spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 2d1694ff7c)
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
cherry-pick commit 4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
revert 7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
which was accidentally merged from master while the rename of the
libmicrohttpd* packages has happened only on master.
Revert it for openwrt-18.06.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Backport and squash the following commits from master:
af06f6fd5 gnurl: update to version 7.61.1
7cdbb7569 gnurl: build without libpsl
d34eda733 gnurl: update to version 7.63.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
Link to Python bug:
https://bugs.python.org/issue34656
Upstream commit:
71a9c65e74
OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
Upstream Release Notes:
- MDEV-17475: Maximum value of table_definition_cache is now 2097152
- MDEV-13671: InnoDB should use case-insensitive column name comparisons
like the rest of the server
- ALTER TABLE fixes: MDEV-17230, MDEV-16499, MDEV-17904, MDEV-17833,
MDEV-17470, MDEV-18237, MDEV-18016
- Improvements to InnoDB page checksum, recovery, and Mariabackup:
MDEV-17957, MDEV-12112, MDEV-18025, MDEV-18279, MDEV-18183
- Galera
- MDEV-15740: Galera durability fix
- New configuration variable wsrep_certification_rules, used for
controlling whether to use new/optimized
(--wsrep_certification_rules=optimized) certification rules or the
old/classic ones (--wsrep_certification_rules=strict). Setting the
variable to strict can cause more certification failures.
- Fixes for the following security vulnerabilities:
- CVE-2019-2537
- CVE-2019-2529
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.
This commit also includes a number of clean-ups:
o change START=50 to START=30 in init file
Starting earlier in the boot means less chance of missing interface
trigger events. See: https://github.com/openwrt/packages/pull/4675
o remove unused variables from init file
o separate local declarations and assignments in init file
o add defensive quoting in init file
o use default values for procd respawn in init file
o make use of {} in variables consistent in init file
o remove unused variable from init file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
I am no longer able to support maintaining the stubby daemon for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
This commit brings UCI support to the stubby package.
o All options are documented in the README.md file.
o The README.md file has been re-written to include a short usage
manual.
o The default configuration now includes more Cloudflare addresses.
o The stubby service is (re)started using procd triggers from a
specified interface with a configurable time delay.
o Round robin use of upstream resolvers is now activated by
default.
o Client privacy is now activated by default.
o Options are added for specifying the log level of the daemon and
command line options passed to the stubby command.
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.
Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
