Commit graph

11074 commits

Author SHA1 Message Date
Rosen Penev
7a8808940c
clamav: Remove build hacks
Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.

Took the time to clean up the Makefile with other useful options.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit 012e4c1)
2019-10-03 23:03:21 +02:00
Josef Schlehofer
eef89800eb
clamav: update to version 0.100.3
Fixes CVEs:
0.100.1
- CVE-2017-16932
- CVE-2018-0360
- CVE-2018-0361
0.100.2
- CVE-2018-15378
- CVE-2018-14680
- CVE-2018-14681
- CVE-2018-14682
0.100.3
- CVE-2019-1787
- CVE-2019-1788
- CVE-2019-1789

Use HTTPS in URL

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-03 22:27:21 +02:00
Rosen Penev
b60caa4940
Merge pull request #10120 from BKPepe/youtubedl-1806
[OpenWrt 18.06] youtube-dl: Update to version 2019.9.28
2019-10-02 12:05:53 -07:00
Hannu Nyman
2d822fb624 haveged: convert to procd
Convert haveged init script to use procd

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4f717a6f65)
2019-10-01 23:18:46 +03:00
Hannu Nyman
4fe703393b haveged: update to 1.9.8
Update haveged to 1.9.8

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e5b308308b)
2019-10-01 22:11:11 +03:00
Josef Schlehofer
36919e51f4
youtube-dl: Update to version 2019.9.28
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-30 23:23:16 +02:00
Rosen Penev
00133e1e07
Merge pull request #10118 from BKPepe/libgcrypt-1806
[OpenWrt 18.06] libgcrypt: backport fix for CVE-2019-13627
2019-09-30 13:30:46 -07:00
Josef Schlehofer
126cdd7c6b
python3: fix CVE-2019-16056 and delete two patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-30 17:23:40 +02:00
Josef Schlehofer
0d9eeca453
python3: backport three security patches
Fixes: CVE-2019-16935

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 80def9e)
2019-09-30 10:03:35 +02:00
Josef Schlehofer
f19f9ffc9f
expat: Update to version 2.2.9
Fixes CVE-2019-15903

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-29 11:30:20 +02:00
Jan Pavlinec
c0dea72f92
expat: update to version 2.2.7 (security fix)
Fixes:
CVE-2018-20843

Changes:
add PKG_CPE_ID
switch to xz
remove maintainer

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-09-29 11:29:57 +02:00
Michael Heimpold
deae9b348a
expat: fix host build issue with docbook
Additionally to the fix issued for #6923, we need to disable the docbook
usage also for the host build. This prevents the following error:

checking for docbook2man... docbook2man
configure: error: Your local docbook2man was found to work with SGML rather
  than XML. Please install docbook2X and use variable DOCBOOK_TO_MAN to point
  configure to command docbook2x-man of docbook2X.
  Or use DOCBOOK_TO_MAN="xmlto man --skip-validation" if you have xmlto around.
  You can also configure using --without-docbook if you can do without a man
  page for xmlwf.

Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
2019-09-29 11:29:52 +02:00
Andy Walsh
fec2709d78
expat: disable docbook
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2019-09-29 11:29:47 +02:00
Daniel Engberg
fefe8e1f79
lib/expat: Update to 2.2.6
Update (lib)expat to 2.2.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-09-29 11:29:31 +02:00
Josef Schlehofer
c64a4e86c3
Merge pull request #9893 from BKPepe/bind-18.06
[OpenWrt 18.06] bind: update to version 9.11.10
2019-09-28 11:52:27 +02:00
Rosen Penev
d98310a3fb
Merge pull request #9798 from ja-pa/zmq-security-fix-18.06
[OpenWrt 18.06] zeromq: update to version 4.1.7 (security fix)
2019-09-27 12:24:47 -07:00
Karl Palsson
03fb174ec7 net/mosquitto: bump to 1.5.9 for CVE
Fixes CVE-2019-11779
Release notes at https://mosquitto.org/blog/2019/09/version-1-6-6-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
2019-09-27 13:31:27 +00:00
Rosen Penev
8eca9c9164
python-crypto: Fix two CVEs
CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.

Also took the liberty to update the PKG_SOURCE_URL to a standard one.

Updated the home URL as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad)
2019-09-26 19:42:54 -07:00
Josef Schlehofer
7ec22baf1e
libgcrypt: backport fix for CVE-2019-13627
Refresh patches due to offsets

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-26 20:27:57 +02:00
Hannu Nyman
6305d09b1a
Merge pull request #10063 from stangri/18.06-simple-adblock
[18.06] simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
2019-09-25 19:13:10 +03:00
Stan Grishin
fb43709a64 simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-09-24 09:11:57 -07:00
Josef Schlehofer
9265be5448
zmq: fix CVE-2019-13132
- Use HTTPS in their website
- Remove unnecessary space between PKG_SOURCE_URL

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-09-24 14:18:05 +02:00
Rosen Penev
29cd578d62
Merge pull request #10041 from neheb/djj
[18.06]django: Update to 1.8.19
2019-09-20 13:07:47 -07:00
Rosen Penev
f292062517
django: Update to 1.8.19
Fixes:

CVE-2018-7536
CVE-2018-7537

Switches to pypi, as in upstream. Updated maintainer as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 11:45:45 -07:00
W. Michael Petullo
3772cdb3d1 openldap: update to 2.4.48
Fixes CVE-2019-13565.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2019-09-15 13:28:11 -04:00
Rosen Penev
bbc22a721a openldap: Add static function declaration
Fixes compilation with -Werror=implicit-function-declaration .

