Commit Graph

7198 Commits

Author SHA1 Message Date
Rosen Penev 81571ac0ef gnutls: Use HTTPS instead of FTP
While recently building asterisk, the make system stalled on gnutls. On my install of Ubuntu 16.04 on WSL, it seems curl can't download from ftp and doesn't even time out properly. Easiest solution is to switch the gnutls Makefile to use HTTPS instead.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-30 22:31:17 +01:00
Arturo Rinaldi fe63607e88 python: declare explicit Host/Compile to fix pgen tool installation error
Signed-off-by: Arturo Rinaldi arty.net2@gmail.com
[squash commits, fix commit title]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:08:37 +01:00
champtar 8eb10fd28f Merge pull request #5012 from TDT-AG/20171025-luci-app-mwan3-fix-iface_state
net/mwan3-luci: fix iface_state on on status page for 17.01
2017-12-11 11:43:46 -08:00
Florian Eckert 78acfcc7ed net/mwan3-luci: fix iface_state on on status page
Since commit 4739584c24 the status of the
interface is not reported correctly anymore. To fix this issue do not test
if the routing table is presented use instead the "/var/run/iface_state/[iface]"
to get the interface state because the routing table will not get deleted
anymore if the interface is offline.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-11 15:21:16 +01:00
Jo-Philipp Wich a915753aaa Merge pull request #5228 from commodo/python-2.7.14-17.01
python: update to version 2.7.14 for branch 17.01
2017-12-05 14:32:57 +01:00
Alexandru Ardelean 7cf09e3ec4 python: update to version 2.7.14 for branch 17.01
Bump version and overwrite patches from master,
since those were refreshed (at some point).

I got an email notification about some CVEs
for branch 17.01, so I decided to update Python.

Technically, one seems to be for SolidWorks
from what I can tell, but upgrading should be easy.

```
Hello Alexandru Ardelean,

The package python is vulnerable to the following CVEs:
CVE-2014-4616
  https://nvd.nist.gov/vuln/detail/CVE-2014-4616

CVE-2017-100015
  https://nvd.nist.gov/vuln/detail/CVE-2017-100015

Please consider updating or patching the package.
```

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-12-05 15:22:29 +02:00
Daniel Golle 0230af3b20 attendedsysupgrade-common: add package
This package provides the UCI config shared by both, the CLI and Web
clients used for attended-sysupgrade.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-20 17:49:34 +01:00
Saverio Proto feda1e4ba6 tinc: version bump 1.0.33
Signed-off-by: Saverio Proto <saverio.proto@switch.ch>
2017-11-05 04:00:10 +01:00
Nikos Mavrogiannopoulos f2131de798 gnutls: updated to 3.5.16
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-11-04 23:41:09 +01:00
Matthias Schiffer 82ef2fd773 jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:

    Package kmod-jool is missing dependencies for the following libraries:
    crypto_hash.ko

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-10-29 18:38:59 +01:00
Etienne Champetier fee9a0aad3 monit: update to 5.24, use https download url
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne Champetier 5a6fcfbce3 monit: update to 5.23
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne CHAMPETIER 4479fada4d monit: update to 5.20, use PKG_HASH
this adds zlib as dependency

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Etienne Champetier 9ce3deb840 sqlite3: update to 3.19.3
fix possible database corruption
https://www.sqlite.org/releaselog/3_19_3.html

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2017-10-25 11:36:18 -07:00
Daniel Engberg 6bca857952 libs/sqlite3: Update to 3190200
Update sqlite to 3190200
Remove obsolete tarball hash variable

