Rosen Penev [Tue, 12 May 2020 22:08:50 +0000 (15:08 -0700)]
faad2: update to 2.9.2
Removed upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ad1203ebb9da640ada304a03450226acf4505748)
Rosen Penev [Sat, 28 Mar 2020 02:56:16 +0000 (19:56 -0700)]
xz: update to 5.2.5
Switched to smaller xz archive.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
8c5d0c673d824e95a8659eb67351b457f5472ca9)
Rosen Penev [Tue, 9 Jun 2020 23:20:45 +0000 (16:20 -0700)]
zstd: fix compilation without host distutils
This is the case in debian.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ec3798645d644d5fa9727a301b4ccdd24e278063)
Rosen Penev [Wed, 3 Jun 2020 21:35:39 +0000 (14:35 -0700)]
zstd: update to 1.4.5
Switch to zst archives for smaller size.
Removed patches in favor of a better solution for uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
8c23fef9dace93ef742093da8468e84057337c56)
(changed to gz since 19.07 has no zstd support)
Rosen Penev [Sun, 26 Apr 2020 02:50:05 +0000 (19:50 -0700)]
zstd: remove lto and as-needed flags
The former can be implemented as a meson argument.
The latter is already default.
No compiled difference, therefore no PKG_RELEASE bump.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
3c9dbc1429532d9d370d0b976ac812845b43a897)
Rosen Penev [Sat, 18 Apr 2020 07:00:23 +0000 (00:00 -0700)]
zstd: convert to meson
Allows faster build with ninja. Unfortunately, the LTO stage slows it
massively.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
779a4dca67560a6d68ed479f58128fab52bbc221)
Rosen Penev [Tue, 24 Dec 2019 02:42:30 +0000 (18:42 -0800)]
aria2: Build with MIPS16
All the computationally expensive stuff is in the libraries, not the
package itself.
Saves several kilobytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
a5e7d0a9046305e083033f9a88065e252156407a)
Xingwang Liao [Tue, 8 Oct 2019 02:04:53 +0000 (10:04 +0800)]
aria2: Update to 1.35.0
* remove OpenSSL patch, it has already merged to the source.
Signed-off-by: Xingwang Liao <kuoruan@gmail.com>
(cherry picked from commit
2384acdc9d50f7e1d343c7b465288022097fac61)
Rosen Penev [Sat, 11 Jul 2020 22:37:21 +0000 (15:37 -0700)]
libvorbis: update to 1.3.7
Switched to CMake for the faster compilation and the simpler Makefile.
Minor Makefile cleanups.
Before:
time make package/libvorbis/compile -j 12
Executed in 24.40 secs fish external
usr time 21.17 secs 0.00 micros 21.17 secs
sys time 3.05 secs 426.00 micros 3.05 secs
After:
time make package/libvorbis/compile -j 12
Executed in 9.19 secs fish external
usr time 11.29 secs 0.00 micros 11.29 secs
sys time 1.43 secs 421.00 micros 1.43 secs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0ef247cf5da5d04bff1a8ff993622a22b2fdca1f)
Josef Schlehofer [Fri, 17 Jul 2020 15:37:00 +0000 (17:37 +0200)]
msmtp: update to version 1.8.11
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
dd44bf2e7a563a611bac24ea2a177b3d9273ede4)
Josef Schlehofer [Sat, 23 May 2020 21:26:03 +0000 (23:26 +0200)]
msmtp: update to version 1.8.10
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e193db6b6946815098f946573efd4581106fb659)
Josef Schlehofer [Thu, 16 Jul 2020 17:47:29 +0000 (19:47 +0200)]
squid: update to version 4.12
- Fixes CVEs:
CVE-2019-12519
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12528
CVE-2019-12529
CVE-2019-12824
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2020-8449
CVE-2020-8450
CVE-2020-11945
CVE-2020-14058
CVE-2020-15049
- Remove patch for cross-compilation
The patch should not be included in the OpenWrt at all without any
commit message/description.
