diff options
| -rw-r--r-- | ipv6/tayga/Makefile | 2 | ||||
| -rw-r--r-- | ipv6/tayga/patches/003-RFC8215.patch | 14 | ||||
| -rw-r--r-- | lang/erlang/Makefile | 2 | ||||
| -rw-r--r-- | lang/erlang/patches/010-openssl-deprecated.patch | 66 | ||||
| -rw-r--r-- | lang/python/python-pynacl/Makefile | 2 | ||||
| -rw-r--r-- | lang/python/python-pynacl/patches/001-always-compile-scalar-mult-ed25519.patch | 13 | ||||
| -rw-r--r-- | lang/python/python3-maxminddb/Makefile | 4 | ||||
| -rw-r--r-- | libs/libextractor/Makefile | 4 | ||||
| -rw-r--r-- | libs/libssh/Makefile | 2 | ||||
| -rw-r--r-- | libs/libssh/patches/0003-CVE-2020-16135.patch | 165 | ||||
| -rw-r--r-- | net/freeradius3/Makefile | 2 | ||||
| -rw-r--r-- | net/freeradius3/patches/010-openssl-deprecated.patch | 117 | ||||
| -rw-r--r-- | net/inadyn/Makefile | 11 | ||||
| -rw-r--r-- | net/ntpd/Makefile | 2 | ||||
| -rw-r--r-- | net/ntpd/files/ntpd.init | 14 | ||||
| -rw-r--r-- | net/xtables-addons/Makefile | 11 | ||||
| -rw-r--r-- | utils/yara/Makefile | 2 | ||||
| -rw-r--r-- | utils/yara/patches/010-openssl.patch | 50 |
18 files changed, 459 insertions, 24 deletions
diff --git a/ipv6/tayga/Makefile b/ipv6/tayga/Makefile index a3decdfe0..14607834f 100644 --- a/ipv6/tayga/Makefile +++ b/ipv6/tayga/Makefile @@ -4,7 +4,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tayga PKG_VERSION:=0.9.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=tayga-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://www.litech.org/tayga/ diff --git a/ipv6/tayga/patches/003-RFC8215.patch b/ipv6/tayga/patches/003-RFC8215.patch new file mode 100644 index 000000000..3fbe61260 --- /dev/null +++ b/ipv6/tayga/patches/003-RFC8215.patch @@ -0,0 +1,14 @@ +diff -Naur tayga-0.9.2.orig/addrmap.c tayga-0.9.2/addrmap.c +--- tayga-0.9.2.orig/addrmap.c 2011-05-25 15:11:30.000000000 +0100 ++++ tayga-0.9.2/addrmap.c 2020-07-04 16:24:23.397081572 +0100 +@@ -44,7 +44,9 @@ + int validate_ip6_addr(const struct in6_addr *a) + { + /* Well-known prefix for NAT64 */ +- if (a->s6_addr32[0] == WKPF && !a->s6_addr32[1] && !a->s6_addr32[2]) ++ if (a->s6_addr32[0] == WKPF && ++ (!a->s6_addr32[1] || (a->s6_addr16[2] == htonl(0x0001))) ++ && !a->s6_addr32[2]) + return 0; + + /* Reserved per RFC 2373 */ diff --git a/lang/erlang/Makefile b/lang/erlang/Makefile index 079946c55..c3876292a 100644 --- a/lang/erlang/Makefile +++ b/lang/erlang/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=erlang PKG_VERSION:=23.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=otp_src_$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= http://www.erlang.org/download/ diff --git a/lang/erlang/patches/010-openssl-deprecated.patch b/lang/erlang/patches/010-openssl-deprecated.patch new file mode 100644 index 000000000..91e76ab30 --- /dev/null +++ b/lang/erlang/patches/010-openssl-deprecated.patch @@ -0,0 +1,66 @@ +--- a/lib/crypto/c_src/crypto_callback.c ++++ b/lib/crypto/c_src/crypto_callback.c +@@ -112,6 +112,7 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */ + + #include <openssl/crypto.h> + ++#if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) + static INLINE void locking(int mode, ErlNifRWLock* lock) + { + switch (mode) { +@@ -132,7 +133,6 @@ static INLINE void locking(int mode, ErlNifRWLock* lock) + } + } + +-#if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) + static void locking_function(int mode, int n, const char *file, int line) + { + locking(mode, lock_vec[n]); +--- a/lib/crypto/c_src/engine.c ++++ b/lib/crypto/c_src/engine.c +@@ -244,7 +244,7 @@ ERL_NIF_TERM engine_load_dynamic_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER + #ifdef HAS_ENGINE_SUPPORT + ASSERT(argc == 0); + +- ENGINE_load_dynamic(); ++ ENGINE_load_builtin_engines(); + return atom_ok; + #else + return atom_notsup; +--- a/lib/crypto/c_src/info.c ++++ b/lib/crypto/c_src/info.c +@@ -20,6 +20,11 @@ + + #include "info.h" + ++#if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) ++#define OPENSSL_VERSION SSLEAY_VERSION ++#define OpenSSL_version SSLeay_version ++#endif ++ + #ifdef HAVE_DYNAMIC_CRYPTO_LIB + + # if defined(DEBUG) +@@ -77,7 +82,7 @@ ERL_NIF_TERM info_lib(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) + ASSERT(argc == 0); + + name_sz = strlen(libname); +- ver = SSLeay_version(SSLEAY_VERSION); ++ ver = OpenSSL_version(OPENSSL_VERSION); + ver_sz = strlen(ver); + ver_num = OPENSSL_VERSION_NUMBER; + +--- a/lib/crypto/c_src/otp_test_engine.c ++++ b/lib/crypto/c_src/otp_test_engine.c +@@ -100,9 +100,11 @@ static int test_init(ENGINE *e) { + goto err; + #endif /* if defined(FAKE_RSA_IMPL) */ + ++#if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) + /* Load all digest and cipher algorithms. Needed for password protected private keys */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); ++#endif + + return 111; + diff --git a/lang/python/python-pynacl/Makefile b/lang/python/python-pynacl/Makefile index 69ed754dd..3d3d02a2e 100644 --- a/lang/python/python-pynacl/Makefile +++ b/lang/python/python-pynacl/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pynacl PKG_VERSION:=1.4.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PYPI_NAME:=PyNaCl PKG_HASH:=54e9a2c849c742006516ad56a88f5c74bf2ce92c9f67435187c3c5953b346505 diff --git a/lang/python/python-pynacl/patches/001-always-compile-scalar-mult-ed25519.patch b/lang/python/python-pynacl/patches/001-always-compile-scalar-mult-ed25519.patch new file mode 100644 index 000000000..f1920e959 --- /dev/null +++ b/lang/python/python-pynacl/patches/001-always-compile-scalar-mult-ed25519.patch @@ -0,0 +1,13 @@ +diff --git a/src/bindings/minimal/crypto_scalarmult.h b/src/bindings/minimal/crypto_scalarmult.h +index 06ca1ef..9bc3d8e 100644 +--- a/src/bindings/minimal/crypto_scalarmult.h ++++ b/src/bindings/minimal/crypto_scalarmult.h +@@ -13,7 +13,7 @@ + * limitations under the License. + */ + +-#ifdef SODIUM_LIBRARY_MINIMAL ++#if 0 + static const int PYNACL_HAS_CRYPTO_SCALARMULT_ED25519 = 0; + + size_t (*crypto_scalarmult_ed25519_bytes)() = NULL; diff --git a/lang/python/python3-maxminddb/Makefile b/lang/python/python3-maxminddb/Makefile index 037df73dd..7ee1c507a 100644 --- a/lang/python/python3-maxminddb/Makefile +++ b/lang/python/python3-maxminddb/Makefile @@ -9,11 +9,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=maxminddb -PKG_VERSION:=2.0.1 +PKG_VERSION:=2.0.2 PKG_RELEASE:=1 PYPI_NAME:=$(PKG_NAME) -PKG_HASH:=ed42434c3b88229a6a3c0e9e58c5a0f4fc17dcdde42dedcbcf225db8f04e8848 +PKG_HASH:=b95d8ed21799e6604683669c7ed3c6a184fcd92434d5762dccdb139b4f29e597 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz> PKG_LICENSE:=Apache-2.0 diff --git a/libs/libextractor/Makefile b/libs/libextractor/Makefile index 57e93a0f6..eded8e73b 100644 --- a/libs/libextractor/Makefile +++ b/libs/libextractor/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libextractor PKG_VERSION:=1.10 -PKG_RELEASE:=1 +PKG_RELEASE:=2 # ToDo: # - package missing optional dependencies: libexiv2, gsf, librpm, smf, tidy @@ -47,7 +47,7 @@ PLUGINS:= \ riff \ s3m \ sid \ - thumbnailffmpeg:+libffmpeg-full:+libmagic \ + thumbnailffmpeg:+libffmpeg-full:+libmagic:@BUILD_PATENTED \ tiff:+libtiff \ wav \ xm \ diff --git a/libs/libssh/Makefile b/libs/libssh/Makefile index dee690066..89890e4a0 100644 --- a/libs/libssh/Makefile +++ b/libs/libssh/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libssh PKG_VERSION:=0.9.