feed/packages.git
3 years agobanip: remove logd dependency
Dirk Brenken [Thu, 3 Jun 2021 05:02:42 +0000 (07:02 +0200)]
banip: remove logd dependency

* removed logd dependency, see openwrt#13820 for reference

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #15728 from stangri/19.07-https-dns-proxy
Rosen Penev [Wed, 2 Jun 2021 05:09:08 +0000 (22:09 -0700)]
Merge pull request #15728 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default

3 years agohttps-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default 15728/head
Stan Grishin [Tue, 1 Jun 2021 04:32:42 +0000 (04:32 +0000)]
https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agonetdata: update to version 1.30.1
Josef Schlehofer [Wed, 14 Apr 2021 22:39:03 +0000 (00:39 +0200)]
netdata: update to version 1.30.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1d532fa545eef1ebd3ebef6ab41dfd709ad991e1)

3 years agoMerge pull request #15717 from stangri/19.07-https-dns-proxy
Rosen Penev [Sat, 29 May 2021 22:00:04 +0000 (15:00 -0700)]
Merge pull request #15717 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup

3 years agohttps-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup 15717/head
Stan Grishin [Sat, 29 May 2021 20:12:27 +0000 (20:12 +0000)]
https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agosyslog-ng: update to 3.32.1
W. Michael Petullo [Mon, 10 May 2021 17:59:28 +0000 (12:59 -0500)]
syslog-ng: update to 3.32.1

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit f93ef647932aa05a7a4eab69ffd9f49441076f81)

3 years agonano: update version to 5.7
Hannu Nyman [Sat, 1 May 2021 20:50:21 +0000 (23:50 +0300)]
nano: update version to 5.7

Upgrade nano editor to version 5.7.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 765e9868579e1da270b3c831ecf34949013cdf01)

3 years agonextdns: Update to version 1.32.1
Olivier Poitrey [Fri, 30 Apr 2021 15:51:03 +0000 (15:51 +0000)]
nextdns: Update to version 1.32.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agobind: bump to 9.16.15
Noah Meyerhans [Thu, 29 Apr 2021 18:08:58 +0000 (11:08 -0700)]
bind: bump to 9.16.15

Fixes the following security issues:

* CVE-2021-25216 - A specially crafted GSS-TSIG query could cause a buffer
                   overflow in the ISC implementation of SPNEGO.
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
                   section during DNAME chasing turned out to be the final
                   answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
                   zone without an SOA record at the apex, leading to a
                   RUNTIME_CHECK assertion failure when the zone was
                   subsequently refreshed. This has been fixed by adding an
                   owner name check for all SOA records which are included
                   in a zone transfer.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
3 years agozerotier: update to 1.6.5
Moritz Warning [Tue, 27 Apr 2021 15:13:27 +0000 (17:13 +0200)]
zerotier: update to 1.6.5

Minor ZeroTier update. Refreshed patches.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
3 years agoMerge pull request #15509 from hswong3i/openwrt-19.07-SQUID_enable-ssl-crtd
Josef Schlehofer [Wed, 28 Apr 2021 08:06:26 +0000 (10:06 +0200)]
Merge pull request #15509 from hswong3i/openwrt-19.07-SQUID_enable-ssl-crtd

[openwrt-19.07][cherry-pick] squid: Enable dynamic SSL certificate generation

3 years agosquid: Enable dynamic SSL certificate generation 15509/head
Wong Hoi Sing Edison [Sun, 25 Apr 2021 02:38:14 +0000 (10:38 +0800)]
squid: Enable dynamic SSL certificate generation

Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07

Description:

Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    ssl_bump splice all

In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
    ssl_bump stare all
    ssl_bump bump all

This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit dbda77686d5dccb3d3999ed2e7dec18aab11fff8)

3 years agomosquitto: fix log_type config support
Karl Palsson [Mon, 26 Apr 2021 09:29:57 +0000 (09:29 +0000)]
mosquitto: fix log_type config support

As pointed out in https://github.com/openwrt/packages/issues/15506

The remainder of that patch isn't appropriate for 1907 however.

