Commit Graph

5977 Commits

Author SHA1 Message Date
Magnus Kroken fe973d181b strongswan: backport upstream fixes for CVEs in gmp plugin
This fixes:
* CVE-2018-16151
* CVE-2018-16152
* CVE-2018-17540

Details:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-10-06 01:31:10 +02:00
Rosen Penev 63d221c310 rsyslog: Update to 8.38
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-10-05 13:08:07 -07:00
Dirk Brenken d3b239d523 Merge pull request #7140 from dibdot/travelmate
travelmate: update 1.2.4
2018-10-05 12:31:04 +02:00
Dirk Brenken 6baea8155b travelmate: update 1.2.4
* with the config option 'trm_radio' you can now restrict travelmate
  to a single radio (e.g. 'radio1') or change the overall
  scanning order (e.g. 'radio1 radio2 radio0')
* LuCI: show QR codes now inline on the overview page
  (collapsed by default)

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-10-05 10:37:41 +02:00
Hannu Nyman c4ab18d58e Merge pull request #7121 from Ansuel/nginxup
nginx: update to latest release
2018-10-02 00:07:56 +03:00
Daniel Golle 7cdbb75699 gnurl: build without libpsl
Make sure gnURL doesn't link against libpsl.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-10-01 02:18:15 +02:00
Daniel Golle ad66447b4e ola: depend on libftdi1
Building against libftdi1 can't be avoided in the presence of libftdi1
headers apparently. As it might be useful for some DMX adapters and
such, depend on libftdi1 from now on.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-30 23:08:05 +02:00
Daniel Golle af06f6fd52 gnurl: update to version 7.61.1
No release tarball has been published yet, use v7.61.1 git tag instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-30 23:02:44 +02:00
Eneas U de Queiroz 9f76fe1445 openssh: add openssl 1.1.0 compatibility
Five commits from upstream were applied to v. 7.8-p1:

482d23bc upstream: hold our collective noses and use the openssl-1.1.x
         API in
48f54b9d adapt -portable to OpenSSL 1.1x API
86e0a9f3 upstream: use only openssl-1.1.x API here too
a3fd8074 upstream: missed a bit of openssl-1.0.x API in this unittest
d64e7852 add compat header

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-09-30 18:59:04 +02:00
Daniel Golle b5b271a396 gnunet: update to gnunet 0.11 release candidate source as of 20180929
* break-out basic TCP and UDP transports
 * add xt and xu experimental transports
 * add zoneimport tool
 * add abe, credential and reclaim components to gnunet-social package
 * add new REST plugins

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-30 17:56:43 +02:00
Ansuel Smith ce9a8bc96e nginx: update to latest release
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-09-30 16:11:51 +02:00
W. Michael Petullo 95db98bd7d nfs-kernel-server: add support for NFSv4
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2018-09-29 20:34:33 +02:00
Dirk Brenken 241e7a34f6 Merge pull request #7115 from dibdot/ddns-fix
ddns-scripts: multiple fixes
2018-09-29 18:19:48 +02:00
Andy Walsh c5e0c3822a samba4: fix missing busybox 'hostname -f' command
* busybox does not have 'hostname' by default so replaced it with uci calls

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-29 11:06:09 +08:00
Dirk Brenken 750a8b1659 Merge pull request #7111 from Andy2244/wsdd2-fix-triggers
wsdd2: fix missing triggers
2018-09-28 08:11:17 +02:00
Dirk Brenken f334bc7181 Merge pull request #7110 from Andy2244/samba4-fix-netbiosname
samba4: fix netbios_name
2018-09-28 08:10:45 +02:00
Dirk Brenken e2f73cbd58 ddns-scripts: multiple fixes
* replace shell based urlencoder with an awk variant
* fix write_log function/syslog output in case of an error
* protect answer string with double quotes in update_route53
* remove bogus set/IFS options in update_route53
* clean-up update_route53 a little bit

This patchset finally fix #6977

Many thanks to @mark0n & @a-bali for testing & debugging

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-09-28 07:41:52 +02:00
Dirk Brenken 7f9dfaae85 Merge pull request #7112 from EricLuehrsen/unbound_leak
unbound: add patches for leaks during TLS query
2018-09-28 07:24:32 +02:00
Yousong Zhou e38c100612 treewide: remove obsolete references to avr32
This is a long overdue followup commit to openwrt/openwrt@5d9eeab
("build: remove obsolete references to cris and avr32")

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-09-28 12:03:20 +08:00
Eric Luehrsen 10665f5ce9 unbound: add patches for leaks during TLS query
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
2018-09-27 23:21:58 -04:00
Andy Walsh 32fe219d6f wsdd2: fix missing triggers
* add triggers so changes can be picked up

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-27 17:08:33 +02:00
Andy Walsh 32328835df samba4: fix netbios_name
* fixes: error 0x80070035
* add triggers to catch hostname changes

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-27 17:03:28 +02:00
Karl Palsson 4b309aefd6 mosquitto: bump to 1.5.3
Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt

Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS

Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
  connection. Closes #701.
- Fix duplicate clients being added to by_id hash before the old client was
  removed. Closes #645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
  Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
  Closes #965.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2018-09-26 10:48:51 +00:00
Hannu Nyman 811089d05f Merge pull request #7094 from Andy2244/master
samba4: update to 4.9.1
2018-09-24 22:14:45 +03:00
Andy Walsh 68270c787d samba4: update to 4.9.1
fixes: nmbd: Stop nmbd network announce storm (bug #13620).

