The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed
Reordered patches by date
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 394ff73e53)
Patches taken from official git repository.
Added PKG_CPE_ID for proper CVE tracking.
Added PKG_BUILD_PARALLEL for faster compilation.
Also adjusted Makefile to be more similar to other projects.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6f0ff25503)
Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt
Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS
Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes#701.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes#645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes#948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes#481.
- Fix segfault on HUP when bridges and security options are configured.
Closes#965.
Signed-off-by: Karl Palsson <karlp@etactica.com>
musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
header, which is used in src/os/linux/{i386,x86_64}/init.c files to
setup the floating point precision. This patch makes it use the
standard C <fenv.h> header instead.
Original patch at Felix Janda at
https://sourceforge.net/p/jamvm/patches/6/
Signed-off-by: Guo Li <uxgood.org@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Makefile and package changes to support builds with both Python 2.x and Python 3.x versions.
Python versioning is automatically configured from lang/python repository xxx-version.mk files.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Commit 6cd8fcabe added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d0ac611bf0)
Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6cd8fcabe6)
ibmariadb 10.2 needs to be linked in together with iconv.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 7a0aebbff2)
Commit ae5ee6ba6c added support for inbound
firewall rule support but some corner cases were not covered.
In case net-snmp is started and the network interface is already up
the procd firewall rule is created but not applied by fw3 as
service_started calling procd_set_config_changed firewall was missing.
When stopping net-snmp clean up the net-snmp inbound firewall rules in
iptables by calling procd_set_config_changed firewall in stop_service
which will trigger fw3 to remove the inbound firewall rules.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 0bd19db049)
libbsd gets picked up since it's no longer limited to glibc.
Patch identical to libtalloc one. Same codebase.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 33dc529e00)
Use $(CP) instead of $(INSTALL) so that libtdb.so.1 is installed as
symlink, and not duplicated.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 75d9ab331d)
Automatic detection of the arm architecture does not work well.
http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt
```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
#error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
^~~~~
```
https://github.com/openwrt/packages/issues/5728
Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".
(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```
Also specifying an option lines compactly.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3482320c2a)
modify patch.
https://github.com/nodejs/node/pull/19196
made not to use libressl headers
fix to include path not to use "host/include"
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 818770d273)
* Update nano editor to 3.1
* Apply a post-release upstream patch to fix compilation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit af86b17064)
Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.
Fixes issue #7039.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
The following error shows that mysqlnd depends on functions
provided by hash:
root@OpenWrt:/etc/php7# php-cli -m
PHP Warning: PHP Startup: Unable to load dynamic library
'mysqlnd.so' (tried: /usr/lib/php/mysqlnd.so (Error
relocating /usr/lib/php/mysqlnd.so: PHP_SHA256Final: symbol
not found), /usr/lib/php/mysqlnd.so.so (Error loading shared
library /usr/lib/php/mysqlnd.so.so: No such file or
directory)) in Unknown on line 0
So let's model this dep in package metadata.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Bugfix release. Full changelog at:
https://mosquitto.org/blog/2018/08/version-151-released/
Of most interest to OpenWrt:
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined.
* Fix IPv6 addresses not being able to be used as bridge addresses.
* Fix problem opening listeners on Pi caused by unsigned char being default.
* Fix segfault on startup if bridge CA certificates could not be read.
* Fix possible endian issue when reading the memory_limit option.
* library and client bugfixes including: https://github.com/openwrt/packages/issues/6765
Signed-off-by: Karl Palsson <karlp@etactica.com>
Backport Rosen's commit in master to 18.06 to address open CVEs. This
fixes:
CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This update includes fixes for the following CVEs:
- CVE-2018-1115
- CVE-2018-10925
- CVE-2018-10915
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.
For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell. This changes all of
that by embedding the ABI number into the filename.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0d9584724f)
