Rosen Penev [Wed, 14 Apr 2021 03:13:47 +0000 (20:13 -0700)]
luv: update to 1.40.0-0
Simplify CMake section.
Fix pkgconfig paths.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alexander Ryzhov [Wed, 14 Apr 2021 07:45:13 +0000 (10:45 +0300)]
fdm: don't use host headers
Signed-off-by: Alexander Ryzhov <github@ryzhov-al.ru>
Alexandru Ardelean [Mon, 12 Apr 2021 06:43:35 +0000 (09:43 +0300)]
python-greenlet: support MIPS architecture
Fixes: https://github.com/openwrt/packages/issues/15370
This is inspired from:
https://github.com/wlanslovenija/firmware-packages-opkg/blob/
330bc94dccd16a3e92ac2fdde08c81a598e12f94/lang/python-greenlet/Makefile
The `PKG_USE_MIPS16:=0` is not taken into consideration when building
Python modules. That's because the sysconfig is used.
This is only an issue with greenlet (on MIPS) so far.
One option is to do `PKG_USE_MIPS16:=0` in the core Python package.
But, since we know that the `wlanslovenija` group has successfully used
greenlet on MIPS with this construct, we might as well adopt it until GCC10
becomes the main compiler.
As noted here:
https://github.com/openwrt/packages/issues/15370#issuecomment-
817015484
GCC10 doesn't have this problem.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Rosen Penev [Wed, 14 Apr 2021 02:57:44 +0000 (19:57 -0700)]
libupnp: update to 1.14.5
Switch to compiling with CMake. Faster.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Apr 2021 03:25:48 +0000 (20:25 -0700)]
umpdcli: update to 1.5.11
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Apr 2021 03:21:45 +0000 (20:21 -0700)]
libupnpp: update to 0.21.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 14 Apr 2021 04:34:35 +0000 (21:34 -0700)]
pulseaudio: fix compilation without doxygen
Meson update makes this error now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Philip Prindeville [Wed, 14 Apr 2021 03:48:04 +0000 (21:48 -0600)]
Merge pull request #15406 from pprindeville/strongswan-add-chacha20poly1305
strongswan: handle chacha20poly1305 as AEAD
Rosen Penev [Mon, 12 Apr 2021 04:24:18 +0000 (21:24 -0700)]
hcxdumptool: update to 6.1.6
Fix compilation without deprecated OpenSSL APIs.
Backport upstream patch to fix stdout.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 12 Apr 2021 04:18:19 +0000 (21:18 -0700)]
hcxtools: update to 6.1.6
Add patch fixing compilation without deprecated OpenSSL APIs.
Fix installation. This never worked as the section was misnamed.
Updated tool names.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Tue, 13 Apr 2021 04:42:04 +0000 (21:42 -0700)]
glib2: update to 2.68.1
Removed two now pointless patches as they were added as options.
Switch to AUTORELEASE for simplicity.
Update MESON_ARGS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Tue, 13 Apr 2021 20:01:24 +0000 (13:01 -0700)]
Merge pull request #15420 from ja-pa/ooniprobe-3.9.2
ooniprobe: update to version 3.9.2
Philip Prindeville [Tue, 13 Apr 2021 03:59:30 +0000 (21:59 -0600)]
strongswan: handle chacha20poly1305 as AEAD
chacha20policy1305 is also an AEAD cipher, and hence does not
permit a hash algorithm.