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-25 11:36:18 -07:00
Ian Leonard 0a279576a9 sqlite: update to 3.17.0
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
2017-10-25 11:36:18 -07:00
Karl Palsson 58a1a733e5 libwebsockets: add PROVIDES to both variants
Fixed recently in master as part of upgrading, but the same issue
applies to 17.01.  The two variant packages both now PROVIDE
libwebsockets, the virtual package.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-10-25 11:15:12 +00:00
Hirokazu MORIKAWA e967fd8ca8 icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/

https://security-tracker.debian.org/tracker/CVE-2017-14952

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2017-10-24 02:34:06 -05:00
Jo-Philipp Wich 3c29b149f5 Revert "Provides a way to acquire the list of installed packages without the"
This reverts commit 983819f3f0.
2017-10-20 15:08:54 +02:00
Jo-Philipp Wich 27bdc743ce Revert "add ubus call to perform a sysupgrade and acl file for the attended"
This reverts commit f6c287f1ee.
2017-10-20 15:08:54 +02:00
Jo-Philipp Wich cdcf6ad237 Revert "due to renaming .rpcd was forgotten in the Makefile"
This reverts commit 04cbc70c52.
2017-10-20 15:08:54 +02:00
Paul Spooren 04cbc70c52 due to renaming .rpcd was forgotten in the Makefile
Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit c98e9f3b18)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 15:02:01 +02:00
Paul Spooren f6c287f1ee add ubus call to perform a sysupgrade and acl file for the attended
sysupgrade use case as well uci defaults.
Package is a part of the GSoC 17 project implementing easy
sysupgrade functionality.

Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit f9a6c81c11)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 15:02:01 +02:00
Paul Spooren 983819f3f0 Provides a way to acquire the list of installed packages without the
need to have opkg available. It is being used for the GSoC 17 project
implementing easy sysupgrade functionality.

Signed-off-by: Paul Spooren <paul@spooren.de>

(cherry picked from commit 0d2e674aa1)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-20 14:47:30 +02:00
Stijn Tintel cd5c448758 wireguard: drop package
WireGuard was added to LEDE core. See discussion at
https://github.com/lede-project/source/pull/1409

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-16 14:08:26 +03:00
Hannu Nyman 73c9ff9274 Merge pull request #4914 from zx2c4/lede-17.01
wireguard: bump to release 0.0.20171005 for 17.01
2017-10-10 17:54:20 +03:00
champtar 631309edbb Merge pull request #4916 from StevenHessing/noddos-lede-17.01
noddos: new backport of noddos from master branch
2017-10-08 08:45:34 -07:00
Steven Hessing 9040b270b5 noddos: new backport of noddos from master branch
Signed-off-by: Steven Hessing <steven.hessing@gmail.com>
2017-10-07 21:24:43 -07:00
Jason A. Donenfeld 72e886788a wireguard: bump to release 0.0.20171005 for 17.01
WireGuard is well documented for being an experimental project, not
currently ready to be stabilized. As such, it's important for packagers
to always keep the project up to date in all contexts.

However, it is common for some projects, such as LEDE/OpenWrt to have
stable branches, which don't expect a lot of churn or modification.

The WireGuard that happened to ship with 17.01 is broken and crufty and
shouldn't be used at all. It's highly unlikely that there's anybody out
there even using it; it won't work with anything else.

So, this commit updates the 17.01 package to the latest upstream
version. Because the 17.01 stable branch can't be updated all the time,
it's important that this bump here in this commit is a stable one.

I believe 0.0.20171005 to be a fairly stable snapshot, which should be
suitable for the 17.01 branch. As stated earlier, the 0.0.20170115
currently in this branch is highly problematic. 0.0.20171005 offers
extremely important changes.

I'll continue to send package bumps for 17.01, but only for snapshot
releases that I think fix an important bug or provide a noted increase
in stability, or have similar goals to this commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-08 01:24:29 +02:00
Hauke Mehrtens 21b2e3eb76 Merge pull request #4879 from nxhack/17_01-CVE-2017-1000250
[lede-17.01] bluez: fix CVE-2017-1000250
2017-10-03 11:24:11 +02:00
Hirokazu MORIKAWA de79f4c749 bluez: fix CVE-2017-1000250
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

bluez: fix CVE-2017-1000250

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2017-09-27 14:17:34 +09:00
Hauke Mehrtens b56e6504be tor: update to version 0.2.9.12
This fixes the TROVE-2017-008 (CVE-2017-0380) security problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 17:54:16 +02:00
Hauke Mehrtens c69b077483 tor: update to version 0.2.9.11
This fixes CVE-2017-0376

