Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16911 commits 8 branches 0 tags 65 MiB
Commit graph

16911 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Salzman
5ddcc2e050
knot: disable libnghttp2 autodetection 
Signed-off-by: Daniel Salzman <daniel.salzman@nic.cz>
(cherry picked from commit 67e3c594de)
 2021-02-23 12:24:43 +01:00
Jan Hak
fb103be86b
knot: update to version 3.0.1 
definition of PSELECT_COMPAT could be removed many years ago, is no longer needed

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 4069bb1e72)
 2021-02-23 12:24:38 +01:00
Josef Schlehofer
523011bf49 screen: backport fix for CVE-2021-26937 
Security reports:
- https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
This issue can be reproduced even on OpenWrt
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982435

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit c250298fa3)
 2021-02-23 06:11:38 -05:00
Josef Schlehofer
8e1b62d4bb openvswitch: update to version 2.11.6 (security fix) 
Fixes CVEs:
- CVE-2020-35498
- In DPDK: CVE-2015-8011 and CVE-2020-27827
- In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724

Removed patches:
- 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they
are included in this release as it was backported
- 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch
included in this release as it was backported

Other patches were refreshed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2021-02-23 17:14:37 +08:00
Rosen Penev
3be5d565cf
Merge pull request #14710 from stangri/19.07-https-dns-proxy 
[19.07] https-dns-proxy: support for force DNS/DNS hijacking
 2021-02-22 16:27:00 -08:00
Josef Schlehofer
0d0e4b96b4
netdata: update to version 1.29.2 
Release notes:
https://github.com/netdata/netdata/releases/tag/v1.29.2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e8021bf14d)
 2021-02-22 19:53:46 +01:00
Josef Schlehofer
2980cb8dbb
netdata: update to version 1.29.1 
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d0736d5e73)
 2021-02-22 19:53:41 +01:00
Josef Schlehofer
da74b6448f
Merge pull request #14845 from jefferyto/python-3.7.10-openwrt-19.07 
[openwrt-19.07] python3: Update to 3.7.10, refresh patches
 2021-02-22 18:46:34 +01:00
Jeffery To
f05ba1bbca
python3: Update to 3.7.10, refresh patches 
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
  as a query args separator

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
 2021-02-22 21:05:28 +08:00
Moritz Warning
7be89f1f34
zerotier: bump to 1.6.4 
Signed-off-by: Moritz Warning <moritzwarning@web.de>
 2021-02-21 08:48:36 +01:00
Rosen Penev
d5e0fd68d9
Merge pull request #14785 from nmeyerhans/openwrt-19.07+bind-9.16.12 
bind: bump to 9.16.12
 2021-02-18 17:10:31 -08:00
Noah Meyerhans
fcf72948ae bind: bump to 9.16.12 
Includes fix for security issues:

* CVE-2020-8625: BIND servers are vulnerable if they are running an
  affected version and are configured to use GSS-TSIG features.

Disable backtrace functionality, as it is unreliable across
architectures and generally only supported by upstream on amd64

Remove a patch that has been incorporated upstream

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
 2021-02-18 15:46:39 -08:00
Rosen Penev
9395507160
Merge pull request #14778 from BKPepe/ksmbd-19.07-drop-arc4-dependency 
ksmbd: remove kmod-crypto-arc4 dependency
 2021-02-17 12:58:29 -08:00
Josef Schlehofer
feb1a188e5
ksmbd: remove kmod-crypto-arc4 dependency 
This kernel module is already set for target/linux/generic/config-4.14
in OpenWrt 19.07 branch. This solves a problem that this package can not
be installed on the router:

