aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* qos-scripts: fix interface resolvingJo-Philipp Wich2020-05-292-8/+14
| | | | | | | | | Also ensure that the error message is actually printed to stderr and that the rule generation is aborted if an interface cannot be resolved. Ref: https://github.com/openwrt/luci/issues/3975 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 559b3384666bbc6e4e9e6d86cf54bd88d30b341f)
* broadcom-wl: don't inherit lock descriptor in nas processJo-Philipp Wich2020-05-282-2/+5
| | | | | | | | | | | | Add a local hack to prevent the Broadcom WPA authenticator process from inheriting the lock descriptor 1000 used to prevent concurrent executions of the init script. Without this fix, repeated invocations of /etc/init.d/network, e.g. for obtaining the enabled state, would hang forever. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit a03d6d2fab13c478a0f6cfc3082bec141f2adcf1)
* rpcd: update to latest openwrt-19.07 Git HEADJo-Philipp Wich2020-05-261-4/+4
| | | | | | | 67c8a3f uci: reset uci_ptr flags when merging options during section add 970ce1a session: deny access if password login is disabled Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "rpcd: update to latest Git HEAD"Jo-Philipp Wich2020-05-261-4/+4
| | | | | | | | This reverts commit adf5d753eff2385063555da8bd4323e69311752a. Reverting this commit because it relies on a changed libiwinfo API. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest Git HEADJo-Philipp Wich2020-05-261-4/+4
| | | | | | | | 078bb57 uci: reset uci_ptr flags when merging options during section add 3df62bc session: deny access if password login is disabled efe51f4 iwinfo: add current hw and ht mode to info call Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: update to the latest versionFelix Fietkau2020-05-261-3/+3
| | | | | | | | | | | 86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit b371182d2450b3c4f15cbe790351d92a2a7b5a67)
* libubox: update to the latest masterRafał Miłecki2020-05-261-3/+3
| | | | | | | | | | | 5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit a765b063ee3e1dd6519f6a4a9e4d4f72214b33b8)
* hostapd: backport wolfssl bignum fixesDaniel Golle2020-05-254-1/+107
| | | | | | | | | crypto_bignum_rand() use needless time-consuming filtering which resulted in SAE no longer connecting within time limits. Import fixes from hostap upstream to fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 631c437a91c20df678b25dcc34fe23636116a35a)
* ucert: update to latest git HEADMatthias Schiffer2020-05-241-3/+3
| | | | | | | | | | | | | | | | | | | | 00b921d80ac0 Do not print line number in debug messages 96c42c5ed320 Fix length checks in cert_load() fe06b4b836b3 usign-exec: improve usign -F output handling 19f9e1917e1b usign-exec: return code fixes 077feb5b5824 usign-exec: close writing end of pipe early in parent process 7ec4bb764e1e usign-exec: remove redundant return statements 5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17] 112488bbbccc usign-exec: do not close stdin and stderr before exec 38dcb1a6f121 usign-exec: fix exec error handling a9be4fb17df2 usign-exec: simplify usign execv calls 854d93e2326a Introduce read_file() helper, improve error reporting afc86f352bf7 Fix return code of write_file() fdff10852326 stdout/stderr improvements dddb2aa8124d ci: fix unit test failures by enabling full ucert build 5f206bcfe5c2 ci: enable unit testing Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* usign: update to latest git HEADMatthias Schiffer2020-05-231-3/+3
| | | | | | | f1f65026a941 Always pad fingerprints to 16 characters Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit e35e40ad824eab9d51cdd690fb747e576e01412f)
* usign: update to latest Git HEADHauke Mehrtens2020-05-231-3/+3
| | | | | | | f34a383 main: fix some resource leaks Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 81e93fff7d867851f2fedd966a931336d4092686)
* OpenWrt v19.07.3: revert to branch defaultsHauke Mehrtens2020-05-161-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.3: adjust config defaultsv19.07.3Hauke Mehrtens2020-05-161-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libjson-c: backport security fixesRobert Marko2020-05-134-2/+117
| | | | | | | | | | | | | This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE, rebase patches on top of json-c 0.12] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit bc0288b76816578f5aeccb2abd679f82bfc5738e)
* fstools: blockd: fix segfault triggered by non-autofs mountsDaniel Golle2020-05-121-3/+3