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 17:53:13 +02:00
champtar 3b3e2cbe95 Merge pull request #4862 from luizluca/17.01/ruby-2.4.2
[17.01] ruby: bump to 2.4.2 (backported from master)
2017-09-23 16:52:04 -07:00
Luiz Angelo Daros de Luca ea9ca5ed7e ruby: bump to 2.4.2
This release contains some security fixes.

 CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
 CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
 CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
 CVE-2017-14064: Heap exposure in generating JSON
 Multiple vulnerabilities in RubyGems
 Update bundled libyaml to version 0.1.7.

And many other bugfix.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 699d9bef30)
2017-09-20 10:04:45 -03:00
Hannu Nyman fa3a118de8 collectd: uptime plugin: apply fix from upstream
Backport from master the fix for uptime plugin.
Adjust it for 5.5.3

  Uptime plugin fails to adjust for system time changes after boot.
  As Openwrt/LEDE routers usually do not have a RTC, the system time
  gets adjusted with NTP possibly after collectd has already started.
  But collectd continues to use the initial time set by 'sysfixtime',
  which can lead to incorrect uptime calculations.

  Apply a proposed fix from upstream that uses /proc/uptime

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-09-15 19:10:37 +03:00
Hannu Nyman a61d8060e1 Merge pull request #4834 from marcin1j/pr/20170911-mwan3-backport-lede17.01-66406f9
mwan3: fix interface-bound traffic when interface is offline
2017-09-15 15:49:40 +03:00
Marcin Jurkowski 4739584c24 mwan3: fix interface-bound traffic when interface is offline
This is a backport of 66406f9 to LEDE 17.01 and replaces hotfix 282e900.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-09-14 10:00:34 +02:00
Thomas Heil d61bf45c3c haproxy: update to 1.7.8 and pending patches
- fixes reload issue with hanging process

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:16:49 +02:00
Thomas Heil a6a44f91f3 pcre: Added fix for CVE-2017-11164 by adding stack recursion limit
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:15:20 +02:00
Thomas Heil 1434dbdf55 pcre: upgrade to version 8.41
- fixes security issues

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:15:20 +02:00
Stijn Tintel ad256bbfa7 strongswan: fix typo
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 4660504c61)
2017-09-02 12:29:35 +03:00
Stijn Tintel a700729158 strongswan: add curve25519 plugin
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit a268689adc)
2017-09-02 12:29:13 +03:00
Stijn Tintel 1143cb9b2c strongswan: bump to 5.5.3
Fixes CVE-2017-9022, CVE-2017-9023.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 960006be50)
2017-09-02 12:28:42 +03:00
Stijn Tintel 384e89b3d7 strongswan: bump to 5.5.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 18b076ab93)

Conflicts:
	net/strongswan/Makefile
2017-09-02 12:26:26 +03:00
champtar 4e845ad639 Merge pull request #4722 from TDT-GmbH/mwan3-fixes
net/mwan3: fixes for mwan3 (lede-17.01)
2017-08-25 14:10:45 -07:00
Florian Eckert fe233e3596 net/mwan3: update Makefile
- Update version
- Update maintainer to me

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-25 08:01:27 +02:00
Hannu Nyman 269b96d656 Merge pull request #4741 from EricLuehrsen/unbound_1_6_5
[LEDE-17.01] unbound: update to 1.6.5
2017-08-22 17:43:53 +03:00
Eric Luehrsen 42f465707f unbound: update to 1.6.5
This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-08-21 23:45:42 -04:00
Florian Eckert a3c78648cb net/mwan3: remove lock file on mwan3 stop
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5e123852bc)
2017-08-17 11:57:40 +02:00