- Oct 15, 2024
-
-
Changelog: https://lists.haxx.se/pipermail/c-ares/2021-October/000002.html This includes the update to the domain name, made upstream, ref: https://lists.haxx.se/pipermail/c-ares/2021-September/000001.html Signed-off-by:
Karl Palsson <karlp@etactica.com> (cherry picked from commit 60e60fc3) Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu>
-
- Jan 04, 2024
-
-
Suvendhu Hansa authored
-
- Oct 17, 2023
-
-
Andreas Gnau authored
Fix CVE-2023-38545 SOCKS5 heap buffer overflow Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu>
-
- Feb 13, 2023
-
-
Vivek Dutta authored
-
- Jan 26, 2023
-
-
Andreas Gnau authored
Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu>
-
Andreas Gnau authored
This fixes CVE-2022-40284. Security release 2022.10.3 (Oct 31, 2022) * Rejected zero-sized runs * Avoided merging runlists with no runs Security version 2022.5.17 (May 26, 2022) * Improved defence against maliciously tampered NTFS partitions * Improved defence against improper use of options * Updated the documentation Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu>
-
Andreas Gnau authored
This reverts commit 9766c9ea.
-
Andreas Gnau authored
This fixes CVE-2022-40284. Security release 2022.10.3 (Oct 31, 2022) * Rejected zero-sized runs * Avoided merging runlists with no runs Security version 2022.5.17 (May 26, 2022) * Improved defence against maliciously tampered NTFS partitions * Improved defence against improper use of options * Updated the documentation Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu> (cherry picked from commit 0417df60)
-
Change ---help--- to plain 'help' in Package/ntfs-3g/config, as newer versions of kconfig have removed the command's older name. Signed-off-by:
Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d5226e1e)
-
Upstream announced new release which includes fixes for 21 CVEs (see [1]). Upstream changed the symlink "mkfs.ntfs" to respect "--sbin-dir". So this commit adjusts this likewise in the Makefile. [1] https://www.openwall.com/lists/oss-security/2021/08/30/1 Signed-off-by:
Sebastian Kemper <sebastian_ml@gmx.net> (cherry picked from commit 555546e3)
-
Andreas Gnau authored
This reverts commit 40b7ea60. Will be added by future cherry-picked version bumps.
-
- Jan 25, 2023
-
-
this update also fixes a CVE Signed-off-by:
Lucian Cristian <lucian.cristian@gmail.com> (cherry picked from commit ec252c20) (cherry picked from commit baad17e96f87999a10df94cac05ca4e9526de60c)
-
Signed-off-by:
Lucian Cristian <lucian.cristian@gmail.com> (cherry picked from commit b2efa063) (cherry picked from commit f47ecdc42f9487a8b14e16d6d44d9b427722be26)
-
Signed-off-by:
Lucian Cristian <lucian.cristian@gmail.com> (cherry picked from commit b8c2ab47) (cherry picked from commit 883fded23d6774d28774e6240e715b4abde2ad40)
-
Signed-off-by:
Lucian Cristian <lucian.cristian@gmail.com> (cherry picked from commit 7087177b) (cherry picked from commit e9130a712f3b342ff6645942d238eaf7e734d53b)
-
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: #19005, #19547 Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682 ] Signed-off-by:
Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f366) (cherry picked from commit a1d76d41c3c1bdcca67e076d4a8fd5688c92ae97)
-
options.h header is needed after bump of libwolfssl to version 5.5.1, otherwise libcurl autodetection for libwolfssl availability fails and libcurl is then compiled without https support. Fixes: #19547 Signed-off-by:
Rosen Penev <rosenp@gmail.com> (cherry picked from commit 31757575) (cherry picked from commit ef545e03) Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit verbosity] (cherry picked from commit f4cc6adcfeedce8090c735e6d1fff6123c72bd01)
-
As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide: fix security issues by bumping all packages using libwolfssl"). Signed-off-by:
Petr Štetiar <ynezz@true.cz> (cherry picked from commit 845d81ca) (cherry picked from commit f624e41f) (cherry picked from commit c8447b8a3829349822c9d26c978959042d697d0a)
-
* https://curl.se/changes.html#7_83_1 Signed-off-by:
Stan Grishin <stangri@melmac.ca> (cherry picked from commit b0f213a7) (cherry picked from commit baaa3ef00adf82253b6028984ffb44bc478797fd)