| | | | | | | | | | | Program received signal SIGSEGV, Segmentation fault. main_autofs (argv=<optimized out>, argc=<optimized out>) at fstools-2020-05-06-eec16e2f/block.c:1193 1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) { Fixes: 3b9e4d6d4c4f ("fstools: update to the latest version") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit b181294b02499e41b6b6fa24163f59c9ee4988ed)
* opkg: Fix PKG_MIRROR_HASHHauke Mehrtens2020-05-081-1/+1
| | | | | Fixes: c61fbdd0879b ("odhcpd: fix PKG_SOURCE_DATE") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath10k-firmware: fix mirror hashDENG Qingfang2020-05-081-1/+1
| | | | | | | | | | Fix PKG_MIRROR_HASH hash mismatch. Fixes: 641a93f0f226 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047") Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 2d758129ca000620ab07f78e774464a96e8f212d)
* opkg: update to latest Git HEADJo-Philipp Wich2020-05-071-3/+3
| | | | | | | | | | | | f2166a8 libopkg: implement lightweight package listing logic cf4554d libopkg: support passing callbacks to feed parsing functions 2a0210f opkg-cl: don't read feeds on opkg update b6f1967 libopkg: use xsystem() to spawn opkg-key 60b9af2 file_util.c: refactor and fix checksum_hex2bin() 206ebae file_util.c: fix possible bad memory access in file_read_line_alloc() Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 79da9d78b98e1cd4574a37e2c4c5f8315b91563d)
* wireguard: bump to 1.0.20200506Jason A. Donenfeld2020-05-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * compat: timeconst.h is a generated artifact Before we were trying to check for timeconst.h by looking in the kernel source directory. This isn't quite correct on configurations in which the object directory is separate from the kernel source directory, for example when using O="elsewhere" as a make option when building the kernel. The correct fix is to use $(CURDIR), which should point to where we want. * compat: use bash instead of bc for HZ-->USEC calculation This should make packaging somewhat easier, as bash is generally already available (at least for dkms), whereas bc isn't provided by distros by default in their build meta packages. * socket: remove errant restriction on looping to self It's already possible to create two different interfaces and loop packets between them. This has always been possible with tunnels in the kernel, and isn't specific to wireguard. Therefore, the networking stack already needs to deal with that. At the very least, the packet winds up exceeding the MTU and is discarded at that point. So, since this is already something that happens, there's no need to forbid the not very exceptional case of routing a packet back to the same interface; this loop is no different than others, and we shouldn't special case it, but rather rely on generic handling of loops in general. This also makes it easier to do interesting things with wireguard such as onion routing. At the same time, we add a selftest for this, ensuring that both onion routing works and infinite routing loops do not crash the kernel. We also add a test case for wireguard interfaces nesting packets and sending traffic between each other, as well as the loop in this case too. We make sure to send some throughput-heavy traffic for this use case, to stress out any possible recursion issues with the locks around workqueues. * send: cond_resched() when processing tx ringbuffers Users with pathological hardware reported CPU stalls on CONFIG_ PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning these workers would never terminate. That turned out not to be okay on systems without forced preemption. This commit adds a cond_resched() to the bottom of each loop iteration, so that these workers don't hog the core. We don't do this on encryption/decryption because the compat module here uses simd_relax, which already includes a call to schedule in preempt_enable. * selftests: initalize ipv6 members to NULL to squelch clang warning This fixes a worthless warning from clang. * send/receive: use explicit unlikely branch instead of implicit coalescing Some code readibility cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 4f6343ffe7fe8f7018f904b153dea9fc6038daf4)
* wireguard: bump to 20191226Jason A. Donenfeld2020-05-074-34/+61