Is not needed and there should be used HOST variables instead of BUILD variables (e.g.
HOSTCXX)
However, the BUILDCXX is set in Makefile to HOSTCXX
- Renumber glibc patch and refresh it
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
3401e29aa7643bfba29e80c23cf5c613a0160d73)
Jonathan Elchison [Tue, 3 Mar 2020 20:47:32 +0000 (15:47 -0500)]
squid: fix 'localhet' typo in squid.conf
Signed-off-by: Jonathan Elchison <JElchison@Gmail.com>
(cherry picked from commit
2ba6546dd8fde73b694735af20214b52af6675b3)
Rosen Penev [Sun, 19 Apr 2020 00:30:35 +0000 (17:30 -0700)]
quasselc: fix compilation with newer glib2
Needed to fix LDFLAGS variable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
030cc5570ca9caa0f2b7392c6df6667582dee72d)
Rosen Penev [Thu, 23 Apr 2020 00:55:03 +0000 (17:55 -0700)]
gkrellmd: update to 2.3.11
Added nls.mk as this is now required.
Fixed license information.
Several small fixes and cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
4426e4c69b3edbc7dca679c71769c690318b4659)
Rosen Penev [Fri, 4 Oct 2019 01:27:01 +0000 (18:27 -0700)]
sumo: Update to 1.3.1
Converted to CMake for simplicity.
Added upstream patch to use sleep_for instead of deprecated usleep.
Added patch to fix compilation with musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
a9abe60ef4678254abac66e42e0f20b14fc6fb2d)
Rosen Penev [Mon, 20 Jul 2020 10:24:29 +0000 (03:24 -0700)]
Merge pull request #12881 from jefferyto/python3-backport-patches-openwrt-19.07
[openwrt-19.07] python3: Backport security fixes
Jeffery To [Sun, 19 Jul 2020 22:02:38 +0000 (06:02 +0800)]
python3: Backport security fixes
This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Sun, 19 Jul 2020 21:40:04 +0000 (14:40 -0700)]
Merge pull request #12877 from jefferyto/golang-1.13.14-openwrt-19.07
[openwrt-19.07] golang: Update to 1.13.14
Jeffery To [Sun, 19 Jul 2020 19:11:51 +0000 (03:11 +0800)]
golang: Update to 1.13.14
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hannu Nyman [Sat, 18 Jul 2020 11:11:34 +0000 (14:11 +0300)]
haveged: update to 1.9.13
Update haveged to version 1.9.13.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
28cf20129081f9c6b8778b243cc3df1f610544c4)
Josef Schlehofer [Thu, 16 Jul 2020 17:13:24 +0000 (19:13 +0200)]
libvorbisidec: update to version
20180319
Fixes CVE-2018-5147
- Change PKG_SOURCE_URL
fatal: unable to access 'https://git.xiph.org/tremor.git/': Failed to connect to git.xiph.org port 443: Connection refused
because they changed the URL of the repository
- Removes PKG_SOURCE_SUBDIR and PKG_SOURCE
Those are already defaults
- Fix indentation in description
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
406d0d9f3fd9ad88b701b07019ac69ee7d7d19b1)
Josef Schlehofer [Thu, 16 Jul 2020 13:25:02 +0000 (15:25 +0200)]
dnscrypt-proxy2: update to version 2.0.44
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
01ff758894d4efecdd69bf79f86014d82b91dd01)
Josef Schlehofer [Thu, 16 Jul 2020 08:18:36 +0000 (10:18 +0200)]
Merge pull request #12676 from BKPepe/bind-openwrt19.07
[19.07] bind: update to version 9.16.x
Yousong Zhou [Tue, 14 Jul 2020 11:02:52 +0000 (19:02 +0800)]
openvswitch: bump to version 2.11.3
Two patches were backported to fix issue openwrt/packages#12737
0002-compat-Fix-ipv6_dst_lookup-build-error.patch
0003-compat-Backport-ipv6_stub-change.patch
One was deleted as it is now part of 2.11.3
0005-datapath-conntrack-fix-include-for-IP6_DEFRAG_CONNTR.patch
