This also removes the dependency on gnupg as there are two packages for
gpg, gnupg and gnupg2; this library should work with either one.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 67af34188d)
This adds new build dependencies as the package switched to
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e1ef13a30c)
* Add separate packages for each tool (semodule-*)
* Update the semodule-utils package as a meta-package that installs all
tools, keeping it functionally the same as the current semodule-utils
package
* Remove host build (not used by any other package)
* Update package titles, descriptions, and license files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit aa4085a13f)
* Added packages:
* python3-seobject
Contains the seobject.py library file which was previously included
in selinux-semanage
* selinux-sepolicy
Contains the sepolicy and sepolgen tools which were previously
included in python3-sepolicy
* selinux-sepolgen-ifgen
Contains the sepolgen-ifgen tool which was previously included in
selinux-audit2allow
* selinux-python
A meta-package to install all tools
* Change the python3-sepolgen data_dir from /usr/share/sepolgen to
/etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add
the directory to conffiles
By default, the sepolgen-ifgen tool writes to a file named
"interface_info" in the data directory, to be read by the audit2allow
tool. The header comment in the perm_map file also suggests that the
file is customizable.
The best place for these files would be in /var/lib, but /etc is more
appropriate than /usr.
* Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch)
* Fix ModuleNotFoundError raised by sepolicy
(0004-sepolicy-fix-get_os_version-except.patch)
Patch has been submitted upstream:
https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/
* Update package titles, descriptions, and dependencies
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6bd71dac0c)
This also moves the python3-selinux dependency from the default section
into each util package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 61e79aad69)
* Rename:
* Source package from python3-libsemanage to python-semanage
* Target package from python3-libsemanage to python3-semanage
* Update dependents with new target package name
* Update package title, license files, and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 23ff8177f0)
* Rename:
* Source package from python3-libselinux to python-selinux
* Target package from python3-libselinux to python3-selinux
* Update dependents with new target package name
* Remove patches:
* 010-setup-py-custom-cc.patch: LDSHARED is already set as part of
$(PYTHON3_VARS)
* 020-Make-use-of-variables-when-defining-libdir-and-inclu.patch: This
package doesn't install the libselinux.pc file
* Update package title and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a205483547)
* Add separate packages for each tool (setools-*) and a package for the
Python bindings (python3-setools)
* Update the setools package as a meta-package that installs all tools,
keeping it functionally the same as the current setools package
* Remove gui tool (apol) and Python binding (setoolsgui)
* Simplify 030-remove-host-paths.patch (libraries installed by
Build/InstallDev are placed in $(STAGING_DIR)/usr/lib only)
* Update package titles, descriptions, license, and dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6938f58a45)
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c3084be415)
* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b9bd6cdb0d)
* Optionally auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the
monitored suspicious IP, set 'ban_autoblocksubnet' accordingly (disabled by default).
For more information regarding RDAP see
https://www.ripe.net/manage-ips-and-asns/db/registration-data-access-protocol-rdap for reference.
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 767d1ec663)
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a9cda91502)
* Added test.sh script
* Fixed build with riscv64
* Passed package version via go ldflags
* Refreshed patches
* Removed useless test binaries from package
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 27b4291bd4)
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 4c4d3b9001)
Update to v18.16.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 286d1d11ae)
If an alias name is used for the modem, then a check if the device exists
in sysfs does not work. To fix this remove the check if the sysfs device
exists. The protocoll handler already checks if the modem is responsible
for this device on the next line.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit fd63e400ba)
On small systems with many virtual devices, the modem manager sometimes
could not start because it took too long until all devices for the modem
were recognised. This is because all system events that are stored in
the file events.cache have to be processed. To speed up the processing,
all devices under /sys/devices/virtual are now filtered out so that they
do not have to be processed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit e66fead6d4)
Tests are breaking compilation for mipsel targets because of the removal
of the sysmips call. Let's just not build them.
While at it, remove patches from 1.1 version and move the current ones
to the default 'patches' directory.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 085dc8d965)
1.45.0
* linux: introduce io_uring support
* src: add new metrics APIs
* unix,win: give thread pool threads an 8 MB stack
* win,unix: change execution order of timers
1.44.2
* loop: better align order-of-events behavior between platforms
* zos: fix fs event not fired if the watched file is moved/removed/recreated
* win: Fix pipe resource leak if closed during connect (and other bugs)
* zos: don't error when killing a zombie process
* macos: avoid posix_spawnp() cwd bug
* kqueue: skip EVFILT_PROC events when invalidating events for an fd.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit cf7e9a77c9)
- armvirt target has been renamed to armsr (Arm SystemReady) [1].
- armsr-armv8 has been switched to aarch64_generic architecture [2].
1. 40b02a2301
2. e0f06ddc23
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit bf88b371c5)
armvirt target has been renamed to armsr (Arm SystemReady) [1],
so the dependency need to be changed as well.
40b02a2301
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e007556915)
armvirt target has been renamed to armsr (Arm SystemReady) [1],
so the dependency need to be changed as well.
1. 40b02a2301
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 21538459c2)
mhz is a tool for mathematically calculating the current CPU frequency, it
has proven to be a really good help while developing CPU frequency scaling
solutions as it allows to independently prove that scaling actually works.
Now that the author has added a license we can package it for the all to
use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 89123b308f)
ICU 73.2 updates to CLDR 43.1 locale data. These are maintenance releases for ICU 73 and CLDR 43, with limited sets of bug fixes and no API or structural changes.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit a5e21caa82)
In Go 1.18+ embedded files is natively supported, so this package
is useless now. It has been archived on Jun 2022 and failed to build
on the riscv64 target.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 92059f19b0)
