eb8130508e
dovecot: disable zstd
...
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit a5c9ef50dc
2020-09-12 11:57:05 +02:00
538647a261
syslog-ng: update to version 3.29.1
...
Changelog: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.29.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com >
(cherry picked from commit 06f3ac21b4
2020-09-12 11:44:39 +02:00
473ca554f5
php7: update to 7.2.33
...
This fixes:
- CVE-2020-7068
Signed-off-by: Michael Heimpold <mhei@heimpold.de >
2020-09-10 20:52:44 +02:00
0fca98812b
Merge pull request #13356 from rs/nextdns-1.8.3-openwrt-19.07
...
[19.07] nextdns: Update to version 1.8.3
2020-09-10 20:35:21 +03:00
62171036b2
nextdns: Update to version 1.8.3
...
Signed-off-by: Olivier Poitrey <rs@nextdns.io >
2020-09-10 17:25:37 +00:00
953de3ca85
gnutls: update to version 3.6.15 (security fix)
...
Fixes:
CVE-2020-24659
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
2020-09-09 23:24:06 +02:00
154d6b954c
Merge pull request #13336 from rs/nextdns-1.8.2-openwrt-19.07
...
[19.07] nextdns: Update to version 1.8.2
2020-09-08 22:47:10 -07:00
bddc3186c2
Merge pull request #13334 from ja-pa/python-rsa-fix-19.07
...
[OpenWrt 19.07] python-rsa: downgrade to version 4.5 for python2
2020-09-08 16:03:20 +02:00
d515d9c353
dovecot: update to version 2.3.11.3 (security fix)
...
Fixes:
CVE-2020-12100
CVE-2020-12673
CVE-2020-12674
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit 8ae394430a
2020-09-08 15:54:04 +02:00
a2634c2646
nextdns: Update to version 1.8.2
...
Signed-off-by: Olivier Poitrey <rs@nextdns.io >
2020-09-08 10:33:53 +00:00
1cf41a88c5
python-rsa: downgrade to version 4.5 for python2
...
Note:
This fixes error introduced in https://github.com/openwrt/packages/commit/7af8eaad11ad2e449ed47529f1b325d7643b7817
Version 4.6 doesn't support python2
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
2020-09-08 12:16:38 +02:00
eae1bb397f
Merge pull request #13310 from EricLuehrsen/unbound_20200904_1907
...
[19.07] unbound: improve odhcpd rapid update robustness
2020-09-05 13:26:47 -07:00
54847cc7c1
unbound: improve odhcpd rapid update robustness
...
cherry-pick: bce5f44f5af6510db484389b8cc0636f6de08877
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com >
2020-09-05 10:19:38 -04:00
d17720f042
htop: update to 3.0.1-1
...
Build-tested: x86/64
Run-tested: ipq806x (R7800)
Signed-off-by: John Audia <graysky@archlinux.us >
(cherry picked from commit 1d989fc64d
2020-09-04 18:52:55 +03:00
d953d80bf2
htop: update to 3.0.0-1
...
new upstream, new release taken from ChangeLog[1]:
New maintainers - after a prolonged period of inactivity from Hisham,
the creator and original maintainer, a team of community maintainers
have volunteered to take over a fork at https://htop.dev and
https://github.com/htop-dev to keep the project going.
1. https://github.com/htop-dev/htop/blob/master/ChangeLog
Signed-off-by: John Audia <graysky@archlinux.us >
(cherry picked from commit acbdaf863f
2020-09-04 18:52:45 +03:00
af4cd94a2e
htop: fix compilation with GCC10
...
Patch taken from upstream.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit de6471014a
2020-09-04 18:52:34 +03:00
7af8eaad11
python-rsa: update to version 4.6 (security fix)
...
Fixes CVE-2020-13757
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit 4e211927f3
2020-09-03 13:35:34 -07:00
8b0457c55e
knot: update to version 2.9.6
...
Signed-off-by: Jan Hak <jan.hak@nic.cz >
(cherry picked from commit 60a35cd1c6
2020-09-02 13:27:44 +02:00
8e384b5eea
Merge pull request #13269 from ja-pa/git-security-update-19.07
...
[OpenWrt 19.07] git: update to version 2.26.2 (security fix)
2020-09-01 07:09:08 -07:00
f2edf8c537
git: update to version 2.26.2 (security fix)
...
Fixes CVE-2020-11008
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
2020-09-01 14:09:32 +02:00
59078a0982
Merge pull request #13266 from jefferyto/pip-locked-openwrt-19.07
...
[openwrt-19.07] python,python3: Use locked for host pip
2020-08-31 14:09:00 -07:00
99d0878d0a
python,python3: Use locked for host pip
...
Signed-off-by: Jeffery To <jeffery.to@gmail.com >
2020-08-31 23:23:41 +08:00
791e0bc764
nano: update to 5.2
...
Update nano editor to version 5.2.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi >
(cherry picked from commit 3ce7595136
2020-08-25 23:06:05 +03:00
3c6b45ab38
clamav: update to version 0.102.4 (security fix)
...
Fixes
CVE-2020-3481
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit 5d7164aaba
2020-08-24 13:28:58 +02:00
0202fdc277
clamav: update to version 0.102.3 (security fix)
...