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agoksmbd-tools: update to 3.3.9
Rosen Penev [Sat, 24 Apr 2021 09:18:40 +0000 (02:18 -0700)]
ksmbd-tools: update to 3.3.9

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2e7c403fff0d3c07bdd6e5d8f925ce154a473491)

3 years agodnscrypt-proxy2: sync blocked-names to upstream one
Josef Schlehofer [Wed, 10 Feb 2021 10:37:09 +0000 (11:37 +0100)]
dnscrypt-proxy2: sync blocked-names to upstream one

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d53d2df2832c392b8426cda4c99efeda17039ca7)

3 years agodnscrypt-proxy2: upgrade to 2.0.45
James Long [Wed, 10 Feb 2021 03:49:13 +0000 (11:49 +0800)]
dnscrypt-proxy2: upgrade to 2.0.45

Signed-off-by: James Long <james@jclong.net>
(cherry picked from commit 6467b6535b401bfc046096dc535729896697b0a1)

3 years agoadblock: fix polish source URL
Dirk Brenken [Thu, 22 Apr 2021 13:16:03 +0000 (15:16 +0200)]
adblock: fix polish source URL

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #15477 from rs/nextdns-1.32.0-openwrt-19.07
Rosen Penev [Wed, 21 Apr 2021 00:29:37 +0000 (17:29 -0700)]
Merge pull request #15477 from rs/nextdns-1.32.0-openwrt-19.07

[19.07] nextdns: Update to version 1.32.0

3 years agonextdns: Update to version 1.32.0 15477/head
Olivier Poitrey [Tue, 20 Apr 2021 15:08:39 +0000 (15:08 +0000)]
nextdns: Update to version 1.32.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15468 from rs/nextdns-1.12.5-openwrt-19.07
Rosen Penev [Tue, 20 Apr 2021 01:59:37 +0000 (18:59 -0700)]
Merge pull request #15468 from rs/nextdns-1.12.5-openwrt-19.07

[19.07] nextdns: Update to version 1.12.5

3 years agonextdns: Update to version 1.12.5 15468/head
Olivier Poitrey [Tue, 20 Apr 2021 01:38:38 +0000 (01:38 +0000)]
nextdns: Update to version 1.12.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoirqbalance: upgrade to version 1.8.0
Hannu Nyman [Sun, 18 Apr 2021 15:26:43 +0000 (18:26 +0300)]
irqbalance: upgrade to version 1.8.0

Upgrade irqbalance to version 1.8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6631cfaa61ff75d97ef1a41c6ec031198103c7df)

3 years agopulseaudio: update to 14.0
Rosen Penev [Tue, 24 Nov 2020 01:26:43 +0000 (17:26 -0800)]
pulseaudio: update to 14.0

Remove upstreamed OpenSSL patch.

Update MESON_ARGS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 325c5650406f43106c594c1886e1031cc94ed60a)

3 years agopulseaudio: fix compilation without deprecated OpenSSL APIs
Rosen Penev [Mon, 10 Aug 2020 20:47:10 +0000 (13:47 -0700)]
pulseaudio: fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ca2da3f3158beb865da373b03bd184d57f33dd25)

3 years agopulseaudio: fix compilation with ICONV_FULL
Rosen Penev [Thu, 30 Jul 2020 23:41:16 +0000 (16:41 -0700)]
pulseaudio: fix compilation with ICONV_FULL

Reordered check to check external iconv first.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 67f8f57d06ab8776ad58371bb2a3be5cc995fcd6)

3 years agopulseaudio: Update ARM NEON/VFP detection
Jeffery To [Sun, 10 May 2020 19:02:05 +0000 (03:02 +0800)]
pulseaudio: Update ARM NEON/VFP detection

With openwrt/openwrt@8dcc1087602e2dd606e4f6e81a06aee62cfd4f4c, the ARM
FPU compiler options are no longer part of CONFIG_TARGET_OPTIMIZATION.

