Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed
buffer larger than 1<<32 - 1).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 112cf09031)
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8c0477a895)
Fixes: 60ac7dd751 ("pulseaudio: simplify
and rework Makefile")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 7ae66ec7ca)
The previous used domain http(s)://pulseaudio.org redirects to
https://www.freedesktop.org/wiki/Software/PulseAudio/
This change enforces to use HTTPS everywhere for homepage URLs
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 00e3918069)
It should not be possible to install pulseaudio-daemon and
pulseadio-daemon-avahi at the same time as they have the same files.
Let's avoid that situation by adding conflict.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5a5bb15949)
There were two conffiles sections and both of them were same, but for
different variants. We can have just one conffile section and use it also
for the other variant.
The same applies for the install section for different variants.
- We have two install sections, but we call the first one with the same
files and then add something more for the second variant.
- While at it to make it easier, let's change those three rows for
copying packages into the single one to make sure that I did not miss
anything. Also, we create a directory first and then move files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 60ac7dd751)
The full variant of mpd depends on pulseaudio-daemon, so it was not
possible to use the other pulseaudio variant with avahi.
Both pulseaudio daemons provides package pulseaudio, so users can choose
which variant suits them best.
Let's change the dependency to pulseaudio.
Fixes: #19187
Fixes: 2ed62adc59 ("mpd: enable pulseaudio in full package")
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit abe35e89f6)
opkg does not offer ssl varients:
zabbix-agentd
zabbix-sender
zabbix-get
zabbix-proxy
zabbix-server
resolve this by adding ssl varients.
Signed-off-by: Scott Roberts <ttocsr@gmail.com>
(cherry picked from commit cd48d03f01)
(cherry picked from commit e0502e477c)
Motivation of this change is that full variants provides the mini
variant and as well audio-dec package, thus you can not install both as
it fails with the following output:
Collected errors:
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavcodec.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavcodec.so.58.91.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavdevice.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavdevice.so.58.10.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavformat.so.58
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavformat.so.58.45.100
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavutil.so.56
But that file is already provided by package * libffmpeg-full
* check_data_file_clashes: Package libffmpeg-audio-dec wants to install file /usr/lib/libavutil.so.56.51.100
But that file is already provided by package * libffmpeg-full
* opkg_install_cmd: Cannot install package libffmpeg-audio-dec.
Let's change it to:
Installing libffmpeg-audio-dec (4.3.4-1) to root...
Collected errors:
* check_conflicts_for: The following packages conflict with libffmpeg-audio-dec:
* check_conflicts_for: libffmpeg-full *
* opkg_install_cmd: Cannot install package libffmpeg-audio-dec.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9693bd47c5)
Changes to time_t cause SIGSEGV error on 32bit system and cause ripe
atlas malfunction. (registration successful but no traffic)
Also introduce minor patch to fix some compilation warning.
While at it move PKG_RELEASE to AUTORELEASE macro.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 14c5dfe4c1)
While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl
It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.
Fixes: 676c5c72b5 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a4e8cbb89a)
They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 676c5c72b5)
For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.
Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 77e682a11c)
We had been creating "rundir" but it was never used, probably leftover
from some removed function. At the same time, we were setting quite
strict rights to the socket directory (while comments sugested
otherwise).
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit 8f6831b64b)
Fixes mistake in dbe79e409d, the
cloudflare PROVIDES got mixed up with digitalocean.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 001564ed83)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
* ddns-scripts-services: provide ddns-scripts_service
* ddns-scripts-cloudflare: provide ddns-scripts_digitalocean.com-v2
* ddns-scripts-freedns: provide ddns-scripts_freedns_42_pl
* ddns-scripts-godaddy: provide ddns-scripts_godaddy.com-v1
* ddns-scripts-noip: provide ddns-scripts_no-ip_com
* ddns-scripts-nsupdate: provide ddns-scripts_nsupdate
* ddns-scripts-route53: provide ddns-scripts_route53-v1
* ddns-scripts-cnkuai: provide ddns-scripts_cnkuai_cn
https://github.com/openwrt/packages/pull/13509 renamed many ddns-scripts
packages, but didn't include a PROVIDES for the old package names to
make updates work well.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit dbe79e409d)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
tailscale version, tailscaled -version and the web UI reported the wrong
version number which doesn't cause any issues, but it can be confusing.
This is fixed by specifying the version in go ldflags similar to how
it's done in many other go packages and the official tailscale Dockerfile.
version.Long version can not be specified in GO_PKG_LDFLAGS_X because it
contains a space and GO_PKG_LDFLAGS_X is always split at a space.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 738f44be4f)
The genhash binary is only built when IPVS is enabled, so make its
installation depend on IPVS being enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 624d2278e7)
Update to 13.8 maintainance release of the PostgreSQL 13 release.
This release contains a variety of fixes from 13.7, among also a fix
addressing CVE-2022-2625.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
**** 1.35 Oct 4, 2022
Improve SVCB error reporting.
Fix rt.cpan.org #144328
accept_reply test fails with matched consecutive "random"
generated packet->id
Fix rt.cpan.org #144299
Spelling errors.
**** 1.34 May 30, 2022
Improve robustness of EDNS option compose/decompose functions.
