Commit Graph

7218 Commits

Author SHA1 Message Date
Sebastian Kemper 4e93c8bf46 tiff: version bump to address open CVEs
- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
  to be added to fix the open CVEs. There have been no API/ABI
  changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
  on top.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:17:42 +01:00
Sebastian Kemper 2847e03934 libxslt: add patches copied from Debian to fix CVEs
- there are multiple open CVEs, this adds patches for them
- adds --disable-silent-rules for verbose build output

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:09:51 +01:00
Sebastian Kemper 902542faa0 libssh: fix zlib detection
- currently zlib is never detected, although there is a dependency on
  it, fix that.
- change links from http to https

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-30 15:06:08 +01:00
tripolar 14f5d40714 Merge pull request #5493 from micmac1/fix-alsa-lib-on-uclibc
alsa-lib [lede-17.01]: fix build on uclibc
2018-01-27 13:24:29 +01:00
Sebastian Kemper dc7f2ccad2 alsa-lib: fix uClibc builds
Currently alsa-lib fails to build on uClibc:

parser.c: In function 'snd_tplg_build_file':
parser.c:262:35: error: 'S_IRUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                   ^
parser.c:262:35: note: each undeclared identifier is reported only once for each function it appears in
parser.c:262:45: error: 'S_IWUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                             ^
parser.c: In function 'snd_tplg_build':
parser.c:330:35: error: 'S_IRUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                   ^
parser.c:330:45: error: 'S_IWUSR' undeclared (first use in this function)
   open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
                                             ^
Makefile:390: recipe for target 'parser.lo' failed

Fix this by adding an upstream fix as a backport.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-01-27 11:49:02 +01:00
Hannu Nyman 19f22c9548 Merge pull request #5497 from daztucker/lede-17.01
net/https-dns-proxy: Update to 2018-01-24.
2018-01-26 16:29:20 +02:00
Darren Tucker e359065b62 net/https-dns-proxy: Update to 2018-01-24.
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.

Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
2018-01-25 20:05:18 +11:00
Luiz Angelo Daros de Luca 127daaef07 Merge pull request #5317 from luizluca/17.01/ruby-2.4.3
[17.01] ruby: bump to 2.4.3
2018-01-22 08:43:03 -02:00
Hannu Nyman 399e43d5dc Merge pull request #5479 from EricLuehrsen/lede-17.01-unbound-168
[lede-17.01] unbound: update to 1.6.8 for CVE-2017-15105
2018-01-20 10:03:35 +02:00
Eric Luehrsen b6cf69bca6 unbound: update to 1.6.8 for CVE-2017-15105
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2018-01-19 21:25:14 -05:00
Hannu Nyman f09eaa4f39 Merge pull request #5477 from dibdot/travelmate-17.01
[17.01] travelmate: release 1.0.2
2018-01-19 15:10:12 +02:00
Hannu Nyman f2b1b3a048 Merge pull request #5476 from dibdot/adblock-17.01
[17.01] adblock: release 3.4.3
2018-01-19 15:10:02 +02:00
Dirk Brenken 4038c7ea6f [17.01] travelmate: release 1.0.2
* bump travelmate version in stable tree

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-01-19 10:02:23 +01:00
Dirk Brenken 366e595d56 [17.01] adblock: release 3.4.3
* bump adblock version in stable tree

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-01-19 09:50:39 +01:00
Yousong Zhou f5046db67e vpnc: fix using proto_add_host_dependency
Fixes #4343

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-19 11:18:10 +08:00
Alexandru Ardelean c13cd82a4a ulogd: use strncpy instead of memcpy
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 953f951c5e)
2018-01-12 11:24:43 +01:00
Hannu Nyman 02692887ba wget: backport 1.19.2 from master
Backport the update to 1.19.2 from master.
Fixes e.g. CVE-2017-13089 and CVE-2017-13090

(tested in my own ipq806x and ar71xx lede-17.01 builds)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-01-06 12:20:47 +02:00
Banglang Huang 23d7fd1817 tree: backport from master
Tree is a recursive directory listing command that
produces a depth indented listing of files, which is
colorized ala dircolors if the LS_COLORS environment
variable is set and output is to tty.

