prosody: /etc/prosody permissions fix

Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
(cherry picked from commit 838306cb37aaede5c0db61559166b06737bf5c6b)

prosody: Update to 0.11.3

Several Makefile rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 73d29b9fd7b4abf4276b261fd113af2a1dcc4e2a)

tvheadend: fix conffiles section

The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`

It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 752d1ffc28971b9b641162498a877750fa687bbd)

domoticz: backport patch to fix compilation with uClibc-ng

This helps to compile domoticz on arc target.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

domoticz: bump to 4.10717

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 7e50722145943e36bb687bc7462f8e483c8652b6)

domoticz: Fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8c77bcc19f4283813cdbb99842bb1c330fadf124)

netdata: Update init script to use -D rather than -nd

The current init script is using the deprecated -nd flag. This updates netdata to be started with -D.

Signed-off-by: James White <james@jmwhite.co.uk>
(cherry picked from commit cf9d5a887031f245fbae6f8bcd3366078996f123)

apache: security bump to 2.4.51

Fixes (see [1] for details):

  CVE-2021-33193
  CVE-2021-41524
  CVE-2021-41773
  CVE-2021-42013

[1] https://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit da4b1ca8d65b788d85489cd3ca83d91b0fd72f0f)

haveged: update to 1.9.17

Update havged to version 1.9.17.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit e065ccda94aff9ac39d0aeac0449e9cd2cecc703)
(Autorelease removed)

Merge pull request #17476 from BKPepe/buildonly

treewide: add missing BUILDONLY

treewide: add missing BUILDONLY

Fixes Makefile warnings:

WARNING: skipping X -- package has no install section

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5a7148d112113544611ee358a7d062cec85c1629)

zsh: drop bash syntax in postinst

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit c09d6042fe3b58d7eb0fdc65fc9968c47d98aea1)

zsh: fix invalid postrm script and little refactor of scripts

The postrm script was missing shebang. Postrm scripts are packaged and
executed directly and not sourced by default script (as in case of prerm
and postinst).

Also move some indents around to not confuse reader. The section in
postinst was indented to same level as grep "condition" but is on same
level as initial grep (not part of that "condition").

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit d2d193d81885cd2351e3bd53f6f4cc8ec092e26d)

nano: update to version 6.0

Update nano editor to version 6.0

Version 6.0 enable toggling the display of the line numbers with
the shortcut key M-N (Alt-n). Also the cmdline option "-l" works.
Remove earlier patch regarding that.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from commits 0571f5400, 9023845d5 and ae7f62d63)

Merge pull request #17250 from ynezz/ynezz/cares-fix-CVE-2021-3672

[19.07] libs/c-ares: fix domain hijacking CVE-2021-3672

Merge pull request #17267 from BKPepe/postgresql-update

[19.07] postgresql: security update to version 11.14

msmtp: update to version 1.8.1.9

Changelog:
https://marlam.de/msmtp/news/msmtp-1-8-19/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 173faad3340772e1b2194c618fb8c1f13f81b9a9)

postgresql: security update to version 11.14

Patch 001-configure_fixes does not apply anymore.
Other patches were refreshed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

libs/c-ares: fix domain hijacking CVE-2021-3672

Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).

I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.

1. https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch

Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>

msmtp: update to version 1.8.17

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 18261fcd313b073e36a5ba39eeaf0aef808a1694)

syslog-ng: update to version 3.35.1

Also bump the version in syslog-ng config file.
Removes this warning:

Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2d2fd36e28a40a63b1bd16c77cce57d446d656cc)

Merge pull request #17209 from peci1/patch-1

ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

icu: Fix memory bug w/ baseName

CVE-2021-30535 : Double free in ICU
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
https://security-tracker.debian.org/tracker/CVE-2021-30535

ICU-21587 : Fix memory bug w/ baseName
https://github.com/unicode-org/icu/pull/1698