This updates various packages that look for NEON/VFP support to search
CONFIG_CPU_TYPE instead.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agopulseaudio: do not build NEON with unsupported platforms
Rosen Penev [Tue, 5 May 2020 01:04:19 +0000 (18:04 -0700)]
pulseaudio: do not build NEON with unsupported platforms

Unfortunately, meson's check is totally broken.

Fortunately, it's fairly easy to workaround.

Fixes compilation with all ARM platforms that don't support NEON.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 91e80e5442484e5bbb8515e686631c7e937f3a10)

3 years agopulseaudio: add lto and gc-sections to reduce size
Rosen Penev [Sun, 26 Apr 2020 03:27:28 +0000 (20:27 -0700)]
pulseaudio: add lto and gc-sections to reduce size

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 45e58e1cc34be2836a7baadfae8e0ccebd693cf9)

3 years agopulseaudio: fix pkgconfig paths
Rosen Penev [Sat, 18 Apr 2020 23:48:30 +0000 (16:48 -0700)]
pulseaudio: fix pkgconfig paths

Turns out, packages like mpd that use pkgconfig to find pulseaudio
end up using host paths.

Fixes compilation with at least mpd.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 21f67bf59915e2905b30de0f85219bcfbd23e14d)

3 years agopulseaudio: update to 13.0
Rosen Penev [Sat, 18 Apr 2020 09:27:55 +0000 (02:27 -0700)]
pulseaudio: update to 13.0

Converted to use meson for compilation speed.

Removed libwrap dependency. Upstream no longer supports it.

Removed intltool and glib2 host dependencies. They seem to be no
longer needed.

Removed upstream patch.

Minor cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 78d84d4c9cb4c6da404d47ddc7dc5c18fa4c33cb)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased on commit from master branch]

3 years agopulseaudio: Backport upstream patch
Rosen Penev [Tue, 17 Sep 2019 23:36:31 +0000 (16:36 -0700)]
pulseaudio: Backport upstream patch

Fixes compilation with recent alsa-libs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 123373b1b7de076ca58b25b1116cc4801e483cb0)

3 years agoMerge pull request #15384 from VolunteerComputingHelp/openwrt-19.07
Rosen Penev [Sat, 17 Apr 2021 16:05:05 +0000 (09:05 -0700)]
Merge pull request #15384 from VolunteerComputingHelp/openwrt-19.07

Transfer of boinc 7.16.16 from 21.02 to 19.07

3 years agoMerge pull request #15413 from luizluca/19.07/ruby-2.6.7
Josef Schlehofer [Tue, 13 Apr 2021 12:55:18 +0000 (14:55 +0200)]
Merge pull request #15413 from luizluca/19.07/ruby-2.6.7

[19.07] ruby: update to 2.6.7

3 years agoruby: update to 2.6.7 15413/head
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 17:58:39 +0000 (14:58 -0300)]
ruby: update to 2.6.7

Fixes two CVEs:

CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
CVE-2021-28965: XML round-trip vulnerability in REXML

After this release, ruby 2.6 is now in security maintenance phase.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 years agonetdata: disable shared memory totals by default
Tiago Gaspar [Sat, 10 Apr 2021 23:21:58 +0000 (00:21 +0100)]
netdata: disable shared memory totals by default

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 5f65d87bb7727be85e7d3e02045302d6eb76ff7e)

3 years agohttps-dns-proxy: bugfix: race condition with dnsmasq
Stan Grishin [Sun, 11 Apr 2021 01:30:45 +0000 (01:30 +0000)]
https-dns-proxy: bugfix: race condition with dnsmasq

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoboinc: Transfer v7.16.16 from 21.02 to 19.07 15384/head
Steffen Moeller [Fri, 9 Apr 2021 01:16:10 +0000 (03:16 +0200)]
boinc: Transfer v7.16.16 from 21.02 to 19.07

Intentionally unchanged from 43d21e650d4409b45ccc2c70fe507a29f783dda3,
i.e. the pull request #14862 from neheb/boi