| | | | | | | | | | | | | | | | | As announced on the mailing list, WireGuard will be in Linux 5.6. As a result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is moving to its own wireguard-tools repo. Meanwhile, the out-of-tree kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux- compat repo. Yesterday, releases were cut out of these repos, so this commit bumps packages to match. Since wg(8) and the compat kernel module are versioned and released separately, we create a wireguard-tools Makefile to contain the source for the new tools repo. Later, when OpenWRT moves permanently to Linux 5.6, we'll drop the original module package, leaving only the tools. So this commit shuffles the build definition around a bit but is basically the same idea as before. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
* odhcpd: fix PKG_SOURCE_DATEHans Dedecker2020-05-071-1/+1
| | | | | | Fixes: 5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056)) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes ↵Hans Dedecker2020-05-061-3/+3
| | | | | | | | (FS#3056) 49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ustream-ssl: update to 19.07 Git HEADJo-Philipp Wich2020-05-061-4/+4
| | | | | | | | 40b563b ustream-openssl: clear error stack before SSL_read/SSL_write 30cebb4 ustream-ssl: mbedtls: fix ssl client verification 77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to 19.07 Git HEADJo-Philipp Wich2020-05-061-3/+3
| | | | | | | 975dce2 client: allow keep-alive for POST requests d062f85 file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to the latest versionRafał Miłecki2020-05-061-3/+3
| | | | | | | | | | eec16e2 blockd: add optional "device" parameter to "info" ubus method 9ab936d block(d): always call hotplug.d "mount" scripts from blockd 4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20) Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c3a43753b984657d1b65c666f776856cdf3af61d)
* libpcap: fix library packaging issuesJo-Philipp Wich2020-05-061-1/+5
| | | | | | | | | | | | | Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to extract the library major version from debian/changelog which does not exist in the vanilla upstream tarball. Create a fake changelog file for now to satisfy the version extraction routine until we get around to properly augment the patch. Fixes: FS#2970 Fixes: 96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to the latest versionRafał Miłecki2020-05-051-3/+3
| | | | | | | | | | | 8b9e601 block: always use st_dev (device ID) of / when looking for root 37c9148 block: simplify check_extroot() a bit d70774d block: add some basic extroot documentation 32db27d Revert "block: support hierarchical mount/umount" 0b93429 Revert "block: mount_action: handle mount/umount deps" Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 9295ce70069fee39f2a6b5cf961d8514406a64a7)
* fstools: update to the latest versionFelix Fietkau2020-05-051-3/+3
| | | | | | | | | | | 84965b92f635 blockd: print symlink error code and string message 62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts d1f1f2b38fa1 block: remove mount target file if it's a link 830441d790d6 blockd: remove symlink linkpath file if it's a dir or link c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit b7d6e80feea21aac80d5bd25dc3a0dd5b148fec9)
* mac80211: Update to version 4.19.120Hauke Mehrtens2020-05-0517-63/+63
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* upgs: Remove extra _DEFAULT_SOURCE definitionHauke Mehrtens2020-05-051-4/+0
| | | | | | | | | | | | | | | | This extra _DEFAULT_SOURCE definition results in a double definition which is a compile error. This fixes the following compile error with glibc: ---------------------------------------------------------------------- ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror] #define _DEFAULT_SOURCE <command-line>: note: this is the location of the previous definition cc1: all warnings being treated as errors Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 70a962ca6f13e82d8d67f5c8ee65064a41f66a9c)
* dante: Fix compile with glibcHauke Mehrtens2020-05-052-1/+54
| | | | | | | | | | | | | | | | | | | | When compiled with glibc the config_scan.c wants to use the cpupolicy2numeric() function which is only available when HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here. This fixes a build problem with glibc in combination with the force ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS. This fixes the following compile error with glibc: ---------------------------------------------------------------------- /bin/ld: config_scan.o: in function `socks_yylex': dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric' collect2: error: ld returned 1 exit status make[5]: *** [Makefile:522: sockd] Error 1 Fixes: aaf46a8fe23e ("dante: disable sched_getscheduler() - not implemented in musl") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit ce1798e915181e6c1f3ba735b254b37b84261303)