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

ddns-scripts: Fix wrong whitespace in preinst and postinst scripts

Signed-off-by: Martin Pecka <peckama2@fel.cvut.cz>

bind: update to version 9.16.23

Changelog:
https://downloads.isc.org/isc/bind9/9.16.23/RELEASE-NOTES-bind-9.16.23.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

Merge pull request #17114 from paper42/cve-2019-19906-19

[19.07] cyrus-sasl: patch CVE-2019-19906

cyrus-sasl: patch CVE-2019-19906

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit f7717bd382d4f03c6353beaaf198d29a34c8e6ab)

Merge pull request #17110 from thg2k/pr/19_php72_ini_1

[19.07] php7: Update and clean up distributed php7.ini

php7: Clean up and update distributed php.ini for php 7.2.34

Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.2.34
- Added '~E_DEPRECATED' to 'error_reporting'

Directives removed that no longer exist as of PHP 7.2.34:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>

syslog-ng: update to version 3.34.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d8e88ef51ec85c3f459fb4e8bf0e08fa26cffb29)

ffmpeg: update to version 3.4.9 (security fix)

Fixes:
CVE-2020-13904
CVE-2020-2044
CVE-2020-20453
CVE-2020-22015
CVE-2020-22019
CVE-2020-22033
CVE-2020-22021
CVE-2020-22037
CVE-2020-35965
CVE-2021-38114
CVE-2021-38171
CVE-2021-38291

Refresh patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

bind: Bump to 9.16.22

The following CVEs are addressed:

* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
  effectively disables the lame server cache, as it could previously
  be abused by an attacker to significantly degrade resolver performance.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>

tvheadend: update libhdhomerun

Recently, silicondust (developers of hdhomerun) did some cleanup and
removed old versions for hdhomerun library.

```
WGET            http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz
http://download.silicondust.com/hdhomerun/libhdhomerun_20150826.tgz:
2021-10-26 05:15:14 ERROR 404: Not Found.
```

And because of that, it is not possible to compile tvheadend, it ends
with following error:

```
In file included from src/input/mpegts/tvhdhomerun/tvhdhomerun.c:25:0:
src/input/mpegts/tvhdhomerun/tvhdhomerun_private.h:27:10: fatal error: libhdhomerun/hdhomerun.h: No such file or directory
 #include <libhdhomerun/hdhomerun.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
```

Let's fix it by updating libdhdhomerun to newer version.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

bind: update to version 9.16.21

- Remove patch, which is part of this release, it was backported from
  upstream

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

nextdns: Update to version 1.37.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

Merge pull request #16903 from jefferyto/python-package-host-dependencies-openwrt-19.07

[openwrt-19.07] python-packages: Fix host package build dependencies

Merge pull request #16906 from stangri/openwrt-19.07

[19.07] vpn-policy-routing: downgrade to 0.2.1-13

vpn-policy-routing: downgrade to 0.2.1-13

* there are reports that newer versions don't work on 19.07.x
* revert to older README to describe this older version

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 7bb2ccd4e173486d1c51a72374c55398c9c7e725)

python-dateutil: Add missing HOST_PYTHON3_PACKAGE_BUILD_DEPENDS

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

python-importlib-metadata: Pin setuptools-scm version

While a pinned/working version of setuptools-scm is installed (by
python-zipp) by the time this package is compiled, pinning the version
in this package is still the correct thing to do.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

Merge pull request #16900 from stangri/openwrt-19.07

[19.07] simple-adblock: update to 1.8.8-1

simple-adblock: update to 1.8.8-1

* update 'check' function

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit d11f310230497ea81cf207f9214528bd9d221eee)

