As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca09)
(cherry picked from commit f624e41f38)
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468a)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit e4555e03ee)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit a5e96189c3)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 281d156a35)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 591f8cad33)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 9b1cdb7b52)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
The function udev_enumarte_scan_devices returns a value less than 0 on
failure. If this is the case then we terminate the read for this smart
information.
This change was already send upstream. And could be delete in feature
collectd versions.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 896a0f0db6)
This was not a real fix but a workaround. It is no longer clear to me
why this was necessary. Deleting the patch restores the upstream
behaviour of the collected for the smart plugin. I have tested it and on
my system the hard disk to be monitored is recognised.
root@system ~ # cat /sys/class/block/sda/uevent
MAJOR=8
MINOR=0
DEVNAME=sda
DEVTYPE=disk
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a9ea1cf6ed)
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
This reverts commit 2cde10b950.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 039912dec5)
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
originally committed in 2cde10b950
reverted in 039912dec5
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7da7356539)
(cherry picked from commit 345ae974bc)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit e8f6600851)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Apply post-1.9.0 patch from upstream to fix a segfault.
savedptr can be NULL, so guard for that.
Fixes#18741
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit ab7a23102e)
Apply post-1.9.0 patch from upstream to fix the irq-->module
relation detection.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 358c2293fa)
Upstream has finally patched the UI communication socket
creation to happen only if the irqbalance UI is enabled.
As we do not use the irqbalance UI, we can remove
our local fix implemented by 4f0c847828.
(If you want to enable irqbalance UI, the fix is still needed.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 8e71e0ad97)
Linux 5.15 does not have the linux/ipx.h header.
The patch is a partial cherry-pick (skipped ChangeLog) of upstream
commit 6b09724c6 ("Make IPX packet interpretation dependent on the ipx
header file existing").
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7be14da0d5)
Switch to AUTORELEASE for simplicity.
Refresh patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5c467bb76f)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit f43a5f03bb)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2cde10b950)
a7a7c732c0
changed package pinning from commit hash to version for some dependencies
(but not all, libnetwork is still referenced by commit)
Support the version-based pinning mechanism in addition to commit-based
Signed-off-by: Andy Dodd <atd7@cornell.edu>
(cherry picked from commit c3166c5a22)
This fixes CVE-2022-24884.
Also update the package URL to match the source repository.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit de5671e582)
