[pull] main-19.07 from openwrt:openwrt-19.07 #23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
* update 'check' function Signed-off-by: Stan Grishin <[email protected]> (cherry picked from commit d11f310)
[19.07] simple-adblock: update to 1.8.8-1
While a pinned/working version of setuptools-scm is installed (by python-zipp) by the time this package is compiled, pinning the version in this package is still the correct thing to do. Signed-off-by: Jeffery To <[email protected]>
Signed-off-by: Jeffery To <[email protected]>
* there are reports that newer versions don't work on 19.07.x * revert to older README to describe this older version Signed-off-by: Stan Grishin <[email protected]> (cherry picked from commit 7bb2ccd)
[19.07] vpn-policy-routing: downgrade to 0.2.1-13
…cies-openwrt-19.07 [openwrt-19.07] python-packages: Fix host package build dependencies
Signed-off-by: Olivier Poitrey <[email protected]>
- Remove patch, which is part of this release, it was backported from upstream Signed-off-by: Josef Schlehofer <[email protected]>
Recently, silicondust (developers of hdhomerun) did some cleanup and removed old versions for hdhomerun library. ``` WGET http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz: 2021-10-26 05:15:14 ERROR 404: Not Found. ``` And because of that, it is not possible to compile tvheadend, it ends with following error: ``` In file included from src/input/mpegts/tvhdhomerun/tvhdhomerun.c:25:0: src/input/mpegts/tvhdhomerun/tvhdhomerun_private.h:27:10: fatal error: libhdhomerun/hdhomerun.h: No such file or directory #include <libhdhomerun/hdhomerun.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. ``` Let's fix it by updating libdhdhomerun to newer version. Signed-off-by: Josef Schlehofer <[email protected]>
The following CVEs are addressed: * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. Signed-off-by: Noah Meyerhans <[email protected]>
Fixes: CVE-2020-13904 CVE-2020-2044 CVE-2020-20453 CVE-2020-22015 CVE-2020-22019 CVE-2020-22033 CVE-2020-22021 CVE-2020-22037 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 Refresh patches Signed-off-by: Josef Schlehofer <[email protected]>
Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit d8e88ef)
Details: - Cleaned up whitespace and removed comments (refer to official PHP documentation for that) - Removed directives that no longer exist as of PHP 7.2.34 - Added '~E_DEPRECATED' to 'error_reporting' Directives removed that no longer exist as of PHP 7.2.34: - zend.ze1_compatibility_mode - y2k_compliance - register_globals - register_long_arrays - magic_quotes_gpc - magic_quotes_runtime - magic_quotes_sybase - always_populate_raw_post_data Signed-off-by: Giovanni Giacobbi <[email protected]>
[19.07] php7: Update and clean up distributed php7.ini
Signed-off-by: Michal Vasilek <[email protected]> (cherry picked from commit f7717bd)
[19.07] cyrus-sasl: patch CVE-2019-19906
Changelog: https://downloads.isc.org/isc/bind9/9.16.23/RELEASE-NOTES-bind-9.16.23.html Signed-off-by: Josef Schlehofer <[email protected]>
Signed-off-by: Martin Pecka <[email protected]>
CVE-2021-30535 : Double free in ICU https://nvd.nist.gov/vuln/detail/CVE-2021-30535 https://security-tracker.debian.org/tracker/CVE-2021-30535 ICU-21587 : Fix memory bug w/ baseName unicode-org/icu#1698 Signed-off-by: Hirokazu MORIKAWA <[email protected]>
ddns-scripts: Fix wrong whitespace in preinst and postinst scripts
Also bump the version in syslog-ng config file. Removes this warning: Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @Version header at the top of the configuration file; config-version='3.33' Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 2d2fd36)
Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 18261fc)
Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking). I've just taken patch from the advisory[1] and rebased it onto 1.15.0 version. 1. https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch Fixes: CVE-2021-3672 Signed-off-by: Petr Štetiar <[email protected]>
Patch 001-configure_fixes does not apply anymore. Other patches were refreshed. Signed-off-by: Josef Schlehofer <[email protected]>
Changelog: https://marlam.de/msmtp/news/msmtp-1-8-19/ Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 173faad)
[19.07] postgresql: security update to version 11.14
[19.07] libs/c-ares: fix domain hijacking CVE-2021-3672
Update nano editor to version 6.0 Version 6.0 enable toggling the display of the line numbers with the shortcut key M-N (Alt-n). Also the cmdline option "-l" works. Remove earlier patch regarding that. Signed-off-by: Hannu Nyman <[email protected]> (backported from commits 0571f54, 9023845 and ae7f62d)
Signed-off-by: Federico Capoano <[email protected]> (cherry picked from commit 0419a79)
[19.07] openwisp-monitoring: added 0.1.1
libarchive looks for ext2fs headers during configure, and if it finds them it will expect to find them during compile, or on the rare occasion when they aren't it will fail: libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory As we just need headers for some type constants, let's re-use headers from tools/e2fsprogs package which are always available. Reported-by: Adam Dov <[email protected]> Suggested-by: Paul Eggleton <[email protected]> References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5 Signed-off-by: Petr Štetiar <[email protected]> (cherry picked from commit 797945d)
cdn.postfix.johnriley.me serves a certificate for a different domain name. Signed-off-by: Michal Vasilek <[email protected]> (cherry picked from commit d4feef9)
Installing the .pc files helps other programs to detect the presence of libsasl2. While at, reduce the glob pattern a little bit to not include unneeded symlinks. Signed-off-by: Michael Heimpold <[email protected]> (cherry picked from commit c9ce769)
