* update to 4.13.3
* enable vfs io_uring module by default, if kernel supports it
* fix for possible exploit openwrt/packages#13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
* remove old aio modules/deps
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
libfido2 provides library functionality and command-line
tools to communicate with a FIDO device over USB, and to
verify attestation and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
Libcbor is a C library for parsing and generating CBOR[0],
the general-purpose schema-less binary data format.
[0]: https://tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
Add fadvise64_64 and fchmod syscalls needed on PowerPC platforms to
seccomp rules of transmission-daemon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
No package version bump as no change to built package. URL now points
to current useful webpage, and description is based on current release.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
This became a requirement in libwww-perl 6.17.
Note that there are two other missing "soft" dependencies, Authen::Ntlm
as used by LWP::Authen::Ntlm, and Data::Dump as used by
LWP::Debug::TraceHTTP, that are not required for basic functionality.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Add Exim MTA variants:
* exim
plain variant without any TLS library which hence comes
without TLS, DANE and DKIM.
* exim-openssl
linked against libopenssl
* exim-gnutls
linked against libgnutls
* exim-ldap
linked against libopenssl, libopenldap and libsasl2
Provide packages for lookup modules
* cdb
* dbmdb
* dnsdb
* json (depends on jansson)
* mysql (depends on libmariadb)
* passwd
* pgsql (depends on libpq)
* redis (depends on libhiredis)
* sqlite (depends on libsqlite3)
Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>