feed/packages.git
3 years agohtop: update to 3.1.2-1
John Audia [Fri, 10 Dec 2021 16:57:34 +0000 (18:57 +0200)]
htop: update to 3.1.2-1

Build-tested: x86/64
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit 3b041e3b458889d7dbef72e1d49b102f193bf5c7)

3 years agohtop: explicitly disable some build options
Etienne Champetier [Fri, 10 Dec 2021 16:57:10 +0000 (18:57 +0200)]
htop: explicitly disable some build options

Since 3.1.0 delayacct option is enabled if the needed dependencies
are detected, it was previously disabled.
Sensors also check for dependency so we need to explicitly
disable it when not enabled.

Fixes 5f916720551ad5ea5ac86cf5e122fc2c0c34cc15

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 253e3f558c9d5d6ee43a7e870ef60f8a1c0c80c7)

3 years agohtop: update to 3.1.0
Hannu Nyman [Fri, 10 Dec 2021 16:56:55 +0000 (18:56 +0200)]
htop: update to 3.1.0

Update htop to versio 3.1.0

* Adjust Makefile configuration options to update
* Avoid libcap dependency
* Backport post-release fix for old automake

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 5f916720551ad5ea5ac86cf5e122fc2c0c34cc15)

3 years agoMerge pull request #17299 from nxhack/2102_node_14182
Josef Schlehofer [Fri, 10 Dec 2021 13:29:15 +0000 (14:29 +0100)]
Merge pull request #17299 from nxhack/2102_node_14182

[21.02] node: bump to 14.18.2

3 years agonode: bump to 14.18.2
Hirokazu MORIKAWA [Fri, 10 Dec 2021 11:27:30 +0000 (20:27 +0900)]
node: bump to 14.18.2

Update to v14.18.2

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agoMerge pull request #17270 from BKPepe/update-python3
Josef Schlehofer [Fri, 10 Dec 2021 10:20:41 +0000 (11:20 +0100)]
Merge pull request #17270 from BKPepe/update-python3

python3: update to version 3.9.9

3 years agohwdata: update to version 0.354
Josef Schlehofer [Tue, 7 Dec 2021 21:51:43 +0000 (22:51 +0100)]
hwdata: update to version 0.354

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 20a759a6ddf9f24ee1ca5128a10cfd95eabad771)

3 years agopython-babel: update to version 2.9.1
Josef Schlehofer [Wed, 11 Aug 2021 08:11:05 +0000 (10:11 +0200)]
python-babel: update to version 2.9.1

Changelog:
https://github.com/python-babel/babel/releases/tag/v2.9.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e2932db1ce45e1882b6935694a46c3a3b7e8536f)

3 years agopython-babel: update to version 2.9.0
Josef Schlehofer [Sun, 11 Apr 2021 23:05:21 +0000 (01:05 +0200)]
python-babel: update to version 2.9.0

Update copyright

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a31dc44d2dd8cae498135b2994a7a117bc4c6e2d)

3 years agoknot: update to 3.1.4
Jan Hák [Mon, 8 Nov 2021 09:43:16 +0000 (10:43 +0100)]
knot: update to 3.1.4

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 60a80b31fbf3585d52b64ab0b9bf5a4aa844a032)

3 years agognutls: don't run aclocal --install
Eneas U de Queiroz [Mon, 25 Oct 2021 21:10:01 +0000 (18:10 -0300)]
gnutls: don't run aclocal --install

Remove the --install parameter when running aclocal.  The --install
argument is used to copy third-party files to the first -I directory.
gnutls has -I m4 first, which would copy files to its local build
directory.  However, openwrt prepends the staging dir m4 directory,
causing aclocal --install to copy an old definition of
ax_code_coverage.m4 into the staging dir.

If strace is built after gnutls, compilation will fail:

    Makefile:9303: *** missing separator.  Stop.

The version of ax_code_coverage.m4 that gets installed does not define
@CODE_COVERAGE_RULES@.

