h:15:0,
                 from [staging_dir/target]/usr/include/libxml2/libxml/parser.h:16,
                 from grl-jamendo.c:32:
[staging_dir/toolchain]/include/fortify/stdio.h: In function 'snprintf':
[staging_dir/toolchain]/include/fortify/stdio.h:99:2: error: format not
a string literal, argument types not checked [-Werror=format-nonliteral]
  return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
  ^~~~~~

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
5 years agogrilo-plugins: remove XML::Parser build dependency
Eneas U de Queiroz [Wed, 12 Dec 2018 00:29:16 +0000 (22:29 -0200)]
grilo-plugins: remove XML::Parser build dependency

gnome-common.m4 and gnome-compiler-flags.m4 were taken from version
3.18.0, and match current master branch.

Disable building help and test directories.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit a87108fe408bc9ddcc2b2e9426b40ef431923875)

5 years agogrilo-plugins: use hostpkg glib-compile-resources
Eneas U de Queiroz [Sat, 8 Dec 2018 01:03:02 +0000 (23:03 -0200)]
grilo-plugins: use hostpkg glib-compile-resources

Add GLIB_COMPILE_RESOURCES to MAKE_FLAGS

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 8e0b7978ec232345e7ba69c79cf447676295dd4e)

5 years agotransmission: Disable webseeding
Rosen Penev [Mon, 25 Nov 2019 03:01:58 +0000 (19:01 -0800)]
transmission: Disable webseeding

It causes 100% CPU usage in certain situations. Just disable it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 6d9ee2ec86a461bbc976eaf7f97490657dc97e5c)

5 years agotransmission: Fix tracker issue with some firewalls
Rosen Penev [Mon, 9 Sep 2019 01:39:33 +0000 (18:39 -0700)]
transmission: Fix tracker issue with some firewalls

Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:

https://github.com/transmission/transmission/issues/964

Cleanup:

Fixed license info.

Removed two unnecessary patches.

Ran shell script through shellcheck.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 730a1697fed07269a3cca7c90878b50d3ef26465)

5 years agophp7: Update to version 7.2.25
Josef Schlehofer [Sat, 23 Nov 2019 19:11:57 +0000 (20:11 +0100)]
php7: Update to version 7.2.25

- Fixes CVE-2019-11043

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9bc48abd2ae6e23907d2ccb07bdaed1b6345da64)

5 years agophp7: mark /etc/config/php7-fastcgi as conffile
W. Michael Petullo [Sat, 19 Oct 2019 22:13:41 +0000 (18:13 -0400)]
php7: mark /etc/config/php7-fastcgi as conffile

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 5bc9bb04c5d19ea679a687f6731457e7492d4744)

5 years agophp7-mod-xmlreader: add conditional dependency to php7-mod-dom (fixes #10201)
Michael Heimpold [Tue, 15 Oct 2019 22:01:51 +0000 (00:01 +0200)]
php7-mod-xmlreader: add conditional dependency to php7-mod-dom (fixes #10201)

PHP7 fails to load xmlreader.so (php7-mod-xmlreader) module without
dom.so (php7-mod-dom) module loaded:

-snip-
PHP Warning:  PHP Startup: Unable to load dynamic library 'xmlreader.so'
 (tried: /usr/lib/php/xmlreader.so (Error relocating /usr/lib/php/xmlreader.so:
 dom_node_class_entry: symbol not found), /usr/lib/php/xmlreader.so.so (Error
 loading shared library /usr/lib/php/xmlreader.so.so: No such file or
 directory)) in Unknown on line 0
^C
-snap-

However, this dependency only exists when during build also php7-mod-dom
is selected.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit b8c22fc1ec392272235ce78ddc0ddfc40de5037d)

5 years agophp7: bump to 7.2.23
Stefaan Ghysels [Thu, 3 Oct 2019 11:44:23 +0000 (13:44 +0200)]
php7: bump to 7.2.23

Signed-off-by: Stefaan Ghysels <stefaang@gmail.com>
(cherry picked from commit dacda44755b391b7bd09a15ea762ee551f7d2ce6)

5 years agophp7: update to 7.2.22
Michael Heimpold [Sun, 8 Sep 2019 19:27:18 +0000 (21:27 +0200)]
php7: update to 7.2.22

While at, update the SPDX license id to most recent format.

Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5805da860e0e9afbb0a8d71923dc1db296b07e5e)

5 years agophp7: update to 7.2.21
Michael Heimpold [Sat, 3 Aug 2019 22:27:08 +0000 (00:27 +0200)]
php7: update to 7.2.21

This fixes CVE-2019-11042 and CVE-2019-11041.

Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 8e419c6d4ca53054a5aedd0299fd0aadbfe75b62)

5 years agoMerge pull request #10609 from ja-pa/bind-update
Rosen Penev [Thu, 21 Nov 2019 17:34:44 +0000 (09:34 -0800)]
Merge pull request #10609 from ja-pa/bind-update

[OpenWrt 18.06] bind: update to version 9.11.13 (security fix)

5 years agobind: update to version 9.11.13 (security fix)
Jan Pavlinec [Thu, 21 Nov 2019 15:13:05 +0000 (16:13 +0100)]
bind: update to version 9.11.13 (security fix)

Fixes CVE-2019-6477

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
5 years agounbound: Update to version 1.9.5
Josef Schlehofer [Tue, 19 Nov 2019 22:56:03 +0000 (23:56 +0100)]
unbound: Update to version 1.9.5

Fixes CVE-2019-18934

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10520 from Kulipator/libmraa_ramips_fix
Rosen Penev [Wed, 13 Nov 2019 20:32:14 +0000 (12:32 -0800)]
Merge pull request #10520 from Kulipator/libmraa_ramips_fix

[18.06] Libmraa compilation fix

5 years agoCompilation fix & upgrade to version 0.8.1
Archil Pirmisashvili [Wed, 13 Nov 2019 20:28:37 +0000 (22:28 +0200)]
Compilation fix & upgrade to version 0.8.1

Signed-off-by: Archil Pirmisashvili <kulipator@gmail.com>
5 years agoLibmraa compilation fix
RF-Networks [Sun, 10 Nov 2019 19:35:06 +0000 (21:35 +0200)]
Libmraa compilation fix

Signed-off-by: Archil Pirmisashvili <kulipator@gmail.com>
5 years agoLibmraa compilation fix
RF-Networks [Sun, 10 Nov 2019 19:02:14 +0000 (21:02 +0200)]
Libmraa compilation fix

Signed-off-by: Archil Pirmisashvili <kulipator@gmail.com>
Signed-off-by: RF-Networks <archil@rf-networks.com>
5 years agoperl: fixed host compilation of static perl on MacOS
Jakub Piotr Cłapa [Thu, 22 Aug 2019 08:55:03 +0000 (10:55 +0200)]
perl: fixed host compilation of static perl on MacOS

All symbols on MacOS are prefixed with an underscore which
interfered with the filtering mechanism (added in perl 5.28)
for extension libraries to be linked into static perl.

Signed-off-by: Jakub Piotr Cłapa <jpc@loee.pl>
5 years agoMerge pull request #9671 from BKPepe/clamav1806
Rosen Penev [Sun, 10 Nov 2019 02:52:17 +0000 (18:52 -0800)]
Merge pull request #9671 from BKPepe/clamav1806

[OpenWrt 18.06] clamav: update to version 0.100.3

5 years agoprotobuf-c: Fix typo on build dependency.
Rosen Penev [Sat, 2 Nov 2019 03:27:06 +0000 (20:27 -0700)]
protobuf-c: Fix typo on build dependency.

This was fixed in 3bcaa7a4fe4d2231788c20367aed2993a86490c2

Backported the fix here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agolibgd: Properly disable iconv support
Rosen Penev [Sat, 10 Aug 2019 20:44:07 +0000 (13:44 -0700)]
libgd: Properly disable iconv support

HAVE_ICONV and HAVE_ICONV_H are two different headers that both need to
evaluate to false. Added the extra CONFIGURE_VARS.

