Includes fix for security issues:
* CVE-2020-8625: BIND servers are vulnerable if they are running an
affected version and are configured to use GSS-TSIG features.
Disable backtrace functionality, as it is unreliable across
architectures and generally only supported by upstream on amd64
Remove a patch that has been incorporated upstream
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This kernel module is already set for target/linux/generic/config-4.14
in OpenWrt 19.07 branch. This solves a problem that this package can not
be installed on the router:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
* kmod-crypto-arc4
* opkg_install_cmd: Cannot install package kmod-fs-ksmbd.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8e36f9fd6)
[use pypi.mk for Python package]
Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.
In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.
1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Backported from f45bb2981d
* fix for possible exploit #13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
This reverts commit d8f0ebaa3d.
Versions 1.7.2 and above mandate CMake 3.1.7, making this unsuitable
for backporting.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
musl doesn't support fts. But with the extra package musl-fts installed,
libzip picks up the fts header and fails at the linking stage:
zipcmp.c:(.text.startup+0x130): undefined reference to `fts_open'
/home/sk/tmp/openwrt/staging_dir/toolchain-mips_24kc_gcc-8.3.0_musl/lib/gcc/mips-openwrt-linux-musl/8.3.0/../../../../mips-openwrt-linux-musl/bin/ld: zipcmp.c:(.text.startup+0x172): undefined reference to `fts_read'
So with musl-fts we need to link in libfts. To address that this commits
patches the cmake setup to check if fts is available in libc itself or
in any external libfts.
So when musl-fts is installed on the system the setup will be the
following:
musl: use libfts
uclibc: use fts from libc
glibc: like uclibc
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 0c381f7c7a)
This introduces libzip which is e.g. a dependency for upcoming upgrade
of PHP to version 7.4.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit a4a98d5efe)
Switched to upstream tarballs as they are now available
Removed autoreconf as a result.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 18f3410ac4)
Removed autoreconf as a result.
Unfortunately, the two versions are not identical. Bumped PKG_RELEASE
to deal with it.
Disable static libraries as they're fairly useless.
Adjusted filepaths.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4e203a1949)
