Refresh and backport patches so that
- ./python path in the source code takes precedence over the same dir in hostpkg
- OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
with Open vSwitch 2.17
Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
bug fixes:
- Fix incorrect free in conn_sock
- logging: Respect log-size-max immediately after open
- fix some issues flagged by SAST scan
- src: fix write after end of buffer
- src: open all files with O_CLOEXEC
- oom-score: restore oom score before running exit command
new features:
- Forward more messages on the sd-notify socket
- logging: -l passthrough accepts TTYs
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf6 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 81629ba591.
krant