Removing the --install parameter in gnutls solves the issue.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 206eaae16520f5e89af5219cf574fa649e64d7e1)

3 years agobind: bump to 9.17.20
Noah Meyerhans [Thu, 18 Nov 2021 23:55:57 +0000 (15:55 -0800)]
bind: bump to 9.17.20

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 249079187dd6a3a21ec62b275782d13f546b5e26)

3 years agoknot-resolver: update to version 5.4.3
Josef Schlehofer [Tue, 7 Dec 2021 09:48:23 +0000 (10:48 +0100)]
knot-resolver: update to version 5.4.3

Release notes:
https://www.knot-resolver.cz/2021-12-01-knot-resolver-5.4.3.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 10ab2306702c5292f98a43cf5a1dfc0b7ab99c27)

3 years agoyq: Update to 4.16.1
Tianling Shen [Sun, 5 Dec 2021 21:01:17 +0000 (05:01 +0800)]
yq: Update to 4.16.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0f46facfdba667473ffb57fbda31a145f644af48)

3 years agopython3: update to version 3.9.9
Josef Schlehofer [Sat, 4 Dec 2021 22:15:27 +0000 (23:15 +0100)]
python3: update to version 3.9.9

- Updated setuptools and pip
- Refreshed patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agomsmtp: update to version 1.8.1.9
Josef Schlehofer [Tue, 30 Nov 2021 23:32:56 +0000 (00:32 +0100)]
msmtp: update to version 1.8.1.9

Changelog:
https://marlam.de/msmtp/news/msmtp-1-8-19/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 173faad3340772e1b2194c618fb8c1f13f81b9a9)

3 years agoMerge pull request #17259 from rs/nextdns-1.37.7-openwrt-21.02
Stan Grishin [Fri, 3 Dec 2021 19:16:20 +0000 (11:16 -0800)]
Merge pull request #17259 from rs/nextdns-1.37.7-openwrt-21.02

[21.02] nextdns: Update to version 1.37.7

3 years agomariadb: Create compatibility symlinks
Michal Hrusecky [Sat, 30 Oct 2021 21:53:58 +0000 (23:53 +0200)]
mariadb: Create compatibility symlinks

For every mysql* binary create corresponding mariadb binary and vice
versa.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit 2295c351ed826d26778b42888d6f54744e0133f5)

3 years agomariadb: Install all supporting sql files
Michal Hrusecky [Sat, 30 Oct 2021 21:47:07 +0000 (23:47 +0200)]
mariadb: Install all supporting sql files

Do not pick just few random SQL files to install, install all of them.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit 4653d83048b24bc49c26c23b34dc74e8627544fe)

3 years agomariadb: Tweak default configuration
Michal Hrusecky [Sat, 30 Oct 2021 18:41:15 +0000 (20:41 +0200)]
mariadb: Tweak default configuration

Remove from default configuration options that are compiled in like
default paths and character set. On the other hand add few examples of
tweak options that might be handy.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit a2c1a5728285ad974aaf1160438fc61f6885603d)

3 years agomariadb: Init script improvements
Michal Hrusecky [Fri, 29 Oct 2021 14:55:47 +0000 (16:55 +0200)]
mariadb: Init script improvements

Update init script so other user/group can be used. Also make sure that
init script can actually create an empty database instead of forcing the
user to do it by hand. Other new feature is taking care of migration
of the database when upgrading the database.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit 1be35284bb524c43a4e9448c5ead215fc3052efb)

3 years agomariadb-common: Drop package and adjust configuration
Michal Hrusecky [Fri, 29 Oct 2021 14:46:44 +0000 (16:46 +0200)]
mariadb-common: Drop package and adjust configuration

The raison d'être of package mariadb-common was to provide common my.cnf
config file that was being used to include subdirectories and then to
push utf-8 as default everywhere. Let's make this file part of the
server package as there we actually set other options as well and drop
it from all clients. Instead let's set utf-8 as default in server,
client and client libraries. While at it also set socket to the more
common path and drop mysqld_safe script from the list of configuration
files and do other minor tweaks.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit d8ecded02d29e04fe5b0399de2474605fb6d9897)

3 years agonextdns: Update to version 1.37.7
Olivier Poitrey [Thu, 2 Dec 2021 23:46:52 +0000 (23:46 +0000)]
nextdns: Update to version 1.37.7

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #17254 from rs/nextdns-1.37.6-openwrt-21.02
Stan Grishin [Thu, 2 Dec 2021 20:43:27 +0000 (12:43 -0800)]
Merge pull request #17254 from rs/nextdns-1.37.6-openwrt-21.02