This can be verified by passing -Werror=implicit-function-declaration

Added PKG_LICENSE_FILES

Updated homepage URL.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from bf2f1a02636a9b74e1d824cab384b8f3f9e7d819)

5 years agowget: provides gnu-wget
Yousong Zhou [Mon, 9 Sep 2019 02:59:50 +0000 (02:59 +0000)]
wget: provides gnu-wget

So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[port to 18.06 to fix acme package backport]
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
5 years agoacme: Bring up-to-date with master
Toke Høiland-Jørgensen [Tue, 29 Oct 2019 08:44:47 +0000 (09:44 +0100)]
acme: Bring up-to-date with master

There are quite a few bugfixes in the version of the ACME package in
master, and the old version in 18.06 have some issues as seen in #10328.
This commit ports over all changes from the master branch in one go.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
5 years agoruby: bump to 2.5.7
Luiz Angelo Daros de Luca [Sun, 27 Oct 2019 14:40:26 +0000 (11:40 -0300)]
ruby: bump to 2.5.7

2.5.7 fixes:
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

2.5.6 fixes:
* Multiple jQuery vulnerabilities in RDoc
* About 40 bugs

Changelog: https://github.com/ruby/ruby/compare/v2_5_5...v2_5_7

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 years agopython-cryptography: fix CVE-2018-10903
Josef Schlehofer [Tue, 22 Oct 2019 12:36:23 +0000 (14:36 +0200)]
python-cryptography: fix CVE-2018-10903

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agopython-cryptography: Add support for LibreSSL 2.7.x
Josef Schlehofer [Tue, 22 Oct 2019 11:29:26 +0000 (13:29 +0200)]
python-cryptography: Add support for LibreSSL 2.7.x

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10324 from jefferyto/python-2.7.17-openwrt-18.06
Hannu Nyman [Mon, 21 Oct 2019 18:54:57 +0000 (21:54 +0300)]
Merge pull request #10324 from jefferyto/python-2.7.17-openwrt-18.06

[openwrt-18.06] python: Update to 2.7.17, refresh patches

5 years agopython: Update to 2.7.17, refresh patches
Jeffery To [Mon, 21 Oct 2019 15:30:53 +0000 (23:30 +0800)]
python: Update to 2.7.17, refresh patches

Patches already merged and so removed:
* 019-bpo-36216-Add-check-for-characters-in-netloc-that-normalize-to-separators-GH-12216.patch
* 020-bpo-36216-Only-print-test-messages-when-verbose-GH-12291.patch
* 021-2.7-bpo-35121-prefix-dot-in-domain-for-proper-subdom.patch
* 027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch
* 028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

Patches no longer necessary and so removed:
* 017_lib2to3_fix_pyc_search.patch

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 83b300aa83f3cf663747998f4500a8592acf9959)

5 years agoMerge pull request #10312 from stangri/18.06-vpnbypass
Rosen Penev [Mon, 21 Oct 2019 16:14:14 +0000 (09:14 -0700)]
Merge pull request #10312 from stangri/18.06-vpnbypass

[18.06] vpnbypass: bugfix: PROCD command not found on stop

5 years agovpnbypass: bugfix: PROCD command not found on stop
Stan Grishin [Mon, 21 Oct 2019 04:21:30 +0000 (21:21 -0700)]
vpnbypass: bugfix: PROCD command not found on stop

Signed-off-by: Stan Grishin <stangri@melmac.net>
5 years agoMerge pull request #10279 from BKPepe/sudo-18.06
Rosen Penev [Sun, 20 Oct 2019 17:16:28 +0000 (10:16 -0700)]
Merge pull request #10279 from BKPepe/sudo-18.06

[OpenWrt 18.06] sudo: Update to version 1.8.28p1

5 years agosudo: Update to version 1.8.28p1
Josef Schlehofer [Sat, 19 Oct 2019 14:32:44 +0000 (16:32 +0200)]
sudo: Update to version 1.8.28p1

- Use HTTPS for downloading tarball and for their website
- Add PKG_CPE_ID
- Remove inactive maintainer
- Refreshed patches
Fixes: CVE-2019-14287
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoirssi: update to version 1.2.2 (security fix)
Jan Pavlinec [Wed, 18 Sep 2019 11:30:11 +0000 (13:30 +0200)]
irssi: update to version 1.2.2 (security fix)

Fixes CVE-2019-15717

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from commit b42159dea3ed38c3755c1b641d47209878247763)