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.libssh.org/files/0.9/ diff --git a/libs/libssh/patches/0003-CVE-2020-16135.patch b/libs/libssh/patches/0003-CVE-2020-16135.patch new file mode 100644 index 000000000..f480e83ed --- /dev/null +++ b/libs/libssh/patches/0003-CVE-2020-16135.patch @@ -0,0 +1,165 @@ +From 1493b4466fa394b321d196ad63dd6a4fa395d337 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new() + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 5a2110e5..b639a2ce 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +GitLab + + +From dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:05:51 +0200 +Subject: [PATCH 2/4] sftpserver: Add missing return check for + ssh_buffer_add_data() + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +--- + src/sftpserver.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index b639a2ce..9117f155 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + return NULL; + } + +- ssh_buffer_add_data(msg->complete_message, +- ssh_buffer_get(payload), +- ssh_buffer_get_len(payload)); ++ rc = ssh_buffer_add_data(msg->complete_message, ++ ssh_buffer_get(payload), ++ ssh_buffer_get_len(payload)); ++ if (rc < 0) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } + + ssh_buffer_get_u32(payload, &msg->id); + +-- +GitLab + + +From 65ae496222018221080dd753a52f6d70bf3ca5f3 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:10:11 +0200 +Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data() + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +--- + src/buffer.c | 35 ++++++++++++++++++----------------- + 1 file changed, 18 insertions(+), 17 deletions(-) + +diff --git a/src/buffer.c b/src/buffer.c +index a2e6246a..476bc135 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) + */ + int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) + { +- buffer_verify(buffer); ++ buffer_verify(buffer); + +- if (data == NULL) { +- return -1; +- } ++ if (data == NULL) { ++ return -1; ++ } + +- if (buffer->used + len < len) { +- return -1; +- } ++ if (buffer->used + len < len) { ++ return -1; ++ } + +- if (buffer->allocated < (buffer->used + len)) { +- if(buffer->pos > 0) +- buffer_shift(buffer); +- if (realloc_buffer(buffer, buffer->used + len) < 0) { +- return -1; ++ if (buffer->allocated < (buffer->used + len)) { ++ if (buffer->pos > 0) { ++ buffer_shift(buffer); ++ } ++ if (realloc_buffer(buffer, buffer->used + len) < 0) { ++ return -1; ++ } + } +- } + +- memcpy(buffer->data+buffer->used, data, len); +- buffer->used+=len; +- buffer_verify(buffer); +- return 0; ++ memcpy(buffer->data + buffer->used, data, len); ++ buffer->used += len; ++ buffer_verify(buffer); ++ return 0; + } + + /** +-- +GitLab + + +From df0acab3a077bd8ae015e3e8b4c71ff31b5900fe Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:11:21 +0200 +Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +--- + src/buffer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/buffer.c b/src/buffer.c +index 476bc135..ce12f491 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) + */ + int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) + { ++ if (buffer == NULL) { ++ return -1; ++ } ++ + buffer_verify(buffer); + + if (data == NULL) { +-- +GitLab + diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index 8e63e4228..e3a2a152e 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius3 PKG_VERSION:=release_3_0_21 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive diff --git a/net/freeradius3/patches/010-openssl-deprecated.patch b/net/freeradius3/patches/010-openssl-deprecated.patch new file mode 100644 index 000000000..203b71378 --- /dev/null +++ b/net/freeradius3/patches/010-openssl-deprecated.patch @@ -0,0 +1,117 @@ +--- a/src/main/threads.c ++++ b/src/main/threads.c +@@ -298,6 +298,7 @@ static void ssl_locking_function(int mode, int n, UNUSED char const *file, UNUSE + */ + int tls_mutexes_init(void) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + int i; + + ssl_mutexes = rad_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); +@@ -316,6 +317,7 @@ int tls_mutexes_init(void) + #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK + CRYPTO_set_locking_callback(ssl_locking_function); + #endif ++#endif + + return 0; + } +--- a/src/main/tls.c ++++ b/src/main/tls.c +@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ + # include <openssl/evp.h> + # endif + # include <openssl/ssl.h> ++# include <openssl/dh.h> + + #define LOG_PREFIX "tls" + +@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + int my_ok = ok; + + ASN1_INTEGER *sn = NULL; +- ASN1_TIME *asn_time = NULL; ++ const ASN1_TIME *asn_time = NULL; + VALUE_PAIR **certs; + char **identity; + #ifdef HAVE_OPENSSL_OCSP_H +@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + * Get the Expiration Date + */ + buf[0] = '\0'; +- asn_time = X509_get_notAfter(client_cert); ++ asn_time = X509_get0_notAfter(client_cert); + if (certs && (lookup <= 1) && asn_time && + (asn_time->length < (int) sizeof(buf))) { + memcpy(buf, (char*) asn_time->data, asn_time->length); +@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + * Get the Valid Since Date + */ + buf[0] = '\0'; +- asn_time = X509_get_notBefore(client_cert); ++ asn_time = X509_get0_notBefore(client_cert); + if (certs && (lookup <= 1) && asn_time && + (asn_time->length < (int) sizeof(buf))) { + memcpy(buf, (char*) asn_time->data, asn_time->length); +@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve, bool disable_sin + */ + int tls_global_init(bool spawn_flag, bool check) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_load_error_strings(); /* readable error messages (examples show call before library_init) */ + SSL_library_init(); /* initialize library */ + OpenSSL_add_all_algorithms(); /* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */ + CONF_modules_load_file(NULL, NULL, 0); ++#endif + + /* + * Initialize the index for the certificates. +@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const *acknowledged) + */ + void tls_global_cleanup(void) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #if OPENSSL_VERSION_NUMBER < 0x10000000L + ERR_remove_state(0); + #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void) + ERR_free_strings(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); ++#endif + } + + +--- a/src/main/version.c ++++ b/src/main/version.c +@@ -54,7 +54,7 @@ int ssl_check_consistency(void) + { + long ssl_linked; + +- ssl_linked = SSLeay(); ++ ssl_linked = OpenSSL_version_num(); + + /* + * Major and minor versions mismatch, that's bad. +@@ -152,7 +152,7 @@ char const *ssl_version_num(void) + { + long ssl_linked; + +- ssl_linked = SSLeay(); ++ ssl_linked = OpenSSL_version_num(); + return ssl_version_by_num((uint32_t)ssl_linked); + } + +@@ -188,10 +188,10 @@ char const *ssl_version(void) + { + static char buffer[256]; + +- uint32_t v = SSLeay(); ++ uint32_t v = OpenSSL_version_num(); + + snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)", +- SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */ ++ OpenSSL_version(OPENSSL_VERSION), /* Not all builds include a useful version number */ + v, + ssl_version_by_num(v)); + diff --git a/net/inadyn/Makefile b/net/inadyn/Makefile index d32a95b8a..2aae77d3a 100644 --- a/net/inadyn/Makefile +++ b/net/inadyn/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=inadyn -PKG_VERSION:=2.5 +PKG_VERSION:=2.7 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/troglobit/inadyn/releases/download/v$(PKG_VERSION) -PKG_HASH:=4a9ad208671f62912428413da0282450b2d2c4da38f3c95c4ac975d048c41fcd +PKG_HASH:=eb03bc9d9c09dfbbc651b43a2eb5a967d0454a8293576df23784710dac50c6a4 PKG_MAINTAINER:= -PKG_LICENSE:=GPL-2.0 +PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING PKG_INSTALL:=1 @@ -41,16 +41,13 @@ define Package/inadyn/conffiles /etc/inadyn.conf endef -TARGET_CFLAGS += $(FPIC) - CONFIGURE_ARGS += \ --enable-shared \ --disable-static \ --enable-openssl \ - --without-pic + --with-pic define Package/inadyn/install - $(INSTALL_DIR) $(1)/etc $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/inadyn $(1)/usr/sbin/ endef diff --git a/net/ntpd/Makefile