[21.02] nextdns: Update to version 1.37.6

3 years agonextdns: Update to version 1.37.6
Olivier Poitrey [Thu, 2 Dec 2021 15:03:49 +0000 (15:03 +0000)]
nextdns: Update to version 1.37.6

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agosyslog-ng: update to version 3.35.1
Josef Schlehofer [Tue, 16 Nov 2021 13:22:44 +0000 (14:22 +0100)]
syslog-ng: update to version 3.35.1

Also bump the version in syslog-ng config file.
Removes this warning:

Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2d2fd36e28a40a63b1bd16c77cce57d446d656cc)

3 years agoyggdrasil: bump to 0.4.2
George Iv [Fri, 19 Nov 2021 10:25:57 +0000 (10:25 +0000)]
yggdrasil: bump to 0.4.2

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
3 years agoyggdrasil: uci ifname is now known as device
William Fleurant [Wed, 18 Aug 2021 19:21:51 +0000 (21:21 +0200)]
yggdrasil: uci ifname is now known as device

Signed-off-by: William Fleurant <meshnet@protonmail.com>
3 years agoMerge pull request #17241 from rs/nextdns-1.37.5-openwrt-21.02
Stan Grishin [Tue, 30 Nov 2021 16:22:14 +0000 (08:22 -0800)]
Merge pull request #17241 from rs/nextdns-1.37.5-openwrt-21.02

[21.02] nextdns: Update to version 1.37.5

3 years agonextdns: Update to version 1.37.5
Olivier Poitrey [Tue, 30 Nov 2021 16:10:25 +0000 (16:10 +0000)]
nextdns: Update to version 1.37.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoddns-scripts: use HTTPS for spdyn
Peter Gransdorfer [Sun, 31 Oct 2021 21:58:43 +0000 (22:58 +0100)]
ddns-scripts: use HTTPS for spdyn

Signed-off-by: Peter Gransdorfer <peter.gransdorfer@cattronix.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- PKG_RELEASE number updated
(cherry picked from commit c0296bf25da7a4832059d0a708431aef4c5f3238)

3 years agoMerge pull request #17233 from stangri/openwrt-21.02
Stan Grishin [Mon, 29 Nov 2021 10:00:11 +0000 (02:00 -0800)]
Merge pull request #17233 from stangri/openwrt-21.02

[21.02] curl: update to 7.80.0

3 years agoicu: bump to 70.1
Hirokazu MORIKAWA [Tue, 2 Nov 2021 00:14:00 +0000 (09:14 +0900)]
icu: bump to 70.1

ICU 70 released. It updates to Unicode 14, including new characters, scripts, emoji, and corresponding API constants. ICU 70 adds support for emoji properties of strings. It also updates to CLDR 40 locale data with many additions and corrections. ICU 70 also includes many other bug fixes and enhancements, especially for measurement unit formatting, and it can now be built and used with C++20 compilers.

This change will require minor modifications in php7 and php8.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agocurl: update to 7.80.0
Stan Grishin [Fri, 12 Nov 2021 19:49:36 +0000 (19:49 +0000)]
curl: update to 7.80.0

* bump version to 7.80.0
* update maintainer email address

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 80ef61729b18c28b76a1ee64d7af7251031a2496)

3 years agoMerge pull request #17162 from stangri/openwrt-21.02
Stan Grishin [Mon, 29 Nov 2021 09:22:42 +0000 (01:22 -0800)]
Merge pull request #17162 from stangri/openwrt-21.02

[21.02] nebula: update to 1.5.0

3 years agoyq: Update to 4.15.1
Tianling Shen [Thu, 25 Nov 2021 11:34:03 +0000 (19:34 +0800)]
yq: Update to 4.15.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 63f95db55e38d53947bfe871292f81aa15ac5936)

3 years agocrowdsec: update to 1.2.1
Kerma Gérald [Mon, 22 Nov 2021 18:10:41 +0000 (19:10 +0100)]
crowdsec: update to 1.2.1
crowdsec-firewall-boucer: update to 0.0.16

