Commit Graph

3254 Commits

Author SHA1 Message Date
heil bb23089e84 prosody: upgrade to 0.9.9
fixes:
    * path traversal vulnerability in mod_http_files (CVE-2016-1231)
    * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Signed-off-by: heil <heil@terminal-consulting.de>
2016-01-25 13:31:29 +01:00
Michael Heimpold 18d121b854 php5: update to 5.6.17
Fixes CVE-2016-1903.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2016-01-24 21:47:52 +01:00
Noah Meyerhans 41dcf83e53 bind: upgrade to 9.9.8-P3
Fixes:
 * CVE-2015-8704
 * CVE-2015-3193
 * CVE-2015-8000
 * CVE-2015-8461

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2016-01-24 12:43:29 +01:00
Karl Palsson 97a33d77ef mosquitto: properly separate the passwd utility
Building both variants improperly tried to include the passwd utility
for the non-ssl variant, as the variable was set for the ssl variant.

Use properly separated install tasks to install additional files, rather
than hacking around inside the single target.

Signed-off-by: Karl Palsson <karlp@remake.is>
2016-01-19 12:05:48 +00:00
Karl Palsson 6ff7317492 mosquitto: fix old whitespace bug
Introduced back in 2014

Fixes: cd21cbb82e
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
2016-01-19 12:05:48 +00:00
Jo-Philipp Wich 472f8c826e mosquitto: fix whitespace error introduced with 7a6a575887
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-01-18 09:53:55 +01:00
Peter Wagner 400d01d37f tor: update to 0.2.7.6
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2016-01-16 20:42:48 +01:00
Peter Wagner 6052829a43 ntpd: update to 4.2.8p5
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2016-01-16 12:47:09 +01:00
tripolar dbe561d856 Merge pull request #2270 from xypron/15.05-openssh
openssh: update to 7.1p2
2016-01-16 12:41:05 +01:00
Heinrich Schuchardt fc7fc89ee7 net/openssh: version 7.1p2
Use version 7.1p2 due to several security bulletins.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2016-01-16 11:46:32 +01:00
Karl Palsson 18d05777af mosquitto: Bump to version 1.4.7
Minor changes mostly unrelated to OpenWRT.
Full changelog at http://mosquitto.org/2015/12/version-1-4-7-released/

Signed-off-by: Karl Palsson <karlp@remake.is>
2016-01-15 09:33:59 +00:00
Karl Palsson 5dda75f84c mosquitto: optionally include mosquitto_passwd utility
Many users of the SSL build of mosquitto need the passwd utility for
managing keys.

Fixes github issue #1909

Signed-off-by: Karl Palsson <karlp@remake.is>
2016-01-15 09:33:59 +00:00
Nikolay Martynov d9c2951b19 bridge-utils: copy from oldpackages
* update Makefile accoring to CONTRIBUTING.md, set maintainer
* fix file offset handling
* use https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git for source code

Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
2016-01-15 08:45:42 +01:00
Luiz Angelo Daros de Luca d5999694c1 sane-backends: minor Makefile text typo
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2016-01-14 16:43:01 +01:00
Luiz Angelo Daros de Luca 6128fa0f3d sane-backends: select all backends when CONFIG_ALL
sane-xxx backend packages are hidden packages with custom
config and CONFIG_ALL does not select them alone. Now
sane-backends depends on +ALL:sane-backends-all.

No existing ipk is affected as the changed package/sane-backends
does not exist as an ipk.

030-musl.patch was updated to be submitted upstream. However,
the added preprocessor #if are always true for OpenWRT and will
not change the resulting code.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2016-01-14 16:43:01 +01:00
Luiz Angelo Daros de Luca 752590d266 sane-backends: import from oldpackages and update
Changes since oldpackages:
- updated to 1.0.25
  * most of openwrt patches are upstreamed now
- cups dependency was completely removed
- small musl patch
- small uclibc patch
- removed link to extra libraries in libsane (used only
  for preload backends)
- sane-libs and sane-backends merged and exploded into
  individual packages for each backend:
  * libsane for sane library (which backends should dep on)
  * sane-daemon for saned daemon
  * sane-xxx for sane backend for xxx
  ** each backend has its own custom dep libraries
  * sane-backends-all (with no files) that deps on all backends
  * sane-qcam is only available for x86/x86_64
  ** other archs does not implement inb/outb (at least in musl)

Now it is possible to use SANE with much less FS space (KB
instead of MB).

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2016-01-14 16:43:00 +01:00
Mislav Novakovic 04d79438d2 squid: update to 3.5.12
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
2016-01-13 00:59:37 +01:00
Hannu Nyman 6650c96833 Merge pull request #2262 from clehner/for-15.05
ncdu: update to 1.11
2016-01-12 20:12:02 +02:00
Charles Lehner 624f2a8967 ncdu: update to 1.11
- Add patch to get WEXITSTATUS and WIFEXITED defined
    The issue is fixed in upstream's development repo, so the patch won't be
    needed with ncdu's next release.
- Depend on more commonly used libncurses instead of libncursesw
- Enable parallel build
- Update copyright

Signed-off-by: Charles Lehner <cel@celehner.com>
2016-01-12 12:33:23 -05:00
Luiz Angelo Daros de Luca 375f617245 ruby: bump to 2.2.4
This release includes a security fix for Fiddle extension.

* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

There are also some bugfixes.