 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
 * 	kmod-crypto-arc4
 * opkg_install_cmd: Cannot install package kmod-fs-ksmbd.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2021-02-17 20:32:55 +01:00
Hauke Mehrtens
90af10d015
Merge pull request #14647 from neheb/k9 
[19.07] ksmbd(-tools): update to 3.3.4
 2021-02-16 22:26:50 +00:00
Rosen Penev
f1459a2856
Merge pull request #14714 from 1715173329/ttyd-bp 
[19.07] ttyd: force enable authentication for login
 2021-02-14 16:06:57 -08:00
John Audia
2f7026e65c htop: update to 3.0.5-1 
Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit 476f70e9a0)
 2021-02-14 20:05:44 +02:00
Josef Schlehofer
ad186135ac
python-paho-mqtt: Update to version 1.5.0 
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8e36f9fd6)
[use pypi.mk for Python package]
 2021-02-12 16:12:19 +01:00
Philip Prindeville
9b248e0448
Merge pull request #14715 from pprindeville/isc-dhcp-stable-fix-coredump 
isc-dhcp: seeing crashes when attempting to update dynamic dns
 2021-02-10 12:34:19 -07:00
Philip Prindeville
3f0dbcdae1 isc-dhcp: seeing crashes when attempting to update dynamic dns 
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
 2021-02-10 12:00:53 -07:00
Tianling Shen
95fa96bda2
ttyd: force enable authentication for login 
Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.

In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.

1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.

Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>

Backported from f45bb2981d
 2021-02-10 19:20:09 +08:00
Stan Grishin
1a4184c076 https-dns-proxy: support for force DNS/DNS hijacking 
Signed-off-by: Stan Grishin <stangri@melmac.net>
 2021-02-10 05:59:24 +00:00
Karl Palsson
b1fec2b7b5 mosquitto: bump to 1.6.13 
Includes various fixes: (2.0.7 + 1.6.13 dual release)
https://mosquitto.org/blog/2021/02/version-2-0-7-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
 2021-02-08 15:20:53 +00:00
Rosen Penev
d2daab3d33
Merge pull request #14681 from jonathanunderwood/openwrt-19.07-getdns-no-static-linking 
[19.07] getdns: disable static linking of getdns utilities
 2021-02-07 15:19:51 -08:00
Jonathan G. Underwood
5954e5695b getdns: disable static linking of getdns utilities 
This fixes issue #13361.

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
 2021-02-07 14:42:38 +00:00
Rosen Penev
89d14ff29c
Merge pull request #14670 from jonathanunderwood/openwrt-19.07-cherry-pick 
[19.07] getdns: cherry pick recent fixes from master
 2021-02-06 14:34:29 -08:00
Rosen Penev
63db81b46e
Merge pull request #14677 from mwarning/zt2 
zerotier: update to 1.6.3
 2021-02-06 14:33:43 -08:00
Moritz Warning
db69f0b57c zerotier: update to 1.6.3 
Signed-off-by: Moritz Warning <moritzwarning@web.de>
 2021-02-06 22:06:37 +01:00
Harris K Kusuma
1cec6bcfa1 getdns: Fix TLS V1.3 Ciphersuites option in Stubby 
Description :
Fix typo in CMAKE getdns included files, so Stubby can use TLS v1.3 with chipersuites options ON.

This solve issue that's written in here :
https://github.com/getdnsapi/stubby/issues/240
https://github.com/getdnsapi/stubby/issues/257

Signed-off-by: Harris K Kusuma <igharris.kk@gmail.com>
 2021-02-06 12:02:26 +00:00
Rosen Penev
d7b42dcaa4 getdns: fix compilation without deprecated OpenSSL APIs 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-02-06 12:02:16 +00:00
Rosen Penev
dbc66a08f3
ksmbd: update to 3.3.4 
Manually added from master.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-02-04 00:23:59 -08:00
Rosen Penev
86c8807120
ksmbd-tools: update to 3.3.4 
Manually updated.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-02-03 17:26:48 -08:00
Rosen Penev
2888560b93
Merge pull request #14632 from stangri/19.07-simple-adblock 
[19.07] simple-adblock: remove dependency on jsonfilter & old code
 2021-02-02 19:40:16 -08:00
Stan Grishin
cf79695645 simple-adblock: remove dependency on jsonfilter & old code 
Signed-off-by: Stan Grishin <stangri@melmac.net>
 2021-02-02 22:11:20 +00:00
Josef Schlehofer
bee91a9d88 sudo: backport patches for CVE-2021-3156 
This security vulnerability is known as Baron Samedit [1] and there is a
research by Qualys [2] and they discovered it. Unfortunately or
fortunately, there isn't present sudoedit on OpenWrt.

Two patches were applied cleanly and the other two required manual
intervention. Those were backported from version 1.9.5p2

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
[2] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2021-01-28 10:09:00 -10:00
Rosen Penev
4949dcdc50
Merge pull request #14575 from Andy2244/samba4-fix-#13758 
[19.07] samba4: fix for #13758
 2021-01-26 14:53:53 -08:00
Andy Walsh
46d327a59b samba4: fix for #13758 
* fix for possible exploit #13758
* sanetize all external template/config inputs
* fix some shellcheck warnings

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
 2021-01-26 12:24:57 +01:00
Rosen Penev
7a1ccfc0e6
Merge pull request #14565 from rs/nextdns-1.10.1-openwrt-19.07 
[19.07] nextdns: Update to version 1.10.1
 2021-01-25 23:07:17 -08:00
Michael Heimpold
308369a6f0
Merge pull request #14558 from cartender/pr/19_fix_php7_conf_ac 
php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
 2021-01-25 23:54:21 +01:00
Olivier Poitrey
e8d15424b4 nextdns: Update to version 1.10.1 
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
 2021-01-25 17:55:29 +00:00
Giovanni Giacobbi
11e9a2e179
php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac' 
Package release version unchanged as it does not impact the build result in any way.

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
 2021-01-25 10:38:19 +00:00
Josef Schlehofer
aae5144e73
msmtp: update to version 1.8.14 
Release notes for 1.8.1.3:
https://marlam.de/msmtp/news/msmtp-1-8-13/

Release notes for 1.8.1.4:
https://marlam.de/msmtp/news/msmtp-1-8-13/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ff76e24e5a)
 2021-01-24 23:10:53 +01:00
Josef Schlehofer
8e54decfa2
youtube-dl: update to version 2021.1.16 
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5d839fc06b)
 2021-01-24 10:31:31 +01:00
Josef Schlehofer
3b582ebd3f
youtube-dl: update to version 2020.12.7 
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 87e15391cd)
 2021-01-24 10:31:25 +01:00
Rosen Penev
ee88c06fbd
Merge pull request #14501 from stangri/19.07-https-dns-proxy 
[19.07] https-dns-proxy: bugfix: high CPU utilization
 2021-01-22 17:42:24 -08:00
Rosen Penev
ce5a4eaea2
Merge pull request #14499 from nemesisdesign/openwrt-19.07 
openwisp-config: update to version 0.5.0
 2021-01-18 23:39:47 -08:00
Stan Grishin
46253b17d4 https-dns-proxy: bugfix: high CPU utilization 
Signed-off-by: Stan Grishin <stangri@melmac.net>
 2021-01-18 15:28:06 +00:00
Federico Capoano
cc38c62ad2 openwisp-config: update to version 0.5.0 
Full changelog available at https://github.com/openwisp/openwisp-config/releases/tag/0.5.0

Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit 9f7b8088c3)

# Conflicts:
#	admin/openwisp-config/Makefile
 2021-01-18 09:55:30 -05:00
Rosen Penev
50725c4c86 Revert "libzip: update to 1.7.3" 
This reverts commit d8f0ebaa3d.

Versions 1.7.2 and above mandate CMake 3.1.7, making this unsuitable
for backporting.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-01-17 02:00:09 -08:00
Michael Heimpold
d8f0ebaa3d
libzip: update to 1.7.3 
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 1335121067)
 2021-01-15 13:44:00 -08:00