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 2861370567bde7d426a5dda2b41cda321d050f5f)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
3 years agoMerge pull request #17155 from jefferyto/golang-1.17.3-openwrt-21.02
Alexandru Ardelean [Tue, 23 Nov 2021 11:35:32 +0000 (13:35 +0200)]
Merge pull request #17155 from jefferyto/golang-1.17.3-openwrt-21.02

[openwrt-21.02] golang: Update to 1.17.3

3 years agodocker: Update to 20.10.11
Gerard Ryan [Mon, 22 Nov 2021 11:20:55 +0000 (21:20 +1000)]
docker: Update to 20.10.11

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agodockerd: Update to 20.10.11
Gerard Ryan [Mon, 22 Nov 2021 11:20:35 +0000 (21:20 +1000)]
dockerd: Update to 20.10.11

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agocontainerd: Update to 1.4.12
Gerard Ryan [Mon, 22 Nov 2021 11:19:40 +0000 (21:19 +1000)]
containerd: Update to 1.4.12

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agoconntrack-tools: import patch to fix cache
Nick Hainke [Thu, 18 Nov 2021 06:44:32 +0000 (07:44 +0100)]
conntrack-tools: import patch to fix cache

As written in the commit message:

Depending on your conntrackd configuration, events might get lost,
leaving stuck entries in the cache forever. Skip checking the conntrack
ID to allow for lazy cleanup by when a new entry that is represented by
the same tuple is added.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit da619f19f436bc95acd07c0d7aca772328cc5895)

3 years agoconntrack-tools: add a patch to fix endianness issue
Tao Gong [Tue, 20 Apr 2021 22:46:28 +0000 (22:46 +0000)]
conntrack-tools: add a patch to fix endianness issue

Signed-off-by: Tao Gong <gongtao0607@gmail.com>
(cherry picked from commit f62c15f92d4c8c6eabedf512efd5b2ebbca4b44d)

3 years agoMerge pull request #17170 from mhei/21.02-php7-update
Michael Heimpold [Sun, 21 Nov 2021 10:39:11 +0000 (11:39 +0100)]
Merge pull request #17170 from mhei/21.02-php7-update

[21.02] php7: update to 7.4.26

3 years agoMerge pull request #17169 from mhei/21.02-php8-update
Michael Heimpold [Sun, 21 Nov 2021 10:39:00 +0000 (11:39 +0100)]
Merge pull request #17169 from mhei/21.02-php8-update

[21.02] php8: update to 8.0.13

3 years agophp8: update to 8.0.13
Michael Heimpold [Sat, 20 Nov 2021 11:57:08 +0000 (12:57 +0100)]
php8: update to 8.0.13

This fixes:
    - CVE-2021-21707

Also drop upstream patch which is included in the release now.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2e9c1a00ea85a927accad4e0814f67240881d0d4)

3 years agophp7: update to 7.4.26
Michael Heimpold [Sat, 20 Nov 2021 11:55:27 +0000 (12:55 +0100)]
php7: update to 7.4.26

This fixes:
    - CVE-2021-21707

Also drop upstream patch which is included in the release now.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c6f27671a303dad64cb7429377ffddb67760ba6a)

3 years agorosy-file-server: drop this package
Josef Schlehofer [Sat, 20 Nov 2021 14:47:07 +0000 (16:47 +0200)]
rosy-file-server: drop this package

Reasons to drop this package:
a) this package depends on luci-app-rosy-file-server
Unfortunately, it was marked as broken as it is unmaintained.

See: https://github.com/openwrt/luci/commit/34b682afac310859f0d4696110d8a1af60f16c04

b) maintainer is inactive
c) rosinson website does not seem to be working

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f1893a426a815a667786385e083e8385f7622524)

3 years agonebula: update to 1.5.0
Stan Grishin [Fri, 19 Nov 2021 17:30:58 +0000 (17:30 +0000)]
nebula: update to 1.5.0

* update binaries to version 1.5.0 (thanks @jefferyto)
* update maintainer's email address

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 1421440174b80b7f9e9562217aa3951c6688839e)

3 years agoMerge pull request #17159 from rs/nextdns-1.37.4-openwrt-21.02
Stan Grishin [Fri, 19 Nov 2021 17:49:55 +0000 (09:49 -0800)]
Merge pull request #17159 from rs/nextdns-1.37.4-openwrt-21.02

