GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry-picked from b82198ff47)
CFLAGS were not being passed. This was breaking builds with ASLR.
Pass proper PIC command to gcc with $(fPIC).
Don't install static libraries. Keep those for InstallDev only.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from fbcf61d9d3)
Technically the same version, but this uses the normal tarball instead of
a random GitHub repository.
Cleaned up Makefile as a result.
Removed Python dependency. rbgen is not used for the package.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 6e8cb556e4)
Needed for compilation with PKG_ASLR_PIE.
Replaced Build/Compile with PKG_INSTALL.
Adjusted install paths for consistency.
Added license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from ccc3b6d44a)
This was breaking ASLR builds.
Fixed license tag.
Added PKG_BUILD_PARALLEL for faster compilation.
Small Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 43f811ad5b)
CFLAGS were not being passed, breaking ASLR builds.
Switched to using PKG_SOURCE_DATE for the version.
Added PKG_BUILD_PARALLEL for faster compilation.
Added license information.
Small Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 35a258a55c)
CFLAGS were not being passed which was breaking ASLR builds.
Fixed license header.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL for consistency.
Passed proper $(FPIC) value.
Several other Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 76c0bea36b)
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 946dfed856)
Updated live555 to 2019.08.28
Add TARGET_CFLAGS to LIVE555 CFLAGS to fix compilation with ASLR.
Several other Makefile cleanups and optimizations.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 523eeaed54)
This is Python library to parse, generate and in general handle files
in Intel HEX format.
Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry-picked from commit 306e276a3b)
This release updates: bcf create --from
There are no dependencies changes introduced by upstream and changes are
of limited character.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry-picked from commit 7741e5db4b)
This version introduces new option -d that makes service not to exit on
error. This is brutal solution but is required to protect against
service failure when remote resource is down.
bigclown-mqtt2influxdb is service moving data from MQTT to InfluxDB and
both of those services can and potentially are remote. The original
implementation where it failed when service goes down is not ideal
because network outage or target server outage can later require this
service restart.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry-picked from commti 508e2b865a)
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
(cherry-pick c387d0923c from master)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
We add the necessary Makefile, hotplug, config, and init bits
so that p910nd daemon runs as user:group p910nd:lp by default.
This eliminates an unnecessary root daemon.
The hotplug script sets the permissions of the USB lp
device(s) to read-write owner and group and no access to
anyone else, and sets owner root, group lp.
This is allows sufficient privileges to p910nd
to do it's job.
(cherry-pick 932c76fa74)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This commit syncs msmtp-scripts with master as current
openwrt-19.07 is broken.
Cherry-picks and squashes the following commits from
master.
6d8cff9a msmtp-scripts: Fix LICENSE information
d163eaea msmtp-scripts: Overhaul and update like upstream
3c15d410 msmtp-scripts: Make conn_test default nc
b9cc3cf2 msmtp-scripts: Fix spool/lock dir permissions
f76408af msmtp-scripts: Add msmtprc permission docs
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Backports needed change from master for the next commit (a
combined cherry-pick and squash of required fixes to msmtp-scripts,
due to msmtp-scripts being broken on openwrt-19.07).
Use the PROVIDES mechanism so that msmtp and msmtp-nossl can be be
+depended-on and avoid generating a file level conflict. Also use
alternatives for msmtp-mta and msmtpq-ng-mta with msmtp-mta since
we can only have one sendmail at a time.
(cherry-pick f76408af48)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Fixed up license information. Only the library is packaged.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
While at, update the SPDX license id to most recent format.
Compile and run tested on mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5805da860e)
- Move PKG_MAINTAINER above PKG_LICENSE
- PKG_HASH and PKG_BUILD_DIR should be together in one section
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
* Change .*GPL.*+ licenses to SPDX compatible identifier
Signed-off-by: Dirk Brenken <dev@brenken.org>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 45cb0e1023)
Since commit 2e490e7e46a4f6fbf66fa930a25c2991e24c0f83 tools/libelf
installs a pkgconfig file, which in turn is picked up during the glib2
host build. On the build bots the same occurs, although it so happens
that (sometimes?) libelf.h is not found and the host build fails. This
may be a timing issue specific to the build bots, as the header is in
fact installed by tools/libelf and I can't reproduce this here on my own
computer.
In any case, libelf (if detected) is only used by gresource. gresource
can be used without it. gresource is not used by OpenWrt's build system
(also not in openwrt/packages). So adding "--disable-libelf" to the host
configure args is not detrimental in any way and works around the issue
described above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit e06086c4c)
Russell Senior