Commit Graph

7280 Commits

Author SHA1 Message Date
Eneas U de Queiroz 3c3ba4e044 libgee: copy vapi files to versioned vala dir
The version is obtained via `valac --api-version`

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from fb4b5c5701)
2020-01-23 23:30:18 -08:00
Eneas U de Queiroz 65d5a6e183 libgee: use unversioned vala dir, misc fixes
Copy vapi files to unversioned vala dir.
Added vala/host to PKG_BUILD_DEPENDS.
Removed TARGET_LDFLAGS
Removed copyright lines

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from 2cf76d5278)
2020-01-23 23:28:58 -08:00
Mislav Novakovic 9c9a71b7d0 protobuf-c: add build time dependency protobuf
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
(cherry-picked from a35581902c)
2020-01-23 23:23:49 -08:00
Mike Kershaw / Dragorn 2750abb5bc Enable the host tools on protobuf-c (protoc-c specifically)
Signed-Off-By: Mike Kershaw <dragorn@kismetwireless.net>
(cherry-picked from 6915059e35)
2020-01-23 23:22:58 -08:00
Eneas U de Queiroz fa969ac007 softethervpn: cleanup host/build, pass HOST_*FLAGS
Remove hack to avoid readline host dependency, now that readline is
being host/built.
Pass on HOST_CFLAGS, HOST_CPPFLAGS, & HOST_LDFLAGS, to fix buildbots
host-compile errors about not finding openssl headers.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from e3c6fcb796)
2020-01-23 23:18:21 -08:00
Rosen Penev d39f4b806f 11# This is a combination of 2 commits.
gammu: Fix build under 64-bit targets.

There's a faulty suffix variable that points to the wrong place.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
bf42426e4a
5fbc6c873e
027ed92f6e)
2020-01-23 23:14:17 -08:00
Rosen Penev 4b2bdd0199 luasocket: Replace -fpic with $(FPIC)
This is causing linking errors on i386 and ppc.

Also removed custom warnings an optimization levels that override stock
settings.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from ecb4fcca0c)
2020-01-11 18:56:23 -08:00
Laurent Papier 2605babc8b luasocket: fix build on mpc85xx
Signed-off-by: Laurent Papier <papier[at]tuxfan.net>
(cherry-picked from cb44bfebd5)
2020-01-11 18:54:46 -08:00
Rosen Penev 53022fbc8f jool: Fix compilation
Backported upstream patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-11-19 16:51:58 -08:00
Matthias Schiffer 598fa14ae1 fastd: fix init script for multiple VPN instances
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b7ff8b8087)
2019-09-04 22:53:35 +02:00
Matthias Schiffer df57b4dc42 fastd: update URL and PKG_SOURCE_URL
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-09-04 22:53:26 +02:00
DENG Qingfang bf2f59e978 exfat-nofuse: drop BUILD_PATENTED
Microsoft has published technical specification for exFAT [1]
and the driver has been added to Linux staging tree [2].

It's now safe to drop BUILD_PATENTED label.

[1] https://docs.microsoft.com/windows/win32/fileio/exfat-specification
[2] http://lkml.iu.edu/hypermail/linux/kernel/1908.3/04254.html

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 4c9d0c7b56)
2019-09-02 01:49:55 +00:00
Rafał Miłecki b7a648faaf lighttpd: backport fix for plain auth from 1.4.49 release
Update commit 3d59ce6f50 ("lighttpd: update to 1.4.48") resulted in
plain auth regression: it simply stopped working with:
(mod_auth.c.525) password doesn't match for (...)
appearing on every authentication try.

This regression was fixed in 1.4.49 release. Backport the fix instead of
updating to the 1.4.49 to avoid risking more/other regressions.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4cc0c88713)
2019-07-30 11:54:52 +02:00
Jo-Philipp Wich 545d2fadd7 nlbwmon: update to latest Git HEAD
4574e6e nfnetlink: prevent tight retry loops
163a211 client: fix commit error information
21290db nlbwmon: merge existing data
abe701d database: do not overwrite unexpectedly preexisting databases
ef3fa58 socket: handle EAGAIN on send()

Ref: https://github.com/jow-/nlbwmon/issues/23
Ref: https://github.com/jow-/nlbwmon/issues/26
Ref: https://github.com/jow-/nlbwmon/issues/30
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c528e01f4c)
2019-06-06 09:33:54 +02:00
Kevin Darbyshire-Bryant 486418e56c nlbwmon: receive dhcp interface triggers
Not all interfaces may have been allocated address at nlbwmon startup so
it may not collect statistics as expected/configured.

Add interface triggers to catch dhcp events and restart as required.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 662d3f16d2)
2019-06-06 09:33:54 +02:00
Marc Benoit 9a374b7d49 net/nlbwmon: run with lower priority
Even on a powerful platform a nlbwmon process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
bandwidth stats collection can wait a bit.

Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>

(cherry picked from commit 9b3ecbd64a)
2019-06-06 09:33:53 +02:00
Jo-Philipp Wich 5f9815edb9 nlbwmon: update to current HEAD
Update to latest Git HEAD in order to solve a number of issues.

 - Improves MAC address lookup reliability
 - Properly counts DNAT-ed connections (e.g. for port forwards)
 - Fixes stack corruption when parsing netlink records
 - Fixes deletion of gzipped databases

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 70858690c0)
2019-06-06 09:33:53 +02:00
Kevin Darbyshire-Bryant 76ad27dfce nlbwmon: preserve protocols mapping across sysupgrade
Define package config files to preserve
/usr/share/nlbwmon/protocols across sysupgrade

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit 2305de5f2e)
2019-06-06 09:33:53 +02:00
Jiri Slachta dfe32c8a43 Merge pull request #8883 from micmac1/xslt-cve-17
(17.01) libxslt: backport patch for CVE-2019-11068
2019-05-03 08:29:57 +02:00
Sebastian Kemper c6aca052aa libxslt: backport patch for CVE-2019-11068
Refreshed existing patches.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-05-02 21:35:29 +02:00
Hirokazu MORIKAWA 17fef37ff4 icu: [lede-17.01] support for new Japanese era Reiwa
support for new Japanese era Reiwa
change source url

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2019-04-22 10:26:01 +08:00
Rosen Penev 26a275b3cf Merge pull request #6642 from krombel/replace_git_by_https
[17.01] Change links from git://github.com to https://github.com
2019-04-04 17:10:02 -07:00
Jiri Slachta 5fa4ef9c94 Merge pull request #8450 from micmac1/ssh2-1701-181
libssh2 (17.01): version bump/CVE fixes
2019-03-28 09:41:04 +01:00
Sebastian Kemper 1f6f562041 libssh2: version bump/CVE fixes
- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-03-19 09:48:03 +01:00
Hannu Nyman 11eebc6fa0 Merge pull request #8433 from hnyman/vpnc
vpnc: fix IPv6-triggered inoperability
2019-03-17 18:30:06 +02:00
Daniel Gimpelevich b0ac3bad6e vpnc: fix IPv6-triggered inoperability
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.

Originally signedoffby: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>

cherry picked from ca56324
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-03-17 18:28:14 +02:00
champtar b04fe7f74b Merge pull request #7723 from micmac1/lede-17.01-sqlite3
(lede 17.01) sqlite3 security bump
2018-12-18 22:50:41 +01:00
Sebastian Kemper d309d0090c sqlite3: use dynamic linking for sqlite cli tool
Otherwise it'll carry a static copy of it's own lib.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-18 20:07:35 +01:00
Sebastian Kemper 6fdeb2df93 sqlite3: security bump
A remote code execution vuln has been found in sqlite. Infos available
here:

https://blade.tencent.com/magellan/index_en.html

sqlite 3.26.0 contains the fix.

This commit also changes source URL to https. It also adds a depend on
zlib, which is now required.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-18 20:05:18 +01:00
Hannu Nyman 94685f7a78 Merge pull request #7555 from micmac1/tiff-4010-17.01
(lede-17.01) tiff: security bump to 4.0.10
2018-12-06 10:35:45 +02:00
Sebastian Kemper c3109a2563 tiff: security bump to 4.0.10
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:

CVE-2017-17095
CVE-2018-17101
CVE-2018-18557

The update is 100% backwards compatible, no symbol changes.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-02 11:59:16 +01:00
Hannu Nyman fe3eb92a4d Merge pull request #7165 from pacien/181009-1701-pkg-tinc
tinc: update to 1.0.35 (security update) [lede-17.01]
2018-10-10 20:28:18 +03:00
Pacien TRAN-GIRARD 578a7c506a tinc: update to 1.0.35
Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758

Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
2018-10-09 23:58:12 +02:00
Ted Hess 40da7ecf21 socat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC
Signed-off-by: Ted Hess <thess@kitschensync.net>
2018-08-30 15:23:57 -04:00
Michael Heimpold 1553fad25f Merge pull request #6835 from micmac1/xml2-cve-17.01
libxml2: add Debian patches to address CVEs
2018-08-21 21:11:38 +02:00
Sebastian Kemper a5bbf27e35 libxml2: add Debian patches to address CVEs
Debian uses libxml2 2.9.4 in Stretch. This adds their security related
fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release.

Fixed CVEs:

CVE-2016-4658
CVE-2016-5131
CVE-2017-0663
CVE-2017-15412
CVE-2017-7375
CVE-2017-7376
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-21 20:42:56 +02:00
Jiri Slachta 56acd578ff Merge pull request #6806 from micmac1/tiff-17.01
tiff: fix remaining CVEs
2018-08-19 19:12:40 +02:00
Sebastian Kemper 1e77dfa7b0 tiff: fix remaining CVEs
Backport Rosen's commit in master to 17.01 to address open CVEs. This
fixes:

CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-19 11:06:00 +02:00
Dirk Brenken 6b4862d5ca Merge pull request #6783 from EricLuehrsen/unbound_1701
[lede-17.01] unbound: drop odhcpd leases with wrong field count
2018-08-18 19:53:35 +02:00
Eric Luehrsen cad5ceed6a unbound: drop odhcpd leases with wrong field count
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry pick commit: 59617f076d)
2018-08-17 23:41:16 -04:00
Daniel Golle 7dd5529bf8 Merge pull request #6760 from micmac1/postgresql-17.01
postgresql: security bump to 9.5.14 for 17.01
2018-08-15 20:08:16 +02:00
Sebastian Kemper eb5ac25380 postgresql: security bump to 9.5.14
This update includes fixes for the following CVEs:

- CVE-2018-1053
- CVE-2018-1058
- CVE-2018-10915
- CVE-2018-10925

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-15 17:28:45 +02:00
Matthias Kesler 19a8f81018 Change links from git://github.com to https://github.com
I got into troubles to be behind a proxy and my build then fails
because it cannot connect to git://github.com urls

To avoid such problems for others I think it is useful to replace
them for the whole repo. This changes make it work for me again.

Signed-off-by: Matthias Kesler <krombel@krombel.de>
2018-08-01 23:07:52 +02:00
Hannu Nyman 2578f56c29 Merge pull request #6350 from EricLuehrsen/unbound_20180625_1701
[lede-17.01] unbound: limit outside script source to init funciton scope
2018-06-27 07:18:11 +03:00
Eric Luehrsen 43f14b8112 unbound: limit outside script source to init funciton scope
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
2018-06-25 20:50:30 -04:00
Hannu Nyman 338690b2f7 Merge pull request #6077 from MikePetullo/lede-17.01-lighttpd
lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
2018-05-21 08:23:30 +03:00
Philip Prindeville b93e46562a lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
If we're built with CONFIG_LIGHTTPD_SSL then mod_openssl.so should
be included into the base package. Fixes issue #5343.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-05-20 14:46:26 -04:00
Hannu Nyman 08e547f943 usbip: remove upstreamed musl compatibility patch (#5983)
Remove musl compatibility patch that is now included
in the upstream Linux kernel and backported to stable kernels.

Commit in 4.4:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/tools/usb/usbip?h=linux-4.4.y&id=6638091f1b1623db8b2338ef5a5f26d9ec870444

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-29 22:22:03 +01:00
Hannu Nyman 89370e23df Merge pull request #5803 from VincentRiou/lighttpd_1_4_48_with_wstunnel
Lighttpd 1.4.48 with wstunnel
2018-04-25 12:26:16 +03:00
Luiz Angelo Daros de Luca e4e9360ff5 Merge pull request #5848 from luizluca/ruby-2.4.4
[17.01] ruby: bump to 2.4.4
2018-03-29 15:23:01 -03:00