[21.02] nextdns: Update to version 1.37.4

3 years agonextdns: Update to version 1.37.4
Olivier Poitrey [Fri, 19 Nov 2021 17:34:52 +0000 (17:34 +0000)]
nextdns: Update to version 1.37.4

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agogolang: Update to 1.17.3
Jeffery To [Thu, 18 Nov 2021 19:40:17 +0000 (03:40 +0800)]
golang: Update to 1.17.3

Contains fixes for:

* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
  accesses a memory location after the end of a buffer

* CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP
  archive containing an invalid name or an empty filename field

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 901f80aae7d14b48e1ff94b59ef03eeeae7b0900)

3 years agoauc: remove superfluous variables
Paul Spooren [Thu, 26 Aug 2021 08:41:35 +0000 (22:41 -1000)]
auc: remove superfluous variables

Remove parsing of data which is not used within `auc`. Later iterations
may use these but they can be gradually added whenever needed.

Also remove HTTP code handling of error codes no longer used by the
backend. Early iterations of the server where infinitely complex to
figure out created images and announce them to clients but ever since
everything is stored in JSON, things got better (aka simpler).

If a package is missing on the upstream server, color it in red.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6527d65b9bff5f01a67c3d8b1bd0da5f026960aa)

3 years agoauc: use /json/v1/
Paul Spooren [Fri, 24 Sep 2021 00:18:44 +0000 (14:18 -1000)]
auc: use /json/v1/

Currently `auc` uses the outdated /json/ path, this commit uses
/json/v1/ to be more future proof.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 69b5c289298762ff50783ec81dd67f888a53452b)

3 years agoauc: fix some minor issues
Daniel Golle [Tue, 31 Aug 2021 16:41:40 +0000 (17:41 +0100)]
auc: fix some minor issues

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 51f9df5b92dd79e739db00f627f0fef584d7e9e2)

3 years agorclone: Update to 1.57.0
Tianling Shen [Mon, 25 Oct 2021 11:59:49 +0000 (19:59 +0800)]
rclone: Update to 1.57.0

- Disabled unused plugins and re-enabled CGO.
- Fixed test script

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f712dc311e7c9b76b324e826f85eb2a5dfe33e62)

3 years agoyq: Update to 4.14.2
Tianling Shen [Sun, 14 Nov 2021 07:21:06 +0000 (15:21 +0800)]
yq: Update to 4.14.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 8eab3a2bf2b31dfd3090443e70619ba002f86fdd)

3 years agoexim: update to version 4.95
Daniel Golle [Sat, 9 Oct 2021 03:08:28 +0000 (04:08 +0100)]
exim: update to version 4.95

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 40c71110f064ceacb7c44892f55f7f6cb18995ae)

3 years agoexim: some clean ups
Daniel Golle [Fri, 13 Aug 2021 03:49:18 +0000 (04:49 +0100)]
exim: some clean ups

 * use username/group 'exim' instead of mail
 * register configuration file
 * make sure /usr/lib/exim/lookups exists

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 66a62e2fcfeecd0baed5f597c9f7e5970fd1fd5b)

3 years agoexim: add default config and init script, enable lmtp
Daniel Golle [Wed, 11 Aug 2021 22:41:42 +0000 (23:41 +0100)]
exim: add default config and init script, enable lmtp

Ship default configuration /etc/exim/exim.conf as well as
a simple procd init script. Enable building with LMTP for better
integration with dovecot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 31d12ead78e29837b6eb29d08684f36e8af9ce46)

3 years agoexim: update to version 4.94.2
Daniel Golle [Mon, 10 May 2021 02:17:25 +0000 (03:17 +0100)]
exim: update to version 4.94.2

Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c241cb12bb292e894e45f063f1a8ddb8a627371d)

3 years agoexim: fix compilation without deprecated OpenSSL APIs
Rosen Penev [Sat, 20 Mar 2021 21:56:09 +0000 (14:56 -0700)]
exim: fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit de9c527e9a2e5a3437b884c6f583e9dcbe15f3f8)

3 years agogpgme: update to version 1.16.0
Daniel Golle [Sun, 1 Aug 2021 03:05:48 +0000 (04:05 +0100)]
gpgme: update to version 1.16.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e0e5dea89e1dbdc5270861c129144f21f1670eef)

3 years agopodman: update to 3.4.1
Oskari Rauta [Thu, 4 Nov 2021 22:37:54 +0000 (00:37 +0200)]
podman: update to 3.4.1

A lot of changes since 3.3.1.

