Fixes CVE-2019-19221

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

apr-util: clean up reverse depends (and fix subversion dep)

mjpg-streamer: update to latest git version

luajit: use dynamic buildmode

backuppc: replace samba36 dependency

apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

This dep can be removed since apu-1-config was cleaned up.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

004-avoid_ldap_by_defaut.patch:
 By default use --avoid-ldap since apache2 is the only user, and we don't
 want to add extra dependencies to other apr-utils rdepends. Patch from
 Ryan Niebur <ryanryan52@gmail.com>, copied from Debian.

005-apu_config_dont_list_indep_libs.patch:
 Prevent recursive linking of dependent libraries by apr-util users.
 Patch from Peter Samuelson <peter@p12n.org>, also copied from Debian.
 Makes libexpat and libiconv private.

006-avoid_db_by-default.patch:
 Make apu-config not output dbm libs by default. See Debian #622081.
 Patch from Stefan Fritsch <sf@debian.org>, also copied from Debian

While bumping the revision also correct license information.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

golang: Update for ASLR PIE tristate option change

The ASLR PIE option was changed to a tristate option
(openwrt/openwrt@19cbac7d264dfca1f75849de64beb98830fbb1e4). This updates
the Go compiler package and golang-package.mk to account for this
change.

This also adds warning messages for when the user has selected PIE but
Go does not have PIE support for the chosen target.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

python3: Fix compilation without deprecated APIs

tinyproxy: update to 1.10.0

Samba 3.6 will be removed soon. samba4-client a replacement.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

glib2: fix mips16 build, add size reducing static link, fpic CFLAGS

Reduces package size with about 50%

Fixes: https://github.com/openwrt/packages/issues/10848



Signed-off-by: Rosen Penev <rosenp@gmail.com>

canutils: fix canutils makefile dependency

PKG_RELEASE bumped

Signed-off-by: Paulo Machado <pffmachado@yahoo.com>

This is based on upstream work here:

https://github.com/python/cpython/pull/3934
and
https://github.com/python/cpython/pull/39430



First patch was kept as is (just rebased) while the second was combined
into one.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

modemmanager: release 1.12.4

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

python-pyasn1-modules: Update to 0.2.8

libssh: updated to 0.9.3

This updates the library to address several CVEs, add modern
crypto, and eliminate legacy patches.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

golang: More updates

python-evdev: bump to version 1.3.0

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

New stable release with lots of fixes, including some severe memory
leaks happening when GPS management is used in QMI-based devices.

https://lists.freedesktop.org/archives/modemmanager-devel/2020-January/007670.html



Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>

This adds support to compile position-independent executables for
packages that use golang-package.mk.

Go packages will have PIE enabled if:
* Go supports PIE on the target platform;
* CONFIG_PKG_ASLR_PIE is selected; and
* PKG_ASLR_PIE (for the package) is not set to 0

Go 1.13 supports PIE for x86 and arm targets; mips support is in
progress[1].

[1]: https://github.com/golang/go/issues/21222#issuecomment-542064462



Signed-off-by: Jeffery To <jeffery.to@gmail.com>

This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.

Fixes #10967.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

DEPENDS attribute makes canutils fail on installation procedure

Removing it makes a successful build

Signed-off-by: Paulo Machado <pffmachado@yahoo.com>

Solves Issue #10373 and PR #10428

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
(bumped PKG_RELEASE)
Signed-off-by: Rosen Penev <rosenp@gmail.com>

apache: fix build + remove BROKEN from dbd-mysql

libseccomp: update to version 2.4.2

- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected

This fixes the two different build failures that can currently be
observed.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

Patch by Kris Karas from
https://bz.apache.org/bugzilla/attachment.cgi?id=35326&action=diff



This patch is also used by Debian.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

cyrus-sasl: install module symbolic links of form libX.so

I was too aggressive in recommending that we remove the module symbolic
links of form libX.so as part of commit c9ce769b. It turns out that at
least Postfix relies on these, and I suspect any application that makes
use of libsasl2 will require them too.

Signed-off-by: W. Michael Petullo <mike@flyn.org>

pymysql: add new package (only Py3 variant)

vnstat2: add package