In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for libraries).
The missing values from LD_FLAGS cause build error when gcc does not implicitly
include staging/usr/lib.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2016-01-11 15:31:27 +01:00
Hannu Nyman f6ee970394 Merge pull request #2258 from lbschenkel/cloudflare-rec_id-for-15.05
ddns-scripts: allow setting CloudFlare 'rec_id' in the config
2016-01-11 12:56:58 +02:00
Nikos Mavrogiannopoulos 25de619b04 ocserv: updated to 0.10.11
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2016-01-10 08:35:27 +01:00
Nikos Mavrogiannopoulos 4a3331c47a gnutls: updated to 3.4.8
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2016-01-10 08:35:21 +01:00
Nikos Mavrogiannopoulos a712cfd4e6 gnutls: updated to 3.4.7
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2016-01-10 08:35:21 +01:00
Hannu Nyman 594e6a4916 Merge pull request #2230 from MikePetullo/for-15.05
For 15.05: Cherry pick a number of updates from maintainer into 15.05
2016-01-09 17:06:44 +02:00
Oliver Middleton b4a34de7d8 libpng: update to 1.2.56
Fixes CVE-2015-8126 and CVE-2015-8540.

Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
2016-01-09 13:54:46 +01:00
Leonardo Brondani Schenkel 163252fcec ddns-scripts: bump 2.4.3 to release 2 2016-01-08 20:10:58 +01:00
Leonardo Brondani Schenkel 57ba3be8e0 ddns-scripts: allow setting CloudFlare 'rec_id' in the config
This is necessary when there are multiple records for the same domain,
otherwise the script will overwrite the first one returned by the API.
It has the secondary benefit of allowing faster updates by performing
only one API call instead of two.

In case 'rec_id' is not set the script behaves exactly as before.

Signed-off-by: Leonardo Brondani Schenkel <leonardo@schenkel.net>
(grafted from 019ba13d01e93c18d0ed35b0aeb3399f28108e0e)
2016-01-08 19:47:57 +01:00
Nikos Mavrogiannopoulos 57c660e98d ocserv: prevent a crash if the per-user dir does not exist
Relates #2167

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2016-01-05 21:49:13 +01:00
Jo-Philipp Wich 7bc5cdcee3 Merge pull request #2195 from jow-/for-15.05
CC: freeradius2: completely disable runtime OpenSSL version checks
2016-01-04 09:06:40 +01:00
W. Michael Petullo 23fbc85322 krb5: port removal of Prepare target from master
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 17:23:27 -05:00
W. Michael Petullo aa49d8967b lighttpd: update to 1.4.38
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 16:33:59 -05:00
W. Michael Petullo 19e3ebc68e krb5: update to 1.14
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 16:29:56 -05:00
W. Michael Petullo b8c9bc0200 openldap: update to 2.4.43
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 16:29:52 -05:00
W. Michael Petullo 304fefb3fa libsoup: update to 2.53.2
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 16:29:48 -05:00
W. Michael Petullo 29fdf3e483 luasec: update to 0.5.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2016-01-01 16:29:43 -05:00
Jo-Philipp Wich 08d8c7f60b Merge pull request #2169 from MikePetullo/php5
Cherry pick PHP5 updates into for-15.05.
2015-12-28 16:26:52 +01:00
Jo-Philipp Wich 36ea23dce8 freeradius2: completely disable runtime OpenSSL version checks
Whenever we ship fixed libopenssl binaries in CC, the Freeradius daemon fails
at startup because it detects a mismatch of the build time and runtime OpenSSL
version.

Since our OpenSSL updates for CC are ABI compatible we do not need or even want
this superflous check. Removing it saves us the effort to rebuild Freeradius
after every OpenSSL version bump.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-12-28 16:25:02 +01:00
Michael Heimpold 766cfcc77f php5: update to 5.6.16
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 16:00:14 -05:00
Michael Heimpold 41f541bd26 php5: update to 5.6.15
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 16:00:04 -05:00
Michael Heimpold 0df349f8df php5: update to 5.6.14
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:59:54 -05:00
Michael Heimpold 196b622bd6 php5: update to 5.6.13
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:59:43 -05:00
Michael Heimpold 1cbcdf7f9e php5: fix the two different maintainer fields into one (fixes #1688)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:59:32 -05:00
Michael Heimpold 9bbdad4ed7 php5: update to 5.6.12
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:59:21 -05:00
Michael Heimpold 6cba0bf545 php5: update to 5.6.10
This fixes the following CVEs:
 - in PCRE: CVE-2015-2325, CVE-2015-2326
 - in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:59:10 -05:00
Michael Heimpold 559df398ff php5: update to 5.6.9
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9

Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.

Refresh 950-Fix-dl-cross-compiling-issue.patch.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:58:46 -05:00
Michael Heimpold f0a0448857 php5: add php5-mod-opcache (fixes #1010)
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it
need a little workaround during cross-compiling.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:58:27 -05:00
Michael Heimpold f04165e4e0 php5: pecl: move phpize into prepare stage
This allows pecl modules to rely on PKG_FIXUP:=autoreconf.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2015-12-23 15:57:57 -05:00
Nikos Mavrogiannopoulos 83ad5a9233 vpnc-scripts: bumped version
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-12-20 19:31:50 +02:00
Aleksandar Radovanovic a057c03002 vpnc-scripts: Fix handling of multiple VPN DNS servers
Fix for #2116 - $INTERNAL_IP{4,6}_DNS variables are not word-split correctly when containing more than one DNS server.

Signed-off-by: Aleksandar Radovanovic <biblbroks@sezampro.rs>
2015-12-20 19:29:59 +02:00