feed/packages.git
2 years agolibwebsockets: fix recursive dependency openwrt-18.06
Josef Schlehofer [Wed, 26 Oct 2022 07:12:38 +0000 (09:12 +0200)]
libwebsockets: fix recursive dependency

While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl

It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.

Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a4e8cbb89a48729b3c3ad615765549628d495b0f)

2 years agolibwebsockets: OpenSSL and mbedTLS variants should conflict
Josef Schlehofer [Tue, 25 Oct 2022 10:14:25 +0000 (12:14 +0200)]
libwebsockets: OpenSSL and mbedTLS variants should conflict

They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 676c5c72b5eeb583da2603e399fac085fa442c59)

2 years agolibwebsockets: full variant provides OpenSSL
Josef Schlehofer [Tue, 25 Oct 2022 05:52:15 +0000 (07:52 +0200)]
libwebsockets: full variant provides OpenSSL

For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.

Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 77e682a11c53f4dcd0e76bdea5ee82de77eaacfe)

2 years agobind: update to 9.11.37
Noah Meyerhans [Fri, 18 Mar 2022 17:24:31 +0000 (10:24 -0700)]
bind: update to 9.11.37

Fixes security issues:

 * CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.

 * CVE-2021-25219 -- The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could
previously be abused by an attacker to significantly
degrade resolver performance.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2 years agohtpdate: drop www.freebsd.org from default server list
Jo-Philipp Wich [Tue, 22 Feb 2022 22:28:55 +0000 (23:28 +0100)]
htpdate: drop freebsd.org from default server list

The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.

Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e8713180026e0cf1c9d1421e3b664fee3fa4df12)

3 years agobind: Bump to version 9.11.36
Noah Meyerhans [Fri, 29 Oct 2021 16:54:23 +0000 (09:54 -0700)]
bind: Bump to version 9.11.36

The following security issues are addressed with this change:

CVE-2020-8619
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-8625
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
CVE-2021-25219

A complete description of the changes with this BIND release is
available in the release notes at
https://ftp.isc.org/isc/bind9/9.11.36/RELEASE-NOTES-bind-9.11.36.html

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
3 years agopython3: Update to 3.6.15
Jeffery To [Wed, 8 Sep 2021 14:47:24 +0000 (22:47 +0800)]
python3: Update to 3.6.15

Includes fix for CVE-2013-0340 ("Billion Laughs" vulnerability).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoperl: perlmod.mk: use 'install' for host binaries
Eneas U de Queiroz [Wed, 11 Aug 2021 13:57:23 +0000 (10:57 -0300)]
perl: perlmod.mk: use 'install' for host binaries

When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'.  However, if the binary is running in a
parallel job, cp will fail with a text file busy error.  Use
$(INSTALL_BIN), which unliks the file first to avoid the error.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 19c7496648cb25500ca7007a7c1578a426c23a09)
(cherry picked from commit 67f403b5e6afba14cbf6742833426faad796bfd9)

3 years agoMerge pull request #16086 from turris-cz/lxc-update-keyserver
Josef Schlehofer [Sun, 11 Jul 2021 18:44:01 +0000 (20:44 +0200)]
Merge pull request #16086 from turris-cz/lxc-update-keyserver

lxc: add patch to switch GPG server

3 years agolxc: add patch to switch GPG server
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server

By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.

Use the same GPG server as LXC is using by default in the newer
releases.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoMerge pull request #16056 from jefferyto/python3-3.6.14-openwrt-18.06
Josef Schlehofer [Wed, 7 Jul 2021 07:04:46 +0000 (09:04 +0200)]
Merge pull request #16056 from jefferyto/python3-3.6.14-openwrt-18.06

[openwrt-18.06] python3: Update to 3.6.14

3 years agopython3: Update to 3.6.14
Jeffery To [Tue, 6 Jul 2021 16:38:27 +0000 (00:38 +0800)]
python3: Update to 3.6.14

Includes fix for CVE-2021-3426 (Information disclosure via pydoc).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoMerge pull request #15415 from luizluca/18.06/ruby-2.5.9
Luiz Angelo Daros de Luca [Tue, 13 Apr 2021 16:05:03 +0000 (13:05 -0300)]
Merge pull request #15415 from luizluca/18.06/ruby-2.5.9

[18.06] ruby: update to 2.5.9

3 years agoruby: update to 2.5.9
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 17:52:28 +0000 (14:52 -0300)]
ruby: update to 2.5.9