5 years agoMerge branch 'pr/10215' into openwrt-18.06
Noah Meyerhans [Wed, 16 Oct 2019 15:38:11 +0000 (08:38 -0700)]
Merge branch 'pr/10215' into openwrt-18.06

https://github.com/openwrt/packages/pull/10215

5 years agoMerge pull request #9997 from flyn-org/openldap-18.06
Josef Schlehofer [Mon, 14 Oct 2019 19:21:03 +0000 (21:21 +0200)]
Merge pull request #9997 from flyn-org/openldap-18.06

openldap: update to 2.4.48

5 years agoMerge pull request #10237 from jefferyto/gammu-fix-lib-symlinks-openwrt-18.06
Rosen Penev [Mon, 14 Oct 2019 16:29:16 +0000 (09:29 -0700)]
Merge pull request #10237 from jefferyto/gammu-fix-lib-symlinks-openwrt-18.06

[openwrt-18.06] gammu: Fix lib symlinks

5 years agogammu: Fix lib symlinks
Jeffery To [Mon, 14 Oct 2019 09:12:41 +0000 (17:12 +0800)]
gammu: Fix lib symlinks

This fixes the symlinks for libGammu.so and libgsmsd.so. Previously, the
symlinks were overwritten by $(INSTALL_BIN) with copies of their
sources.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agobind: Update to version 9.11.11
Josef Schlehofer [Sun, 13 Oct 2019 09:04:48 +0000 (11:04 +0200)]
bind: Update to version 9.11.11

Change License to MPL-2.0 and add PKG_LICENSE_FILES.
For more details look at https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10108 from BKPepe/expat-1806
Rosen Penev [Fri, 11 Oct 2019 19:49:51 +0000 (12:49 -0700)]
Merge pull request #10108 from BKPepe/expat-1806

[OpenWrt 18.06] expat: Update to version 2.2.9

5 years agoMerge pull request #10167 from BKPepe/unbound18.06
Rosen Penev [Tue, 8 Oct 2019 20:58:14 +0000 (13:58 -0700)]
Merge pull request #10167 from BKPepe/unbound18.06

[OpenWrt 18.06] unbound: Update to version 1.9.4

5 years agopython3-pip: fix install rule
Alexandru Ardelean [Wed, 27 Feb 2019 10:18:17 +0000 (12:18 +0200)]
python3-pip: fix install rule

This seems to have slipped for some time. No idea if it ever worked.
It could be that this worked at some point.

In any case, the shebang is properly updated now.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 1b96dc01715f4f03f758ff1d087caf15726016af)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(bump PKG_RELEASE for python3-pip)

5 years agonano: update to 4.5
Hannu Nyman [Mon, 7 Oct 2019 15:17:03 +0000 (18:17 +0300)]
nano: update to 4.5

Update nano editor to version 4.5.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit bfd66f2d23483513f80e109df2e0e02de782e5b4)
(fix also license tag and add CVE)

5 years agoMerge pull request #10164 from stangri/18.06-simple-adblock
Hannu Nyman [Mon, 7 Oct 2019 15:08:58 +0000 (18:08 +0300)]
Merge pull request #10164 from stangri/18.06-simple-adblock

[18.06] simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic

5 years agounbound: Update to version 1.9.4
Josef Schlehofer [Fri, 4 Oct 2019 09:57:24 +0000 (11:57 +0200)]
unbound: Update to version 1.9.4

Fixes CVE-2019-16866

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agounbound: update to 1.9.3
Eric Luehrsen [Fri, 30 Aug 2019 02:45:45 +0000 (22:45 -0400)]
unbound: update to 1.9.3

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
5 years agosimple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
Stan Grishin [Sun, 6 Oct 2019 16:33:48 +0000 (09:33 -0700)]
simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic

Signed-off-by: Stan Grishin <stangri@melmac.net>
5 years agoMerge pull request #10156 from gladiac1337/haproxy-1.8.21-openwrt-18.06
Hannu Nyman [Sat, 5 Oct 2019 14:17:46 +0000 (17:17 +0300)]
Merge pull request #10156 from gladiac1337/haproxy-1.8.21-openwrt-18.06

[openwrt-18.06] haproxy: Update HAProxy to v1.8.21

5 years agohaproxy: Update HAProxy to v1.8.21
Christian Lachner [Sat, 5 Oct 2019 11:26:02 +0000 (13:26 +0200)]
haproxy: Update HAProxy to v1.8.21

- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.21.html)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
5 years agoMerge pull request #10155 from jefferyto/python-bpo-38243-34155-openwrt-18.06
Hannu Nyman [Sat, 5 Oct 2019 08:27:49 +0000 (11:27 +0300)]
Merge pull request #10155 from jefferyto/python-bpo-38243-34155-openwrt-18.06

