Andy Walsh [Sun, 9 Feb 2020 22:25:56 +0000 (23:25 +0100)]
ksmbd: update to 3.1.3, ksmbd-tools: update to 3.2.1, add smb1 support
* ksmbd: update to 3.1.3
* ksmbd-tools: update to 3.2.1
* add new package build option "KSMBD_SMB_INSECURE_SERVER"
* enable smb1 support to kmod by default
* add new UCI option "allow_legacy_protocols" to section [globals]
* ksmbd: release 3.1.3 version
* ksmbd: lock SMB2_QUERY_INFO_HE request with read lock
* ksmbd: fix potential racy between query_dir and ksmbd_vfs_empty_dir
* ksmbd: fix racy issue between deleting file and checking empty directory
* ksmbd: don't register interface which are member of bridge
* ksmbd: SO_REUSEADDR is no property of tcp_setsockopt
* ksmbd: release 3.1.2 version
* ksmbd: fix read caching buffer size as max_read_size
* ksmbd: fix the infinite loop of handling FSCTL_QUERY_ALLOCATED_RANGES
* ksmbd: use compounding for smb2 flush
* ksmbd: downgrade error message to debug in get_file_all_info
* ksmbd: rename usmbd to ksmbd.mountd in trvis-ci
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: update README file
* ksmbd-tools: release 3.2.1 version
* ksmbd-tools: revert "remove glib2.0 dependancy" patch
* ksmbd-tools: release 3.2.0 version
* ksmbd-tools: update how to restart ksmbd in README file
* Revert "ksmbd-tools: disable tbuf and rbuf caching by default"
* ksmbd-tools: disable tbuf and rbuf caching by default
* ksmbd-tools: replace usmbd prefix with ksmbd prefix
* ksmbd-tools: update README file
* ksmbd-tools: fix warning ignoring return value of 'fread'
* ksmbd-tools: downgrade unsupported command print to debug
* ksmbd-tools: remove GLIB_LIBS in Makefiles
* ksmbd-tools: rename usmbd, smbuseradd, smbshareadd to ksmbd.mountd, ksmbd.adduser and ksmbd.addshare
* ksmbd-tools: fix null pointer dereference in _list_remove
* ksmbd-tools: fix the sanity check fails depending on the password length
* ksmbd-tools: fix build error(not found glib.h)
* ksmbd-tools: remove glib-2.0 dependancy
* ksmbd-tools: update README to add libglib2.0-dev for Ubuntu preprequisite packages
Peter Stadler [Tue, 4 Feb 2020 12:10:00 +0000 (13:10 +0100)]
nginx-util: add tests, clean up and fix issues
Add tests for nginx-ssl-util and nginx-ssl-util-nopcre using (fake)chroot.
Clean the code up making nginx-ssl-util a header file.
Both changes are for better (future) code quality only.
There are minor functional improvements:
* fix compiler error of gcc7 by using std=c++17
* fix error if there is no lan/loopback interface
* notice instead of error message if there is no default server
* add ipv6-prefix-assignment.*.local-address.address for LAN
* add CONFLICTS in Makefile for choosing the right version
* add cast to release of unique_ptr to avoid warning
* add version message to help message
This release adds support for CMake's FetchContent.
Changes:
-Add support for FetchContent in CMake
-Rename CMake project from 'check' to 'Check'
-Fix for checking for wrong tool when building docs in Autotools
-Fix compiler warning with printf format
Waldemar Konik [Wed, 5 Feb 2020 07:37:39 +0000 (08:37 +0100)]
python-curl: update to version 7.43.0.5
PycURL changeLog:
Version 7.43.0.5 - 2020-01-29
-----------------------------------------------------------------
- Fixed build with recent Pythons on RHEL/CentOS.
Jeffery To [Tue, 4 Feb 2020 13:48:08 +0000 (21:48 +0800)]
golang: Reorganize GoPackage/Environment and Makefile variables
* Move more environment variables into GoPackage/Environment
* Split GoPackage/Environment into target and build sections
* Do not set GOROOT_FINAL for Go packages (setting it should only affect
the Go compiler and not Go packages)
* Set CGO_LDFLAGS to $(TARGET_LDFLAGS)
* Move GO_TARGET_* variables from golang-values.mk, and GO_VERSION_*
variables from golang-version.mk, into golang/Makefile
This also updates runc, containerd, and docker-ce to reflect the changes
in GoPackage/Environment.
gettid happens to be supported by all glibc, musl and uclibc, but
configure cannot detect it when cross-compiling. This adds a configure
variable for it.
Adds configure variables for features that the compiler or the libc
supports and which cannot be detected by apr-util's configure script
when cross-compiling.
Also removes one call to INSTALL_DIR (no functional change here).
apr's configure script uses lots of AC_TRY_RUNs and when cross-compiling
needs a leg-up. This commit adds more configure variables (and removes
one, too).
Notable changes:
- apr_cv_use_lfs64=yes is removed (again) after having a discussion
about it with the musl developers. The conclusion was that
_LARGEFILE64_SOURCE is a horrible thing that we don't want and should
avoid (hence the removal of the variable, because defining
_LARGEFILE64_SOURCE is all it does).
- ap_cv_atomic_builtins is set to "yes" for 64-bit platforms. If
anybody is interested in enabling this for other targets feel free to
send a patch after testing it.
- configure doesn't add -lpthread to LIBS when cross-compiling. This is
not a problem for musl but might be for other libcs. This commit adds
to related variable.
- configure caches are added (via patches) for strerror and /dev/zero
mmap tests. The former fixes a warning on musl (where strerror
returns int instead of a pointer) and the latter is required for
pthread pshared mutex apr_lock implementation and cannot be detected
during cross-compile either.
Today CVE-2020-7221 was publicly discussed on oss-sec [1]. MariaDB
upstream had not mentioned this CVE in their last release notes. The CVE
is related to auth-pam and the possibility of a local mariadb to root
user exploit in the mysql_install_db script.
Upstream has made amendments to the script, but according to the oss-sec
posts the folder permissions were not updated as they should have been.
In OpenWrt the script mysql_install_db is actually patched to never run
the commands in question. This has been this way since MariaDB 10.4 was
made available.
Still, the directory permissions set by the postinstall script are too
lax. To quote the discoverer of the issue, Matthias Gerstner from Suse,
they exhibit "the dangerous situation of a setuid-root binary residing
in a directory owned by an unprivileged user".
This commit fixes this by changing the permissions to the following:
This way the setuid-root binary is only available to root and the
mariadb user, while at the same time the mariadb user has no ownership
of the directory.
Rosen Penev [Fri, 31 Jan 2020 05:02:11 +0000 (21:02 -0800)]
mpd: fix compilation with uClibc-ng
With mpd's build system, it requires either an iconv built into the libc
or icu. Since uClibc-ng as configured by OpenWrt currently has no iconv,
use icu for it to work around the problem. This is the simplest solution.
Added a patch to use boost's rounding functions. They are more appropriate
and work with uClibc-ng.
Jeffery To [Mon, 3 Feb 2020 20:05:29 +0000 (04:05 +0800)]
golang: Improve build isolation from user environment
* Set GOENV=off when building Go compiler and packages, to ignore user's
environment configuration file
* Set GOCACHE when building host Go
* Unset GOTMPDIR, to use the buildroot temp directory instead of temp
directories in build_dir