Fixes two CVEs:

CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
CVE-2021-28965: XML round-trip vulnerability in REXML

After this release, Ruby 2.5 reaches EOL.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 years agoMerge pull request #15166 from gladiac1337/haproxy-1.8.29-18.06
Rosen Penev [Fri, 19 Mar 2021 22:51:47 +0000 (15:51 -0700)]
Merge pull request #15166 from gladiac1337/haproxy-1.8.29-18.06

[openwrt-18.06] haproxy: Update HAProxy to v1.8.29

3 years agohaproxy: Update HAProxy to v1.8.29
Christian Lachner [Fri, 19 Mar 2021 18:01:37 +0000 (19:01 +0100)]
haproxy: Update HAProxy to v1.8.29

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agoMerge pull request #14843 from jefferyto/python-3.6.13-openwrt-18.06
Josef Schlehofer [Mon, 22 Feb 2021 17:46:55 +0000 (18:46 +0100)]
Merge pull request #14843 from jefferyto/python-3.6.13-openwrt-18.06

[openwrt-18.06] python3: Update to 3.6.13

3 years agopython3: Update to 3.6.13
Jeffery To [Mon, 22 Feb 2021 12:28:45 +0000 (20:28 +0800)]
python3: Update to 3.6.13

Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
  as a query args separator

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoMerge pull request #14502 from stangri/18.06-https-dns-proxy
Rosen Penev [Sat, 23 Jan 2021 01:42:29 +0000 (17:42 -0800)]
Merge pull request #14502 from stangri/18.06-https-dns-proxy

[18.06] https-dns-proxy: bugfix: high CPU utilization

3 years agohttps-dns-proxy: bugfix: high CPU utilization
Stan Grishin [Mon, 18 Jan 2021 15:28:24 +0000 (15:28 +0000)]
https-dns-proxy: bugfix: high CPU utilization

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoMerge pull request #14428 from stangri/18.06-https-dns-proxy
Rosen Penev [Thu, 7 Jan 2021 03:58:53 +0000 (19:58 -0800)]
Merge pull request #14428 from stangri/18.06-https-dns-proxy

[18.06] https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP support

3 years agohttps-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support
Stan Grishin [Wed, 6 Jan 2021 17:53:33 +0000 (17:53 +0000)]
https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoMerge pull request #14272 from stangri/18.06-simple-adblock
Rosen Penev [Sat, 19 Dec 2020 10:29:46 +0000 (02:29 -0800)]
Merge pull request #14272 from stangri/18.06-simple-adblock

[18.06] simple-adblock: config update

3 years agosimple-adblock: config update
Stan Grishin [Sat, 19 Dec 2020 04:05:25 +0000 (22:05 -0600)]
simple-adblock: config update

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #14214 from stangri/18.06-simple-adblock
Rosen Penev [Mon, 14 Dec 2020 21:38:00 +0000 (13:38 -0800)]
Merge pull request #14214 from stangri/18.06-simple-adblock

[18.06] simple-adblock: bugfix - config update

4 years agosimple-adblock: bugfix - config update
Stan Grishin [Sat, 12 Dec 2020 21:58:52 +0000 (15:58 -0600)]
simple-adblock: bugfix - config update

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agohttps-dns-proxy: update binary to 2020-08-21
Stan Grishin [Mon, 28 Sep 2020 20:10:58 +0000 (20:10 +0000)]
https-dns-proxy: update binary to 2020-08-21

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agopython3: fix host compilation with clang
Rosen Penev [Sat, 1 Aug 2020 20:59:57 +0000 (13:59 -0700)]
python3: fix host compilation with clang

Matched rpath parameter with Makefile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit b40c40151c2ac3dd11d908a0548ac97e6b5c8455)

4 years agoMerge pull request #13918 from cartender/pr_stm32flash
Rosen Penev [Fri, 20 Nov 2020 01:07:43 +0000 (17:07 -0800)]
Merge pull request #13918 from cartender/pr_stm32flash

stm32flash: Added patch to lock serial device

4 years agostm32flash: Added patch to lock serial device
Giovanni Giacobbi [Sat, 14 Nov 2020 16:29:02 +0000 (16:29 +0000)]
stm32flash: Added patch to lock serial device

Patch backported from upstream master

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
4 years agohaproxy: Update HAProxy to v1.8.27
Christian Lachner [Sun, 8 Nov 2020 12:36:36 +0000 (13:36 +0100)]
haproxy: Update HAProxy to v1.8.27

