This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The IPsec ip route table has the default number 220.
If mwan3 has more then 7 bits set (124 interfaces) then if mwan3 down is
executed the table is also cleared. To solve this set default max 7
bits in the mmx_mask for mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Have encoders and demuxers selectively disabled for patents in
libffmpeg-full too. Assume same codecs covered as decoders and
muxers, respectively. Include vc1 in muxer's too.
Don't invoke --enable-nonfree in libffmpeg-full. It results in:
License: nonfree and unredistributable
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Maintainer: me
Compile tested: ar71xx, LEDE trunk r5488-893a1ed
Run tested: NONE
Description:
ICU 61 upgrades to CLDR 33 locale data, has a new Java implementation
for number and currency parsing, and includes many small API additions,
improvements, and bug fixes.
(includes security fix CVE-2017-17484,CVE-2017-15422)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
xinetd.org has been defunct for a long time and it seems the main developer moved everything to GitHub.
Discovered with uscan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The FreeDesktop link does not work anymore. Switch to new upstream at GitHub.
Update the version while we're at it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
be35e54 Optimized by use ipset
2dcc126 Optimize kernel module code
08231b4 Remove url param of login api
bf7b435 Support compile kernel module on ubuntu for test
ffca07a Optimize kernel module
b03c757 Optimize code
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
mysql already makes sure that the compiler emits position-independent code when
appropriate, namely when compiling shared objects. The mysql build system puts
its own flag behind the CFLAGS, overriding whatever was set before.
Additionally, forcing applications into PIC mode will just slow them
down (mysql not only provides shared objects but also applications).
Last but not least OpenWrt's $(FPIC) can cause build failures. This is
the case currently for AARCH64:
net_serv.o: In function `my_net_init':
net_serv.cc:(.text+0x28): relocation truncated to fit: R_AARCH64_LD64_GOTPAGE_LO15 against symbol `my_malloc' defined in .text section in ../mysys/libmysys.a(my_malloc.o)
net_serv.cc:(.text+0x28): warning: Too many GOT entries for -fpic, please recompile with -fPIC
/data/bowl-builder/aarch64_cortex-a53/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-7.3.0_musl/bin/../lib/gcc/aarch64-openwrt-linux-musl/7.3.0/../../../../aarch64-openwrt-linux-musl/bin/ld: final link failed: Symbol needs debug section which does not exist
collect2: error: ld returned 1 exit status
Makefile:955: recipe for target 'mysqld' failed
make[7]: *** [mysqld] Error 1
Remove $(FPIC) from TARGET_CFLAGS to address all of the above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Upstream commit "gio: Port GThreadedResolver to use res_nquery() to fix
thread-safety" introduced a bug that causes compile failures on
platforms where res_nquery is unavailable. This patch fixes that.
Bug 794606 has been opened upstream: https://bugzilla.gnome.org/show_bug.cgi?id=794606
On the OpenWrt buildbots this bug is visible during the arc_archs
compile:
gthreadedresolver.c: In function 'do_lookup_records':
gthreadedresolver.c:875:16: error: 'res' undeclared (first use in this function); did you mean '_res'?
res_nclose (&res);
^~~
_res
gthreadedresolver.c:875:16: note: each undeclared identifier is reported only once for each function it appears in
Makefile:3334: recipe for target 'libgio_2_0_la-gthreadedresolver.lo' failed
make[8]: *** [libgio_2_0_la-gthreadedresolver.lo] Error 1
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Patch 903 disables building of examples.
Patch 904 fixes the following issue:
When building software that build depends on openzwave, build will
always search in /usr/include/openzwave instead of
staging_dir/.../usr/include/openzwave.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Adjust the dependency from ip-full back to ip.
Returning back to "ip" is now possible as busybox does not provide
"ip" any more, making "ip" again reference to ip-tiny or ip-full.
Reference to discussion in #5747
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* vfs support needs an additional ini file and another directory by
default (/usr/lib/mc/extfs.d), backport of a turris fix.
* cleanup makefile
Signed-off-by: Dirk Brenken <dev@brenken.org>
Re-organize configuration options to allow non-patented/un-licensed builds.
Include AAC and WMA codecs without BUILD_PATENTED
Signed-off-by: Ted Hess <thess@kitschensync.net>