[openwrt-18.06] python: Fix CVE-2019-16056, CVE-2019-16935

5 years agoMerge pull request #10143 from stangri/18.06-simple-adblock
Hannu Nyman [Sat, 5 Oct 2019 08:26:08 +0000 (11:26 +0300)]
Merge pull request #10143 from stangri/18.06-simple-adblock

[18.06] simple-adblock: bugfix and improvements (check description)

5 years agopython: Fix CVE-2019-16056, CVE-2019-16935
Jeffery To [Fri, 4 Oct 2019 16:58:08 +0000 (00:58 +0800)]
python: Fix CVE-2019-16056, CVE-2019-16935

These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py

Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agosimple-adblock: bugfix and improvements (check description)
Stan Grishin [Fri, 4 Oct 2019 01:42:02 +0000 (18:42 -0700)]
simple-adblock: bugfix and improvements (check description)

Signed-off-by: Stan Grishin <stangri@melmac.net>
5 years agoclamav: Remove build hacks
Rosen Penev [Wed, 1 May 2019 02:37:52 +0000 (19:37 -0700)]
clamav: Remove build hacks

Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.

Took the time to clean up the Makefile with other useful options.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit 012e4c1)

5 years agoclamav: update to version 0.100.3
Josef Schlehofer [Tue, 6 Aug 2019 20:42:44 +0000 (22:42 +0200)]
clamav: update to version 0.100.3

Fixes CVEs:
0.100.1
- CVE-2017-16932
- CVE-2018-0360
- CVE-2018-0361
0.100.2
- CVE-2018-15378
- CVE-2018-14680
- CVE-2018-14681
- CVE-2018-14682
0.100.3
- CVE-2019-1787
- CVE-2019-1788
- CVE-2019-1789

Use HTTPS in URL

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10120 from BKPepe/youtubedl-1806
Rosen Penev [Wed, 2 Oct 2019 19:05:53 +0000 (12:05 -0700)]
Merge pull request #10120 from BKPepe/youtubedl-1806

[OpenWrt 18.06] youtube-dl: Update to version 2019.9.28

5 years agohaveged: convert to procd
Hannu Nyman [Tue, 1 Oct 2019 20:18:46 +0000 (23:18 +0300)]
haveged: convert to procd

Convert haveged init script to use procd

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4f717a6f65b5c495aec770b507913befa40b8997)

5 years agohaveged: update to 1.9.8
Hannu Nyman [Tue, 1 Oct 2019 18:38:11 +0000 (21:38 +0300)]
haveged: update to 1.9.8

Update haveged to 1.9.8

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e5b308308b528b912ec1352b85bf2de13d94ce3f)

5 years agoyoutube-dl: Update to version 2019.9.28
Josef Schlehofer [Mon, 30 Sep 2019 21:23:16 +0000 (23:23 +0200)]
youtube-dl: Update to version 2019.9.28

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10118 from BKPepe/libgcrypt-1806
Rosen Penev [Mon, 30 Sep 2019 20:30:46 +0000 (13:30 -0700)]
Merge pull request #10118 from BKPepe/libgcrypt-1806

[OpenWrt 18.06] libgcrypt: backport fix for CVE-2019-13627

5 years agopython3: fix CVE-2019-16056 and delete two patches
Josef Schlehofer [Mon, 30 Sep 2019 15:22:00 +0000 (17:22 +0200)]
python3: fix CVE-2019-16056 and delete two patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agopython3: backport three security patches
Josef Schlehofer [Sat, 28 Sep 2019 23:11:44 +0000 (01:11 +0200)]
python3: backport three security patches

Fixes: CVE-2019-16935
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 80def9e)

5 years agoexpat: Update to version 2.2.9
Josef Schlehofer [Sun, 29 Sep 2019 09:03:40 +0000 (11:03 +0200)]
expat: Update to version 2.2.9

Fixes CVE-2019-15903

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoexpat: update to version 2.2.7 (security fix)
Jan Pavlinec [Wed, 10 Jul 2019 14:17:52 +0000 (16:17 +0200)]
expat: update to version 2.2.7 (security fix)