Other patches refreshed
Reported-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Rosen Penev [Mon, 13 Jul 2020 00:59:25 +0000 (17:59 -0700)]
Merge pull request #12732 from TDT-AG/pr/
20200706-mwan3
mwan3: sync with master branch
Rosen Penev [Thu, 9 Jul 2020 06:04:26 +0000 (23:04 -0700)]
Merge pull request #12767 from jonathanunderwood/openwrt-19.07
[19.07] stubby: remove libbsd dependency and fix compilation with deprecated OpenSSL APIs
Rosen Penev [Tue, 7 Jul 2020 21:57:59 +0000 (14:57 -0700)]
getdns: fix compilation without deprecated OpenSSL APIs
Since DSA is enabled, dsa.h is needed. Normally this header is included
implicitly with engine.h but with OPENSSL_API_COMPAT >= 0x10100000L ,
this is not so.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Tue, 7 Jul 2020 21:20:01 +0000 (14:20 -0700)]
getdns: properly remove libbsd support
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 8 Jul 2020 18:04:23 +0000 (11:04 -0700)]
Merge pull request #12756 from jefferyto/python3-maxminddb-fix-build-openwrt-19.07
[openwrt-19.07] python3-maxminddb: Fix build when using newer setuptools
Rosen Penev [Wed, 8 Jul 2020 18:03:38 +0000 (11:03 -0700)]
Merge pull request #12755 from jefferyto/python-host-platform-openwrt-19.07
[openwrt-19.07] python3: Use default _PYTHON_HOST_PLATFORM
Peter Wagner [Wed, 8 Jul 2020 17:11:22 +0000 (19:11 +0200)]
ntpd: update to version 4.2.8p15 (security fix)
Fixes:
CVE-2020-11868
CVE-2018-8956
CVE-2020-13817
CVE-2020-1502
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Jeffery To [Wed, 8 Jul 2020 09:30:57 +0000 (17:30 +0800)]
python3-maxminddb: Fix build when using newer setuptools
This package fails to build with newer setuptools, because setuptools
removed the (deprecated) Features feature in v46.0.0[1].
This adapts a commit[2] to remove the use of this feature. (Changes to
code formatting prevent the original commit/patch to be used.)
[1]: https://github.com/pypa/setuptools/blob/
aff64ae89e00e25fb3868bf528a14c18e7af0cf4/CHANGES.rst#v4600
[2]: https://github.com/maxmind/MaxMind-DB-Reader-python/commit/
3aac426e354f91814f6fd0829baee137b0bb093f
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Wed, 8 Jul 2020 09:10:14 +0000 (17:10 +0800)]
python3: Use default _PYTHON_HOST_PLATFORM
This lets the Python build process set _PYTHON_HOST_PLATFORM instead of
forcing an explicit value.
Also:
* Save the target _PYTHON_HOST_PLATFORM value during Build/InstallDev
for use when building target Python packages (in python3-package.mk).
* Use the (mostly) default PYTHON_FOR_BUILD value, instead patch
configure to remove the platform triplet from the sysconfigdata file
name.
* Remove the "CROSS_COMPILE=yes" make variable (there is no indication
that this variable is necessary).
* Force host pip to build packages from source instead of downloading
binary wheels.
Previously, host pip can download universal (platform-independent)
wheels but not platform-specific wheels, because of the custom
_PYTHON_HOST_PLATFORM value. (Packages that do not have universal
wheels would be compiled from source.)
With a correct _PYTHON_HOST_PLATFORM, host pip can install
platform-specific wheels as well. However, the pre-built shared object
(.so) files in these wheels will have the host's platform triplet in
their file names. When target Python packages are built (using the
target's _PYTHON_HOST_PLATFORM), Python will not use these shared
object files.