- Update haproxy download URL and hash
- Fix ssl compat patch offsets

Signed-off-by: Christian Lachner <gladiac@gmail.com>
4 years agophp7: update to 7.2.34
Michael Heimpold [Sat, 7 Nov 2020 20:44:02 +0000 (21:44 +0100)]
php7: update to 7.2.34

This fixes:
  - CVE-2020-7069
  - CVE-2020-7070

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5b3870890d9b55c51ed034bfbe7620654021c452)

4 years agofastd: fix buffer leak when receiving invalid packets
Matthias Schiffer [Mon, 19 Oct 2020 20:09:34 +0000 (22:09 +0200)]
fastd: fix buffer leak when receiving invalid packets

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
4 years agoMerge pull request #13685 from jefferyto/python-3.6.12-openwrt-18.06
Rosen Penev [Fri, 16 Oct 2020 21:24:08 +0000 (14:24 -0700)]
Merge pull request #13685 from jefferyto/python-3.6.12-openwrt-18.06

[openwrt-18.06] python3: Update to 3.6.12, remove backported patches

4 years agopython3: Update to 3.6.12, remove backported patches
Jeffery To [Fri, 16 Oct 2020 16:39:17 +0000 (00:39 +0800)]
python3: Update to 3.6.12, remove backported patches

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agosimple-adblock: config update file fix
Stan Grishin [Thu, 8 Oct 2020 02:39:15 +0000 (02:39 +0000)]
simple-adblock: config update file fix

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agonano: update to 5.3
Hannu Nyman [Wed, 7 Oct 2020 15:22:50 +0000 (18:22 +0300)]
nano: update to 5.3

Update nano editor to version 5.3.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4690a1f1c98c12f74a882eb2fc256c1f98957e55)

4 years agoMerge pull request #13550 from gladiac1337/haproxy-1.8.26-openwrt-18.06
Rosen Penev [Fri, 2 Oct 2020 20:58:28 +0000 (13:58 -0700)]
Merge pull request #13550 from gladiac1337/haproxy-1.8.26-openwrt-18.06

[openwrt-18.06] haproxy: Update HAProxy to v1.8.26

4 years agohaproxy: Update HAProxy to v1.8.26
Christian Lachner [Fri, 2 Oct 2020 07:31:10 +0000 (09:31 +0200)]
haproxy: Update HAProxy to v1.8.26

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
4 years agovpnbypass: README update, code cleanup
Stan Grishin [Mon, 21 Sep 2020 18:16:02 +0000 (18:16 +0000)]
vpnbypass: README update, code cleanup

Signed-off-by: Stan Grishin <stangri@melmac.net>
update

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #13435 from stangri/18.06-simple-adblock
Rosen Penev [Sun, 20 Sep 2020 11:14:31 +0000 (04:14 -0700)]
Merge pull request #13435 from stangri/18.06-simple-adblock

[18.06] simple-adblock: add config auto-update feature

4 years agosimple-adblock: add config auto-update feature
Stan Grishin [Sun, 20 Sep 2020 00:17:04 +0000 (00:17 +0000)]
simple-adblock: add config auto-update feature

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agophp7: update to 7.2.33
Michael Heimpold [Thu, 10 Sep 2020 18:52:06 +0000 (20:52 +0200)]
php7: update to 7.2.33

This fixes:
  - CVE-2020-7068

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 473ca554f5cdd6f3bbed44d563b041ac7edf4557)

4 years agonano: update to 5.2
Hannu Nyman [Tue, 25 Aug 2020 20:03:55 +0000 (23:03 +0300)]
nano: update to 5.2

Update nano editor to version 5.2.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 3ce75951360c675cec86548f2cb19cfca2ee1c89)

4 years agoMerge pull request #13188 from stangri/18.06-simple-adblock
Rosen Penev [Sat, 22 Aug 2020 00:48:40 +0000 (17:48 -0700)]
Merge pull request #13188 from stangri/18.06-simple-adblock

[18.06] simple-adblock: bugfix: update config; use command -v

4 years agosimple-adblock: bugfix: update config; use command -v
Stan Grishin [Fri, 21 Aug 2020 23:29:33 +0000 (23:29 +0000)]
simple-adblock: bugfix: update config; use command -v

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agofreeradius3: Fix proxy.conf file conflict.
Robby K [Fri, 7 Feb 2020 16:00:02 +0000 (17:00 +0100)]
freeradius3: Fix proxy.conf file conflict.