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-24 11:02:47 +02:00
Florian Eckert 692ed62382 net/mwan3: update version to 2.7.2
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-09-24 10:21:43 +02:00
Florian Eckert 2cd5442a11 net/mwan3: fix start/stop/restart execution
Move setting global enabled flag from /etc/init.d/mwan3 to mwan3
command. So we could start mwan3 from the cmd mwan3 as well.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-09-24 10:20:35 +02:00
Florian Eckert d338131f40 net/mwan3: mwan3track should also send disconnected action on signal USR1
Also send disconnected action on system signal USR1.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-09-24 10:20:35 +02:00
Florian Eckert c9d8fceb63 net/mwan3: add ttl check
Add the additional optional ttl check to test the connection.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-09-24 10:20:35 +02:00
Tony Ambardar 8f241854ed stubby: bump PKG_RELEASE
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 22:20:39 -07:00
Tony Ambardar 7a1cfd43e9 stubby: remove unnecessary core limit
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Tony Ambardar 1170686cba stubby: add SPKI pin set for Cloudflare cert
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.

Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Tony Ambardar 8b2de594de stubby: add Cloudflare 1.0.0.1 and ::1001 servers
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Tony Ambardar 0425d9198a stubby: use EDNS client-subnet privacy by default
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Tony Ambardar 4819fc5e6e stubby: fix config file definition
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Tony Ambardar d5b0c46ece stubby: rearrange Makefile for clarity
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-23 21:55:03 -07:00
Thomas Heil 27df687034 Merge pull request #7086 from gladiac1337/feature-haproxy-v1.8.14
haproxy: Update HAProxy to v1.8.14
2018-09-23 23:28:26 +02:00
Dirk Brenken 8bbc9c7dbe Merge pull request #7025 from Andy2244/krb5-keyutil-fix
krb5: fix keyutils dependency
2018-09-23 14:42:25 +02:00
Christian Lachner 60138d90b8 haproxy: Update HAProxy to v1.8.14
- Update haproxy download URL and hash
- Removed all obsolete patches
- This fixes CVE-2018-14645 (See: https://nvd.nist.gov/vuln/detail/CVE-2018-14645)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2018-09-22 16:54:44 +02:00
Dirk Brenken f4cdfcf15a Merge pull request #7079 from valdi74/update_package_aria2
aria2: handle check_certificate=false config option
2018-09-22 07:21:49 +02:00
Dirk Brenken 4560c17c60 Merge pull request #7008 from TDT-AG/pr/20180912-keepalived-enable-ipvs
net/keepalived: update to version 2.0.7 and enable ipvs support
2018-09-22 07:20:12 +02:00
Dirk Brenken dd3f54ea0e Merge pull request #6990 from ptpt52/mwan3-fix
mwan3: optimize the process of copying routing tables
2018-09-22 07:14:44 +02:00
Dirk Brenken 4cdbabbf82 Merge pull request #7030 from jonathanunderwood/stubby_ca_certificates_dependency
stubby: add missing dependency on ca-certificates
2018-09-22 07:05:49 +02:00
Peter Wagner 61b5d27cb9 git: simplify install code
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2018-09-22 03:15:11 +02:00
Peter Wagner 30898cc49d git: don't hard link to symlinks, to avoid ending up with a git executeable with 0777 access rights
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2018-09-22 02:43:27 +02:00
Chen Minqiang 6a5836db32 mwan3: optimize the process of copying routing tables
- The original copy process is to delete all routing tables first,
   then add new routing table. This process is too slow and very dirty.
 - We use grep to identify the changes and apply them.
 - ignore ipv6 unreachable routes
 - update version number

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2018-09-21 15:35:39 +08:00
Hannu Nyman 511f39f7d0 Merge pull request #7068 from neheb/jool
jool: Update to 3.5.7 and switch to tarballs
2018-09-20 19:35:36 +03:00
Hannu Nyman 82b4496506 Merge pull request #7076 from mlichvar/chrony-update-3.4
chrony: update to 3.4
2018-09-20 19:34:33 +03:00
Waldemar Konik 7b1c25f48c aria2: handle check_certificate=false config option
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
2018-09-20 13:24:57 +02:00
Hannu Nyman 498568893d Merge pull request #7069 from sartura/geth_1.8.15
geth: Update to 1.8.15
2018-09-19 22:25:54 +03:00