By forcing host pip to build packages from source, the built shared
object files will not have the platform triplet in their file names.
(Host Python has been patched to remove the platform triplet from file
names.) This allows these packages to be used when building target
Python packages.
(The net effect of this complete change is that platform-dependent
packages will continue to be compiled from source, while
platform-independent packages will now also be compiled from source.)
Fixes https://github.com/openwrt/packages/issues/12680.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Mon, 6 Jul 2020 22:37:16 +0000 (15:37 -0700)]
Merge pull request #12722 from jonathanunderwood/openwrt-19.07-getdns-1.6.0
[19.07] getdns: update to version 1.6.0
Michiel Blokzijl [Fri, 3 Jul 2020 17:54:19 +0000 (18:54 +0100)]
mwan3: Fix mwan3 start not doing anything Due to a missing config load function call, mwan3 start runs ifup for an empty list of interfaces, thus not calling ifup at all.
This commit introduces the missing config_load call.
Signed-off-by: Michiel Blokzijl <code@m01.eu>
(cherry picked from commit
acfbd98ce0285f5bc12c6321a79346aecb3786c5)
Florian Eckert [Wed, 17 Jun 2020 11:04:38 +0000 (13:04 +0200)]
mwan3: update version to 2.8.7
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
8030814267746ca0c09c74e23a0d9bf0877277fa)
Florian Eckert [Thu, 23 Jan 2020 09:24:19 +0000 (10:24 +0100)]
mwan3: set status to unknown in rpcd if status file not found
If the status file is not found then set then return the value unknown.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
e30f16beef36259c30223fc9986120f176f404ce)
Florian Eckert [Fri, 6 Dec 2019 14:28:36 +0000 (15:28 +0100)]
mwan3: switch to procd init script
This enables the procd handling for mwan3 on config change.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
a6dc75428c1e3a47700b5c164a16385b5c640b48)
Aaron Goodman [Sat, 13 Jun 2020 19:25:42 +0000 (15:25 -0400)]
mwan3: address reviewer comments on
5147dfc7
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
38be40843b97ca3af9ebe37aae8ebfda7b6af65c)
Aaron Goodman [Fri, 29 May 2020 05:04:57 +0000 (01:04 -0400)]
mwan3: Use /128 for ipv6 if no other source address was found
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
4efaa44b213a9500a66c30b8c256138ef527dd97)
Aaron Goodman [Thu, 28 May 2020 22:29:56 +0000 (18:29 -0400)]
mwan3: Allow user to specify rules based on source interface
Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
5147dfc73aafd5b5accc6e480d51a639b000eac5)
Aaron Goodman [Thu, 28 May 2020 22:27:59 +0000 (18:27 -0400)]
mwan3: Do not mangle outgoing ipv6 pings
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
cf38136b005219917098a0562b0833fa28e007d7)
Aaron Goodman [Wed, 20 May 2020 09:42:14 +0000 (05:42 -0400)]
mwan3: version bump to 2.8.6
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
b7d1f81f10302dc5b2de24e3e3d430770516ce45)
Aaron Goodman [Wed, 20 May 2020 09:34:16 +0000 (05:34 -0400)]
mwan3: force busybox ping
openwrt 19.07 uses iputils
20101006-1
This ancient version of iputils has a bug where the -I option is not respected.