Full (long) lists of release notes between
versions are available at
https://github.com/containers/podman/releases

containers.conf updated

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 3e5761d6cd3142d7d8649dbd4f14f78d43161f24)

3 years agopodman: fix broken conffiles
Huangbin Zhan [Sun, 24 Oct 2021 10:29:39 +0000 (18:29 +0800)]
podman: fix broken conffiles

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry picked from commit e6e770b268bc4b7448a36c0947cdada8cd5b0e17)

3 years agopodman: update to 3.3.1
W. Michael Petullo [Tue, 7 Sep 2021 01:24:20 +0000 (20:24 -0500)]
podman: update to 3.3.1

Earlier versions of podman did not make use of TMPDIR when running "podman
run ...". Podman's default, /var/tmp, presents a problem to rootless
use since OpenWrt's /var/tmp does not permit writes by non-root users.
Podman 3.3.1 makes full use of TMPDIR.

This is part of an attempt to get rootless podman to work on OpenWrt.
See https://github.com/openwrt/packages/issues/15096.

See also the upstream issue at
https://github.com/containers/podman/issues/10698.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 416eced1748859690c9935f483e22d7f389f6451)

3 years agopodman: change permissions on /usr/share/containers/seccomp.json
W. Michael Petullo [Thu, 17 Jun 2021 03:08:01 +0000 (22:08 -0500)]
podman: change permissions on /usr/share/containers/seccomp.json

Running podman as users other than root seems to require that those
users can read /usr/share/containers/seccomp.json. This change sets the
permissions on that file to match those used on Fedora.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit a41556af4f2fb5c79b3a7902b4f3ca3b81644920)

3 years agopodman: update to 3.2.0
Oskari Rauta [Mon, 7 Jun 2021 23:56:45 +0000 (02:56 +0300)]
podman: update to 3.2.0

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit e565bebf4158c5b835110d76955c3f618c63f25b)

3 years agopodman: change permissions on /etc/containers
W. Michael Petullo [Fri, 21 May 2021 02:55:13 +0000 (21:55 -0500)]
podman: change permissions on /etc/containers

Running podman as users other than root seems to require that those
users can read the configuration files in /etc/containers. This change
sets the permissions of /etc/containers and its contents to match those
used on Fedora.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit f51ef46aa6adad6ba95ebc15c50e847044984b36)

3 years agopodman: bumb version to 3.1.2
Oskari Rauta [Tue, 18 May 2021 00:35:01 +0000 (03:35 +0300)]
podman: bumb version to 3.1.2

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit b6299c763ac901d4b2e5f0919789d5c3dad42c3a)

3 years agopodman: update to 3.1.1
Oskari Rauta [Tue, 20 Apr 2021 21:18:27 +0000 (00:18 +0300)]
podman: update to 3.1.1

 - Add support for AppArmor
 - Gracefully stop containers and pods on shutdown

I found out that If you change location of containers to persistent storage instead of tmpfs, starting them will fail unless they have been stopped. If this is the case that reboot has occurred before pods and containers have been stopped, they cannot be started, they have to be removed and re-created. Change in initscript tries to avoid that. Even if containers are running at tmpfs, this won't hurt. Still, if something happens and system hangs/reboots/etc, script won't save you from that. It's just a attempt to make things better.
I also enabled AppArmor support for future possibilities.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 5bb8844fe3e8d6def59f76301acf4c294d38dd30)

3 years agopodman: Add selinux variant and several improvements
Oskari Rauta [Tue, 30 Mar 2021 11:55:57 +0000 (14:55 +0300)]
podman: Add selinux variant and several improvements

* add -selinux variant which depends on libselinux
* init script for background service
* updated configurations
* maintainer change as requested

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit abce42385154c824d850225f466e54f1136a657a)

3 years agopodman: add 'crun' to containers.conf
Daniel Golle [Mon, 29 Mar 2021 22:14:41 +0000 (23:14 +0100)]
podman: add 'crun' to containers.conf