Fixes issue #15397.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Tue, 13 Apr 2021 04:42:05 +0000 (22:42 -0600)]
strongswan: fail on serious configuration errors
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Tue, 13 Apr 2021 18:32:57 +0000 (12:32 -0600)]
strongswan: drop subshell when possible
A subshell caused by $(...) can't persistently modify globals as a
side-effect.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Luiz Angelo Daros de Luca [Tue, 13 Apr 2021 16:04:43 +0000 (13:04 -0300)]
Merge pull request #15412 from luizluca/ruby-3.0.1
ruby: update to 3.0.1
Jan Pavlinec [Tue, 13 Apr 2021 14:44:25 +0000 (16:44 +0200)]
ooniprobe: update to version 3.9.2
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Rosen Penev [Mon, 12 Apr 2021 05:30:29 +0000 (22:30 -0700)]
vips: update to 8.10.6
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Tue, 13 Apr 2021 07:29:22 +0000 (09:29 +0200)]
Merge pull request #15379 from jow-/bonding-accept-uci-list
bonding: accept list of slaves in uci list notation
Tomas Lara [Tue, 13 Apr 2021 05:37:18 +0000 (01:37 -0400)]
collectd: enable cpufreq for rockchip target
Enable collectd-mod-cpufreq for rockchip
Signed-off-by: Tomas Lara <tl849670@gmail.com>
Rosen Penev [Mon, 12 Apr 2021 05:48:55 +0000 (22:48 -0700)]
squid: update to 4.14
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 12 Apr 2021 05:35:12 +0000 (22:35 -0700)]
vala: update to 0.52.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Tue, 13 Apr 2021 04:44:17 +0000 (21:44 -0700)]
meson: update to 0.57.2
Remove upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alexandru Ardelean [Mon, 12 Apr 2021 07:13:43 +0000 (10:13 +0300)]
django: bump to version 3.2
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 21:19:00 +0000 (18:19 -0300)]
ruby: update to 3.0.1
Fixes two CVEs:
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Josef Schlehofer [Mon, 12 Apr 2021 09:14:49 +0000 (11:14 +0200)]
Merge pull request #15396 from BKPepe/update-bottle
python3-bottle: update to version 0.12.19
Josef Schlehofer [Mon, 12 Apr 2021 09:14:38 +0000 (11:14 +0200)]
Merge pull request #15398 from BKPepe/babel-update
python-babel: update to version 2.9.0
Javier Marcet [Sun, 11 Apr 2021 06:03:55 +0000 (06:03 +0000)]
python-docker: Update to 5.0.0
Breaking changes:
- Remove support for Python 2.7
- Make Python 3.6 the minimum version supported
Features:
- Add limit parameter to image search endpoint
Bugfixes:
- Fix KeyError exception on secret create
- Verify TLS keys loaded from docker contexts
- Update PORT_SPEC regex to allow square brackets for IPv6 addresses
- Fix containers and images documentation examples
Signed-off-by: Javier Marcet <javier@marcet.info>
Javier Marcet [Sun, 11 Apr 2021 06:05:36 +0000 (06:05 +0000)]
docker-compose: Update to version 1.29.0
Features:
- Add profile filter to docker-compose config
- Add a depends_on condition to wait for successful service completion
Miscellaneous:
- Add image scan message on build
- Update warning message for --no-ansi to mention --ansi never as alternative
- Bump docker-py to 5.0.0
- Bump PyYAML to 5.4.1
- Bump python-dotenv to 0.17.0
Signed-off-by: Javier Marcet <javier@marcet.info>
Hirokazu MORIKAWA [Mon, 12 Apr 2021 01:47:17 +0000 (10:47 +0900)]
node: bump to v14.16.1
April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)
OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Eneas U de Queiroz [Mon, 12 Apr 2021 01:00:03 +0000 (22:00 -0300)]
Merge pull request #15400 from cotequeiroz/circular_deps
libseccomp,crun: Fix circular deps
Eneas U de Queiroz [Sun, 11 Apr 2021 22:38:50 +0000 (19:38 -0300)]
Revert "libseccomp: don't build on ARC"
This reverts commit
b29e609701987072fbd991a9ffc203103f99b943.
Adding DEPENDS+=@!arc will cause a circular dependency, because some
packages select libseccomp based on a build option.
Commit
e29483d7e ("libseccomp: workaround a recursive dependency") added
a workaround that was not properly documented, so I'll explain here.
