Commit Graph

11032 Commits

Author SHA1 Message Date
Rosen Penev 728edfbdcd Merge pull request #10108 from BKPepe/expat-1806
[OpenWrt 18.06] expat: Update to version 2.2.9
2019-10-11 12:49:51 -07:00
Rosen Penev a8ca566840 Merge pull request #10167 from BKPepe/unbound18.06
[OpenWrt 18.06] unbound: Update to version 1.9.4
2019-10-08 13:58:14 -07:00
Alexandru Ardelean e84deea057 python3-pip: fix install rule
This seems to have slipped for some time. No idea if it ever worked.
It could be that this worked at some point.

In any case, the shebang is properly updated now.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 1b96dc0171)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(bump PKG_RELEASE for python3-pip)
2019-10-08 09:48:19 +02:00
Hannu Nyman c4710f7805 nano: update to 4.5
Update nano editor to version 4.5.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit bfd66f2d23)
(fix also license tag and add CVE)
2019-10-07 18:24:57 +03:00
Hannu Nyman cae699fc44 Merge pull request #10164 from stangri/18.06-simple-adblock
[18.06] simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
2019-10-07 18:08:58 +03:00
Josef Schlehofer c674fa684d unbound: Update to version 1.9.4
Fixes CVE-2019-16866

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-07 01:45:38 +02:00
Eric Luehrsen 0b8eee5fbd unbound: update to 1.9.3
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
2019-10-07 01:45:24 +02:00
Stan Grishin dba87ee0cc simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-10-06 09:33:48 -07:00
Hannu Nyman 5452bb8332 Merge pull request #10156 from gladiac1337/haproxy-1.8.21-openwrt-18.06
[openwrt-18.06] haproxy: Update HAProxy to v1.8.21
2019-10-05 17:17:46 +03:00
Christian Lachner 1bb725133e haproxy: Update HAProxy to v1.8.21
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.21.html)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2019-10-05 13:26:02 +02:00
Hannu Nyman da5a8e5962 Merge pull request #10155 from jefferyto/python-bpo-38243-34155-openwrt-18.06
[openwrt-18.06] python: Fix CVE-2019-16056, CVE-2019-16935
2019-10-05 11:27:49 +03:00
Hannu Nyman ad7b3c6184 Merge pull request #10143 from stangri/18.06-simple-adblock
[18.06] simple-adblock: bugfix and improvements (check description)
2019-10-05 11:26:08 +03:00
Jeffery To dad9a1a2a4 python: Fix CVE-2019-16056, CVE-2019-16935
These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py

Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-10-05 00:58:08 +08:00
Stan Grishin b677e3eee3 simple-adblock: bugfix and improvements (check description)
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-10-03 18:42:02 -07:00
Rosen Penev b60caa4940 Merge pull request #10120 from BKPepe/youtubedl-1806
[OpenWrt 18.06] youtube-dl: Update to version 2019.9.28
2019-10-02 12:05:53 -07:00
Hannu Nyman 2d822fb624 haveged: convert to procd
Convert haveged init script to use procd

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4f717a6f65)
2019-10-01 23:18:46 +03:00
Hannu Nyman 4fe703393b haveged: update to 1.9.8
Update haveged to 1.9.8

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e5b308308b)
2019-10-01 22:11:11 +03:00
Josef Schlehofer 36919e51f4 youtube-dl: Update to version 2019.9.28
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-30 23:23:16 +02:00
Rosen Penev 00133e1e07 Merge pull request #10118 from BKPepe/libgcrypt-1806
[OpenWrt 18.06] libgcrypt: backport fix for CVE-2019-13627
2019-09-30 13:30:46 -07:00
Josef Schlehofer 126cdd7c6b python3: fix CVE-2019-16056 and delete two patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-30 17:23:40 +02:00
Josef Schlehofer 0d9eeca453 python3: backport three security patches
Fixes: CVE-2019-16935

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 80def9e)
2019-09-30 10:03:35 +02:00
Josef Schlehofer f19f9ffc9f expat: Update to version 2.2.9
Fixes CVE-2019-15903

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-29 11:30:20 +02:00
Jan Pavlinec c0dea72f92 expat: update to version 2.2.7 (security fix)
Fixes:
CVE-2018-20843

Changes:
add PKG_CPE_ID
switch to xz
remove maintainer

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-09-29 11:29:57 +02:00
Michael Heimpold deae9b348a expat: fix host build issue with docbook
Additionally to the fix issued for #6923, we need to disable the docbook
usage also for the host build. This prevents the following error:

checking for docbook2man... docbook2man
configure: error: Your local docbook2man was found to work with SGML rather
  than XML. Please install docbook2X and use variable DOCBOOK_TO_MAN to point
  configure to command docbook2x-man of docbook2X.
  Or use DOCBOOK_TO_MAN="xmlto man --skip-validation" if you have xmlto around.
  You can also configure using --without-docbook if you can do without a man
  page for xmlwf.

Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
2019-09-29 11:29:52 +02:00
Andy Walsh fec2709d78 expat: disable docbook
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2019-09-29 11:29:47 +02:00
Daniel Engberg fefe8e1f79 lib/expat: Update to 2.2.6
Update (lib)expat to 2.2.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-09-29 11:29:31 +02:00
Josef Schlehofer c64a4e86c3 Merge pull request #9893 from BKPepe/bind-18.06
[OpenWrt 18.06] bind: update to version 9.11.10
2019-09-28 11:52:27 +02:00
Rosen Penev d98310a3fb Merge pull request #9798 from ja-pa/zmq-security-fix-18.06
[OpenWrt 18.06] zeromq: update to version 4.1.7 (security fix)
2019-09-27 12:24:47 -07:00
Karl Palsson 03fb174ec7 net/mosquitto: bump to 1.5.9 for CVE
Fixes CVE-2019-11779
Release notes at https://mosquitto.org/blog/2019/09/version-1-6-6-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
2019-09-27 13:31:27 +00:00
Rosen Penev 8eca9c9164 python-crypto: Fix two CVEs
CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.

Also took the liberty to update the PKG_SOURCE_URL to a standard one.

Updated the home URL as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad)
2019-09-26 19:42:54 -07:00
Josef Schlehofer 7ec22baf1e libgcrypt: backport fix for CVE-2019-13627
Refresh patches due to offsets

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-26 20:27:57 +02:00
Hannu Nyman 6305d09b1a Merge pull request #10063 from stangri/18.06-simple-adblock
[18.06] simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
2019-09-25 19:13:10 +03:00
Stan Grishin fb43709a64 simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-09-24 09:11:57 -07:00
Josef Schlehofer 9265be5448 zmq: fix CVE-2019-13132
- Use HTTPS in their website
- Remove unnecessary space between PKG_SOURCE_URL

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-09-24 14:18:05 +02:00
Rosen Penev 29cd578d62 Merge pull request #10041 from neheb/djj
[18.06]django: Update to 1.8.19
2019-09-20 13:07:47 -07:00
Rosen Penev f292062517 django: Update to 1.8.19
Fixes:

CVE-2018-7536
CVE-2018-7537

Switches to pypi, as in upstream. Updated maintainer as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 11:45:45 -07:00
W. Michael Petullo f587f31ad5 lighttpd: mark module configuration files
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from 9cf412c0cb)
2019-09-11 10:50:45 +02:00
Josef Schlehofer 19879284af dovecot: Update to version 2.2.36.4
- Fix CVE-2019-11500
- Download tarball from HTTPS instead of HTTP

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-09 08:10:47 +02:00
Josef Schlehofer 8f42d4b714 wget: fix CVE-2018-20483
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-06 19:58:33 +02:00
Matthias Schiffer f6e7b56a58 fastd: fix init script for multiple VPN instances
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b7ff8b8087)
2019-09-04 22:51:10 +02:00
Hannu Nyman 06cc48c49b haveged: update to 1.9.6
Update haveged to 1.9.6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c933ac5dcb)
2019-09-02 21:02:17 +03:00
Florian Eckert 6014389c55 Merge pull request #9894 from BKPepe/keepalived-18.06
[OpenWrt 18.06] keepalived: Update to version 1.4.5
2019-09-02 09:27:24 +02:00
Rosen Penev 7a7820fb15 Merge pull request #9904 from RussellSenior/my-18.06
patch: cherry pick CVE fixes to 18.06 branch
2019-09-02 00:13:59 -07:00
Russell Senior 18f9e437ce patch: rename CVE-2019-13638 patch to mollify uscan
Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
Russell Senior abe523c579 patch: apply upstream patch for CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
Russell Senior a3d8698e35 tools/patch: apply upstream patch for CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

https://nvd.nist.gov/vuln/detail/CVE-2019-13636

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-09-01 23:39:22 -07:00
DENG Qingfang ebb9b3f172 exfat-nofuse: drop BUILD_PATENTED
Microsoft has published technical specification for exFAT [1]
and the driver has been added to Linux staging tree [2].

It's now safe to drop BUILD_PATENTED label.

[1] https://docs.microsoft.com/windows/win32/fileio/exfat-specification
[2] http://lkml.iu.edu/hypermail/linux/kernel/1908.3/04254.html

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 4c9d0c7b56)
2019-09-02 01:49:54 +00:00
Josef Schlehofer 2d9a3eff47 keepalived: add patch for CVE-2018-19115
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:42:25 +02:00
Josef Schlehofer e4508a3518 keepalived: Update to version 1.4.5
- Use HTTPS for PKG_SOURCE_URL and as well for URL in description

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:42:25 +02:00
Josef Schlehofer e0af45ff79 bind: Update to version 9.11.10
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-01 17:01:50 +02:00