mirror/openwrt-packages
1
0
Fork 0
mirror of https://git.openwrt.org/feed/packages.git synced 2024-06-14 19:33:59 +02:00
Code Releases Activity
31,339 Commits 9 Branches 1 Tag 146 MiB
Makefile 54.3%
Shell 30.6%
C 9%
C++ 1.9%
Lua 1.3%
Other 2.5%
52e6017ad1
Go to file
Hirokazu MORIKAWA 52e6017ad1 node: February 14 2024 Security Releases 
Update to v20.11.1
This is a security release.

Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2024-02-16 15:46:33 +01:00
.circleci CircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key 2022-05-11 16:40:55 +08:00
.github ci: bump checkout/upload-artifact to v4 2024-01-29 09:40:40 +01:00
.keys build: move gpg keys into .keys directory 2018-04-30 13:14:25 -07:00
admin rsyslog: update to 8.2312.0 2024-02-07 13:58:20 -08:00
devel diffutils: update to 3.10 2024-02-07 13:56:41 -08:00
fonts/dejavu-fonts-ttf [dejavu-fonts] add license info and myself as maintainer 2017-02-22 18:39:54 +01:00
ipv6 treewide: remove AUTORELEASE 2023-04-21 22:46:58 +02:00
kernel treewide: assign PKG_CPE_ID 2024-02-04 16:16:10 -08:00
lang node: February 14 2024 Security Releases 2024-02-16 15:46:33 +01:00
libs glib2: update to version 2.74.7 2024-02-16 12:02:11 +01:00
mail treewide: fix licence typos 2024-01-31 16:00:10 -08:00
multimedia imagemagick: update to 7.1.1-28 2024-02-14 12:56:45 -08:00
net netavark: update to 1.10.3 2024-02-16 16:55:18 +08:00
sound mpd: update to 0.23.15 2024-02-14 19:24:52 -08:00
utils Merge pull request #23457 from TDT-AG/pr/20240216-procps-ng 2024-02-16 15:03:03 +01:00
CONTRIBUTING.md CONTRIBUTING.md: clarify pull request commit requirements 2024-02-04 16:33:58 -08:00
LICENSE Add GPLv2 pro-forma license 2014-06-16 08:14:04 +02:00
README.md Update the SDK URL in the README. 2020-05-24 14:50:30 -07:00

README.md

OpenWrt packages feed

Description

This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.

Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.

Usage

This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot Installation on the OpenWrt support site.

This feed is enabled by default. To install all its package definitions, run:

./scripts/feeds update packages
./scripts/feeds install -a -p packages

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.