aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #19529 from blocktrron/qcsuperDavid Bauer2022-10-08
|\ | | | | qcsuper: add Package w/ necessary dependencies
| * qcsuper: add packageDavid Bauer2022-10-06
| | | | | | | | Signed-off-by: David Bauer <mail@david-bauer.net>
| * python-pycrate: add packageDavid Bauer2022-10-06
| | | | | | | | Signed-off-by: David Bauer <mail@david-bauer.net>
| * python-crcmod: add packageDavid Bauer2022-10-06
| | | | | | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* | Merge pull request #19543 from stangri/master-https-dns-proxyStan Grishin2022-10-07
|\ \ | | | | | | https-dns-proxy: update to 2022-08-12-1
| * | https-dns-proxy: update to 2022-08-12-1Stan Grishin2022-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | * update to upstream version 2022-08-12 * add ca_certs_file option for CA certs file for curl * add procd_add_interface_trigger for wan6 (hopefully fixes https://github.com/openwrt/packages/issues/19531) Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | samba4: remove duplicate entry from libldb-fix-musl-libc-unkown-type-error.patchAndrew Sim2022-10-07
| | | | | | | | | | | | Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | samba4: update to 4.17.0Andrew Sim2022-10-07
| | | | | | | | | | | | Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | Merge pull request #19486 from TELUS-BBA/zabbix_sslFlorian Eckert2022-10-07
|\ \ \ | | | | | | | | zabbix: add variants for SSL support
| * | | zabbix: add variants for SSL supportScott Roberts2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | opkg does not offer ssl varients: zabbix-agentd zabbix-sender zabbix-get zabbix-proxy zabbix-server resolve this by adding ssl varients. Signed-off-by: Scott Roberts <ttocsr@gmail.com>
* | | | Merge pull request #19453 from commodo/stress-ngAlexandru Ardelean2022-10-07
|\ \ \ \ | |_|/ / |/| | | stress-ng: bump to version 0.14.05
| * | | stress-ng: bump to version 0.14.06Alexandru Ardelean2022-10-07
|/ / / | | | | | | | | | | | | | | | | | | no longer needed: 010-dont_define_fortify.patch upstreamed: 020-stress-sysinval-fix-fstat-fstat64-compat-check.patch Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* | | snowflake: update to version 2.3.1Daniel Golle2022-10-07
| | | | | | | | | | | | | | | | | | | | | 03b2b56f Fix broker race condition 36f03dfd Record proxy type for proxy relay stats Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | perl-net-dns: update to version 1.35Daniel Golle2022-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | **** 1.35 Oct 4, 2022 Improve SVCB error reporting. Fix rt.cpan.org #144328 accept_reply test fails with matched consecutive "random" generated packet->id Fix rt.cpan.org #144299 Spelling errors. **** 1.34 May 30, 2022 Improve robustness of EDNS option compose/decompose functions. Simplify code in Makefile.PL. Fix rt.cpan.org #142426 Avoid "Useless use of a constant in void context" warning. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | pcsc-lite: update to verion 1.9.9Daniel Golle2022-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.9.9: Ludovic Rousseau 11 September 2022 - SCardEstablishContext() may return SCARD_W_SECURITY_VIOLATION if refused by Polkit - Fix SCardReleaseContext() failure on orphan handles - Fix SCardDisconnect() on orphan handle - pcsc-spy: log the pioSendPci & pioRecvPci SCardTransmit() parameters - Improve the log from pcscd: log the return code in text instead of hex - Some other minor improvements Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | gawk: update to version 5.2.0Daniel Golle2022-10-07
| | | | | | | | | | | | | | | | | | | | | For changes see ChangeLog file[1]. [1]: https://git.savannah.gnu.org/cgit/gawk.git/plain/ChangeLog?h=gawk-5.2.0 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | libksba: update to version 1.6.1Daniel Golle2022-10-07
| | | | | | | | | | | | | | | | | | | | | | | | Update to stable release 1.6.1. See commit log since version 1.6.0 for changes[1]. [1]: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=shortlog;h=d3c1e063d708a46ef39152256f8b1ea466b61be0 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | gnunnet: halt build if any command failsEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are many places in the packages' install recipes whith multiple commands being executed in the same shell invocation, separated with a semicolon (;). The return status will depend only on the last command being run. The same thing happens in loops, where only the last file will determine the result of the command. Change the ';' to '&&', and exit the loop if any operation fails. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | gnunnet: don't copy non-existing filesEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are six places pointing to files that do not exist any more: - gns-import.sh in package gnunet-gns (dropped in v0.11.0) - libgnunetdnsstub.so* in gnunet-vpn (integrated into util in v0.11.0) - libgnunettun.so* in gnunet-vpn (integrated into util in v0.11.0) - gnunet-service-ats-new in package gnunet (dropped in v0.12.0) - libgnunetreclaimattribute.so.* (integrated into reclaim in v0.13.0) - libgnunetabe.so.* in gnunet-reclaim (dropped in v0.17.2) They were not noticed because their failing copy commands were part of loops in which only the last operation had its exit status checked. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | gnunet: gnunet-rest: add libjose dependencyEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | According to the package's configure.ac, reclaimID OpenID Connect plugin depends on jose. It is installed by the gnunet-rest plugin package: libgnunnetrest_openid_connect.so. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | acme: remove help info of unused commandGlen Huang2022-10-06
| | | | | | | | | | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* | | acme: fix acmesh dnsapi dependenciesGlen Huang2022-10-06
| | | | | | | | | | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* | | Merge pull request #19476 from TDT-AG/pr/20220928-lcd4linuxFlorian Eckert2022-10-06
|\ \ \ | |_|/ |/| | lcd4linux: minor init improvments
| * | lcd4linux: add debug optionFlorian Eckert2022-10-04
| | | | | | | | | | | | | | | | | | | | | | | | Setting the DEBUG variable in the init script to '1' enables the lcd4linux verbose mode, by setting the arg '-vv'. The option also redirects the error and stdout to the syslog. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