b/net/ntpd/Makefile index 6ac9e311d..ff82af24c 100644 --- a/net/ntpd/Makefile +++ b/net/ntpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ntp PKG_VERSION:=4.2.8p15 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ diff --git a/net/ntpd/files/ntpd.init b/net/ntpd/files/ntpd.init index 0f0f57700..73ffb78d9 100644 --- a/net/ntpd/files/ntpd.init +++ b/net/ntpd/files/ntpd.init @@ -75,6 +75,20 @@ start_ntpd_instance() { emit "server $i iburst" done + if [ -d "/etc/ntpd.d" ]; then + local entry + for entry in "/etc/ntpd.d"/*.conf; do + emit "includefile ${entry}\n" + done + fi + + if [ -d "/tmp/ntpd.d" ]; then + local entry + for entry in "/tmp/ntpd.d"/*.conf; do + emit "includefile ${entry}\n" + done + fi + mkdir -p /var/lib/ntp chown -R ntp:ntp /var/lib/ntp diff --git a/net/xtables-addons/Makefile b/net/xtables-addons/Makefile index 8b7aea502..49bc2211a 100644 --- a/net/xtables-addons/Makefile +++ b/net/xtables-addons/Makefile @@ -9,16 +9,15 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=xtables-addons -PKG_VERSION:=3.9 -PKG_RELEASE:=3 -PKG_HASH:=064dd68937d98e6cfcbdf51ef459310d9810c17ab31b21285bc7a76cdcef7c49 +PKG_VERSION:=3.10 +PKG_RELEASE:=1 +PKG_HASH:=b783ecbab46ff3534a0aaff2baacc79553f685697b1f034ca61698443b8210dc PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@SF/xtables-addons +PKG_SOURCE_URL:=https://inai.de/files/xtables-addons/ PKG_BUILD_DEPENDS:=iptables PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 -PKG_CHECK_FORMAT_SECURITY:=0 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> PKG_LICENSE:=GPL-2.0 @@ -33,7 +32,7 @@ define Package/xtables-addons CATEGORY:=Network SUBMENU:=Firewall TITLE:=Extensions not distributed in the main Xtables - URL:=http://xtables-addons.sourceforge.net/ + URL:=https://inai.de/projects/xtables-addons/ endef # uses GNU configure diff --git a/utils/yara/Makefile b/utils/yara/Makefile index 529437403..272ae50e9 100644 --- a/utils/yara/Makefile +++ b/utils/yara/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yara PKG_VERSION:=4.0.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/VirusTotal/yara/tar.gz/v$(PKG_VERSION)? diff --git a/utils/yara/patches/010-openssl.patch b/utils/yara/patches/010-openssl.patch new file mode 100644 index 000000000..bbd22fd56 --- /dev/null +++ b/utils/yara/patches/010-openssl.patch @@ -0,0 +1,50 @@ +--- a/libyara/include/yara/pe_utils.h ++++ b/libyara/include/yara/pe_utils.h +@@ -102,7 +102,7 @@ char *ord_lookup( + + #if HAVE_LIBCRYPTO + #include <openssl/asn1.h> +-time_t ASN1_get_time_t(ASN1_TIME* time); ++time_t ASN1_get_time_t(const ASN1_TIME* time); + #endif + + #endif +diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c +index 8eace26..ed43abe 100644 +--- a/libyara/modules/pe/pe.c ++++ b/libyara/modules/pe/pe.c +@@ -44,8 +44,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + #endif + + #if OPENSSL_VERSION_NUMBER < 0x10100000L +-#define X509_getm_notBefore X509_get_notBefore +-#define X509_getm_notAfter X509_get_notAfter ++#define X509_get0_notBefore X509_get_notBefore ++#define X509_get0_notAfter X509_get_notAfter + #endif + #endif + +@@ -1433,10 +1433,10 @@ void _parse_pkcs7( + } + } + +- date_time = ASN1_get_time_t(X509_get_notBefore(cert)); ++ date_time = ASN1_get_time_t(X509_get0_notBefore(cert)); + set_integer(date_time, pe->object, "signatures[%i].not_before", *counter); + +- date_time = ASN1_get_time_t(X509_get_notAfter(cert)); ++ date_time = ASN1_get_time_t(X509_get0_notAfter(cert)); + set_integer(date_time, pe->object, "signatures[%i].not_after", *counter); + + (*counter)++; +--- a/libyara/modules/pe/pe_utils.c ++++ b/libyara/modules/pe/pe_utils.c +@@ -307,7 +307,7 @@ time_t timegm( + // and cleaned up. Also uses timegm(3) instead of mktime(3). + + time_t ASN1_get_time_t( +- ASN1_TIME* time) ++ const ASN1_TIME* time) + { + struct tm t; + const char* str = (const char*) time->data; |