Fixes:
CVE-2018-20843

Changes:
add PKG_CPE_ID
switch to xz
remove maintainer

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
5 years agoexpat: fix host build issue with docbook
Michael Heimpold [Mon, 3 Sep 2018 11:36:08 +0000 (13:36 +0200)]
expat: fix host build issue with docbook

Additionally to the fix issued for #6923, we need to disable the docbook
usage also for the host build. This prevents the following error:

checking for docbook2man... docbook2man
configure: error: Your local docbook2man was found to work with SGML rather
  than XML. Please install docbook2X and use variable DOCBOOK_TO_MAN to point
  configure to command docbook2x-man of docbook2X.
  Or use DOCBOOK_TO_MAN="xmlto man --skip-validation" if you have xmlto around.
  You can also configure using --without-docbook if you can do without a man
  page for xmlwf.

Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
5 years agoexpat: disable docbook
Andy Walsh [Sat, 1 Sep 2018 12:16:16 +0000 (14:16 +0200)]
expat: disable docbook

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
5 years agolib/expat: Update to 2.2.6
Daniel Engberg [Tue, 28 Aug 2018 20:42:05 +0000 (22:42 +0200)]
lib/expat: Update to 2.2.6

Update (lib)expat to 2.2.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agoMerge pull request #9893 from BKPepe/bind-18.06
Josef Schlehofer [Sat, 28 Sep 2019 09:52:27 +0000 (11:52 +0200)]
Merge pull request #9893 from BKPepe/bind-18.06

[OpenWrt 18.06] bind: update to version 9.11.10

5 years agoMerge pull request #9798 from ja-pa/zmq-security-fix-18.06
Rosen Penev [Fri, 27 Sep 2019 19:24:47 +0000 (12:24 -0700)]
Merge pull request #9798 from ja-pa/zmq-security-fix-18.06

[OpenWrt 18.06] zeromq: update to version 4.1.7 (security fix)

5 years agonet/mosquitto: bump to 1.5.9 for CVE
Karl Palsson [Fri, 27 Sep 2019 13:31:27 +0000 (13:31 +0000)]
net/mosquitto: bump to 1.5.9 for CVE

Fixes CVE-2019-11779
Release notes at https://mosquitto.org/blog/2019/09/version-1-6-6-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
5 years agopython-crypto: Fix two CVEs
Rosen Penev [Mon, 27 Aug 2018 04:12:54 +0000 (21:12 -0700)]
python-crypto: Fix two CVEs

CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.

Also took the liberty to update the PKG_SOURCE_URL to a standard one.

Updated the home URL as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad892395a5575c09606cd07db175f7cc)

5 years agolibgcrypt: backport fix for CVE-2019-13627
Josef Schlehofer [Thu, 26 Sep 2019 18:27:41 +0000 (20:27 +0200)]
libgcrypt: backport fix for CVE-2019-13627

Refresh patches due to offsets

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoMerge pull request #10063 from stangri/18.06-simple-adblock
Hannu Nyman [Wed, 25 Sep 2019 16:13:10 +0000 (19:13 +0300)]
Merge pull request #10063 from stangri/18.06-simple-adblock

[18.06] simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README

5 years agosimple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
Stan Grishin [Tue, 24 Sep 2019 16:11:57 +0000 (09:11 -0700)]
simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README

Signed-off-by: Stan Grishin <stangri@melmac.net>
5 years agozmq: fix CVE-2019-13132
Josef Schlehofer [Fri, 20 Sep 2019 12:38:22 +0000 (14:38 +0200)]
zmq: fix CVE-2019-13132

- Use HTTPS in their website
- Remove unnecessary space between PKG_SOURCE_URL

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
5 years agoMerge pull request #10041 from neheb/djj
Rosen Penev [Fri, 20 Sep 2019 20:07:47 +0000 (13:07 -0700)]
Merge pull request #10041 from neheb/djj

[18.06]django: Update to 1.8.19

5 years agodjango: Update to 1.8.19
Rosen Penev [Fri, 20 Sep 2019 18:45:06 +0000 (11:45 -0700)]
django: Update to 1.8.19

Fixes:

CVE-2018-7536
CVE-2018-7537

Switches to pypi, as in upstream. Updated maintainer as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoopenldap: update to 2.4.48
W. Michael Petullo [Sat, 14 Sep 2019 16:08:53 +0000 (12:08 -0400)]
openldap: update to 2.4.48

Fixes CVE-2019-13565.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
5 years agoopenldap: Add static function declaration
Rosen Penev [Wed, 31 Jul 2019 06:41:22 +0000 (23:41 -0700)]
openldap: Add static function declaration

Fixes compilation with -Werror=implicit-function-declaration .