* perf: build with NO_LIBCAP=1Yangbo Lu2020-05-051-0/+1
| | | | | | | | | | Build with NO_LIBCAP=1. This is to resolve build issue. Package perf is missing dependencies for the following libraries: libcap.so.2 Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> (cherry picked from commit 80f128d2aa7586ce068bbc24badc46ffab2edd4a)
* mac80211: ath10k: increase rx buffer size to 2048Linus Lüssing2020-05-051-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | Before, only frames with a maximum size of 1528 bytes could be transmitted between two 802.11s nodes. For batman-adv for instance, which adds its own header to each frame, we typically need an MTU of at least 1532 bytes to be able to transmit without fragmentation. This patch now increases the maxmimum frame size from 1528 to 1656 bytes. Tested with two ath10k devices in 802.11s mode, as well as with batman-adv on top of 802.11s with forwarding disabled. Fix originally found and developed by Ben Greear. Link: https://github.com/greearb/ath10k-ct/issues/89 Link: https://github.com/greearb/ath10k-ct/commit/9e5ab25027e0971fa24ccf93373324c08c4e992d Cc: Ben Greear <greearb@candelatech.com> Signed-off-by: Linus Lüssing <ll@simonwunderlich.de> Signed-off-by: Sven Eckelmann <sven@narfation.org> (cherry picked from commit 066ec97167e49b5c037b04dc4ec76c4cad5b75e2)
* wpad-wolfssl: fix crypto_bignum_sub()Antonio Quartulli2020-05-011-0/+26
| | | | | | | | | | | | | | | Backport patch from hostapd.git master that fixes copy/paste error in crypto_bignum_sub() in crypto_wolfssl.c. This missing fix was discovered while testing SAE over a mesh interface. With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with wpad-mesh-wolfssl. Cc: Sean Parkinson <sean@wolfssl.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4b3b8ec81cd1965d0bd548fa31db491295b83354)
* mac80211: backport fix for an no-ack tx status issueFelix Fietkau2020-05-012-1/+83
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1] [added missing package version bump] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit e0ab33ea496f371a0683b18d5555d651f8df1f5e)
* hostapd: unconditionally enable ap/mesh for wpa-cliFelix Fietkau2020-05-012-2/+8
| | | | | | | | | | | Without this change, wpa-cli features depend on which wpad build variant was used to build the wpa-cli package Signed-off-by: Felix Fietkau <nbd@nbd.name> Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1] [added missing package version bump] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 03e9e4ba9ea8f00ff7c6f076f2cdc322e18cd3a4)
* wireless-regdb: backport three upstream fixesPetr Štetiar2020-05-014-0/+935
| | | | | | | | | Another release is overdue for quite some time, so I'm backporting three fixes from upstream which I plan to backport into 19.07 as well. Ref: FS#2880 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 76a0ddf1308782a4da2693978955aee9cf631862)
* curl: backport fix for CVE-2019-15601Petr Štetiar2020-05-012-1/+45
| | | | | | | | | | On Windows, refuse paths that start with \\ ... as that might cause an unexpected SMB connection to a given host name. Ref: PR#2730 Ref: https://curl.haxx.se/docs/CVE-2019-15601.html Suggested-by: Jerome Benoit <jerome.benoit@sap.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uboot-kirkwood: fix ethernet and usbPawel Dembicki2020-05-012-1/+39
| | | | | | | | | | | | | | | | | Before 2019.01 version was introduced patch, which changes cache routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache routines to common file"). Unfortunately that patch make ethernet and usb in kirkwood broken. This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache for Kirkwood boards"), which are fix for that problem. Fixes: dc08514e6d ("uboot-kirkwood: update to 2019.01") Run tested: pogoplugv4 Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310] Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* relayd: bump to version 2020-04-25Kevin Darbyshire-Bryant2020-04-271-3/+3
| | | | | | | | | f4d759b dhcp.c: further improve validation Further improve input validation for CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9e7d11f3e275d6f5d6b3edd7f0fa0440da43c45a)
