Commit Graph

7271 Commits

Author SHA1 Message Date
Matthias Schiffer 598fa14ae1 fastd: fix init script for multiple VPN instances
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b7ff8b8087)
2019-09-04 22:53:35 +02:00
Matthias Schiffer df57b4dc42 fastd: update URL and PKG_SOURCE_URL
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-09-04 22:53:26 +02:00
DENG Qingfang bf2f59e978 exfat-nofuse: drop BUILD_PATENTED
Microsoft has published technical specification for exFAT [1]
and the driver has been added to Linux staging tree [2].

It's now safe to drop BUILD_PATENTED label.

[1] https://docs.microsoft.com/windows/win32/fileio/exfat-specification
[2] http://lkml.iu.edu/hypermail/linux/kernel/1908.3/04254.html

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 4c9d0c7b56)
2019-09-02 01:49:55 +00:00
Rafał Miłecki b7a648faaf lighttpd: backport fix for plain auth from 1.4.49 release
Update commit 3d59ce6f50 ("lighttpd: update to 1.4.48") resulted in
plain auth regression: it simply stopped working with:
(mod_auth.c.525) password doesn't match for (...)
appearing on every authentication try.

This regression was fixed in 1.4.49 release. Backport the fix instead of
updating to the 1.4.49 to avoid risking more/other regressions.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4cc0c88713)
2019-07-30 11:54:52 +02:00
Jo-Philipp Wich 545d2fadd7 nlbwmon: update to latest Git HEAD
4574e6e nfnetlink: prevent tight retry loops
163a211 client: fix commit error information
21290db nlbwmon: merge existing data
abe701d database: do not overwrite unexpectedly preexisting databases
ef3fa58 socket: handle EAGAIN on send()

Ref: https://github.com/jow-/nlbwmon/issues/23
Ref: https://github.com/jow-/nlbwmon/issues/26
Ref: https://github.com/jow-/nlbwmon/issues/30
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c528e01f4c)
2019-06-06 09:33:54 +02:00
Kevin Darbyshire-Bryant 486418e56c nlbwmon: receive dhcp interface triggers
Not all interfaces may have been allocated address at nlbwmon startup so
it may not collect statistics as expected/configured.

Add interface triggers to catch dhcp events and restart as required.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 662d3f16d2)
2019-06-06 09:33:54 +02:00
Marc Benoit 9a374b7d49 net/nlbwmon: run with lower priority
Even on a powerful platform a nlbwmon process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
bandwidth stats collection can wait a bit.

Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>

(cherry picked from commit 9b3ecbd64a)
2019-06-06 09:33:53 +02:00
Jo-Philipp Wich 5f9815edb9 nlbwmon: update to current HEAD
Update to latest Git HEAD in order to solve a number of issues.

 - Improves MAC address lookup reliability
 - Properly counts DNAT-ed connections (e.g. for port forwards)
 - Fixes stack corruption when parsing netlink records
 - Fixes deletion of gzipped databases

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 70858690c0)
2019-06-06 09:33:53 +02:00
Kevin Darbyshire-Bryant 76ad27dfce nlbwmon: preserve protocols mapping across sysupgrade
Define package config files to preserve
/usr/share/nlbwmon/protocols across sysupgrade

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit 2305de5f2e)
2019-06-06 09:33:53 +02:00
Jiri Slachta dfe32c8a43 Merge pull request #8883 from micmac1/xslt-cve-17
(17.01) libxslt: backport patch for CVE-2019-11068
2019-05-03 08:29:57 +02:00
Sebastian Kemper c6aca052aa libxslt: backport patch for CVE-2019-11068
Refreshed existing patches.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-05-02 21:35:29 +02:00
Hirokazu MORIKAWA 17fef37ff4 icu: [lede-17.01] support for new Japanese era Reiwa
support for new Japanese era Reiwa
change source url

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2019-04-22 10:26:01 +08:00
Rosen Penev 26a275b3cf Merge pull request #6642 from krombel/replace_git_by_https
[17.01] Change links from git://github.com to https://github.com
2019-04-04 17:10:02 -07:00
Jiri Slachta 5fa4ef9c94 Merge pull request #8450 from micmac1/ssh2-1701-181
libssh2 (17.01): version bump/CVE fixes
2019-03-28 09:41:04 +01:00
Sebastian Kemper 1f6f562041 libssh2: version bump/CVE fixes
- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-03-19 09:48:03 +01:00
Hannu Nyman 11eebc6fa0 Merge pull request #8433 from hnyman/vpnc
vpnc: fix IPv6-triggered inoperability
2019-03-17 18:30:06 +02:00
Daniel Gimpelevich b0ac3bad6e vpnc: fix IPv6-triggered inoperability
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.

