Go to file

Hirokazu MORIKAWA f9515613f9 node: bump to v16.17.1 The following CVEs are fixed in this release: * CVE-2022-32212: DNS rebinding in --inspect on macOS (High) * Insufficient fix for macOS devices on v18.5.0 * CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) * CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium) * Insufficient fix on v18.5.0 * CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium) * Insufficient fix on v18.5.0 * CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium) * CVE-2022-35255: Weak randomness in WebCrypto keygen More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post. llhttp updated to 6.0.10 llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities. * HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). * HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). * HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS). Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> (cherry picked from commit `658621bf5e`)		2022-10-05 23:29:43 +02:00
.circleci	CircleCI: Add 21.02 GPG and usign public keys and update to Debian 10	2022-02-15 21:00:39 -05:00
.github	ci: Look for changed packages in the PR branch only	2022-05-16 11:20:14 +02:00
.keys	build: move gpg keys into .keys directory	2018-04-30 13:14:25 -07:00
admin	syslog-ng: update to version 3.38.1	2022-09-08 09:58:18 +02:00
devel	Revert "gcc: update 11 minor version"	2022-07-06 12:40:49 -07:00
fonts/dejavu-fonts-ttf	[dejavu-fonts] add license info and myself as maintainer	2017-02-22 18:39:54 +01:00
ipv6	generate-ipv6-address: fix PIC compilation	2021-04-20 20:10:56 +02:00
kernel	antfs: require kernel version 5.10 to build	2022-08-11 22:13:50 +02:00
lang	node: bump to v16.17.1	2022-10-05 23:29:43 +02:00
libs	treewide: fix security issues by bumping all packages using libwolfssl	2022-10-04 10:22:40 +02:00
mail	mutt: add PKG_CONFIG_DEPENDS	2022-07-20 11:38:31 -07:00
multimedia	yt-dlp: update to 2022.9.1	2022-09-15 08:22:56 +02:00
net	Merge pull request #19521 from ynezz/ynezz/openwrt-22.03-wolfssl-CVE-2022-39173	2022-10-05 21:30:52 +02:00
sound	mpd: update to 0.23.9	2022-08-20 22:49:19 +02:00
utils	treewide: fix security issues by bumping all packages using libwolfssl	2022-10-04 10:22:40 +02:00
CONTRIBUTING.md	CONTRIBUTING: add CI information	2020-09-30 10:47:12 -10:00
LICENSE	Add GPLv2 pro-forma license	2014-06-16 08:14:04 +02:00
README.md	Update the SDK URL in the README.	2020-05-24 14:50:30 -07:00

README.md

OpenWrt packages feed

Description

This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.

Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.

Usage

This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot – Installation on the OpenWrt support site.

This feed is enabled by default. To install all its package definitions, run:

./scripts/feeds update packages
./scripts/feeds install -a -p packages

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.

README.md Unescape Escape