https://github.com/iputils/iputils/issues/55
https://github.com/iputils/iputils/issues/56
https://bugs.openwrt.org/index.php?do=details&task_id=1486
Thus, we should force using busybox ping at "/bin/ping" until the iputils
version gets an upgrade in the next major release
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
35a86bdc119dda766801409a08e6d98dcf370c72)
Aaron Goodman [Wed, 20 May 2020 09:33:41 +0000 (05:33 -0400)]
mwan3: don't add ipv6 link local address to routing tables
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
aafdd0730c765f32ed40c8f3b2ef11ec7cece3c0)
Aaron Goodman [Wed, 20 May 2020 09:33:06 +0000 (05:33 -0400)]
mwan3: reduce calls to `ip route list'
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit
02ebd831c1247508ab5555ffa7dbfebe95e3501d)
Brian J. Murrell [Thu, 30 Apr 2020 12:25:06 +0000 (08:25 -0400)]
mwan3: Update Makefile
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit
b017fe34ddbc0387aef2bb3c36802ae64de35fc2)
Brian J. Murrell [Thu, 30 Apr 2020 12:23:37 +0000 (08:23 -0400)]
mwan3: Don't use /128 address for ping source
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit
49cf5eac5cfcfbf371e84d8ddaa0e1b55175100f)
Jonathan G. Underwood [Sun, 5 Jul 2020 19:40:35 +0000 (20:40 +0100)]
stubby: add build dependency on check package
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Rosen Penev [Sun, 5 Jul 2020 16:34:56 +0000 (09:34 -0700)]
Merge pull request #12723 from jonathanunderwood/openwrt-19.07-stubby-0.3.0
[19.07] stubby: update to version 0.3.0
Jonathan G. Underwood [Wed, 1 Jul 2020 21:23:20 +0000 (22:23 +0100)]
stubby: update to version 0.3.0
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Jonathan G. Underwood [Wed, 1 Jul 2020 20:09:34 +0000 (21:09 +0100)]
getdns: update to version 1.6.0
This update also:
- enables parallel builds
- moves to the CMake build system
- removes the redundant InstallDev stanza
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Rosen Penev [Fri, 3 Jul 2020 14:04:17 +0000 (07:04 -0700)]
Merge pull request #12698 from Andy2244/samba-4_11_11-(19.07)
[19.07] samba4: update to 4.11.11
Andy Walsh [Fri, 3 Jul 2020 00:12:16 +0000 (02:12 +0200)]
samba4: update to 4.11.11
* update to 4.11.11
* fixes CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
* add fix-musl_missing__nss_buflen_passwd.patch
* remove fixed tirpc include
* add extra CONFIGURE_VARS (XSLTPROC=false, WAF_NO_PREFORK=1)
* fix python3 host paths, ensure we use build hostpkg tools
* add new UCI option "enable_extra_tuning"
* update template
* add config examples for options
* fix some access warnings on samba /var dirs
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Dirk Brenken [Thu, 2 Jul 2020 12:00:17 +0000 (14:00 +0200)]
Merge pull request #12694 from BKPepe/mc-19.07
[19.07] mc: fix mouse handling
Josef Schlehofer [Thu, 2 Jul 2020 08:52:07 +0000 (10:52 +0200)]
mc: fix mouse handling
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Fri, 19 Jun 2020 18:51:53 +0000 (20:51 +0200)]
travis: improve build config
Build config validation showed up 1 warning, 1 info
- deprecated sudo
- missing os
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
651b9f9bf1d1feedc0895e6f2de2ae58002bbc99)
Josef Schlehofer [Fri, 19 Jun 2020 18:22:59 +0000 (20:22 +0200)]
travis: Use Ubuntu 20.04 LTS - Focal Fossa
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
995822b5f765228dc5d4496b37eb7033d3fc6e7e)
Josef Schlehofer [Wed, 16 Oct 2019 13:37:15 +0000 (15:37 +0200)]
travis: Use Ubuntu (Bionic Beaver) 18.04 LTS
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f2c7a00ef4aba18a19d0fdbc6d9e28c84fab85c5)
Josef Schlehofer [Wed, 17 Jun 2020 12:47:08 +0000 (14:47 +0200)]
travis: use mpc85xx-p2020 sdk instead of ar71xx
Target ar71xx is deprecated and removed in the master branch and makes SDK
not available anymore. Travis fails because of that.
It was superseded by target ath79. These devices have 4 MB flash and/or 32 MB RAM.
