Relevant bits of upstream changelog
New Features
argon2: Support more hashes
scrypt: Now uses python 3.6 stdlib’s hashlib.scrypt() as backend, if present (issue 86).
Bugfixes
Python 3.8 compatibility fixes
passlib.apache.HtpasswdFile: improve compatibility with Apache 2.4's htpasswd
passlib.totp: fix some compatibility issues with older TOTP clients (issue 92)
Fixed error in argon2.parsehash() (issue 97)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
go build/install supports multiple -ldflags arguments, but they are not
combined; for each package, the latest match on the command line is
used.[1]
Previously, the main executable would not be affected by the default
ldflags if GO_PKG_LDFLAGS or GO_PKG_LDFLAGS_X were set. (The default
ldflags instructs go to use the external linker.)
This fixes golang-package.mk so that the default ldflags take effect in
all cases.
[1]: https://golang.org/cmd/go/#hdr-Compile_packages_and_dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 4827bc7509)
[openwrt-19.07] libuv: update to 1.32.0
update to 1.32.0
Update is required to build the latest node.js v12.x.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Repository was renamed to github.com/DNSCrypt/dnscrypt-proxy
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit cddf39cbd1)
Busybox in default uses SHA512 as well.
On big ditribution this default is sourced from PAM. That means that
shadow reads pam settings and uses that. OpenWrt in most cases does not
have PAM installed and in such case shadow fallbacks to its own default
which is DES. This just changes that default to SHA512 which is
consistent with rest of the system.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit f27ce05a58)
usleep is deprecated and is optionally not available with uClibc-ng.
Added PKG_LICENSE_FILES.
Added PKG_CPE_ID for proper CVE tracking.
Other minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1f1cec28b7)
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit dde503da13)
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b2a890f6ad)
I am upstream for msmtp-scripts and have decided to abandon the project. Therefore
remove msmtp-scripts from OpenWrt -- there is already msmtp-queue which is 'good enough'
for the use cases where msmtp-scripts had any relevance.
This backports to 19.07 so that it doesn't become something folks are depending on.
Due to changes in lock behaviour it never worked in 18.04.x, so ditching it now
keeps it from being picked up again by the userbase.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Also fix the license information: in older versions the test programs
were GPL 3 licensed, but meanwhile it changed to BSD license.
But since this package only packages the library itself, we can
safely focus only on the LGPL here which covers the library itself.
While at, fix a minor nitpick during library symlink installation.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Daniel F. Dickinson