| * | lcd4linux: Possibility added that the config can also be loaded from /tmpFlorian Eckert2022-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until now, the configuration must be stored under '/etc/lcd4linux.conf'. So that the configuration can also be changed dynamically, it makes sense to store this under /tmp and load them from this directory. The init script first checks whether there is a configuration under '/etc/lcd4linux.conf' and only then does it try to find it under '/tmp/lcd4linux.conf'. If there is no configuration, an error message is shown. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | Merge pull request #19372 from cotequeiroz/libgdJosef Schlehofer2022-10-06
|\ \ \ | | | | | | | | libgd: avoid recursive and redundant dependencies
| * | | libgd: avoid recursive and redundant dependenciesEneas U de Queiroz2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the CONFLICTS line from the libgd-full to libgd to fix a recursive dependency. While at it, remove the redundant +LIBGD_TIFF:libtiff +LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | | django: bump to version 4.1.1Alexandru Ardelean2022-10-06
| | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* | | | Merge pull request #19534 from mhei/php8-pecl-http-update-4.2.3Michael Heimpold2022-10-06
|\ \ \ \ | | | | | | | | | | php8-pecl-http: update to 4.2.3
| * | | | php8-pecl-http: update to 4.2.3Michael Heimpold2022-10-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* | | | | Merge pull request #19532 from ↵Philip Prindeville2022-10-05
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | pprindeville/isc-dhcp-drop-gratuitous-named-reload isc-dhcp: avoid gratuitous reload of named
| * | | | | isc-dhcp: avoid gratuitous reload of namedPhilip Prindeville2022-10-05
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | | node: bump to v16.17.1Hirokazu MORIKAWA2022-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following CVEs are fixed in this release: * CVE-2022-32212: DNS rebinding in --inspect on macOS (High) * Insufficient fix for macOS devices on v18.5.0 * CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) * CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium) * Insufficient fix on v18.5.0 * CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium) * Insufficient fix on v18.5.0 * CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) * CVE-2022-35255: Weak randomness in WebCrypto keygen More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post. llhttp updated to 6.0.10 llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities. * HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). * HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). * HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS). Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
* | | | | | lighttpd: remove deprecated modulesGlenn Strauss2022-10-05
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | | | | | Merge pull request #19520 from dyarkovoy/masterFlorian Eckert2022-10-05
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | mwan3: support offload routing modifier
| * | | | | mwan3: support offload routing modifierDenys Yarkovyi2022-10-05
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Denys Yarkovyi <dyarkovoy@gmail.com>
* | | | | | Merge pull request #19527 from stangri/master-https-dns-proxyStan Grishin2022-10-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | https-dns-proxy: add settings for canary domains
| * | | | | | https-dns-proxy: add settings for canary domainsStan Grishin2022-10-04
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add setting to enable/disable blocking access to iCloud Private Relay resolvers * add setting to enable/disable blocking access to Mozilla resolvers * rename variables loaded from config in the init script Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | | | | Merge pull request #19525 from stangri/master-https-dns-proxyStan Grishin2022-10-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | https-dns-proxy: bugfix: prevent canary domains duplicates
| * | | | | | https-dns-proxy: bugfix: prevent canary domains duplicatesStan Grishin2022-10-04
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.ca>
* / / / / / treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-04
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide: fix security issues by bumping all packages using libwolfssl"). Signed-off-by: Petr Štetiar <ynezz@true.cz>
* | | | | Merge pull request #19512 from mhei/php8-update-8.1.11Michael Heimpold2022-10-04
|\ \ \ \ \ | | | | | | | | | | | | php8: update to 8.1.11
| * | | | | php8: update to 8.1.11Michael Heimpold2022-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes: - CVE-2022-31628 - CVE-2022-31629 Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* | | | | | Merge pull request #19501 from stangri/master-simple-adblockStan Grishin2022-10-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | simple-adblock: allow domains bugfix & canary domains support
| * | | | | | simple-adblock: allow domains bugfix & canary domains supportStan Grishin2022-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fix bug in download_lists and adb_allow to prevent unintended exclisions from the block-lists of domains containing allowed domain. Fixes issue: https://github.com/stangri/source.openwrt.melmac.net/issues/160 * add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains, disabled by default Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | | | | | expat: update to 2.4.9Nick Hainke2022-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes CVE-2022-40674. Release Notes: - https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes - https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | | | | samba4: update waf-cross-answersAndrew Sim2022-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update waf-cross-answers for 4.14.x Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | | | | | samba4: update to 4.14.14Andrew Sim2022-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update to 4.14.14 * fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742 Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | | | | | python-stem: update to v1.8.1Javier Marcet2022-10-03
| |/ / / / / |/| | | | | | | | | | | | | | | | | Signed-off-by: Javier Marcet <javier@marcet.info>
* | | | | | Merge pull request #19478 from mhei/libmodbus-update-3.1.8Michael Heimpold2022-10-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | libmodbus: update to 3.1.8
Powered by cgit, Themed by Ted Yin.