However, ath79 is being used by CircleCI if you have it configured for
your repository and if you are contributing to this repository. It
is not good to have two CI for the same target. Let's use powerpc.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
4526fb3eae6ed5fdbc5f6cf64a56b4471b54f9d0)
Josef Schlehofer [Wed, 16 Oct 2019 13:37:33 +0000 (15:37 +0200)]
travis: Download SDK from OpenWrt instead of LEDE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
25fc446ffbcfa7b95ca0591deac8ced90828d9a0)
Ian Cooper [Tue, 26 May 2020 15:48:52 +0000 (16:48 +0100)]
bind: add nslookup alternative to busybox nslookup
Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry picked from commit
4cb5aa57fddb83e340cfadcfbeb93a7e340ce724)
Josef Schlehofer [Tue, 19 May 2020 10:11:53 +0000 (12:11 +0200)]
bind: update to version 9.16.3
Fixes:
CVE-2020-8616
CVE-2020-8617
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a75391575b268b379e6bc552b703dc17a76f402f)
Jan Pavlinec [Thu, 30 Apr 2020 09:39:38 +0000 (11:39 +0200)]
bind: update to version (security fix)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
c8be44062e7bca64f70d8975d9130b81a1f6cabb)
Noah Meyerhans [Sun, 22 Mar 2020 17:09:20 +0000 (10:09 -0700)]
bind9: update to 9.16.1
Add libuv dependency
Fix optional libxml and c-json dependency handling
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
72654d20d50abcf8f7987cc052890ada4f15a3c5)
Rosen Penev [Tue, 30 Jun 2020 21:35:12 +0000 (14:35 -0700)]
Merge pull request #12657 from jefferyto/python-3.7.8-openwrt-19.07
[openwrt-19.07] python3: Update to 3.7.8, refresh/rework patches
Jeffery To [Tue, 30 Jun 2020 13:20:18 +0000 (21:20 +0800)]
python3: Update to 3.7.8, refresh/rework patches
This contains a fix for CVE-2020-8492 (Denial of service in
urllib.request.AbstractBasicAuthHandler)[1].
This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.
[1]: https://docs.python.org/release/3.7.8/whatsnew/changelog.html#python-3-7-8-release-candidate-1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Karel Kočí [Fri, 26 Jun 2020 09:37:32 +0000 (11:37 +0200)]
syslog-ng: detect disabled IPv6 on loopback and fallback to IPv4
Binding in default to IPv6 is preferable but it can be disabled in
kernel and that prevents syslog-ng to start. This setup should not be
that common but syslog is very important service and should survive
that.
This introduces new plugin defining source generator
`network_localhost`. This is used instead of original network source.
Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry picked from commit
43a8f7072ef401eaebe7f9e268cbb38085c9f384)
Rosen Penev [Mon, 29 Jun 2020 02:54:51 +0000 (19:54 -0700)]
Merge pull request #12628 from jonathanunderwood/openwrt-19.07-stubby-fix-tls-port
[19.07] stubby: fix handling of tls_port config option
Rosen Penev [Sat, 27 Jun 2020 22:00:13 +0000 (15:00 -0700)]
miniupnpd: added libcap dependency
As miniupnpd is running as root, libcap can be used to limit its
capabilities.
libcap is very small, so this isn't a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ba49c968082f01a28632bb51d6095b9a6916e26e)
(switched to use libcap as -ng is not available)
Rosen Penev [Thu, 25 Jun 2020 21:18:35 +0000 (14:18 -0700)]
miniupnpd: update to 2.1.