* umdns: update to version 2020-04-25Kevin Darbyshire-Bryant2020-04-271-3/+3
| | | | | | | | | | | | cdac046 dns.c: fix input validation fix Due to a slight foobar typo, failing to de-reference a pointer, previous fix not quite as complete as it should have been. Improve CVE-2020-11750 fix Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9f7c8ed0786be97eda879e5f6681994e4de53d74)
* dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)Henrique de Moraes Holschuh2020-04-252-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fix the test for an enabled sysntp initscript in dnsmasq.init, and get rid of "test -o" while at it. Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an RTC-less ath79 router. dnssec-no-timecheck would be clearly missing from /var/etc/dnsmasq.conf.* while the router was still a few days in the past due to non-working DNSSEC + DNS-based NTP server config. The fix was tested with the router in the "DNSSEC broken state": it properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp was able to resolve the server name to an IP address, and set the system time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook, as expected. A missing system.ntp.enabled UCI node is required for the bug to show up. The reasons for why it would be missing in the first place were not investigated. Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 556b8581a15c855b2de0efbea6b625ab16cc9daf)
* libpcap: fix build breakage with very high number of simultaneous jobsPetr Štetiar2020-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | Building libpcap with high number (64) of simultaneous jobs fails: In file included from ./fmtutils.c:42:0: ./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined #define _BSD_SOURCE <command-line>:0:0: note: this is the location of the previous definition ./gencode.c:67:10: fatal error: grammar.h: No such file or directory #include "grammar.h" ^~~~~~~~~~~ compilation terminated. Makefile:99: recipe for target 'gencode_pic.o' failed So fix this by less intrusive way by disabling the parallel builds for this package. Ref: FS#3010 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1gPetr Štetiar2020-04-211-2/+2
| | | | | | | | | Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 3773ae127ac83766028f767ac744e87a7ddcaf50)
* relayd: bump to version 2020-04-20Kevin Darbyshire-Bryant2020-04-201-3/+3
| | | | | | | | | 796da66 dhcp.c: improve input validation & length checks Addresses CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit be172e663f318ec364c13f795df025bbcce9ac18)
* umdns: update to version 2020-04-20Kevin Darbyshire-Bryant2020-04-201-4/+4
| | | | | | | | | e74a3f9 dns.c: improve input validation Addresses CVE-2020-11750 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 533da61ac63079f218a9946cd8e347b880c33dc0)
* umdns: update to the version 2020-04-05Kevin Darbyshire-Bryant2020-04-201-4/+4
| | | | | | | | | ab7a39a umdns: fix unused error 45c4953 dns: explicitly endian-convert all fields in header and question Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 22ae8bd50ef6d056b25a96ce6c77de0b0d53c1a1) (cherry picked from commit 17c4593e63f5847868f2c38185275199d37d379a)
* umdns: suppress address-of-packed-member warningKevin Darbyshire-Bryant2020-04-201-2/+2
| | | | | | | | | | | | | | | | | | | gcc 8 & 9 appear to be more picky with regards access alignment to packed structures, leading to this warning in dns.c: dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer (alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer (alignment 2) may result in an unaligned pointer value [-Werror=address-of-packed-member] 261 | uint16_t *swap = (uint16_t *) q; Work around what I think is a false positive by turning the warning off. Not ideal, but not quite as not ideal as build failure. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 02640f014719a994e2e538b2cb6376a189cd39de) (cherry picked from commit a10b6ec1c8cd6d14a3b76a2ec3d81442b85f7321)
* binutils: add ALTERNATIVES for strings (FS#3001)Hans Dedecker2020-04-181-1/+2
| | | | | | | | | Don't move strings anymore to /bin/strings to avoid clash with busybox /usr/bin/strings but move it to /usr/bin/binutils-strings. Use ALTERNATIVES support to install it as /usr/bin/strings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 5f126c541a743e2ff5d8f406128d477ab5a509b4)
* mbedtls: update to 2.16.6Magnus Kroken2020-04-181-2/+2
| | | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 02fcbe2f3d4eaf65e90bb167aa7818eacc08c633)