Signed-off-by: Steffen Moeller <moeller@debian.org>
3 years agoadblock: fix games_tracking source url
Dirk Brenken [Fri, 9 Apr 2021 16:38:16 +0000 (18:38 +0200)]
adblock: fix games_tracking source url

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #15254 from dibdot/19.07
Dirk Brenken [Fri, 9 Apr 2021 16:34:08 +0000 (18:34 +0200)]
Merge pull request #15254 from dibdot/19.07

[19.07] travelmate: minimal change to fix cp detection

3 years agotravelmate: minimal change to fix cp detection 15254/head
Dirk Brenken [Thu, 25 Mar 2021 11:07:32 +0000 (12:07 +0100)]
travelmate: minimal change to fix cp detection

* fix cp detection proposed by @ChristianKuehnel
* add/adapt mikrotik login script provided by @Christian Kuehnel

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agorpcd-mod-lxc: add postinst to reload rpcd on update/installation
Karel Kočí [Mon, 7 Dec 2020 15:54:11 +0000 (16:54 +0100)]
rpcd-mod-lxc: add postinst to reload rpcd on update/installation

This is dependency of luci-app-lxc and when users install that package
it is no way clear that they have to reload rpcd to get it working
correctly. Without it container listing does not work.
In general this reload should be in this package simply because other
rpcd-mod-* packages reload rpcd as well.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 54b6116d7d3f6df94df621dcabdc0c158fd4b5f2)

3 years agoksmbd-tools: update to 3.3.8
Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8

Major changes are:
  disable symlink by default.
  remove smack inherit leftovers.
  Enable guest access on IPC$ share by default.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c6fa2d5bfaf24f347efd7156b2ad5b1cf62bd9a9)

3 years agoksmbd-tools: Add a mDNS TXT record for the ksmbd service
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service

MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.

Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.

Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit 272b0a5c1873a34f6609e7af38395cea3f02bda5)

3 years agoksmbd-tools: update to 3.3.7
Rosen Penev [Sat, 13 Mar 2021 02:14:23 +0000 (18:14 -0800)]
ksmbd-tools: update to 3.3.7

Major change are:

ksmbd.control -s terminate ksmbd.mountd as well as kernel server.
Update configuration.txt and README.
Turn off smb2 leases by default again.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7a1a8f3659cf79237fba6394fbea42755af38a52)

3 years agoksmbd-tools: update to 3.3.6
Rosen Penev [Fri, 12 Mar 2021 20:44:39 +0000 (12:44 -0800)]
ksmbd-tools: update to 3.3.6

Major changes are:

Add missing g_rwlock_init() for rpc_samr and rpc_lsaprc.
Fix potential potential null pointer dereferencing error.
Fix memleak.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d95edf16eff9fe7ee27eb084764d5cc329155b15)

3 years agoksmbd-tools: update to 3.3.5
Martin Blumenstingl [Sat, 20 Feb 2021 14:30:03 +0000 (15:30 +0100)]
ksmbd-tools: update to 3.3.5

Major changes for version 3.3.5 are:
- Rename "streams" parameter to "vfs objects = streams_xattr".
- Enable smb2 leases by default.
- Ignore ksmbd.subauth creation failure.
- Fix bugs that related to guest ok = yes.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 58f91090f598892d12f435e02e09f3b37fd059d3)

3 years agonut: fix typo in nutshutdown script
Sven Roederer [Sat, 3 Apr 2021 20:00:31 +0000 (22:00 +0200)]
nut: fix typo in nutshutdown script

Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec799.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit f25f49a8b7c5a038f8a50dbb74e10db19f26d15a)

3 years agonetdata: update to version 1.29.3
Josef Schlehofer [Sun, 21 Mar 2021 23:56:07 +0000 (00:56 +0100)]
netdata: update to version 1.29.3

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5074fbbfdc8536daf1d979f7ead32cebb1ec2acb)
(cherry picked from commit 4322399166a0083ff090714ab022d8be72fdb257)