-
Fixes #18082 Signed-off-by:
Chris Osgood <chris_github@functionalfuture.com> (cherry picked from commit 4eb08bac) (cherry picked from commit f01cf663b68e04196963c339e1ab7202b6afdc57)
-
* changelog: https://curl.se/changes.html#7_82_0 Signed-off-by:
Stan Grishin <stangri@melmac.ca> (cherry picked from commit 38b3a5f8) (cherry picked from commit 1a0cb5ce4ab88b764600429c7687b66d7ed91401)
-
- Dec 19, 2022
-
-
(cherry picked from commit 75b1208a)
-
- Oct 07, 2022
-
-
This fixes CVE-2022-29824. Signed-off-by:
Michael Heimpold <mhei@heimpold.de> (cherry picked from commit c12e1cfc)
-
This fixes CVE-2022-23308. Also switch to GNOME as download source and xz tarball. Signed-off-by:
Michael Heimpold <mhei@heimpold.de> (cherry picked from commit 81fd836f)
-
- Aug 09, 2022
-
-
- use include conf.d for listener conf (cherry picked from commit 7f899cbd)
-
- Apr 01, 2022
-
-
Andreas Gnau authored
This reverts commit adf9c249. Unconditionally setting the default algorithm to bcrypt will make the rest of the system such as dropbear and also busybox in its default config not work with the hashes written by the passwd utility. See also: https://github.com/openwrt/packages/commit/adf9c249498fe526e2d6afd19bf7985f116c8531 Fixes IOP-7508. IOP-7697 to investigate proper fix. Signed-off-by:
Andreas Gnau <andreas.gnau@iopsys.eu>
-
- Mar 01, 2022
-
-
Jani Juvan authored
-
- Feb 17, 2022
-
-
Hauke Mehrtens authored
[21.02] ksmbd: update to 3.44
-
- Feb 16, 2022
-
-
Jeffery To authored
This includes fixes for: * CVE-2022-23772: math/big: Rat.SetString may consume large amount of RAM and crash * CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid field elements Signed-off-by:
Jeffery To <jeffery.to@gmail.com> (cherry picked from commit 69c53fcb)
-
- Feb 15, 2022
-
-
Marius Dinu authored
The first-run command should create a new tvheadend configuration including an admin account with no name and no password, but it aborts (-A) too early without saving the files. I reported the bug here: https://tvheadend.org/issues/6140 This workaround fixes the problem by removing the tvheadend -A switch and replacing it with a 10s delay and a kill signal. That should be enough even for slow routers to generate and save the configuration. It is meant to be a temporary fix until tvheadend bug is resolved. Signed-off-by:
Marius Dinu <m95d+git@psihoexpert.ro>
-
Rosen Penev authored
Signed-off-by:
Rosen Penev <rosenp@gmail.com> (cherry picked from commit 3ffd540b)
-
Georgi Valkov authored
The configuration for the ksmbd service is auto-generated when the OpenWRT configuration changes, and also during startup, hence ksmbd.init has to reload the kernel module. It does that by calling kill_server, which does not perform cleanup. This results in ksmbd being killed but not restarted properly during boot. This patch resolves the issue by using stop_service, which performs proper cleanup. https://forum.openwrt.org/t/ksmbd-samba3-4-alternative-ex-cifsd-smbd-package-support-thread/51695/68 Signed-off-by:
Georgi Valkov <gvalkov@abv.bg> (cherry picked from commit 4af04cdc)
-
Rosen Penev authored
Signed-off-by:
Rosen Penev <rosenp@gmail.com> (cherry picked from commit 4adeed48)
-
Marcos Del Sol Vives authored
Signed-off-by:
Marcos Del Sol Vives <marcos@orca.pet> (cherry picked from commit 2b48a695)
-
Rosen Penev authored
Add AUTORELEASE as 19.07 compatibility is not needed. Add dependency hacks and add comments. Add upstream patch to get rid of FS_POSIX_ACL requirement. Signed-off-by:
Rosen Penev <rosenp@gmail.com> (cherry picked from commit c732305a)
-
- Feb 12, 2022
-
-
Gerard Ryan authored
Signed-off-by:
Gerard Ryan <G.M0N3Y.2503@gmail.com>
-
Gerard Ryan authored
Signed-off-by:
Gerard Ryan <G.M0N3Y.2503@gmail.com>
-
- Feb 11, 2022
-
-
Vivek Dutta authored
-
- Feb 10, 2022
-
-
Tianling Shen authored
Signed-off-by:
Tianling Shen <cnsztl@immortalwrt.org> (cherry picked from commit 4454f8bb)
-
Rafał Miłecki authored
It has been imported as core package into OpenWrt repository. Its fdtget is required by sysupgrade on U-Boot devices so it couldn't live in an extra feed. Signed-off-by:
Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c8d4c89d)
-