Simplify code in Makefile.PL.
Fix rt.cpan.org #142426
Avoid "Useless use of a constant in void context" warning.
**** 1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 93a7806578)
(cherry picked from commit b9338331be)
1.9.8: Ludovic Rousseau
11 June 2022
- Install install_spy.sh & uninstall_spy.sh scripts in docdir
- SCardTransmit(): do not fail if receive buffer is "too large"
- SCardControl(): do not fail if receive buffer is "too large"
- fix some memory leaks on shutdown
- use a better random number generator
- Some other minor improvements
1.9.7: Ludovic Rousseau
13 May 2022
- disable strict compilation by default
- fix 3 warnings
1.9.6: Ludovic Rousseau
11 May 2022
- do not fail reader removal in some specific cases (USB/Thunderbolt port)
- improve documentation regarding /etc/reader.conf.d/
- SCardGetStatusChange: speedup the case DISABLE_AUTO_POWER_ON
- configure:
. add --disable-strict option
By default the compiler arguments are now:
-Wall -Wextra -Wno-unused-parameter -Werror ${CFLAGS}
. fail if flex is not found
- fix different data races
- pcscdaemon: -v displays internal constants values:
MAX_READERNAME & PCSCLITE_MAX_READERS_CONTEXTS
- Some other minor improvements
1.9.5: Ludovic Rousseau 4 December 2021
- pcscd: autoexit even if no client connects
- Fix variable substitution in systemd units
- fix potential race conditions with powerState handling
- Add and use tag TAG_IFD_DEVICE_REMOVED
- UnitaryTests: port code to Python 3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 5c22f49175)
(cherry picked from commit db667b5b0f)
pcsc-lite: update to verion 1.9.9
1.9.9: Ludovic Rousseau
11 September 2022
- SCardEstablishContext() may return SCARD_W_SECURITY_VIOLATION if refused by Polkit
- Fix SCardReleaseContext() failure on orphan handles
- Fix SCardDisconnect() on orphan handle
- pcsc-spy: log the pioSendPci & pioRecvPci SCardTransmit() parameters
- Improve the log from pcscd: log the return code in text instead of hex
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a8698d5ede)
Version 2.03.15 - 07th February 2022
====================================
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.16 - 18th May 2022
===============================
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath
configuration.
lvmdevices support for removing by device id using --deviceidtype and
--deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
Mostly bug fixes and minor improvements.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 63408123df)
(cherry picked from commit 4e70f5caef)
The new version includes all previously locally backported patches.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 669e4a9542)
This release includes a fix for CVE-2022-1215, a format string
vulnerabilty in the evdev device handling. For details, see
https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
Peter Hutterer (2):
evdev: strip the device name of format directives
libinput 1.19.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 23638c7ffb)
(cherry picked from commit b95dbe4187)
Noteworthy changes in version 1.17.0 (2022-02-07)
-------------------------------------------------
* New context flag "key-origin". [#5733]
* New context flag "import-filter". [#5739]
* New export mode to export secret subkeys. [#5757]
* Detect errors during the export of secret keys. [#5766]
* New function gpgme_op_receive_keys to import keys from a keyserver
without first running a key listing. [#5808]
* Detect bad passphrase error in certificate import. [T5713]
* Allow setting --key-origin when importing keys. [T5733]
* Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry", and "socketdir" in gpgme_get_dirinfo. [T5727,T5613]
* Under Unix use poll(2) instead of select(2), when available.
[T2385]
* Do not use --flat_namespace when linking for macOS. [T5610]
* Fix results returned by gpgme_data_* functions. [T5481]
* Support closefrom also for glibc. [rM4b64774b6d]
* cpp,qt: Add support for export of secret keys and secret subkeys.
[#5757]
* cpp,qt: Support for adding existing subkeys to other keys. [#5770]
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time. [#4717]
* qt: Expect UTF-8 on stderr on Windows. [rM8fe1546282]
* qt: Allow retrieving the default value of a config entry. [T5515]
Noteworthy changes in version 1.17.1 (2022-03-06)
-------------------------------------------------
* qt: Fix a bug in the ABI compatibility of 1.17.0. [T5834]
Noteworthy changes in version 1.18.0 (2022-08-10)
-------------------------------------------------
* New keylist mode to force refresh via external methods. [T5951]
* The keylist operations now create an import result to report the
result of the locate keylist modes. [T5951]
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure. [T5939]
* cpp, qt: Do not export internal symbols anymore. [T5906]
* cpp, qt: Support revocation of own OpenPGP keys. [T5904]
* qt: The file name of (signed and) encrypted data can now be set. [T6056]
* cpp, qt: Support setting the primary user ID. [T5938]
* python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d7799595bd)
(cherry picked from commit 00bfb4f151)
This backports a patch from upstream gpgme to fix compilation with glibc 2.34.
It fixes the following build problem:
posix-io.c: In function '_gpgme_io_spawn':
posix-io.c:577:23: error: void value not ignored as it ought to be
577 | while ((i = closefrom (fd)) && errno == EINTR)
| ^
make[5]: *** [Makefile:947: posix-io.lo] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit dafb96c148)