3 years agosyslog-ng: update to version 3.31.2
Josef Schlehofer [Sun, 21 Mar 2021 23:50:54 +0000 (00:50 +0100)]
syslog-ng: update to version 3.31.2

Bump config file

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3d817e968e8d9289255f1eea293363835f6e74a7)

3 years agoadblock: fix init status command
Dirk Brenken [Thu, 1 Apr 2021 18:55:45 +0000 (20:55 +0200)]
adblock: fix init status command

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #15295 from lucize/librefix
Rosen Penev [Sun, 28 Mar 2021 21:48:00 +0000 (14:48 -0700)]
Merge pull request #15295 from lucize/librefix

[19.07] libreswan: update cu 3.32

3 years agolibreswan: update cu 3.32 15295/head
Lucian Cristian [Sun, 28 Mar 2021 18:47:50 +0000 (21:47 +0300)]
libreswan: update cu 3.32

CVE and NSS fix

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
3 years agoMerge pull request #15252 from ja-pa/gnutls-security-fix-19.07
Nikos Mavrogiannopoulos [Fri, 26 Mar 2021 20:55:20 +0000 (21:55 +0100)]
Merge pull request #15252 from ja-pa/gnutls-security-fix-19.07

[OpenWrt 19.07] gnutls: patch security issue

3 years agoMerge pull request #15255 from ja-pa/mariadb-10.2.37-openwrt-19.07
Rosen Penev [Fri, 26 Mar 2021 20:24:25 +0000 (13:24 -0700)]
Merge pull request #15255 from ja-pa/mariadb-10.2.37-openwrt-19.07

[OpenWrt 19.07] mariadb: update to version 10.2.37

3 years agoMerge pull request #15256 from cartender/pr_libftdi1_19
Rosen Penev [Fri, 26 Mar 2021 20:23:13 +0000 (13:23 -0700)]
Merge pull request #15256 from cartender/pr_libftdi1_19

[19.07] libftdi1: Improve build binary reproducibility

3 years agolibftdi1: Improve build binary reproducibility 15256/head
Giovanni Giacobbi [Thu, 25 Mar 2021 14:59:51 +0000 (14:59 +0000)]
libftdi1: Improve build binary reproducibility

The library embeds the result of "git describe" inside the source code, making the binary result dependent of the particular commit being used in the build root when building inside a git working copy.

As this is unnecessary information, remove this option and fallback to the default "unknown", which is also the value compiled by tools that do not clone but export the openwrt base tree.

Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
3 years agoMerge pull request #15214 from BKPepe/aiohttp-19.07
Josef Schlehofer [Thu, 25 Mar 2021 23:48:13 +0000 (00:48 +0100)]
Merge pull request #15214 from BKPepe/aiohttp-19.07

python-aiohttp: backport fix for CVE-2021-21330

3 years agohttps-dns-proxy: bugfix: correct PROCD firewall object
Stan Grishin [Thu, 25 Mar 2021 22:55:51 +0000 (22:55 +0000)]
https-dns-proxy: bugfix: correct PROCD firewall object

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agomariadb: update to version 10.2.37 15255/head
Jan Pavlinec [Thu, 25 Mar 2021 13:30:10 +0000 (14:30 +0100)]
mariadb: update to version 10.2.37

Fixes CVE-2021-27928

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
3 years agognutls: patch security issue 15252/head
Jan Pavlinec [Thu, 25 Mar 2021 09:34:29 +0000 (10:34 +0100)]
gnutls: patch security issue

Fixes
CVE-2021-20231
CVE-2021-20232

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
3 years agoMerge pull request #15221 from stangri/19.07-https-dns-proxy
Rosen Penev [Mon, 22 Mar 2021 18:56:50 +0000 (11:56 -0700)]
Merge pull request #15221 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: support for additional Force DNS ports

3 years agophp: add fix for updated ICU 68+
Josef Schlehofer [Mon, 22 Mar 2021 12:53:24 +0000 (13:53 +0100)]
php: add fix for updated ICU 68+

Recently, I updated icu for issues with node feed, but it broke
compiling of php7.

