Also refresh patch which does not apply cleanly anymore.
Run tested on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 80cdd53134)
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:
-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-
This parameter seems to make no difference on other targets, nor
improve or make worse the package size.
Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 963c841463)
This orders loading of openssl extension before extensions
which require openssl functions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5afeb3f9c8)
Update nano editor to version 4.0.
Release notes at
http://git.savannah.gnu.org/cgit/nano.git/plain/NEWS?h=v4.0
2019.03.24 - GNU nano 4.0 "Thy Rope of Sands"
* An overlong line is no longer automatically hard-wrapped.
* Smooth scrolling (one line at a time) has become the default.
* A newline character is no longer automatically added at end of buffer.
* The line below the title bar is by default part of the editing space.
* Option --breaklonglines (-b) turns automatic hard-wrapping back on.
* Option --jumpyscrolling (-j) gives the chunky, half-screen scrolling.
* Option --finalnewline (-f) brings back the automatic newline at EOF.
* Option --emptyline (-e) leaves the line below the title bar unused.
* <Alt+Up> and <Alt+Down> now do a linewise scroll instead of a findnext.
* Any number of justifications can be undone (like all other operations).
* When marked text is justified, it becomes a single, separate paragraph.
* Option --guidestripe=<number> draws a vertical bar at the given column.
* Option --fill=<number> no longer turns on automatic hard-wrapping.
* When a line continues offscreen, it now ends with a highlighted ">".
* The halfs of a split two-column character are shown as "[" and "]".
* A line now scrolls horizontally one column earlier.
* The bindable functions 'cutwordleft' and 'cutwordright' were renamed
to 'chopwordleft' and 'chopwordright' as they don't use the cutbuffer.
* The paragraph-jumping functions were moved from Search to Go-to-Line.
* Option --rebinddelete is able to compensate for more misbindings.
* Options --morespace and --smooth are obsolete and thus ignored.
* The --disable-wrapping-as-root configure option was removed.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit f1d51dbf76)
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma
2.5.4: Fixes multiple vulnerabilities:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from ca56324 and PKG_MIRROR_HASH removal from 494ce71)
Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
https://github.com/openwrt/openwrt/commit/8dcd941d8b934891676a8d4bbef1ee78e89a4bf7#diff-1ed408c61d79f9c6c5d197333e94ce8d
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit d8e61d49da)
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 2d1694ff7c)
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
cherry-pick commit 4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
revert 7b2bf511c gnunet: Specify libmicrohttpd-ssl dependency
which was accidentally merged from master while the rename of the
libmicrohttpd* packages has happened only on master.
Revert it for openwrt-18.06.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Backport and squash the following commits from master:
af06f6fd5 gnurl: update to version 7.61.1
7cdbb7569 gnurl: build without libpsl
d34eda733 gnurl: update to version 7.63.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Moritz Warning