The problem arises when libseccomp is selected depending on some config
option:
define Pakcage/foo
DEPENDS=+FOO_SECCOMP:libseccomp
Even if the condition is correctly defined, excluding arc, such as:
define Package/foo/config
config FOO_SECCOMP
depends on !arc
the config generator will parse libseccomp's DEPENDS variable and
generate menuconfig statements like these:
config PACKAGE_foo
select PACKAGE_libseccomp if FOO_SECCOMP
depends on !FOO_SECCOMP || !arc
The last condition is always true because FOO_SECCOMP will always be
be false when arc is true. The config generator is not able to
simplify/optimize the condition.
The circular dependecy occurs because FOO_SECCOMP depends on
PACKAGE_foo, and the redundant, always true line will make PACKAGE_foo
depend on FOO_SECCOMP.
As a workaround, we can add the 'depends on !arc' line to
Package/libseccomp/config, outside of the DEPENDS variable, so that the
redundant depends line line does not get generated.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Eneas U de Queiroz [Sun, 11 Apr 2021 22:36:16 +0000 (19:36 -0300)]
crun: Don't build on arc
The package needs libseccomp, which does not currently support arc.
In order to avoid a circular dependency, we must avoid arc here as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Philip Prindeville [Sun, 11 Apr 2021 23:10:58 +0000 (17:10 -0600)]
Merge pull request #15382 from cotequeiroz/strongswan
strongswan: libnttft must not select strongswan
Josef Schlehofer [Sun, 11 Apr 2021 23:05:21 +0000 (01:05 +0200)]
python-babel: update to version 2.9.0
Update copyright
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Sun, 11 Apr 2021 22:47:47 +0000 (00:47 +0200)]
python3-bottle: update to version 0.12.19
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Robin Rainton [Sun, 11 Apr 2021 10:32:37 +0000 (12:32 +0200)]
node: #14983 NODEJS_ICU_SMALL is default
Signed-off-by: Robin Rainton <robin@rainton.com>
Tiago Gaspar [Sat, 10 Apr 2021 23:21:58 +0000 (00:21 +0100)]
netdata: disable shared memory totals by default
Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Stan Grishin [Sun, 11 Apr 2021 01:29:59 +0000 (01:29 +0000)]
https-dns-proxy: bugfix: race condition with dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.net>
Paul Spooren [Sat, 5 Sep 2020 23:41:11 +0000 (13:41 -1000)]
CI: remove leftover travis files
THe current CI uses both CircleCI and GitHub Action CI, but not Travis.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Daniel Golle [Sun, 11 Apr 2021 00:41:05 +0000 (01:41 +0100)]
uvol: some improvements
* use lvm --reportformat json
* add 'list' and 'align' commands
* add help output
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stan Grishin [Sat, 10 Apr 2021 18:54:41 +0000 (18:54 +0000)]
simple-adblock: update to 1.8.7-3
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Sat, 10 Apr 2021 10:30:50 +0000 (03:30 -0700)]
taglib: fix config file paths
Gerbera stupidly uses taglib-config to find the paths. Fix them to avoid
adding /usr/lib
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 10 Apr 2021 09:40:39 +0000 (02:40 -0700)]
gerbera: update to 1.8.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 10 Apr 2021 09:40:13 +0000 (02:40 -0700)]
libnpupnp: update to 4.1.3
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 10 Apr 2021 09:39:28 +0000 (02:39 -0700)]
spdlog: update to 1.8.5
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 10 Apr 2021 09:02:25 +0000 (02:02 -0700)]
file: update to 5.40
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Daniel Golle [Sat, 10 Apr 2021 13:39:59 +0000 (14:39 +0100)]
ovsd: improve package style and update source
Fix post-merge comments in #15316 and update source.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 10 Apr 2021 12:30:55 +0000 (13:30 +0100)]
modbus-utils: remove accidentally added package
modbus-utils was not intended to be added at this stage. Remove it.
Fixes: 312594f86 ("uvol: add new package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Gregory L. Dietsche [Fri, 9 Apr 2021 01:14:45 +0000 (20:14 -0500)]
safe-search: prevent duplicate cron job installation
This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.
To reproduce this bug, perform the following:
- Install safe-search
- Perform an OpenWRT firmware upgrade (choose to preserve user settings)
- Install safe-search again
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Daniel Golle [Sat, 10 Apr 2021 11:51:28 +0000 (12:51 +0100)]
ap_config: remove accidentally added package
Fixes: 312594f86 ("uvol: add new package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 10 Apr 2021 03:04:09 +0000 (04:04 +0100)]
uvol: add new package
uvol is a wrapper-script which allows automated handling of storage
volumes. uvol currently comes with backend support for LVM2 and UBI,
covering practically all options for storage large enough to be
managed (NAND, SPI-NAND, eMMC, SATA, NVME, virtio-blk, ...).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 10 Apr 2021 10:54:50 +0000 (11:54 +0100)]
lvm2: don't use `-normal` suffix for non-SELinux variants
This was probably a work-around for an issue with dependencies which
was fixed by
https://github.com/openwrt/openwrt/commit/
988ed0080284903d1fe4851c5ae8f1238bc61da2
Remove it as all other packages with `-selinux` variants do provide
a non-SELinux-variant without any suffix and that works now, see
procd vs. procd-selinux
busybox vs. busybox-selinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Eneas U de Queiroz [Sat, 10 Apr 2021 02:54:43 +0000 (23:54 -0300)]
strongswan: libnttft must not select strongswan
The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead. Otherwise a circular
dependency is created.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Jo-Philipp Wich [Fri, 9 Apr 2021 16:52:15 +0000 (18:52 +0200)]
bonding: accept list of slaves in uci list notation
Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.
Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Dirk Brenken [Fri, 9 Apr 2021 16:42:30 +0000 (18:42 +0200)]
adblock: fix games_tracking source url
Signed-off-by: Dirk Brenken <dev@brenken.org>
Daniel Golle [Fri, 9 Apr 2021 16:33:21 +0000 (17:33 +0100)]
autopart: use '-' to separate drive serial in volume name
Instead of just appending the driver serial including the '0x' prefix,
use '-' prefix instead to make it more readable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Jianhui Zhao [Thu, 8 Apr 2021 06:58:57 +0000 (14:58 +0800)]
libuhttpd: Update to 3.11.0
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Philip Prindeville [Fri, 9 Apr 2021 04:26:56 +0000 (22:26 -0600)]
Merge pull request #6924 from derekyerger/strongswan-lattice-sha3
strongswan: add more crypto plugins
Josef Schlehofer [Wed, 7 Apr 2021 12:17:57 +0000 (14:17 +0200)]
Merge pull request #15353 from ja-pa/knot-resolver-5.3.1
knot-resolver: update to version 5.3.1
Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8
Major changes are:
disable symlink by default.
remove smack inherit leftovers.
Enable guest access on IPC$ share by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
Rosen Penev [Wed, 7 Apr 2021 04:48:16 +0000 (21:48 -0700)]
ksmbd: update to 3.3.8
Major changes are:
clean-up codes using checkpatch --strict option.
fix several warning and build failure from linux-next.
change the minimum supported kernel version to v5.4.
use xarray for tree connect list.
fix reviews from lkml.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jan Pavlinec [Tue, 6 Apr 2021 09:47:18 +0000 (11:47 +0200)]
ooniprobe: update to version 3.9.0
Remove getrescources call because it is no longer
required.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Tue, 6 Apr 2021 10:00:28 +0000 (12:00 +0200)]
python-pytest: update to version 6.2.3
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Hannu Nyman [Wed, 7 Apr 2021 07:16:28 +0000 (10:16 +0300)]
Merge pull request #15235 from TDT-AG/pr/
20210323-collectd-mod-ubi
collectd: add bad blocks percent calculation for ubi plugin
Josef Schlehofer [Tue, 6 Apr 2021 22:23:19 +0000 (00:23 +0200)]
Merge pull request #15359 from BKPepe/zeroconf
zeroconf: update to version 0.29.0
Josef Schlehofer [Tue, 6 Apr 2021 22:23:08 +0000 (00:23 +0200)]
Merge pull request #15358 from BKPepe/ytdl
youtube-dl: update to version 2021.4.7
Rosen Penev [Mon, 5 Apr 2021 02:31:56 +0000 (19:31 -0700)]
minisatip: add libdvbcsa support
Unconditionally enable with BUILD_PATENTED.
Simplify configure args.
Add missing PKG_CONFIG_DEPENDS
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 2 Apr 2021 23:22:34 +0000 (16:22 -0700)]
lualanes: build with CMake
Faster to compile.
Add license information.
Several cleanups for consistency between packages.
Small patch fix now that uClibc-ng is gone.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Josef Schlehofer [Tue, 6 Apr 2021 20:48:19 +0000 (22:48 +0200)]
zeroconf: update to version 0.29.0
Update copyright in Makefile
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Jan Pavlinec [Tue, 6 Apr 2021 10:41:02 +0000 (12:41 +0200)]
knot-resolver: update to version 5.3.1
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Karl Palsson [Tue, 6 Apr 2021 10:33:56 +0000 (10:33 +0000)]
mosquitto: bump to 2.0.10
This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances
could be remotely DoS'd by authenticated clients.
Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Christian Lachner [Tue, 6 Apr 2021 05:46:03 +0000 (07:46 +0200)]
haproxy: Update HAProxy to v2.2.13
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Florian Eckert [Tue, 6 Apr 2021 05:51:43 +0000 (07:51 +0200)]
Merge pull request #15337 from SvenRoederer/xinetd-include
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
Rosen Penev [Mon, 5 Apr 2021 22:29:37 +0000 (15:29 -0700)]
meson: fix compilation with at least spice
This commit should also get rid of pointless option warnings.
Also removed an extra ) that was causing a bad cpu value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alexandru Ardelean [Mon, 5 Apr 2021 15:37:06 +0000 (18:37 +0300)]
pillow: bump to version 8.2.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Rosen Penev [Fri, 2 Apr 2021 23:35:44 +0000 (16:35 -0700)]
libmaxminddb: build with CMake
Faster and less error prone.
Small cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Philip Prindeville [Sun, 4 Apr 2021 20:17:15 +0000 (14:17 -0600)]
strongswan: bump to 5.9.2
Retire weak algorithms like MD5 and 3DES.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Derek Yerger [Mon, 5 Apr 2021 19:31:49 +0000 (14:31 -0500)]
strongswan: add more crypto plugins
Adds modules for BLISS signature scheme, NTRU and New Hope key
exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD,
ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE
XOF, and the Number Theoretic Transform library.
Signed-off-by: Derek Yerger <derek@altdevs.net>
Philip Prindeville [Wed, 24 Feb 2021 21:46:33 +0000 (14:46 -0700)]
strongswan: force PIC on all builds
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Stijn Tintel [Mon, 5 Apr 2021 17:01:28 +0000 (20:01 +0300)]
libcap: drop from feed
The libcap package was moved to OpenWrt base.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Alexandru Ardelean [Mon, 5 Apr 2021 14:53:18 +0000 (17:53 +0300)]
python3: bump to version 3.9.4
For some reason Python3 jumped from 3.9.2 to 3.9.4 in about a week.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Leonardo Mörlein [Fri, 26 Mar 2021 22:04:32 +0000 (23:04 +0100)]
uacme: add retries
Prior to this commit, the acme service attempted to obtain certificates
once and then terminated, regardless of whether the certificate could be
obtained or not. This commit introduces a new uci option "retries" to
the "certificate" section. If this option is set to N, the acme service
will attempt to obtain the certificate up to N times before terminating.
There is a waiting pause between the retries to comply with the rate
limits of Let'sEncrypt.
The waiting pause is:
- 2 minutes for staging certificates
- 24 minutes for production certificates
The current "Failed Validation" rate limits of Let'sEncrypt are:
- staging: 60 per hour -> 1 failure every 1 minute in avg.