It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.

Signed-off-by: Robby K <robbyke@gmail.com>
Fixes: #13149
(cherry picked from commit c81d176e805122469216c8eac42081e91ca7304c)

4 years agoMerge pull request #13123 from jjm2473/lvm2-fix-mac-sh-for-1806
Rosen Penev [Sat, 15 Aug 2020 08:45:13 +0000 (01:45 -0700)]
Merge pull request #13123 from jjm2473/lvm2-fix-mac-sh-for-1806

lvm2: fix CE in mac (backport)

4 years agolvm2: fix CE in mac
Liangbin Lian [Fri, 14 Aug 2020 06:19:12 +0000 (14:19 +0800)]
lvm2: fix CE in mac

command-count.h generated by makefile was wrong
when using default shell in mac,
set shell to bash to fix it.

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 9bb0962d6e3a2d5faf28a9624da82a936d961f19)

4 years agonano: update to 5.1
Hannu Nyman [Wed, 12 Aug 2020 19:53:37 +0000 (22:53 +0300)]
nano: update to 5.1

Update nano to version 5.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 02f9ec4adc22a80e2adf57f868b080a2934af8bc)

4 years agonano: update to 5.0
Hannu Nyman [Thu, 30 Jul 2020 15:34:02 +0000 (18:34 +0300)]
nano: update to 5.0

Update nano editor to version 5.0.
http://git.savannah.gnu.org/cgit/nano.git/tree/NEWS

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 409633f0ddd4baefc85e89077a6e74fd2135884f)

4 years agoMerge pull request #13057 from odmdas/odmdas-freeradius3-Makefile-18.06
Rosen Penev [Sun, 9 Aug 2020 02:47:48 +0000 (19:47 -0700)]
Merge pull request #13057 from odmdas/odmdas-freeradius3-Makefile-18.06

[18.06] freeradius3: add missing conffiles to Makefile

4 years agofreeradius3: add missing conffiles to Makefile
Alexey Dobrovolsky [Sat, 8 Aug 2020 21:22:15 +0000 (00:22 +0300)]
freeradius3: add missing conffiles to Makefile

Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.

File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.

(backported from commit f6974b8)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
4 years agoMerge pull request #13023 from stangri/18.06-simple-adblock
Rosen Penev [Wed, 5 Aug 2020 20:16:56 +0000 (13:16 -0700)]
Merge pull request #13023 from stangri/18.06-simple-adblock

[18.06] simple-adblock: README and config update

4 years agosimple-adblock: README and config update
Stan Grishin [Tue, 4 Aug 2020 22:51:00 +0000 (22:51 +0000)]
simple-adblock: README and config update

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #12999 from jjm2473/libtasn1-support-host-compile
Rosen Penev [Tue, 4 Aug 2020 03:03:12 +0000 (20:03 -0700)]
Merge pull request #12999 from jjm2473/libtasn1-support-host-compile

libtasn1: add host build

4 years agolibtasn1: add host-build
Andy Walsh [Fri, 13 Dec 2019 16:15:42 +0000 (17:15 +0100)]
libtasn1: add host-build

* samba4 complains that it cant find the libasn1 host bins

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry picked from commit 42e9057d41f9d59916daa9d716734f25a666b55a)

4 years agoMerge pull request #12989 from jjm2473/netatalk-fix-CE-dtrace
Rosen Penev [Mon, 3 Aug 2020 20:38:18 +0000 (13:38 -0700)]
Merge pull request #12989 from jjm2473/netatalk-fix-CE-dtrace

netatalk: fix compile error in mac os

4 years agonetatalk: fix compile error in mac os
Liangbin Lian [Sat, 1 Aug 2020 16:17:53 +0000 (00:17 +0800)]
netatalk: fix compile error in mac os

fix compile error in mac os when dtrace installed.

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
4 years agoMerge pull request #12991 from jjm2473/libgpg-error-fix-gawk50-3
Rosen Penev [Sat, 1 Aug 2020 23:00:32 +0000 (16:00 -0700)]
Merge pull request #12991 from jjm2473/libgpg-error-fix-gawk50-3

libgpg-error: Fix compilation with GAWK 5.0

4 years agolibgpg-error: Fix compilation with GAWK 5.0
Liangbin Lian [Sat, 1 Aug 2020 16:10:50 +0000 (00:10 +0800)]
libgpg-error: Fix compilation with GAWK 5.0

Patch from Upstream.

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
4 years agoMerge pull request #12882 from jefferyto/python3-backport-patches-openwrt-18.06
Rosen Penev [Mon, 20 Jul 2020 10:24:50 +0000 (03:24 -0700)]
Merge pull request #12882 from jefferyto/python3-backport-patches-openwrt-18.06

[openwrt-18.06] python3: Backport security fixes

4 years agopython3: Backport security fixes
Jeffery To [Mon, 20 Jul 2020 09:43:45 +0000 (17:43 +0800)]
python3: Backport security fixes

This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agohaveged: update to 1.9.13
Hannu Nyman [Sat, 18 Jul 2020 11:11:34 +0000 (14:11 +0300)]
haveged: update to 1.9.13

Update haveged to version 1.9.13.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 28cf20129081f9c6b8778b243cc3df1f610544c4)

4 years agoMerge pull request #12661 from jefferyto/python-3.6.11-openwrt-18.06
Rosen Penev [Tue, 30 Jun 2020 21:33:05 +0000 (14:33 -0700)]
Merge pull request #12661 from jefferyto/python-3.6.11-openwrt-18.06

[openwrt-18.06] python3: Update to 3.6.11

4 years agopython3: Update to 3.6.11
Jeffery To [Tue, 30 Jun 2020 16:01:28 +0000 (00:01 +0800)]
python3: Update to 3.6.11

This contains a fix for CVE-2020-8492 (Denial of service in
urllib.request.AbstractBasicAuthHandler)[1].

[1]: https://docs.python.org/release/3.6.11/whatsnew/changelog.html#python-3-6-11-release-candidate-1

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agoMerge pull request #12615 from stangri/18.06-https-dns-proxy
Rosen Penev [Fri, 26 Jun 2020 05:18:08 +0000 (22:18 -0700)]
Merge pull request #12615 from stangri/18.06-https-dns-proxy

[18.06] https-dns-proxy: re-add conffiles and add description to Makefile

4 years agohttps-dns-proxy: re-add conffiles and add description to Makefile
Stan Grishin [Fri, 26 Jun 2020 03:09:53 +0000 (03:09 +0000)]
https-dns-proxy: re-add conffiles and add description to Makefile

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #12598 from stangri/18.06-https-dns-proxy
Rosen Penev [Thu, 25 Jun 2020 21:22:22 +0000 (14:22 -0700)]
Merge pull request #12598 from stangri/18.06-https-dns-proxy

[18.06] https-dns-proxy: bugfix: remove eDNS support

4 years agohttps-dns-proxy: bugfix: remove eDNS support
Stan Grishin [Thu, 25 Jun 2020 19:41:07 +0000 (19:41 +0000)]
https-dns-proxy: bugfix: remove eDNS support

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agohaveged: update to 1.9.12
Hannu Nyman [Sun, 21 Jun 2020 20:22:52 +0000 (23:22 +0300)]
haveged: update to 1.9.12

Update haveged to version 1.9.12

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6392d50c3180b5da7a4ba041decf7a229d0e1c53)

4 years agohaveged: update to 1.9.11
Hannu Nyman [Sun, 14 Jun 2020 18:12:12 +0000 (21:12 +0300)]
haveged: update to 1.9.11

Update haveged to version 1.9.11

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit ca30b0ff91846a407469f6a77d1cbaf6b150d06d)

4 years agohaveged: move init script from 13 to 01
Karel Kočí [Wed, 11 Mar 2020 10:17:33 +0000 (11:17 +0100)]
haveged: move init script from 13 to 01

This is intended as a match with standard urngd. They serve same purpose
and urngd starts as first with 00. Starting haveged later can create
issues if you replace urngd with it. The example problem is if
uci-defaults script decides to generate certificate. Haveged can supply
entropy but it is started later and to mitigate this urngd would still
have to be installed. This means that haveget can't serve as replacement
without moving it to match start order of urngd.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 1ef38f45d982beb46b2df6d3582ad0bc2b0007ca)

4 years agoMerge pull request #12508 from stangri/18.06-simple-adblock
Etienne Champetier [Sat, 13 Jun 2020 22:11:18 +0000 (18:11 -0400)]
Merge pull request #12508 from stangri/18.06-simple-adblock