20200510
Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
2b5028458e720a6f31ba0944764aa47b753814db)
David Ehrmann [Sat, 20 Jun 2020 22:34:39 +0000 (15:34 -0700)]
miniupnpd: suppress grep and uci errors
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
(cherry picked from commit
6ef2b5400bce73b12158b2f8d92dd9675afe8203)
Kevin Darbyshire-Bryant [Thu, 14 May 2020 10:30:12 +0000 (11:30 +0100)]
miniupnpd: improve hotplug & interface handling
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
295d77943cd8ddb1b6eb73e900d5b5221ab138e7)
Jonathan G. Underwood [Sat, 27 Jun 2020 15:43:53 +0000 (16:43 +0100)]
stubby: fix handling of tls_port config option
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Toke Høiland-Jørgensen [Fri, 26 Jun 2020 09:21:12 +0000 (11:21 +0200)]
Merge pull request #12616 from andersk/acme-19.07
Backport acme fixes from #11968 to 19.07
David Yang [Mon, 27 Apr 2020 01:59:32 +0000 (09:59 +0800)]
acme: Bump release version
Signed-off-by: David Yang <mmyangfl@gmail.com>
David Yang [Mon, 27 Apr 2020 01:57:09 +0000 (09:57 +0800)]
acme: Handle ecc cert correctly
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
David Yang [Mon, 27 Apr 2020 01:44:47 +0000 (09:44 +0800)]
acme: Handle log message correctly
Error was:
logger: unrecognized option: renew
Signed-off-by: David Yang <mmyangfl@gmail.com>
Rosen Penev [Fri, 26 Jun 2020 05:18:04 +0000 (22:18 -0700)]
Merge pull request #12614 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: re-add conffiles and add description to Makefile
Stan Grishin [Fri, 26 Jun 2020 03:09:39 +0000 (03:09 +0000)]
https-dns-proxy: re-add conffiles and add description to Makefile
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Thu, 25 Jun 2020 21:22:18 +0000 (14:22 -0700)]
Merge pull request #12597 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: bugfix: remove eDNS support
Stan Grishin [Thu, 25 Jun 2020 19:40:52 +0000 (19:40 +0000)]
https-dns-proxy: bugfix: remove eDNS support
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Thu, 25 Jun 2020 05:05:00 +0000 (22:05 -0700)]
Merge pull request #12588 from rs/nextdns-1.7.0-openwrt-19.07
[19.07] nextdns: Update to version 1.7.0
Olivier Poitrey [Thu, 25 Jun 2020 00:22:43 +0000 (00:22 +0000)]
nextdns: Update to version 1.7.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Hannu Nyman [Wed, 24 Jun 2020 15:20:25 +0000 (18:20 +0300)]
irqbalance: fix socket directory and create it
Irqbalance defines /run/irqbalance dir for its socket
communication between irqbalance and its UI. /run does not exist
in OpenWrt (although it is defined by the Linux FHS), so the
socket creation fails. Although we do not compile UI and thus
the issue is not critical to us, fix the directory location.
Additionally, the creation is originally handled by a systemd
init script that we do not use.
* patch source to define dir as /var/run/irqbalance
* create the dir in the procd init script.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked from
4f0c847828b)
Huangbin Zhan [Fri, 8 May 2020 21:43:57 +0000 (05:43 +0800)]
treewide: add conffiles
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry-picked irqbalance section from from
0ec746ccb6)
Ian Cooper [Mon, 27 Apr 2020 21:48:53 +0000 (22:48 +0100)]
irqbalance: fix compilation for USE_GLIBC and BUILD_NLS cases
The package Makefile was not taking into consideration that the build
may be using BUILD_NLS with libintl-full and libiconv-full and was
trying to link the wrong versions of these libraries in this case.
The necessary flags are added by nls.mk to TARGET_LDFLAGS and can be
passed to irqbalance's configure script for setting the GLIB2_LIBS
variable instead of the explicit static link to the libiconv stub.
The PKG_BUILD_DEPENDS line should be modified so as to add to and not
override the definition set by nls.mk, which will ensure the right
version of libiconv and libintl is built beforehand.
