Fixes two CVEs:
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Features:
- Add profile filter to docker-compose config
- Add a depends_on condition to wait for successful service completion
Miscellaneous:
- Add image scan message on build
- Update warning message for --no-ansi to mention --ansi never as alternative
- Bump docker-py to 5.0.0
- Bump PyYAML to 5.4.1
- Bump python-dotenv to 0.17.0
Signed-off-by: Javier Marcet <javier@marcet.info>
This reverts commit b29e609701.
Adding DEPENDS+=@!arc will cause a circular dependency, because some
packages select libseccomp based on a build option.
Commit e29483d7e ("libseccomp: workaround a recursive dependency") added
a workaround that was not properly documented, so I'll explain here.
The problem arises when libseccomp is selected depending on some config
option:
define Pakcage/foo
DEPENDS=+FOO_SECCOMP:libseccomp
Even if the condition is correctly defined, excluding arc, such as:
define Package/foo/config
config FOO_SECCOMP
depends on !arc
the config generator will parse libseccomp's DEPENDS variable and
generate menuconfig statements like these:
config PACKAGE_foo
select PACKAGE_libseccomp if FOO_SECCOMP
depends on !FOO_SECCOMP || !arc
The last condition is always true because FOO_SECCOMP will always be
be false when arc is true. The config generator is not able to
simplify/optimize the condition.
The circular dependecy occurs because FOO_SECCOMP depends on
PACKAGE_foo, and the redundant, always true line will make PACKAGE_foo
depend on FOO_SECCOMP.
As a workaround, we can add the 'depends on !arc' line to
Package/libseccomp/config, outside of the DEPENDS variable, so that the
redundant depends line line does not get generated.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
The package needs libseccomp, which does not currently support arc.
In order to avoid a circular dependency, we must avoid arc here as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
modbus-utils was not intended to be added at this stage. Remove it.
Fixes: 312594f86 ("uvol: add new package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.
To reproduce this bug, perform the following:
- Install safe-search
- Perform an OpenWRT firmware upgrade (choose to preserve user settings)
- Install safe-search again
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
uvol is a wrapper-script which allows automated handling of storage
volumes. uvol currently comes with backend support for LVM2 and UBI,
covering practically all options for storage large enough to be
managed (NAND, SPI-NAND, eMMC, SATA, NVME, virtio-blk, ...).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This was probably a work-around for an issue with dependencies which
was fixed by
988ed00802
Remove it as all other packages with `-selinux` variants do provide
a non-SELinux-variant without any suffix and that works now, see
procd vs. procd-selinux
busybox vs. busybox-selinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead. Otherwise a circular
dependency is created.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.
Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of just appending the driver serial including the '0x' prefix,
use '-' prefix instead to make it more readable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
Philip Prindeville