Error:
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: error: 'TRUE' undeclared (first use in this function)
  collator_sort_internal( TRUE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
                          ^~~~
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: note: each undeclared identifier is reported only once for each function it appears in
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c: In function 'zif_collator_asort':
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:543:26: error: 'FALSE' undeclared (first use in this function); did you mean 'FILE'?
  collator_sort_internal( FALSE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
                          ^~~~~
                          FILE
make[3]: *** [Makefile:1031: ext/intl/collator/collator_sort.lo] Error 1

More details:
https://github.com/php/php-src/commit/8eaaabd

Backport of patch from PHP7.3 didn't work for me, but this one was suggested that
Homebrew is using it and it works for me. However, PHP7.2 is EoL.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agohttps-dns-proxy: support for additional Force DNS ports 15221/head
Stan Grishin [Mon, 22 Mar 2021 07:29:14 +0000 (07:29 +0000)]
https-dns-proxy: support for additional Force DNS ports

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agobind: update to version 9.16.13
Josef Schlehofer [Mon, 22 Mar 2021 00:08:52 +0000 (01:08 +0100)]
bind: update to version 9.16.13

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agonnn: update to version 3.4
Josef Schlehofer [Fri, 2 Oct 2020 21:12:14 +0000 (23:12 +0200)]
nnn: update to version 3.4

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 53f54c45e4a016dbcd90703fa6f9ebfe2b26b94b)

3 years agopython-aiohttp: backport fix for CVE-2021-21330 15214/head
Josef Schlehofer [Mon, 22 Mar 2021 00:40:41 +0000 (01:40 +0100)]
python-aiohttp: backport fix for CVE-2021-21330

More details:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoicu: update to 68.2
Hirokazu MORIKAWA [Thu, 24 Dec 2020 06:18:56 +0000 (15:18 +0900)]
icu: update to 68.2

Maintainer: me
Compile tested: head r15324-920b692, aarch64, x86_64
Run tested: (qemu-5.2.0) aarch64

Description:
Update to 68.2

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit d6317132dd7040fcab492ba76ec60b6fa8ae4fe6)

3 years agoicu: update to 68.1
Hirokazu MORIKAWA [Mon, 9 Nov 2020 03:49:56 +0000 (12:49 +0900)]
icu: update to 68.1

It updates to CLDR 38. New features including locale-dependent smart unit preferences (road distance, temperature, etc.) and locale ID canonicalization conformant with CLDR.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 4f3a8c153535d7613249c567df9840ed23fa7ef1)

3 years agoicu: fix compilation under CentOS 7
Rosen Penev [Mon, 31 Aug 2020 07:32:38 +0000 (00:32 -0700)]
icu: fix compilation under CentOS 7

CentOS 7's GCC is quite old and does not put max_align_t under std.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6255a77128d0ea4e1aa1b24ef9fa06ba71072e2e)

3 years agoicu: update to 67.1
Hirokazu MORIKAWA [Tue, 18 Aug 2020 06:13:35 +0000 (15:13 +0900)]
icu: update to 67.1

Unicode 13 & CLDR 37. Bug fixes for date and number formatting, enhanced support for user preferences in the locale identifier. LocaleMatcher code and data improved. Number skeletons have a new “concise” form that can be used in MessageFormat strings.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit e3be3aadc122c9e7689541bdbcd3e785b70b63ad)

3 years agoMerge pull request #15165 from gladiac1337/haproxy-2.0.21-19.07
Rosen Penev [Fri, 19 Mar 2021 22:51:45 +0000 (15:51 -0700)]
Merge pull request #15165 from gladiac1337/haproxy-2.0.21-19.07

[openwrt-19.07] haproxy: Update HAProxy to v2.0.21

3 years agohaproxy: Update HAProxy to v2.0.21 15165/head
Christian Lachner [Fri, 19 Mar 2021 17:38:26 +0000 (18:38 +0100)]
haproxy: Update HAProxy to v2.0.21