[18.06] simple-adblock: racially-neutral names

4 years agosimple-adblock: racially-neutral names
Stan Grishin [Sat, 13 Jun 2020 20:39:21 +0000 (20:39 +0000)]
simple-adblock: racially-neutral names

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #12455 from stangri/18.06-simple-adblock
Rosen Penev [Mon, 8 Jun 2020 20:50:52 +0000 (13:50 -0700)]
Merge pull request #12455 from stangri/18.06-simple-adblock

[18.06] simple-adblock: remove obsolete dshield.org links from config

4 years agosimple-adblock: remove obsolete dshield.org links from config
Stan Grishin [Mon, 8 Jun 2020 17:36:02 +0000 (17:36 +0000)]
simple-adblock: remove obsolete dshield.org links from config

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoMerge pull request #12335 from stangri/18.06-simple-adblock
Hannu Nyman [Wed, 3 Jun 2020 15:21:58 +0000 (18:21 +0300)]
Merge pull request #12335 from stangri/18.06-simple-adblock

[18.06] simple-adblock: bugfix: proper error reporting on failed downloads; lists update script

4 years agosimple-adblock: bugfix: proper error reporting on failed downloads; lists update...
Stan Grishin [Wed, 27 May 2020 00:26:28 +0000 (00:26 +0000)]
simple-adblock: bugfix: proper error reporting on failed downloads; lists update script

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agonano: update to 4.9.3
Hannu Nyman [Sun, 24 May 2020 17:41:28 +0000 (20:41 +0300)]
nano: update to 4.9.3

Update nano version to 4.9.3
Minor bugfix release.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 38be46a7ae496cf9f01dd2fd6fee74bc9f1b2673)

4 years agobind: update to version 9.11.19
Josef Schlehofer [Tue, 19 May 2020 10:20:26 +0000 (12:20 +0200)]
bind: update to version 9.11.19

Fixes:
CVE-2020-8616
CVE-2020-8617

Remove backported patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
4 years agoMerge pull request #12235 from jefferyto/python-openssl-ca-certs-openwrt-18.06
Rosen Penev [Wed, 20 May 2020 16:21:37 +0000 (09:21 -0700)]
Merge pull request #12235 from jefferyto/python-openssl-ca-certs-openwrt-18.06

[openwrt-18.06] python-openssl,python3-openssl: Add dependency on ca-bundle

4 years agopython-openssl,python3-openssl: Add dependency on ca-bundle
Jeffery To [Wed, 20 May 2020 07:46:59 +0000 (15:46 +0800)]
python-openssl,python3-openssl: Add dependency on ca-bundle

The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From https://github.com/openwrt/packages/issues/12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agoPython: Fix compile of host modules
Jan Kardell [Mon, 8 Oct 2018 09:57:14 +0000 (11:57 +0200)]
Python: Fix compile of host modules

Add -rpath linker option to host build, pointing to staging/hostpkh/lib.
It's needed to find the correct host libs during runtime, without it the
hosts libs may be used instaead, causing failures.

Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit 0311e58bb645b8f5a2b96528d78edc90c811ed94)

4 years agoPython3: Fix host build on OpenSUSE
Jan Kardell [Mon, 1 Oct 2018 17:13:44 +0000 (19:13 +0200)]
Python3: Fix host build on OpenSUSE

The linker option -rpath is required to find libs in staging_dir. Now it
is included when building host modules. Without it the import test of
the _ctypes and _uuid modules would fail. The _ctypes module uses
libffi.so.6 from staging, but OpenSUSE LEAP 15 has libffi.so.7.
It will also fail on LEAP 42.x, Fedora28 and 29 and future or old
versions of Ubuntu.

Fix needed in master and 18.06 branches.

Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit 6ade5a1e3adb189d062b707e2b8f731c9faab844)

4 years agounbound: update to version 1.10.1
Josef Schlehofer [Tue, 19 May 2020 09:50:37 +0000 (11:50 +0200)]
unbound: update to version 1.10.1

Fixes:
CVE-2020-12662
CVE-2020-12663

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
4 years agoMerge pull request #12207 from micmac1/mar-1806-10413
Hannu Nyman [Mon, 18 May 2020 05:49:19 +0000 (08:49 +0300)]
Merge pull request #12207 from micmac1/mar-1806-10413

[18.06] mariadb: minor version bump with CVE fixes

4 years agomariadb: bump to 10.1.45
Sebastian Kemper [Sun, 17 May 2020 22:24:28 +0000 (00:24 +0200)]
mariadb: bump to 10.1.45

Fixes:

  CVE-2020-2752
  CVE-2020-2812
  CVE-2020-2814

This commit also moves mysql_upgrade to the client package and installs
the configuration files readable for all, so that the clients can read
them.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
4 years agophp7: update to version 7.2.31
Michael Heimpold [Sat, 16 May 2020 11:48:47 +0000 (13:48 +0200)]
php7: update to version 7.2.31

This fixes:
  - CVE-2019-11048

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2e6bd4cb86682b224803325127d3f777d40b3231)

4 years agoMerge pull request #12142 from EricLuehrsen/unbound_1806_1100
Hannu Nyman [Mon, 11 May 2020 12:09:22 +0000 (15:09 +0300)]
Merge pull request #12142 from EricLuehrsen/unbound_1806_1100

[openwrt-18.06] unbound: update to 1.10.0

4 years agounbound: update to 1.10.0
Eric Luehrsen [Mon, 11 May 2020 03:55:09 +0000 (23:55 -0400)]
unbound: update to 1.10.0

cherry-pick: f779ef48cd21474acf72ee151588737273a509c2
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
4 years agoMerge pull request #12058 from stangri/18.06-vpnbypass
Hannu Nyman [Sun, 3 May 2020 19:53:02 +0000 (22:53 +0300)]
Merge pull request #12058 from stangri/18.06-vpnbypass

[18.06] vpnbypass: bugfix: remove non-ASCII from system log; update README

4 years agovpnbypass: bugfix: remove non-ASCII from system log; update README
Stan Grishin [Sat, 2 May 2020 22:35:55 +0000 (22:35 +0000)]
vpnbypass: bugfix: remove non-ASCII from system log; update README

Signed-off-by: Stan Grishin <stangri@melmac.net>
4 years agoyoutube-dl: update to version 2020.3.24
Josef Schlehofer [Fri, 1 May 2020 09:47:42 +0000 (11:47 +0200)]
youtube-dl: update to version 2020.3.24

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
4 years agoMerge pull request #11995 from jefferyto/python-2.7.18-openwrt-18.06
Josef Schlehofer [Wed, 29 Apr 2020 08:57:13 +0000 (10:57 +0200)]
Merge pull request #11995 from jefferyto/python-2.7.18-openwrt-18.06

[openwrt-18.06] python: Update to 2.7.18, refresh patches

4 years agopython: Update to 2.7.18, refresh patches
Jeffery To [Tue, 28 Apr 2020 22:06:21 +0000 (06:06 +0800)]
python: Update to 2.7.18, refresh patches

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agomwan3: Fix json_load fails with some data
yurtesen [Tue, 12 Nov 2019 15:53:51 +0000 (17:53 +0200)]
mwan3: Fix json_load fails with some data

Sometimes the return value of `ubus -S call network.interface.wan status`
cause `json_load` to return `Failed to parse message data` error.

To avoid this, the JSON data always should be quoted with double quotes.

Signed-off-by: Evren Yurtesen <eyurtese@abo.fi>
Removed quoatation marks from commit heading
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 94e0c78826b15c95c40bfa82bbf8bba35dc56961)

4 years agolibarchive: update to 3.4.2
Rosen Penev [Sat, 22 Feb 2020 02:55:13 +0000 (18:55 -0800)]
libarchive: update to 3.4.2

Switch to normal tarballs. Remove autoreconf as a result.

Several Makefile cleanups for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c22dd1bf74fa5836a88fa417b467767bcfe8a4ff)
(cherry picked from commit 2085b990ffc875a5157c02a9e2b5bd04c8eb35b3)

4 years agolibarchive: update to version 3.4.1 (security fix)
Jan Pavlinec [Thu, 16 Jan 2020 14:47:08 +0000 (15:47 +0100)]
libarchive: update to version 3.4.1 (security fix)

Fixes CVE-2019-19221

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from df634dcc926650de22248b89620c649c0fef7602)
(cherry picked from commit ba43556aed90705bc04fd074d39ee6ea012a71f2)

4 years agophp7: update to version 7.2.30
Josef Schlehofer [Wed, 22 Apr 2020 16:04:10 +0000 (18:04 +0200)]
php7: update to version 7.2.30

Fixes:
CVE-2020-7066
CVE-2020-7064

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 09738290a319cc2af74a0be9a52aa5a76b6ca98e)