A DEPENDS:= line should be added to the package definition using the
variables defined in nls.mk, which will add the appropriate version
of libintl and libiconv (vanilla or -full versions)
If USE_GLIBC is true, then libpthread needs to be explicitly passed
to the configure script in the GLIB2_LIBS variable for linking.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry-picked from
88c25e87a1)
Hannu Nyman [Sun, 21 Jun 2020 20:22:52 +0000 (23:22 +0300)]
haveged: update to 1.9.12
Update haveged to version 1.9.12
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
6392d50c3180b5da7a4ba041decf7a229d0e1c53)
Daniel Engberg [Sat, 20 Jun 2020 19:11:26 +0000 (21:11 +0200)]
Merge pull request #12563 from Andy2244/ksmbd-3.2.0_ksmbd-tools-3.2.6-(19-07)
[19.07] Revert "ksmbd: update to 3.2.0, ksmbd-tools: update to 3.2.6"
Andy Walsh [Sat, 20 Jun 2020 17:26:12 +0000 (19:26 +0200)]
Revert "ksmbd: update to 3.2.0, ksmbd-tools: update to 3.2.6"
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
This reverts commit
d88405ba84d397a1ccecee5077bba25d33c4c21e.
Christian Lachner [Fri, 19 Jun 2020 05:56:11 +0000 (07:56 +0200)]
haproxy: Update HAProxy to v2.0.15
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Josef Zila [Thu, 18 Jun 2020 10:52:43 +0000 (12:52 +0200)]
transmission: add access to web interface files to procd jail
Signed-off-by: Josef Zila <josefzila@gmail.com>
(cherry picked from commit
9a82c952b447b9b3145c288957dbd1a671021f1b)
Rosen Penev [Sun, 31 May 2020 22:36:12 +0000 (15:36 -0700)]
transmission: add a disabled notification
Helps to see that transmission must be enabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
89fc95c4fcbd65cf7958ba916a2073632ecadb50)
Rosen Penev [Mon, 25 May 2020 03:33:33 +0000 (20:33 -0700)]
transmission: update to 3.0
remove upstreamed patches. Refresh remaining one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
93485dd317e7fa3ed9eb4d09a49df1ac2b9508ff)
Rosen Penev [Tue, 18 Feb 2020 03:42:43 +0000 (19:42 -0800)]
upmpdcli: update to 0.4.6
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0d72b95b0b2a2c3f438344e23914833183fa72b1)
Rosen Penev [Sat, 10 Aug 2019 02:40:42 +0000 (19:40 -0700)]
upmpdcli: Update to 1.4.2
Fixed license information.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed upstreamed patch.
Ran init script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b2d016d3527d3e5cc1ccf2e147c49deb9e0bccf8)
Hannu Nyman [Sun, 14 Jun 2020 18:12:12 +0000 (21:12 +0300)]
haveged: update to 1.9.11
Update haveged to version 1.9.11
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
ca30b0ff91846a407469f6a77d1cbaf6b150d06d)
Rosen Penev [Sun, 14 Jun 2020 01:43:51 +0000 (18:43 -0700)]
Merge pull request #12509 from lipnitsk/openwrt-19.07
perl: fix build failure in GCC10
Ken Wong [Sat, 16 May 2020 05:30:42 +0000 (13:30 +0800)]
perl: fix build failure in GCC10
The perl Configure file was matching GCC 10 against "1*" and treating it
as GCC 1, causing ABI breakage and segfaults.
Cherry-pick the upstream patch which fixes it to check against (e.g)
"1.*" instead, which will make it work for hundreds more GCC versions
to come.
https://github.com/Perl/perl5/commit/
6bd6308fcea3541
"Adapt Configure to GCC version 10"
Also includes the previous commit just adding GCC 8 and 9 to one case:
https://github.com/Perl/perl5/commit/
ae195500577d707
"Add gcc-8 and gcc-9 for FORTIFY_SOURCE"
Signed-off-by: Ken Wong <xinxijishuwyq@gmail.com>
(cherry picked from commit
65578a43f0d12c02888df00b6fdc90c73a02875c)