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
5 years agoopenldap: version update and new build parameters
Val Kulkov [Fri, 21 Dec 2018 17:22:33 +0000 (12:22 -0500)]
openldap: version update and new build parameters

This patch updates OpenLDAP to 2.4.47, introduces new build
parameters and places openldap-server, openldap-utils and
libopenldap under a separate menu item in Network.

OpenLDAP is difficult to find in menuconfig at present. Making
a separate menu item for OpenLDAP for selection of packages and
enabling or disabling build parameters makes better sense.

To have access to the loglevel directive, OpenLDAP must be built
with debugging information. Having access to the loglevel directive
is essential during the initial configuration of OpenLDAP server.

International users may want to enable ICU support to have access
to international characters.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
5 years agoopenldap: Switch tarball sources to https and http
Daniel Engberg [Sat, 9 Jun 2018 20:18:12 +0000 (22:18 +0200)]
openldap: Switch tarball sources to https and http

Switch from ftp which can be broken on corp firewalls to https and http.
Mirrors taken from https://www.openldap.org/software/download/ and
https://www.openldap.org/software/download/OpenLDAP/MIRRORS
Place master site as last resort.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
5 years agolighttpd: mark module configuration files
W. Michael Petullo [Wed, 24 Apr 2019 19:57:34 +0000 (15:57 -0400)]
lighttpd: mark module configuration files

Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from 9cf412c0cba38f1251e9d8c1fd9afbb86caee88a)

5 years agodovecot: Update to version 2.2.36.4
Josef Schlehofer [Sun, 8 Sep 2019 21:38:08 +0000 (23:38 +0200)]
dovecot: Update to version 2.2.36.4

- Fix CVE-2019-11500
- Download tarball from HTTPS instead of HTTP

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agowget: fix CVE-2018-20483
Josef Schlehofer [Sun, 1 Sep 2019 17:42:48 +0000 (19:42 +0200)]
wget: fix CVE-2018-20483

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agofastd: fix init script for multiple VPN instances
Matthias Schiffer [Wed, 4 Sep 2019 20:49:12 +0000 (22:49 +0200)]
fastd: fix init script for multiple VPN instances

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b7ff8b8087c6e948aba45b74c261cd7337433523)

5 years agohaveged: update to 1.9.6
Hannu Nyman [Mon, 2 Sep 2019 18:02:17 +0000 (21:02 +0300)]
haveged: update to 1.9.6

Update haveged to 1.9.6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c933ac5dcb85361baeb9ff9ec424533b67bb2578)

5 years agoMerge pull request #9894 from BKPepe/keepalived-18.06
Florian Eckert [Mon, 2 Sep 2019 07:27:24 +0000 (09:27 +0200)]
Merge pull request #9894 from BKPepe/keepalived-18.06

[OpenWrt 18.06] keepalived: Update to version 1.4.5

5 years agoMerge pull request #9904 from RussellSenior/my-18.06
Rosen Penev [Mon, 2 Sep 2019 07:13:59 +0000 (00:13 -0700)]
Merge pull request #9904 from RussellSenior/my-18.06

patch: cherry pick CVE fixes to 18.06 branch

5 years agopatch: rename CVE-2019-13638 patch to mollify uscan
Russell Senior [Sun, 1 Sep 2019 22:50:25 +0000 (15:50 -0700)]
patch: rename CVE-2019-13638 patch to mollify uscan

Signed-off-by: Russell Senior <russell@personaltelco.net>
5 years agopatch: apply upstream patch for CVE-2019-13638
Russell Senior [Sun, 11 Aug 2019 19:43:41 +0000 (12:43 -0700)]
patch: apply upstream patch for CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>
5 years agotools/patch: apply upstream patch for CVE-2019-13636
Russell Senior [Mon, 29 Jul 2019 20:14:19 +0000 (13:14 -0700)]
tools/patch: apply upstream patch for CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

https://nvd.nist.gov/vuln/detail/CVE-2019-13636

Signed-off-by: Russell Senior <russell@personaltelco.net>