Originally signedoffby: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>

cherry picked from ca56324
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-03-17 18:28:14 +02:00
champtar b04fe7f74b Merge pull request #7723 from micmac1/lede-17.01-sqlite3
(lede 17.01) sqlite3 security bump
2018-12-18 22:50:41 +01:00
Sebastian Kemper d309d0090c sqlite3: use dynamic linking for sqlite cli tool
Otherwise it'll carry a static copy of it's own lib.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-18 20:07:35 +01:00
Sebastian Kemper 6fdeb2df93 sqlite3: security bump
A remote code execution vuln has been found in sqlite. Infos available
here:

https://blade.tencent.com/magellan/index_en.html

sqlite 3.26.0 contains the fix.

This commit also changes source URL to https. It also adds a depend on
zlib, which is now required.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-18 20:05:18 +01:00
Hannu Nyman 94685f7a78 Merge pull request #7555 from micmac1/tiff-4010-17.01
(lede-17.01) tiff: security bump to 4.0.10
2018-12-06 10:35:45 +02:00
Sebastian Kemper c3109a2563 tiff: security bump to 4.0.10
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:

CVE-2017-17095
CVE-2018-17101
CVE-2018-18557

The update is 100% backwards compatible, no symbol changes.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-02 11:59:16 +01:00
Hannu Nyman fe3eb92a4d Merge pull request #7165 from pacien/181009-1701-pkg-tinc
tinc: update to 1.0.35 (security update) [lede-17.01]
2018-10-10 20:28:18 +03:00
Pacien TRAN-GIRARD 578a7c506a tinc: update to 1.0.35
Critical security update for:
* CVE-2018-16737,
* CVE-2018-16738,
* CVE-2018-16758

Announcement:
https://www.tinc-vpn.org/pipermail/tinc/2018-October/005311.html

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
2018-10-09 23:58:12 +02:00
Ted Hess 40da7ecf21 socat: Fix CRDLY, TABDLY and CSIZE shifts for PowerPC
Signed-off-by: Ted Hess <thess@kitschensync.net>
2018-08-30 15:23:57 -04:00
Michael Heimpold 1553fad25f Merge pull request #6835 from micmac1/xml2-cve-17.01
libxml2: add Debian patches to address CVEs
2018-08-21 21:11:38 +02:00
Sebastian Kemper a5bbf27e35 libxml2: add Debian patches to address CVEs
Debian uses libxml2 2.9.4 in Stretch. This adds their security related
fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release.

Fixed CVEs:

CVE-2016-4658
CVE-2016-5131
CVE-2017-0663
CVE-2017-15412
CVE-2017-7375
CVE-2017-7376
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-21 20:42:56 +02:00
Jiri Slachta 56acd578ff Merge pull request #6806 from micmac1/tiff-17.01
tiff: fix remaining CVEs
2018-08-19 19:12:40 +02:00
Sebastian Kemper 1e77dfa7b0 tiff: fix remaining CVEs
Backport Rosen's commit in master to 17.01 to address open CVEs. This
fixes:

CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-19 11:06:00 +02:00
Dirk Brenken 6b4862d5ca Merge pull request #6783 from EricLuehrsen/unbound_1701
[lede-17.01] unbound: drop odhcpd leases with wrong field count
2018-08-18 19:53:35 +02:00
Eric Luehrsen cad5ceed6a unbound: drop odhcpd leases with wrong field count
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry pick commit: 59617f076d)
2018-08-17 23:41:16 -04:00
Daniel Golle 7dd5529bf8 Merge pull request #6760 from micmac1/postgresql-17.01
postgresql: security bump to 9.5.14 for 17.01
2018-08-15 20:08:16 +02:00
Sebastian Kemper eb5ac25380 postgresql: security bump to 9.5.14
This update includes fixes for the following CVEs:

- CVE-2018-1053
- CVE-2018-1058
- CVE-2018-10915
- CVE-2018-10925

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-15 17:28:45 +02:00
Matthias Kesler 19a8f81018 Change links from git://github.com to https://github.com
I got into troubles to be behind a proxy and my build then fails
because it cannot connect to git://github.com urls

To avoid such problems for others I think it is useful to replace
them for the whole repo. This changes make it work for me again.