Merge pull request #16879 from turris-cz/19.07-zipp

python-zipp: pin setuptools-scm version

Merge pull request #16885 from stangri/openwrt-19.07

[19.07] https-dns-proxy: update to 2021-09-27

https-dns-proxy: update to 2021-09-27

* update to [2021-09-27](https://github.com/aarond10/https_dns_proxy/commit/da2501f542a732167a78f1851a511d9c0abc2fd8)
* fixes https://github.com/aarond10/https_dns_proxy/issues/125
* restart instead of reload on interface hotplug
* fixes https://github.com/openwrt/packages/issues/16794
* produce output and log entries on service start/stop
* prevent unnecessary dnsmasq restarts if service has previously updated dnsmasq settings
* allow both named and typed dnsmasq instance settings to be updated
* update 010-fix-cmakelists patch file

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit f8d16338da979ad20908bd2a16ca62857a902e91)

tor: update to 0.4.5.10

* 0.4.4 is not an LTS series, people running tor relays with 0.4.4 will
  be evicted from the tor network. 0.4.5 is an LTS series
* fix building without OpenSSL engine support (from e30f0480c829cf0340a16fe8499a95c7c2fd6f89)
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

python-zipp: pin setuptools-scm version

The recent version of setuptools-scm depends on tomli, which has some build issues.
Older one works.

Suggested-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

perl: perlmod.mk: use flock when hostpkg/perl used

Avoid parallel relinking and usage of the host perl binary by wrapping
its usage around flock calls.

Sometimes, two packages will try to relink the static host perl binary
at the same time.  Neither of them will have the other's module linked
in, and one of them will unavoidably clobber the other one's binary.

This will lead to errors when a package will not be able to find a
module that was supposed to be installed.

To fix that, an exclusive flock is used when relinking, with a 900
seconds timeout to avoid locking up the build process forever.

This is not enough because the binary may be concurrently used to build
another module package; perl is used in Configure, Compile, and Install
procedures.  If timing is right, a package will fail with a "permission
denied" error.

So a shared flock call is added in Configure, Compile, and Install
definitions for host and target, with a shorter, 300 seconds timeout.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1e18c4324fd1fb43764057fb8f4e9c1ea4a17553)

nano: update to 5.9

Update nano editor to version 5.9.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 38143e6f8b9d1ff0a3e33a15d655306cc9f74c27)
(cherry picked from commit e155b3d29392459eb3dcc2822dda4045dd99f3af)

haveged: update to 1.9.15

Update haveged to version 1.9.15.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 1f3f63f5de7dfaea369f4832cdd061994fba1924)

lighttpd: update to lighttpd 1.4.55 release hash

update lighttpd in openwrt-19.07 branch from lighttpd 1.4.54 to 1.4.55

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

Merge pull request #16569 from turris-cz/19.07/tor-0.4.4.9

tor: update to version 0.4.4.9

Merge pull request #16196 from miska/snort3-19.07

net/snort3: Include default configs and snort2lua

tcpreplay: avoid host lib leakage

On hosts that have pcapnav-config installed, there is host lib leakage.
From config.log:

LNAVLIB='-L/usr/lib64 -lpcapnav -lpcap'
LNAV_CFLAGS='-I/usr/include'

Fix this by disabling pcapnav-config, which isn't available anyway.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e4b8fec79cd7d2ed092c51aa83683fa5b151ae2a)

tcpreplay: bump to version 4.3.4

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 7436d944fa44e27816401868a11a4c9115eb717d)

tcpreplay: add libdnet support

On Arch Linux, tcpreplay is picking up the host dnet-config and adding
OS paths, thereby breaking compilation. The easiest solution is to add
libdnet support as the previous commit fixes dnet-config on OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9f216a06695aa81bb8cad76245a978bfa4683a0)

tcpreplay: fix compilation with Arch Linux

It tries to link to host libraries for some reason. Add autoreconf to
fix. Also remove redundant prefixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 87177eef7539d6cd092063dc0a1aa67726cff2a6)

tcpreplay: bump to version 4.3.3

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit c7153f22a74b3183bd7fb575e0ae045ecf2f0fff)