root@lede:/# tree -L 1
.
├── bin
├── dev
├── etc
├── lib
├── mnt
├── overlay
├── proc
├── rom
├── root
├── sbin
├── sys
├── tmp
├── usr
├── var -> /tmp
└── www

15 directories, 0 files

http://mama.indstate.edu/users/ice/tree/

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>

(cherry picked from commit b6ff884d45)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-01-06 12:04:33 +02:00
Daniel Golle eb3a0d828e postgresql: update to version 9.5.10
Contains fixes for
 * CVE-2017-15099
 * CVE-2017-15098
 * CVE-2017-12172
 * CVE-2017-7548
 * CVE-2017-7547
 * CVE-2017-7546
 * CVE-2017-7486
 * CVE-2017-7485
 * CVE-2017-7484

Note that some fixes apply for newly created databases only!
To mitigate CVE-2017-7486 and CVE-2017-7547 in existing databases,
a procedure described in the the release notes of PostgreSQL 9.5.8
is necessary!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-01-05 00:20:31 +01:00
Rosen Penev 81571ac0ef gnutls: Use HTTPS instead of FTP
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-30 22:31:17 +01:00
Luiz Angelo Daros de Luca 2c4ea103d0 ruby: bump to 2.4.3
This release includes some bug fixes and a security fix.

CVE-2017-17405: Command injection vulnerability in Net::FTP

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit fc01053917)
2017-12-23 01:18:00 -02:00
Arturo Rinaldi fe63607e88 python: declare explicit Host/Compile to fix pgen tool installation error
Signed-off-by: Arturo Rinaldi arty.net2@gmail.com
[squash commits, fix commit title]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:08:37 +01:00
champtar 8eb10fd28f Merge pull request #5012 from TDT-AG/20171025-luci-app-mwan3-fix-iface_state
net/mwan3-luci: fix iface_state on on status page for 17.01
2017-12-11 11:43:46 -08:00
Florian Eckert 78acfcc7ed net/mwan3-luci: fix iface_state on on status page
Since commit 4739584c24 the status of the
interface is not reported correctly anymore. To fix this issue do not test
if the routing table is presented use instead the "/var/run/iface_state/[iface]"
to get the interface state because the routing table will not get deleted
anymore if the interface is offline.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-11 15:21:16 +01:00
Jo-Philipp Wich a915753aaa Merge pull request #5228 from commodo/python-2.7.14-17.01
python: update to version 2.7.14 for branch 17.01
2017-12-05 14:32:57 +01:00
Alexandru Ardelean 7cf09e3ec4 python: update to version 2.7.14 for branch 17.01
Bump version and overwrite patches from master,
since those were refreshed (at some point).

I got an email notification about some CVEs
for branch 17.01, so I decided to update Python.

Technically, one seems to be for SolidWorks
from what I can tell, but upgrading should be easy.

```
Hello Alexandru Ardelean,

The package python is vulnerable to the following CVEs:
CVE-2014-4616
  https://nvd.nist.gov/vuln/detail/CVE-2014-4616

CVE-2017-100015
  https://nvd.nist.gov/vuln/detail/CVE-2017-100015

Please consider updating or patching the package.
```

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-12-05 15:22:29 +02:00
Daniel Golle 0230af3b20 attendedsysupgrade-common: add package
This package provides the UCI config shared by both, the CLI and Web
clients used for attended-sysupgrade.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-20 17:49:34 +01:00
Saverio Proto feda1e4ba6 tinc: version bump 1.0.33
Signed-off-by: Saverio Proto <saverio.proto@switch.ch>
2017-11-05 04:00:10 +01:00
Nikos Mavrogiannopoulos f2131de798 gnutls: updated to 3.5.16
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-11-04 23:41:09 +01:00
Matthias Schiffer 82ef2fd773 jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:

    Package kmod-jool is missing dependencies for the following libraries:
    crypto_hash.ko

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-10-29 18:38:59 +01:00
Etienne Champetier fee9a0aad3 monit: update to 5.24, use https download url
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne Champetier 5a6fcfbce3 monit: update to 5.23
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne CHAMPETIER 4479fada4d monit: update to 5.20, use PKG_HASH
this adds zlib as dependency