Signed-off-by: Matthias Kesler <krombel@krombel.de>
2018-08-01 23:07:52 +02:00
Hannu Nyman 2578f56c29 Merge pull request #6350 from EricLuehrsen/unbound_20180625_1701
[lede-17.01] unbound: limit outside script source to init funciton scope
2018-06-27 07:18:11 +03:00
Eric Luehrsen 43f14b8112 unbound: limit outside script source to init funciton scope
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
2018-06-25 20:50:30 -04:00
Hannu Nyman 338690b2f7 Merge pull request #6077 from MikePetullo/lede-17.01-lighttpd
lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
2018-05-21 08:23:30 +03:00
Philip Prindeville b93e46562a lighttpd: CONFIG_LIGHTTPD_SSL includes mod_openssl
If we're built with CONFIG_LIGHTTPD_SSL then mod_openssl.so should
be included into the base package. Fixes issue #5343.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-05-20 14:46:26 -04:00
Hannu Nyman 08e547f943 usbip: remove upstreamed musl compatibility patch (#5983)
Remove musl compatibility patch that is now included
in the upstream Linux kernel and backported to stable kernels.

Commit in 4.4:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/tools/usb/usbip?h=linux-4.4.y&id=6638091f1b1623db8b2338ef5a5f26d9ec870444

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-29 22:22:03 +01:00
Hannu Nyman 89370e23df Merge pull request #5803 from VincentRiou/lighttpd_1_4_48_with_wstunnel
Lighttpd 1.4.48 with wstunnel
2018-04-25 12:26:16 +03:00
Luiz Angelo Daros de Luca e4e9360ff5 Merge pull request #5848 from luizluca/ruby-2.4.4
[17.01] ruby: bump to 2.4.4
2018-03-29 15:23:01 -03:00
Luiz Angelo Daros de Luca 09b00c08f5 ruby: bump to 2.4.4
This release includes some bug fixes and some security fixes.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

There are also some bug fixes

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-03-29 11:37:25 -03:00
Hannu Nyman ccb9ca53cc Merge pull request #5839 from nxhack/lede-17_01_icu_CVE-2017-15422
icu: fix CVE-2017-15422
2018-03-27 23:26:20 +03:00
Hirokazu MORIKAWA 20984d673e icu: fix CVE-2017-15422
[lede-17.01]

Maintainer: me

Compile tested: ar71xx, mips_24kc_gcc-5.4.0_musl-1.1.16, lede-17.01 r3863-fad29d2
Run tested: NONE

Description:
CVE-2017-15422 : integer overflow in icu
https://security-tracker.debian.org/tracker/CVE-2017-15422

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2018-03-27 17:05:45 +09:00
Vincent Riou e1b36a234c lighttpd: add mod-wstunnel
Exposes the mod-wstunnel plugin which implements websocket proxying over http

Signed-off-by: Vincent Riou <vincent@invizbox.com>
2018-03-23 14:57:16 +00:00
Philip Prindeville 62b0d30aeb lighttpd: update to 1.4.48
All of the bugs for which we had patches have been fixed upstream
in 1.4.46, so the patches can be dropped.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Conflicts:
	net/lighttpd/Makefile
2018-03-23 14:18:05 +00:00
Tony Ambardar 0b748a3ac5 sqm-scripts: Fix return value bug in postrm script
The script removes the UCI option ucitrack.@sqm[0] if present and then
returns success. If that UCI option is already absent however, the
script incorrectly returns failure, which blocks upgrade of the
luci-app-sqm package.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-03-03 16:39:32 +01:00
Karl Palsson 96c08703f3 mosqitto: bump to 1.4.15 for CVE fixes.
See https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
for full details.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2018-03-01 11:20:03 +00:00
Rafał Miłecki 90d3ef2f76 minidlna: exclude "po" directory to fix CONFIG_BUILD_NLS=y builds
This fixes:
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.18 but the autoconf macros are from gettext version 0.19

Makefile of minidlna package specifies PKG_FIXUP:=autoreconf. That
results in calling autoreconf with multiple arguments, including many -I
ones. One of autoreconf steps is calling aclocal with the same set of -I
arguments.

All of that results in:
1) aclocal using staging_dir's /usr/share/aclocal and its po.m4
2) not using minidlna's po.m4
3) not updating Makefile.in.in

If staging_dir's po.m4 has different GETTEXT_MACRO_VERSION than the
minidlna's one it'll result in a mismatch in the Makefile.in. Ideally we
should take care of regenerating Makefile.in.in but this isn't
currentlly supported. As localization isn't properly supported anyway
(no shipping .mo files) it's safe to just disable building po files.

Added patch comes from the master branch commit d5fcc972ba
("multimedia/minidlna: Update to 1.2.0").

Fixes: 7292844261 ("minidlna: backport fixes from 1.1.6 and 1.2.0 releases")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-02-19 12:47:31 +01:00
champtar 56331e808f Merge pull request #5492 from micmac1/fix-sqlite3-on-uclibc
sqlite3 [lede-17.01]: fix uClibc builds
2018-01-31 07:55:37 -08:00