- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
to be added to fix the open CVEs. There have been no API/ABI
changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
on top.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- there are multiple open CVEs, this adds patches for them
- adds --disable-silent-rules for verbose build output
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- currently zlib is never detected, although there is a dependency on
it, fix that.
- change links from http to https
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently alsa-lib fails to build on uClibc:
parser.c: In function 'snd_tplg_build_file':
parser.c:262:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:262:35: note: each undeclared identifier is reported only once for each function it appears in
parser.c:262:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c: In function 'snd_tplg_build':
parser.c:330:35: error: 'S_IRUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
parser.c:330:45: error: 'S_IWUSR' undeclared (first use in this function)
open(outfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
^
Makefile:390: recipe for target 'parser.lo' failed
Fix this by adding an upstream fix as a backport.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Backport the update to 1.19.2 from master.
Fixes e.g. CVE-2017-13089 and CVE-2017-13090
(tested in my own ipq806x and ar71xx lede-17.01 builds)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Tree is a recursive directory listing command that
produces a depth indented listing of files, which is
colorized ala dircolors if the LS_COLORS environment
variable is set and output is to tty.
root@lede:/# tree -L 1
.
├── bin
├── dev
├── etc
├── lib
├── mnt
├── overlay
├── proc
├── rom
├── root
├── sbin
├── sys
├── tmp
├── usr
├── var -> /tmp
└── www
15 directories, 0 files
http://mama.indstate.edu/users/ice/tree/
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit b6ff884d45)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Contains fixes for
* CVE-2017-15099
* CVE-2017-15098
* CVE-2017-12172
* CVE-2017-7548
* CVE-2017-7547
* CVE-2017-7546
* CVE-2017-7486
* CVE-2017-7485
* CVE-2017-7484
Note that some fixes apply for newly created databases only!
To mitigate CVE-2017-7486 and CVE-2017-7547 in existing databases,
a procedure described in the the release notes of PostgreSQL 9.5.8
is necessary!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This release includes some bug fixes and a security fix.
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit fc01053917)
Since commit 4739584c24 the status of the
interface is not reported correctly anymore. To fix this issue do not test
if the routing table is presented use instead the "/var/run/iface_state/[iface]"
to get the interface state because the routing table will not get deleted
anymore if the interface is offline.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Bump version and overwrite patches from master,
since those were refreshed (at some point).
I got an email notification about some CVEs
for branch 17.01, so I decided to update Python.
Technically, one seems to be for SolidWorks
from what I can tell, but upgrading should be easy.
```
Hello Alexandru Ardelean,
The package python is vulnerable to the following CVEs:
CVE-2014-4616
https://nvd.nist.gov/vuln/detail/CVE-2014-4616
CVE-2017-100015
https://nvd.nist.gov/vuln/detail/CVE-2017-100015
Please consider updating or patching the package.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This package provides the UCI config shared by both, the CLI and Web
clients used for attended-sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:
Package kmod-jool is missing dependencies for the following libraries:
crypto_hash.ko
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01. The two variant packages both now PROVIDE
libwebsockets, the virtual package.
Signed-off-by: Karl Palsson <karlp@etactica.com>
sysupgrade use case as well uci defaults.
Package is a part of the GSoC 17 project implementing easy
sysupgrade functionality.
Signed-off-by: Paul Spooren <paul@spooren.de>
(cherry picked from commit f9a6c81c11)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
need to have opkg available. It is being used for the GSoC 17 project
implementing easy sysupgrade functionality.
Signed-off-by: Paul Spooren <paul@spooren.de>
(cherry picked from commit 0d2e674aa1)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
WireGuard is well documented for being an experimental project, not
currently ready to be stabilized. As such, it's important for packagers
to always keep the project up to date in all contexts.
However, it is common for some projects, such as LEDE/OpenWrt to have
stable branches, which don't expect a lot of churn or modification.
The WireGuard that happened to ship with 17.01 is broken and crufty and
shouldn't be used at all. It's highly unlikely that there's anybody out
there even using it; it won't work with anything else.
So, this commit updates the 17.01 package to the latest upstream
version. Because the 17.01 stable branch can't be updated all the time,
it's important that this bump here in this commit is a stable one.
I believe 0.0.20171005 to be a fairly stable snapshot, which should be
suitable for the 17.01 branch. As stated earlier, the 0.0.20170115
currently in this branch is highly problematic. 0.0.20171005 offers
extremely important changes.
I'll continue to send package bumps for 17.01, but only for snapshot
releases that I think fix an important bug or provide a noted increase
in stability, or have similar goals to this commit.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>