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne Champetier 9ce3deb840 sqlite3: update to 3.19.3
fix possible database corruption
https://www.sqlite.org/releaselog/3_19_3.html

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Daniel Engberg 6bca857952 libs/sqlite3: Update to 3190200
Update sqlite to 3190200
Remove obsolete tarball hash variable

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-25 11:36:18 -07:00
Ian Leonard 0a279576a9 sqlite: update to 3.17.0
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
2017-10-25 11:36:18 -07:00
Karl Palsson 58a1a733e5 libwebsockets: add PROVIDES to both variants
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01.  The two variant packages both now PROVIDE
libwebsockets, the virtual package.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-10-25 11:15:12 +00:00
Hirokazu MORIKAWA e967fd8ca8 icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/

https://security-tracker.debian.org/tracker/CVE-2017-14952

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2017-10-24 02:34:06 -05:00
Jo-Philipp Wich 3c29b149f5 Revert "Provides a way to acquire the list of installed packages without the"
This reverts commit 983819f3f0.
2017-10-20 15:08:54 +02:00
Jo-Philipp Wich 27bdc743ce Revert "add ubus call to perform a sysupgrade and acl file for the attended"
This reverts commit f6c287f1ee.
2017-10-20 15:08:54 +02:00
Jo-Philipp Wich cdcf6ad237 Revert "due to renaming .rpcd was forgotten in the Makefile"
This reverts commit 04cbc70c52.
2017-10-20 15:08:54 +02:00
Paul Spooren 04cbc70c52 due to renaming .rpcd was forgotten in the Makefile
Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit c98e9f3b18)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 15:02:01 +02:00
Paul Spooren f6c287f1ee add ubus call to perform a sysupgrade and acl file for the attended
sysupgrade use case as well uci defaults.
Package is a part of the GSoC 17 project implementing easy
sysupgrade functionality.

Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit f9a6c81c11)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 15:02:01 +02:00
Paul Spooren 983819f3f0 Provides a way to acquire the list of installed packages without the
need to have opkg available. It is being used for the GSoC 17 project
implementing easy sysupgrade functionality.

Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit 0d2e674aa1)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 14:47:30 +02:00
Stijn Tintel cd5c448758 wireguard: drop package
WireGuard was added to LEDE core. See discussion at
https://github.com/lede-project/source/pull/1409

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-16 14:08:26 +03:00
Hannu Nyman 73c9ff9274 Merge pull request #4914 from zx2c4/lede-17.01
wireguard: bump to release 0.0.20171005 for 17.01
2017-10-10 17:54:20 +03:00
champtar 631309edbb Merge pull request #4916 from StevenHessing/noddos-lede-17.01
noddos: new backport of noddos from master branch
2017-10-08 08:45:34 -07:00
Steven Hessing 9040b270b5 noddos: new backport of noddos from master branch
Signed-off-by: Steven Hessing <steven.hessing@gmail.com>
2017-10-07 21:24:43 -07:00
Jason A. Donenfeld 72e886788a wireguard: bump to release 0.0.20171005 for 17.01
WireGuard is well documented for being an experimental project, not
currently ready to be stabilized. As such, it's important for packagers
to always keep the project up to date in all contexts.

However, it is common for some projects, such as LEDE/OpenWrt to have
stable branches, which don't expect a lot of churn or modification.

The WireGuard that happened to ship with 17.01 is broken and crufty and
shouldn't be used at all. It's highly unlikely that there's anybody out
there even using it; it won't work with anything else.

So, this commit updates the 17.01 package to the latest upstream
version. Because the 17.01 stable branch can't be updated all the time,
it's important that this bump here in this commit is a stable one.

I believe 0.0.20171005 to be a fairly stable snapshot, which should be
suitable for the 17.01 branch. As stated earlier, the 0.0.20170115
currently in this branch is highly problematic. 0.0.20171005 offers
extremely important changes.

I'll continue to send package bumps for 17.01, but only for snapshot
releases that I think fix an important bug or provide a noted increase
in stability, or have similar goals to this commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-08 01:24:29 +02:00
Hauke Mehrtens 21b2e3eb76 Merge pull request #4879 from nxhack/17_01-CVE-2017-1000250
[lede-17.01] bluez: fix CVE-2017-1000250
2017-10-03 11:24:11 +02:00