Release notes: https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/notes.html Signed-off-by: Josef Schlehofer <[email protected]>
makes LuaJit builds for mpc85xx targets with SPE ISA extension enabled possible Quoting inner commit message: This allows building LuaJit for systems with Power ISA SPE extension[^1] support by using soft float on LuaJit side. While e500 CPU cores support SPE instruction set extension allowing them to perform floating point arithmetic natively, this isn't required. They can function with software floating point to integer arithmetic translation as well, just like FPU-less PowerPC CPUs without SPE support. Therefore I see no need to prevent them from running LuaJit explicitly. [^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Šimon Bořek <[email protected]> (cherry picked from commit a4a484f)
901b0f0 main: fix two one-byte overreads in header_value() Signed-off-by: Jo-Philipp Wich <[email protected]> (cherry picked from commit 443c6c1)
This adds conflicts between the variants, because they provide the same files, and it should not be possible to install them side by side. Otherwise, it might happen that half files would be from one variant and the other half from the other. Also, adds provides as if you request to install ``vim`` and ``vim-full``, then the request could be satisfied even they collide, because ``vim-full`` provides ``vim`` package. Signed-off-by: Karel Kočí <[email protected]> Signed-off-by: Josef Schlehofer <[email protected]> [add commit message] (cherry picked from commit 46c0584)
* refresh patches Signed-off-by: Michal Vasilek <[email protected]> (cherry picked from commit 81e0fcb)
Signed-off-by: Jan Hak <[email protected]> (cherry picked from commit 7aee9d1)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit 2d2f1e5)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit 175087b)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit 60a80b3)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit 2a56e47)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit 4de863e)
Signed-off-by: Jan Hák <[email protected]> (cherry picked from commit f30da8c)
Signed-off-by: Jan Hak <[email protected]> (cherry picked from commit b0870d7)
Signed-off-by: Jan Hak <[email protected]> (cherry picked from commit 0b8f3ea)
- Release notes: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1 - Update the configuration file to use version 4.0 as mentioned in the release notes to try the latest changes Fixes: CVE-2022-38725 Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 34b7af9)
Changelog: https://downloads.isc.org/isc/bind9/9.16.33/RELEASE-NOTES-bind-9.16.33.html Fixes: - multiple CVEs (CVE-2022-2795, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178) Signed-off-by: Josef Schlehofer <[email protected]>
This is similar to commit f303e87 ("nss: update to 3.67") as there is something wrong with NSS build system and otherwise this package fails to compile. Let's compile it single threaded. Signed-off-by: Josef Schlehofer <[email protected]>
For some time, it is not possible to install ttyd and mosquitto-ssl at the same time, so let's solve it that libwebsockets-full provides libwebsockets-openssl. This allows to install ttyd and mosquitto at the same time. Also, we need to add conflict, because we should not have installed libwebsockets-openssl and libwebsockets-full at the same time as they provides the same files. Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 77e682a)
They provide the same files, but they don't conflict to each other, this means that users can install them side by side. Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit 676c5c7)
While running `make menuconfig`, it was discovered then there is a recursive dependency like this: tmp/.config-package.in:59138:error: recursive dependency detected! tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl It is not possible with the recently added conflicts that two packages (OpenSSL and full variant, which uses OpenSSL as well), which are almost the same provides the same named package libwebsockets as their conflict - Mbed TLS. Fixes: 676c5c7 ("libwebsockets: OpenSSL and mbedTLS variants should conflict") Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit a4e8cbb)
Fixes multiple CVEs. Upstream changelog is https://ftp.isc.org/isc/bind9/9.16.37/CHANGES CVEs fixed: CVE-2022-3924: Fix serve-stale crash when recursive clients soft quota is reached. CVE-2022-3736: Handle RRSIG lookups when serve-stale is active. CVE-2022-3094: An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new "update-quota" statement that controls the number of simultaneous UPDATE messages that can be processed or forwarded. The default is 100. A stats counter has been added to record events when the update quota is exceeded, and the XML and JSON statistics version numbers have been updated. Signed-off-by: Noah Meyerhans <[email protected]>
Includes fixes: * 3.7.14: * CVE-2020-10735: Prevent DoS by large int<->str conversions * CVE-2021-28861: http.server: Open Redirection if the URL path starts with // * 3.7.16: * CVE-2022-45061: Slow IDNA decoding with large strings * CVE-2022-37454: Buffer overflow in the _sha3 module * CVE-2015-20107: mailcap.findmatch: document shell command Injection danger in filename parameter Signed-off-by: Jeffery To <[email protected]>
[openwrt-19.07] python3: Update to 3.7.16, refresh patches
This includes an updated patch for pip, as the bundled pip was also updated with this release. Signed-off-by: Jeffery To <[email protected]>
[openwrt-19.07] python3: Update to 3.7.17
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )