Commit 3da874371 ("libsodium: include ed25519_core in minimal build")
broke the build of PyNaCl. Add patch to always include all ed25519
functions which are now always covered even if libsodium is built with
the MINIMAL option.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ccd3b6c0a5)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 2c9c485822)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Only notable change since 0.14.0 is that pthread_mutexattr_setkind_np()
is now no longer used.
pthread_mutexattr_setkind_np() is deprecated and non-standard.
The standard version is called pthread_mutexattr_settype()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commits
05eac1796d gnunet-fuse: update to version 0.14.0
d59731ba61 gnunet-fuse: update to 0.16.0
)
Sync GNUnet package with master branch.
This is a new major release. It breaks protocol compatibility with the
0.15.x versions. Please be aware that Git master is thus henceforth
(and has been for a while) INCOMPATIBLE with the 0.15.x GNUnet network,
and interactions between old and new peers will result in issues.
0.15.x peers will be able to communicate with Git master or 0.16.x
peers, but some services - in particular GNS - will not be compatible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commits
deafd6cf3f gnunet: update to v0.14.1
746bb95552 gnunet: update to version 0.15.3
23b5b516ae gnunet: fix compilation with big endian
c3c6a2ff1d gnunet: several improvements
23f722f905 gnunet: packaging fixes
2f8e696189 gnunet: update to 0.16.1
f951f61005 gnunet: improve init script
033744ac59 gnunet: update to 0.16.2
65f5f850f3 gnunet: work-around sysupgrade restore missing file ownerships
)
Functions from ed25519_core are needed for GNUnet to build.
Include them in the minimal build of libsodium so we don't need to
switch to the full build just for that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3da874371b)
Provide a new variant, nano-full, that enables almost
all functionality of nano. Only libmagic file type detection
has been left out.
Ship with a minimal /etc/nanorc that the user can modify.
nanorc documentation at
https://www.nano-editor.org/dist/latest/nanorc.5.html
Provide color highlighting for the uci config files.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6a51794638)
Please update to this latest release as soon as possible as this
releases fixes the following major security issues: CVE-2021-31439,
CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,
CVE-2022-23125 and CVE-2022-0194.
Local patch '010-gcc10.patch' has been applied upstream and was hence
removed.
For a summary of news and a detailed list of changes see the
ReleaseNotes[1].
[1]: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This commits adds the new usteer package to the packages feed.
usteer is a daemon for steering wireless clients across frequency
bands as well as between multiple access points on a network.
Signed-off-by: David Bauer <mail@david-bauer.net>
* remove upstreamed gcc10 and cerrno patches
* disable SSO and OIDC as it needs Rust/Cargo support
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Release notes:
1.8.0
- Upgrade json.hpp dependency to version 3.10.2
- Check if DNS servers need to be applied on macOS
- Set MAC address before bringing up Linux TAP link
- Stop binding to temporary IPv6 addresses
- Fix for mistakenly using v6 source addresses for v4 routes on some platforms
- Fix for MacOS MTU capping issue on feth devices
- Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
- A completely rewritten desktop UI for Mac and Windows!
1.8.1
- Fix an issue that could cause clobbering of MacOS IP route settings on restart.
- Added additional hardening against address impersonation on networks (also in 1.6.6).
- MacOS IPv6 no longer binds to temporary addresses as these can cause interruptions if they expire.
- Remove support for REALLY ancient 1.1.6 or earlier network controllers.
- Fix numerous UI issues from 1.8.0 (never fully released).
Changed to git as source and added $(AUTORELEASE)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes multiple security issues:
* CVE-2022-0667 -- An assertion could occur in resume_dslookup() if the
fetch had been shut down earlier
* CVE-2022-0635 -- Lookups involving a DNAME could trigger an INSIST when
"synth-from-dnssec" was enabled
* CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the CLOSE_WAIT
state blocking indefinitely when out-of-order processing was
disabled.
* CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside the
configured bailiwick
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 4c6ea5379c)
This fixes CVE-2022-23308.
Also switch to GNOME as download source and xz tarball.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97)
Show error message instead of segfaulting in case of an invalid URL
being read from UCI config.
Fixes: #17971
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c0d2c82528)
Fallback to use 'sdcard' image in case there is neither 'sysupgrade'
nor 'combined' image available.
This allows using 'auc' on targets where 'sdcard' image is also used
for sysupgrade (such as some mvebu-based devices with eMMC).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6b041752a0)
Accept both 'y' and 'Y' as positive confirmation when asking the user
if auc should proceed with requesting and installing an upgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d27ecdcc49)
Add option to allow only requesting an image but not actually download
or sysupgrade anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 19c135685f)
* Use SPDX
* Use CA (ucert) public key
* Update repo link
* Update maintainer email
* Format description
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit a54b9570ad)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
