This includes the fix for CVE-2018-5738: When recursion is enabled but the
allow-recursion and allow-query-cache ACLs are not specified, they should be
limited to local networks, but they were inadvertently set to match the default
allow-query, thus allowing remote queries.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

Full changelog at https://c-ares.haxx.se/changelog.html

Of interest:
* fixes warnings with modern gcc
* reports not found for onion addresses per RFC7686

Signed-off-by: Karl Palsson <karlp@etactica.com>

libssh: bump to 0.7.6 CVE-2018-10933 fix

Bump from 0.7.5 to 0.7.6.  Upstream changelog:

Fixed CVE-2018-10933
Added support for OpenSSL 1.1
Added SHA256 support for ssh_get_publickey_hash()
Fixed config parsing
Fixed random memory corruption when importing pubkeys

Backported upstream patches since 0.7.6 to fix interactive
authentication issues amongst other things:

9d5cf209 libcrypto: Fix memory leak in evp_final()
10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
7ad80ba1 server: Fix compile error
acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint
3fe7510b messages: Check that the requested service is 'ssh-connection'
734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
e4c6d591 packet: Add missing break in ssh_packet_incoming_filter()
f81ca616 misc: Add strndup implementation if not provides by the OS

Refresh patches.
Remove local backport for OpenSSL 1.1 support as is now in release
Remove PKG_INSTALL & CMAKE vars that are defaulted anyway
Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking
Remove BROKEN tag as is no longer broken

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

libpam: Update to 1.3.0

This is needed to build ca-certificates

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

Removed upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

Even when configured to only build PR, CircleCI always build the default branch
`only: /pull.*/` seems like a good idea, but it fails when:
- you are testing on the same repo, because github doesn't create a pull branch
- when your repo is configured, because it see the push on your repo,
prevent building this commit because it doesn't match the regexp, then when you
do the PR CircleCI doesn't work
In the end what we really want is `ignore: master`

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

It seems to not be needed anymore. Tested on mvebu and ar71xx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

isc-dhcp: drop .conf suffix on dhcrelay config file

Resolves issue #7235

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

hdparm: Update to 9.58

WebSocket++ is a header only C++ library that implements RFC6455 The
WebSocket Protocol.

Signed-off-by: Bruno Randolf <br1@einfach.org>

haproxy: Update all patches for HAProxy v1.8.14

Add myself as maintainer as agreed previously.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Small Makefile reorganization for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

libsearpc: Update to 3.1.0

prometheus: add package

This reverts commit bf9f919551.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

Signed-off-by: Karl Palsson <karlp@tweak.net.au>

libsoup: Update to 2.65.1

unrar: Update to 5.6.7

libaio: Update to 0.3.111

python-egenix-mx-base: Update to 3.2.9

libevdev: Update to 1.5.9

pyodbc: Update to 4.0.24

pcre2: Update to 10.32

openobex: Update to 1.7.2

hiredis: Update to 0.14.0

c-ares: Add CPE ID to track CVEs

libartnet: Fix compile with GCC7

cyrus-sasl: Update to 2.1.27-rc8

yara: Update to 3.8.1

libp11: Update to 0.4.9

python-psycopg2: Update to 2.7.5

ccid: Update to 1.4.30

jool: Backport two fixes for newer kernels.

cmdpad: Fix compile

oath-toolkit: Add patch from Fedora to fix compilation

spoofer: Update to 1.4.0

mdnsresponder: bump to 878.70.2 and refresh patches

libopus: Update to 1.3.0

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>