ntfs-3g: patch CVE-2019-9755

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

nextdns: Update to version 1.37.2

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

Merge pull request #16581 from jow-/openwrt-19.07

cgi-io: update to latest Git HEAD

bind: update to version 9.16.20

1. Fixes: CVE-2021-25218

2. Add patch to bump API version, which was forgotten by BIND devs
Related to https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
Pointed out in https://www.openwall.com/lists/oss-security/2021/08/20/2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

cgi-io: update to latest Git HEAD

98cef9d Retry splice() syscall on EINTR

Fixes: https://github.com/openwrt/luci/issues/5342
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=4006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit db8e0fdea454c3b07d859935de5a7d3714fd72ac)

cgi-io: update to version 2020-10-27

Contains following list of changes:

 ab4c3471b261 tests: add cram based unit tests
 7b4e3241e1bd tests: add cgi-io built with clang sanitizers
 21831f45d16d Disable session ACLs during unit testing
 2f525417b5df Add initial GitLab CI support
 57f1c4f18cb6 Add .gitignore
 09f9ac5066ee Fix off-by-one in postdecode_fields
 ed8ce0d5d28b Add fuzzing of utility functions
 a61581819800 Add fuzzing of multipart_parser
 6b0615b728ed Refactor utility functions into static library
 a0ed2c9a7a72 Fix clang compiler errors
 232659da19a4 Fix possible NULL dereference
 8e5719b37a67 Fix warnings reported by clang-10 static analyzer
 b99aa8a64cca Remove Makefile

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 351e4e01c597a13f7c20f76884310996e432e230)

cgi-io: move into out of tree project

No functional changes, just moved the sources into out of tree
project[1] so it's going to be easier to do CI with unit testing,
fuzzing etc.

1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 08be3279423ed19554905d9cf00a508be0586107)

haproxy: Update HAProxy to v2.0.25

- This update fixes CVE-2021-40346; see: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>

python3: update to version 3.7.12

Fixes: CVE-2013-0340 (Windows and MacOS only) and smtplib multiple CRLF injection
Changelog: https://www.python.org/downloads/release/python-3712/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

tor: update to version 0.4.4.9

Fixes:
- CVE-2021-34548
- CVE-2021-34549
- CVE-2021-34550

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

irssi: update to 1.2.3

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 752656c6be242d266d689078cc3ed1d76cb0143f)

nextdns: Update to version 1.37.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

nextdns: Update to version 1.37.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

acme: Fix uhttpd restart to load new certificates

Fixes issue #16256

Bump PKG_RELEASE to 4.

Signed-off-by: Dennis Schüsselbauer <scde@users.noreply.github.com>
(cherry picked from commit d69534751e2cf15aa7add8e8db713fd7131edd1f)

click: update to version 7.0

- Change URL of the website and for PKG_SOURCE_URL
- Change TITLE and description
- Remove PKG_BUILD_DEPENDS, PKG_UNPACK as they are not necessary
- Add src package

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25e8b2cda2efda171929a33b9d52dbf108ca67b7)

dnsdist: fix default SSL lib spelling

This is cosmetic only, since openssl is the first one being defined, but
it avoids a warning in scripts/config, after upgrading to kconfig-v5.6:
tmp/.config-package.in:102839:warning: choice default symbol
'DNSDIST_OPENSSSL' is not contained in the choice

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit dbe11776ed820505d65d2572d372e5c1cfa1ff48)

Merge pull request #16518 from jefferyto/golang-packages-remove-strip-ldflags-openwrt-19.07

[openwrt-19.07] treewide: Remove GO_PKG_LDFLAGS for stripping binaries

treewide: Remove GO_PKG_LDFLAGS for stripping binaries

The "-s -w" flags in GO_PKG_LDFLAGS tells the Go compiler to strip the
binaries it produces. Since the default Go package build process will
strip binaries when CONFIG_USE_STRIP or CONFIG_USE_SSTRIP are selected,
these flags are unnecessary.

When CONFIG_NO_STRIP is selected, these flags override the user's
intention of building unstripped packages.