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agotmate: add new package
Tianling Shen [Thu, 18 Mar 2021 05:12:13 +0000 (13:12 +0800)]
tmate: add new package

Tmate is a fork of tmux. It provides an instant pairing solution.
For more details, see https://tmate.io.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ccfe1bfa508e7041c4b5f902f1354ef9566bff28)

3 years agomsgpack-c: add new package
Tianling Shen [Thu, 18 Mar 2021 05:08:45 +0000 (13:08 +0800)]
msgpack-c: add new package

This is needed by tmate.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit cfc965b10754fea8c71dad79e6b4cd7c02f47a9b)

3 years agominidlna: update to 1.3.0
Rosen Penev [Sun, 29 Nov 2020 23:58:20 +0000 (15:58 -0800)]
minidlna: update to 1.3.0

Fixes two CVEs relating to UPnP.

Removed libuuid dependency. It is not used.

Remove clock_gettime hack. It seems to have been fixed.

Removed upstream patches.

Refreshed the other ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f5689796481c5b8e89cd3fff8b10ea6f675f85e9)

3 years agoMerge pull request #15149 from ja-pa/tor-0.4.4.8-openwrt-19.07
Hannu Nyman [Wed, 17 Mar 2021 17:55:45 +0000 (19:55 +0200)]
Merge pull request #15149 from ja-pa/tor-0.4.4.8-openwrt-19.07

[openwrt 19.07] tor: update to version 0.4.4.8 (security fix)

3 years agotor: update to version 0.4.4.8 15149/head
Jan Pavlinec [Wed, 17 Mar 2021 09:34:52 +0000 (10:34 +0100)]
tor: update to version 0.4.4.8

Fixes CVE-2021-28089 and CVE-2021-28090

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
3 years agoMerge pull request #15136 from TDT-AG/pr/2021015-openwrt-19.07-mwan3
Florian Eckert [Tue, 16 Mar 2021 13:14:24 +0000 (14:14 +0100)]
Merge pull request #15136 from TDT-AG/pr/2021015-openwrt-19.07-mwan3

mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION

3 years agomwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION 15136/head
Florian Eckert [Mon, 15 Mar 2021 13:15:39 +0000 (14:15 +0100)]
mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION

With this change, the interface status is no longer read from the mwan3 ubus.
The status of the interface is read directly from the status directory.
This was already implemented in the master with the
commit c07f5230be128669f7b6731415de26f8176fbf5b.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
3 years agonet/mosquitto: bump to 1.6.14
Karl Palsson [Mon, 15 Mar 2021 10:41:31 +0000 (10:41 +0000)]
net/mosquitto: bump to 1.6.14

This is a minor security fix for outgoing bridges and the client
library.

Full details: https://mosquitto.org/blog/2021/03/version-2-0-9-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agoCI: backport GitHub action CI
Paul Spooren [Fri, 12 Mar 2021 00:14:25 +0000 (14:14 -1000)]
CI: backport GitHub action CI

The CI is working fine with OpenWrt snapshots and 21.02, so backport it.

Signed-off-by: Paul Spooren <mail@aparcar.org>
3 years agonextdns: Update to version 1.11.0 15094/head
Olivier Poitrey [Mon, 8 Mar 2021 23:48:42 +0000 (23:48 +0000)]
nextdns: Update to version 1.11.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15054 from stangri/19.07-vpn-policy-routing
Rosen Penev [Mon, 8 Mar 2021 20:26:46 +0000 (12:26 -0800)]
Merge pull request #15054 from stangri/19.07-vpn-policy-routing

[19.07] vpn-policy-routing: better processing of custom user files

3 years agovpn-policy-routing: better processing of custom user files 15054/head
Stan Grishin [Mon, 8 Mar 2021 10:35:01 +0000 (10:35 +0000)]
vpn-policy-routing: better processing of custom user files

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agolibpam: update to 1.5.1
Rosen Penev [Mon, 30 Nov 2020 00:48:36 +0000 (16:48 -0800)]
libpam: update to 1.5.1

Fix installed paths. After e52d0487e88c3c8c57e1310d1a02b18eae0d142e
upstream, this bug was exposed.

