Backport a patch from upstream fixing wrong args handling with musl.
Before this patch non args must be passed at the end of the command due
to a musl limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
`dnsdist-full` has all optional features enabled, but is a big package
in term of both flash and memory footprint.
`dnsdist` only keeps the features that make the most sense
on embeded devices, but can also be customised to match the
user's needs, up to the point where it matches `dnsdist-full`.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
* Added test.sh script
* Fixed build with riscv64
* Passed package version via go ldflags
* Refreshed patches
* Removed useless test binaries from package
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The initial value takes 80kB of memory for each HTTP/2 connection
which is a lot on small devices. Using 8kB instead saves a fair
amount of memory without sacrificing performance.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
The map takes a fair amount of memory and the only consumer of this
library, dnsdist, does not need it.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
The only package using this library, dnsdist, does not require it
so let's save space and PSS memory.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Major changes since version 3.1.1:
* Officially supports the 2019 version of IEEE 1588
* Improved unicast messaging
* Enhanced G.8275.2 profile
* More flexible Pulse Per Second (PPS) handling
* Virtual clock support
* Power profile support
* VLAN over bond support.
* Parallel Redundancy Protocol (PRP) trailer handling.
* Non-privileged read-only monitoring port.
* New statistics reporting.
[V2]
* reset package release
* adapt license name to the new format
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
Gettext is a prerequisite to build OpenWrt according to:
https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem
but github automated tests fail without this explicit dependency:
2023-06-19T08:02:45.1940511Z checking for py module gzip ... ok
2023-06-19T08:02:45.1968662Z checking for /builder/staging_dir/host/bin/pkg-config ...ok
2023-06-19T08:02:45.1998491Z ERROR: no gettext binaries found
2023-06-19T08:02:45.1999746Z checking for xgettext ... fail
2023-06-19T08:02:45.2008403Z make[2]: *** [Makefile:263: /builder/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/tvheadend-2023-06-05/.configured_a17fb5ef857664f03cd0ce37cc5ea591] Error 1
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Update to v18.16.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
OpenELP is an open source EchoLink proxy for Linux and Windows. It aims
to be efficient and maintain a small footprint, while still implementing
all of the features present in the official EchoLink proxy.
Signed-off-by: Scott K Logan <logans@cottsay.net>
* Add separate packages for each tool (semodule-*)
* Update the semodule-utils package as a meta-package that installs all
tools, keeping it functionally the same as the current semodule-utils
package
* Remove host build (not used by any other package)
* Update package titles, descriptions, and license files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Added packages:
* python3-seobject
Contains the seobject.py library file which was previously included
in selinux-semanage
* selinux-sepolicy
Contains the sepolicy and sepolgen tools which were previously
included in python3-sepolicy
* selinux-sepolgen-ifgen
Contains the sepolgen-ifgen tool which was previously included in
selinux-audit2allow
* selinux-python
A meta-package to install all tools
* Change the python3-sepolgen data_dir from /usr/share/sepolgen to
/etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add
the directory to conffiles
By default, the sepolgen-ifgen tool writes to a file named
"interface_info" in the data directory, to be read by the audit2allow
tool. The header comment in the perm_map file also suggests that the
file is customizable.
The best place for these files would be in /var/lib, but /etc is more
appropriate than /usr.
* Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch)
* Fix ModuleNotFoundError raised by sepolicy
(0004-sepolicy-fix-get_os_version-except.patch)
Patch has been submitted upstream:
https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/
* Update package titles, descriptions, and dependencies
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Parallel build does not work because it may reach a point where OSTYPE
might be needed before it is actually built. They appear to run
parallel to each other:
echo slx > OSTYPE
[...]
cat: OSTYPE: No such file or directory
sh: line 1: test: too many arguments
cat: OSTYPE: No such file or directory
Already built for -- you must do "make clean" first
make[6]: *** [Makefile:706: rebuild] Error 1
make[6]: *** Waiting for unfinished jobs....
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Rename:
* Source package from python3-libsemanage to python-semanage
* Target package from python3-libsemanage to python3-semanage
* Update dependents with new target package name
* Update package title, license files, and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Rename:
* Source package from python3-libselinux to python-selinux
* Target package from python3-libselinux to python3-selinux
* Update dependents with new target package name
* Remove patches:
* 010-setup-py-custom-cc.patch: LDSHARED is already set as part of
$(PYTHON3_VARS)
* 020-Make-use-of-variables-when-defining-libdir-and-inclu.patch: This
package doesn't install the libselinux.pc file
* Update package title and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Add separate packages for each tool (setools-*) and a package for the
Python bindings (python3-setools)
* Update the setools package as a meta-package that installs all tools,
keeping it functionally the same as the current setools package
* Remove gui tool (apol) and Python binding (setoolsgui)
* Simplify 030-remove-host-paths.patch (libraries installed by
Build/InstallDev are placed in $(STAGING_DIR)/usr/lib only)
* Update package titles, descriptions, license, and dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>