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2019-09-15 13:27:32 -04:00
Val Kulkov
c272beb439 openldap: version update and new build parameters
This patch updates OpenLDAP to 2.4.47, introduces new build
parameters and places openldap-server, openldap-utils and
libopenldap under a separate menu item in Network.

OpenLDAP is difficult to find in menuconfig at present. Making
a separate menu item for OpenLDAP for selection of packages and
enabling or disabling build parameters makes better sense.

To have access to the loglevel directive, OpenLDAP must be built
with debugging information. Having access to the loglevel directive
is essential during the initial configuration of OpenLDAP server.

International users may want to enable ICU support to have access
to international characters.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2019-09-15 13:26:13 -04:00
Daniel Engberg
ec029b9ae0 openldap: Switch tarball sources to https and http
Switch from ftp which can be broken on corp firewalls to https and http.
Mirrors taken from https://www.openldap.org/software/download/ and
https://www.openldap.org/software/download/OpenLDAP/MIRRORS
Place master site as last resort.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2019-09-15 13:25:22 -04:00
W. Michael Petullo
f587f31ad5
lighttpd: mark module configuration files
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from 9cf412c0cb)
2019-09-11 10:50:45 +02:00
Josef Schlehofer
19879284af
dovecot: Update to version 2.2.36.4
- Fix CVE-2019-11500
- Download tarball from HTTPS instead of HTTP

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-09 08:10:47 +02:00
Josef Schlehofer
8f42d4b714 wget: fix CVE-2018-20483
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-06 19:58:33 +02:00
Matthias Schiffer
f6e7b56a58
fastd: fix init script for multiple VPN instances
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b7ff8b8087)
2019-09-04 22:51:10 +02:00
Hannu Nyman
06cc48c49b haveged: update to 1.9.6
Update haveged to 1.9.6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c933ac5dcb)
2019-09-02 21:02:17 +03:00
Florian Eckert
6014389c55
Merge pull request #9894 from BKPepe/keepalived-18.06
[OpenWrt 18.06] keepalived: Update to version 1.4.5
2019-09-02 09:27:24 +02:00
Rosen Penev
7a7820fb15
Merge pull request #9904 from RussellSenior/my-18.06
patch: cherry pick CVE fixes to 18.06 branch
2019-09-02 00:13:59 -07:00
Russell Senior
18f9e437ce patch: rename CVE-2019-13638 patch to mollify uscan
Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
Russell Senior
abe523c579 patch: apply upstream patch for CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
Russell Senior
a3d8698e35 tools/patch: apply upstream patch for CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

https://nvd.nist.gov/vuln/detail/CVE-2019-13636

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
DENG Qingfang
ebb9b3f172 exfat-nofuse: drop BUILD_PATENTED
Microsoft has published technical specification for exFAT [1]
and the driver has been added to Linux staging tree [2].

It's now safe to drop BUILD_PATENTED label.

[1] https://docs.microsoft.com/windows/win32/fileio/exfat-specification
[2] http://lkml.iu.edu/hypermail/linux/kernel/1908.3/04254.html

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 4c9d0c7b56)
2019-09-02 01:49:54 +00:00
Josef Schlehofer
2d9a3eff47
keepalived: add patch for CVE-2018-19115
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:42:25 +02:00
Josef Schlehofer
e4508a3518
keepalived: Update to version 1.4.5
- Use HTTPS for PKG_SOURCE_URL and as well for URL in description

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:42:25 +02:00
Josef Schlehofer
e0af45ff79
bind: Update to version 9.11.10
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:01:50 +02:00
Josef Schlehofer
6d8293801e
lighttpd: fix CVE-2018-19052
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 13:15:34 +02:00
Rosen Penev
55dcffd7fd
Merge pull request #9841 from cshoredaniel/pr-18.06-nut-targetted
[18.06] Targeted fixes based on 19.07/master
2019-08-30 10:13:47 -07:00
Josef Schlehofer
bdddb2127f
Merge pull request #9703 from BKPepe/squid-18.06
[OpenWrt 18.06] squid: update to version 3.5.28
2019-08-29 23:40:33 +02:00
Hannu Nyman
e45c2f206c
Merge pull request #9814 from guidosarducci/speedtest-18.06
[18.06] speedtest-netperf: backport stable package from 19.07 and master
2019-08-29 20:41:04 +03:00
Rosen Penev
f01e4171db
Merge pull request #9777 from BKPepe/tar_1806
[OpenWrt 18.06] tar: update to version 1.3.2
2019-08-27 18:55:27 -07:00
Rosen Penev
85b1ca7fb1
Merge pull request #9821 from cotequeiroz/vim_host
[18.06] vim: Add host build to install xxd
2019-08-27 11:31:22 -07:00
Daniel F. Dickinson
c1aa1f784c nut: Bump PKG_RELEASE
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2019-08-27 01:22:41 -04:00
Daniel F. Dickinson
361e6aaaab nut: Handle FSD properly
Make sure we force shutdown of UPS only when we should, and when
we should that shutdown happens.

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2019-08-27 00:56:42 -04:00