- production: 5 per hour -> 1 failure every 12 minutes in avg.
This means that we are within rate limits by a factor of two.
By default the option "retries" is set to "1", which means that acme
behaves as before by default. If the variable is set to "0", infinite
retries are performed.
This feature is helpful, when you already want to initiate the
certificate request, but you are still waiting for your dns server to be
configured, your network to appear or other conditions.
Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
Rosen Penev [Mon, 5 Apr 2021 02:51:27 +0000 (19:51 -0700)]
lua-openssl: try to fix buildbot
Something is weird there. Can't reproduce on CI or locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 5 Apr 2021 02:27:13 +0000 (19:27 -0700)]
libdvbcsa: add BUILD_PATENTED
This was missing in the initial commit.
Add AUTORELEASE as well for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Leonardo Mörlein [Thu, 25 Mar 2021 22:22:28 +0000 (23:22 +0100)]
uacme: propagate rc of uacme in issue_cert()
Before this commit, issue_cert always returned 1 no matter if uacme
returned 1, 2, 3, ... With this commit, the return code of the uacme
binary is propagated. Therefore the caller of issue_cert can
differentiate between "no renew necessary" and "an error occurred".
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Leonardo Mörlein [Thu, 25 Mar 2021 22:22:19 +0000 (23:22 +0100)]
uacme: allow including run-uacme
With this commit, the run-acme script can be included into other scripts
by setting INLCUDE_ONLY=1.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Ondřej Caletka [Sun, 4 Apr 2021 19:53:39 +0000 (21:53 +0200)]
jool: Update to 4.1.5
Compile and run tested on: mvebu (Turris Omnia)
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
Javier Marcet [Sun, 4 Apr 2021 20:10:30 +0000 (20:10 +0000)]
python-dotenv: update to v0.17.0
Signed-off-by: Javier Marcet <javier@marcet.info>
Philip Prindeville [Sun, 4 Apr 2021 19:08:26 +0000 (13:08 -0600)]
Merge pull request #14708 from pprindeville/strongswan-add-swanctl-initd
strongswan: migrate to swanctl configs
Philip Prindeville [Wed, 10 Feb 2021 05:49:30 +0000 (22:49 -0700)]
strongswan: migrate to swanctl configs
Derived from the ipsec initd script, with the following changes:
(1) various code improvements, corrections (get rid of left/right
updown scripts, since there's only one), etc;
(2) add reauth and fragmentation parameters;
(3) add x.509 certificate-based authentication;
and other minor changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Sun, 4 Apr 2021 04:18:08 +0000 (22:18 -0600)]
Merge pull request #15339 from pprindeville/strongswan-reset-ipsec.conf
strongswan: remove synthesized ipsec conf files
Rosen Penev [Fri, 2 Apr 2021 23:04:59 +0000 (16:04 -0700)]
dbus: update to 1.13.18
Switch to building with CMake for faster compilation.
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 4 Apr 2021 02:07:43 +0000 (19:07 -0700)]
Merge pull request #15329 from G-M0N3Y-2503/cache-domains-fix
cache-domains: Fixed host files directory
Rosen Penev [Sun, 4 Apr 2021 02:07:17 +0000 (19:07 -0700)]
Merge pull request #15330 from
1715173329/xray
xray-core: Update to 1.4.2
Philip Prindeville [Tue, 2 Mar 2021 21:43:37 +0000 (14:43 -0700)]
bash: fixing missing PARAMS() macro in strtod.c
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Rafał Dzięgiel [Sun, 2 Aug 2020 09:52:07 +0000 (11:52 +0200)]
libdvbcsa: add new package
Libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm DVB/CSA - with encryption and decryption capabilities.
OpenWrt packages like `tvheadend` and `minisatip` can benefit from it.
Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
Rosen Penev [Sun, 4 Apr 2021 01:46:39 +0000 (18:46 -0700)]
Merge pull request #15074 from ja-pa/python-greenlet
python-eventlet & python-greenlet: add new packages