This removes these flags for all relevant packages.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

nginx: add PROVIDES nginx-ssl to nginx-all-module

fix issue when installing luci-ssl-nginx

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>

Revert "net/miniupnpd: ext_ip_reserved_ignore support"

This patch is causing several issues [1], which then were reported to
upstream [2] and it was not accepted by upstream [3]. This results that
nobody maintain this custom patch and it is not useful as it is changing
addr_is_reserved behavior.

[1] https://github.com/openwrt/packages/issues/15258
[2] https://github.com/miniupnp/miniupnp/issues/542
[3] https://github.com/miniupnp/miniupnp/pull/511

This reverts commit b76aa9919489f49b472a8f939f6d46ca33d05f64.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 107f3376b5114cd17c115e25026b031bd439e9be)

Merge pull request #16410 from paper42/git-2.26.3-19

[19.07] git: update to 2.26.3

apr: patch CVE-2021-35940

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 0777e40b7472a0b0b77531b6797448f8c15bd586)

Merge pull request #16444 from paper42/postgresql-fix-hardening

[19.07] postgresql: disable PIC

Merge pull request #16455 from rs/nextdns-1.36.0-openwrt-19.07

[19.07] nextdns: Update to version 1.36.0

nextdns: Update to version 1.36.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

postgresql: disable PIC

with PIC enabled, build fails with
ld: access/gist/gistproc.o: in function `rtree_internal_consistent':
gistproc.c:(.text+0x188): relocation truncated to fit: R_AARCH64_LD64_GOTPAGE_LO15 against symbol `DirectFunctionCall2Coll' defined in .text section in utils/fmgr/fmgr.o
ld: gistproc.c:(.text+0x188): warning: too many GOT entries for -fpic, please recompile with -fPIC
ld: final link failed: symbol needs debug section which does not exist
collect2: error: ld returned 1 exit status

Related-to: 8e9ad7bb5117edea4df08cd9a2de62685103a4b3
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

Merge pull request #16411 from paper42/file-5.38-19

[19.07] file: update to 5.38

file: update to 5.38

* fixes CVE-2019-18218

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

Merge pull request #16412 from paper42/tar-cve-19

[19.07] tar: fix CVE-2021-20193

https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS

This fixes compilation issues with ASLR PIE enabled

We were compiling with '-g -DDEBUG'

https-dns-proxy_2021-07-29-*_arm_cortex-a9_vfpv3-d16.ipk
shrink from 19514 to 19095

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 374e1dd56e1742273b261f25a69fd3d46741e357)

tar: fix CVE-2021-20193

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

mc: add a missing Syntax file

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 312caff03b17241d2e383eb254b41d35e9225294)
Signed-off-by: Dirk Brenken <dev@brenken.org>

git: update to 2.26.3

* fixes CVE-2021-21300

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

Merge pull request #16398 from paper42/mc-1907

[19.07] mc: update to 2.8.27

mc: update to 2.8.27

* fixes CVE-2021-36370
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

unixodbc: use 'install' when copying host binaries

'cp' fails with a text file busy error if it tries to overwrite an
executable file that is running.  'install' unlinks the file first, so
it will not cause the problem.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 47f98d7030f1023e7b2ed118c7774c6100fc979b)

perl: perlmod.mk: use 'install' for host binaries

When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'.  However, if the binary is running in a
parallel job, cp will fail with a text file busy error.  Use
$(INSTALL_BIN), which unliks the file first to avoid the error.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 19c7496648cb25500ca7007a7c1578a426c23a09)

Merge pull request #16254 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: update to 2021-07-29-1

knot: update to version 3.0.8

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 5f374929cfdf59fd1b2ec558cd024f5b301d3169)

knot: update to version 3.0.7

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 8d66f49baef164e6c7a621dd7e72328f62f242f4)

knot: update to version 3.0.6

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit d578f60818b9dd53cc3285cc4deff32fb09f7a89)

knot: update to version 3.0.5

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit d92a2cd21bbc41ceba9ac2b7a8ccc96a0bd2a249)