Fixes:
CVE-2020-3341
CVE-2020-3327
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit 168efe753d
2020-08-24 13:28:40 +02:00
c5c0e2e337
clamav: update to 0.102.2
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 24eeea366d
2020-08-24 13:27:55 +02:00
9700cea704
bind: New upstream version 9.16.6
...
Several security issures are addressed:
- CVE-2020-8620 It was possible to trigger an assertion failure by sending
a specially crafted large TCP DNS message.
- CVE-2020-8621 named could crash after failing an assertion check in
certain query resolution scenarios where QNAME minimization and
forwarding were both enabled. To prevent such crashes, QNAME minimization is
now always disabled for a given query resolution process, if forwarders are
used at any point.
- CVE-2020-8622 It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
- CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code determining the
number of bits in the PKCS#11 RSA public key with a specially crafted
packet.
- CVE-2020-8624 update-policy rules of type subdomain were incorrectly
treated as zonesub rules, which allowed keys used in subdomain rules to
update names outside of the specified subdomains. The problem was fixed by
making sure subdomain rules are again processed as described in the ARM.
Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
Signed-off-by: Noah Meyerhans <frodo@morgul.net >
(cherry picked from commit cf61f7f8ef
2020-08-24 10:33:04 +02:00
256a631d9c
bind: update to 9.16.4
...
This update fixes the following CVE's:
- CVE-2020-8618
- CVE-2020-8619
More info on bug fixes and feature changes in:
https://downloads.isc.org/isc/bind9/9.16.4/doc/arm/html/notes.html
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com >
(cherry picked from commit b8f8af8a30
2020-08-24 10:32:59 +02:00
b495c557fd
Merge pull request #13187 from stangri/19.07-simple-adblock
...
[19.07] simple-adblock: bugfix: update config; use command -v
2020-08-21 17:48:25 -07:00
ac79fde24b
simple-adblock: bugfix: update config; use command -v
...
Signed-off-by: Stan Grishin <stangri@melmac.net >
2020-08-21 23:29:18 +00:00
4e1bfa7488
nspr: update to version 4.27
...
Note:
new version required by nss 3.55
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit eed2fad8a2
2020-08-21 16:05:57 +02:00
120ff2c631
nspr: nspr add -flto to compile
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit df7392149c
2020-08-21 16:05:52 +02:00
847ed6e0f7
nspr: fix compilation with newer musl
...
Include proper sgidefs define.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit 93f8cbebe0
2020-08-21 16:05:48 +02:00
2f58b610dd
nspr: update to 4.25
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 6acb26cd66
2020-08-21 16:05:43 +02:00
fab10b8df4
nss: update to version 3.55 (security fix)
...
Fixes
CVE-2020-12403
CVE-2020-12401
CVE-2020-6829
CVE-2020-12400
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz >
(cherry picked from commit 46a0c332a4
2020-08-21 16:05:10 +02:00
7c3b05d336
nss: update to 3.53
...
also enable parallel build as now is safe
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit c155685843
2020-08-21 16:05:05 +02:00
46d315d316
nss: fix build for mips64
...
disable arm32_neon on unsupported target
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit d254f0527d
2020-08-21 16:04:57 +02:00
638b1642e2
nss: revert -flto change
...
it seems that it can lead to segfault in libfreebl3.so
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 630c19f648
2020-08-21 16:04:51 +02:00
be95fcb789
nss: add -flto and makefile cleanup
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 47570b4cf5
2020-08-21 16:04:45 +02:00
f0e6ceff3a
nss: update to 3.52
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 867fa4c68c
2020-08-21 16:04:40 +02:00
e5d7327224
nss: update to 3.51.1
...
also refresh patches
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 5fadec5c0e
2020-08-21 16:04:33 +02:00
e713f74b76
nss: update to 3.51
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit edd2690815
2020-08-21 16:04:27 +02:00
d2efcd926c
nss: update to 3.50
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 8633c2bc54
2020-08-21 16:04:22 +02:00
6a3d052726
nss: update to 3.49.2
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com >
(cherry picked from commit 8f2023aa9c
2020-08-21 16:04:17 +02:00
5e371c2d5f
libffi: fix build failure on powerpc platforms
...
This is an upstream backport.
Currently on the buildbots, having libffi unavailable leads to long
range build failures.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit 0dcde0115e
2020-08-21 15:26:51 +02:00
0413252f32
libffi: update to 3.3
...
Remove autoreconf. autotools files are no longer patched.
Add PKG_BUILD_PARALLEL for faster compilation.
Removed upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit f63305980f
2020-08-21 15:26:46 +02:00
70faa62f38
libffi: do not build in a special directory
...
There's no need. It also breaks host builds.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit 001e9f5081
2020-08-21 15:26:41 +02:00
9ec9bea25b
net/mosquitto: Update to 1.6.12
...
Security release. From the changelog:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes
https://github.com/eclipse/mosquitto/issues/1793
Changelog: https://mosquitto.org/blog/2020/08/version-1-6-12-released/
Signed-off-by: Karl Palsson <karlp@etactica.com >
2020-08-19 15:29:30 +00:00
2f78670748
python3: fix rebasing error
...
Signed-off-by: Rosen Penev <rosenp@gmail.com >
2020-08-15 22:45:40 -07:00
769d51fa93
python: fix host compilation with clang
...
Matched rpath parameter with Makefile.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
2020-08-15 15:23:21 -07:00
Jan Pavlinec