Now that 'crun' has been packaged, add support for it in podman.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 954be76e6a7d3612d36b33de12c355e306458426)

3 years agopodman: update to version 3.0.1
Daniel Golle [Thu, 25 Mar 2021 23:12:04 +0000 (23:12 +0000)]
podman: update to version 3.0.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3c758231cb30e4b1e481d00de0a1a7eb06c6b518)

3 years agoconmon: update to 2.0.30
Oskari Rauta [Thu, 4 Nov 2021 22:19:15 +0000 (00:19 +0200)]
conmon: update to 2.0.30

bug fixes:
 - Remove unreachable code path
 - exit: report if the exit command was killed
 - exit: fix race zombie reaper
 - conn_sock: allow watchdog messages through the notify socket proxy
 - seccomp: add support for seccomp notify

misc:
 - Add seccomp to build dependency

included patch removes unnecessary dependency of libdl and also allows a succesfull build
disabled for arc where libseccomp does not seem to be available

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit ab08ad2ad966b32a7e6e478e3c7dd775492a36ff)

3 years agoconmon: update to 2.0.29
Oskari Rauta [Tue, 8 Jun 2021 00:27:46 +0000 (03:27 +0300)]
conmon: update to 2.0.29

Patch fixing segfaults on nulls was removed due to patch's content being now included in conmon's source since containers/conmon@355dbf1

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 9fdfe2e2c76aa08c1653cee97e9ce25f19286207)

3 years agoconmon: fix segfault, correct a typo and update description
Oskari Rauta [Mon, 29 Mar 2021 15:02:11 +0000 (18:02 +0300)]
conmon: fix segfault, correct a typo and update description

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 463227f70cc75579a93a59c09cb6b372c48c13cc)

3 years agoconmon: update to version 2.0.27
Daniel Golle [Thu, 25 Mar 2021 23:16:47 +0000 (23:16 +0000)]
conmon: update to version 2.0.27

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 301abeecdcaf696f10c55ed6ac5a3f220bbbcec4)

3 years agoconmon: update to 2.0.26
Rosen Penev [Fri, 5 Mar 2021 09:39:50 +0000 (01:39 -0800)]
conmon: update to 2.0.26

Switched to building with meson as it works better in a parallel
context.

Small Makefile adjustments for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c8128df4e4ad4f19d975960c495c3b3ff149783d)

3 years agocni-plugins: update to version 1.0.1
Daniel Golle [Sat, 9 Oct 2021 03:13:05 +0000 (04:13 +0100)]
cni-plugins: update to version 1.0.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b42ea814a05b318dccaa7b6b9c911afe77b1c6cd)

3 years agocni-plugins: update to version 1.0.0
Daniel Golle [Mon, 16 Aug 2021 12:52:43 +0000 (13:52 +0100)]
cni-plugins: update to version 1.0.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ab5050ed652a08f9d0b200aad5fae9f2d523ba2a)

3 years agocni-plugins: depend on kmod-veth
Daniel Golle [Mon, 29 Mar 2021 21:23:54 +0000 (22:23 +0100)]
cni-plugins: depend on kmod-veth

cni-plugins makes use of veth, make sure kernel module is installed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1b25b6e23965a68c2366bdde3a9efcc6467ce8c5)

3 years agocni-plugins: update to version 0.9.1
Daniel Golle [Thu, 25 Mar 2021 23:10:02 +0000 (23:10 +0000)]
cni-plugins: update to version 0.9.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d3da0724116b8843f241ecf6d47115322888b15c)

3 years agocni: update to version 1.0.1
Daniel Golle [Sat, 9 Oct 2021 03:12:42 +0000 (04:12 +0100)]
cni: update to version 1.0.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 043bc28dd10d8a4d2fa52d686c09986735f457f8)

3 years agocni: update to 0.8.1
Oskari Rauta [Tue, 8 Jun 2021 00:39:31 +0000 (03:39 +0300)]
cni: update to 0.8.1

This is a security release that fixes a single bug:
 - tighten up plugin-finding logic (#811)

Users of libcni are strongly encouraged to update.

Added me to list of maintainers as requested by @dangowrt.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit ceaccc1c7a5aaca1c5fc4597bd724753b6bef358)

3 years agolibinput: update to version 1.19.2
Daniel Golle [Mon, 15 Nov 2021 00:40:33 +0000 (00:40 +0000)]
libinput: update to version 1.19.2

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 23ac7563c24d5e446f84b3f427a3f96699524df4)

3 years agolibinput: update to version 1.19.1
Daniel Golle [Sat, 9 Oct 2021 03:08:47 +0000 (04:08 +0100)]
libinput: update to version 1.19.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e852f509cfaa47209f821e66a0b009f3b4b5eb77)

3 years agolibinput: package libinput cli applets and quriks
Daniel Golle [Sat, 21 Aug 2021 17:37:34 +0000 (18:37 +0100)]
libinput: package libinput cli applets and quriks

Also package /usr/libexec/libinput/* and /usr/share/lib/input/*.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f53cd4232ae602907822594ed778a9e42f185fd8)

3 years agolibinput: update to version 1.18.0
Daniel Golle [Sun, 1 Aug 2021 03:06:44 +0000 (04:06 +0100)]
libinput: update to version 1.18.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 112e5628f47e39630cd29281632458fffbfcb0d0)

3 years agolibinput: update to version 1.17.1
Daniel Golle [Wed, 28 Apr 2021 17:45:06 +0000 (18:45 +0100)]
libinput: update to version 1.17.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 81ccb88a80b275d5f101a33519ceec052810a98d)

3 years agolibevdev: update to version 1.12.0
Daniel Golle [Mon, 15 Nov 2021 00:39:52 +0000 (00:39 +0000)]
libevdev: update to version 1.12.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 60bc9982b4cc14260737282277dd21d878640043)

3 years agolibextractor: update to version 1.11
Daniel Golle [Wed, 28 Apr 2021 17:42:56 +0000 (18:42 +0100)]
libextractor: update to version 1.11

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 42707fc1eedf7b5f92d30b2e17f359f97db0d8b5)

3 years agopyodbc: update to version 4.0.32
Daniel Golle [Sat, 9 Oct 2021 03:07:56 +0000 (04:07 +0100)]
pyodbc: update to version 4.0.32

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 264f7b2f5fff40d0d47b103703c17b1f6daef511)

3 years agopyodbc: update hash
Tianling Shen [Sun, 1 Aug 2021 16:07:54 +0000 (00:07 +0800)]
pyodbc: update hash

This package was updated without a hash change.

Fixes: c1575225807cab ("pyodbc: update to version 4.0.31")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b783386890ac6d861adc181306c19a9ff2104632)

3 years agopyodbc: update to version 4.0.31
Daniel Golle [Sun, 1 Aug 2021 03:11:57 +0000 (04:11 +0100)]
pyodbc: update to version 4.0.31

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c1575225807cab0e1628793ccf3b04bab3c97174)

3 years agoWerkzeug: update to version 2.0.2
Daniel Golle [Mon, 15 Nov 2021 00:18:35 +0000 (00:18 +0000)]
Werkzeug: update to version 2.0.2

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e9717188920014e01858b94cbfcc00c2ba692a0e)

3 years agoJinja2: update to version 3.0.3
Daniel Golle [Mon, 15 Nov 2021 00:12:37 +0000 (00:12 +0000)]
Jinja2: update to version 3.0.3

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7c3d48497f05d94dc15a06687ed178d59228cc4c)

3 years agoclick: update to version 8.0.3
Daniel Golle [Mon, 15 Nov 2021 00:12:15 +0000 (00:12 +0000)]
click: update to version 8.0.3

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6ea6c94a48ae43d12322b04022292ff561cdecda)

3 years agoperl-mail-spamassassin: update to version 3.4.6
Daniel Golle [Wed, 28 Apr 2021 18:01:36 +0000 (19:01 +0100)]
perl-mail-spamassassin: update to version 3.4.6

Fixes CVE-2020-1946

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 86bd165f8ca0c5653d58e22924f14849af57c4e3)

3 years agoperl-mail-spamassassin: fix compilation without deprecated OpenSSL APIs
Rosen Penev [Sat, 20 Mar 2021 22:04:09 +0000 (15:04 -0700)]
perl-mail-spamassassin: fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 02d54e1a6f4f2aaee9b5f9d10124b79ff8c3f483)