Instead of working around it, fix the patch.

After this, everything consistently gets installed to ipkg-install/usr.

Minor Makefile reorganization.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b75f250f3bf378bcaa0784d44f64ff2bb4e7af9a)

3 years agolibpam: update to 1.5.0
Rosen Penev [Wed, 25 Nov 2020 00:52:51 +0000 (16:52 -0800)]
libpam: update to 1.5.0

Fixes CVE-2020-27780

Removed upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0f317e9fbde341549c0cd7c3d43742739d123c97)

3 years agolibpam: update to 1.4.0
Rosen Penev [Fri, 26 Jun 2020 00:29:54 +0000 (17:29 -0700)]
libpam: update to 1.4.0

Remove upstreamed patch and add a new one to fix compilation.

Add some more configure options.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a05db1acfea43b8f94a417d56414ea1aae21c815)

3 years agonano: update to 5.6.1
Hannu Nyman [Sat, 6 Mar 2021 08:27:14 +0000 (10:27 +0200)]
nano: update to 5.6.1

Update nano editor to version 5.6.1

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 0f4138db0be558d0c957e3d4d78091a59ba660ec)

3 years agoninja: update to 1.10.2
Rosen Penev [Thu, 3 Dec 2020 00:32:59 +0000 (16:32 -0800)]
ninja: update to 1.10.2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f25f29c740da5bcafb1500b55c9ebfb39eb35f9f)

3 years agoninja: fix typo
Rosen Penev [Wed, 9 Sep 2020 07:48:37 +0000 (00:48 -0700)]
ninja: fix typo

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 52569b80fa3334ebfe29c05a17ce7254561e2e2f)

3 years agoninja: use for CMake
Rosen Penev [Mon, 7 Sep 2020 20:37:25 +0000 (13:37 -0700)]
ninja: use for CMake

CMake supports Ninja for faster compilation and less bugginess when it
comes to parallel compilation. That is, some CMake packages currently
have PKG_BUILD_PARALLEL set where it is not needed with ninja.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 54449e9c6689b17379c24ca68f52a80ec5688f22)

3 years agoninja: update to 1.10.1
Rosen Penev [Fri, 28 Aug 2020 00:18:32 +0000 (17:18 -0700)]
ninja: update to 1.10.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0f317d653643b49a6fd28b785b7655f0c08124b2)

3 years agoMerge pull request #14661 from TDT-AG/pr/20210203-19.07-keepalived
Florian Eckert [Wed, 3 Mar 2021 09:01:24 +0000 (10:01 +0100)]
Merge pull request #14661 from TDT-AG/pr/20210203-19.07-keepalived

keepalived: backport fixes

3 years agoMerge pull request #14988 from stangri/19.07-vpn-policy-routing
Rosen Penev [Tue, 2 Mar 2021 09:56:59 +0000 (01:56 -0800)]
Merge pull request #14988 from stangri/19.07-vpn-policy-routing

[19.07] vpn-policy-routing: update to 0.3.2-18

3 years agovpn-policy-routing: update to 0.3.2-18 14988/head
Stan Grishin [Mon, 1 Mar 2021 21:38:44 +0000 (21:38 +0000)]
vpn-policy-routing: update to 0.3.2-18

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agopython-maho-mqtt: bump to versio 1.5.1
Alexandru Ardelean [Tue, 29 Sep 2020 04:55:19 +0000 (07:55 +0300)]
python-maho-mqtt: bump to versio 1.5.1

Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ee0e11c1ab5ff94f6bfcd6d98c8f4b09327f7412)

3 years agoMerge pull request #14962 from EricLuehrsen/unbound_1131_1907
Rosen Penev [Sun, 28 Feb 2021 23:02:10 +0000 (15:02 -0800)]
Merge pull request #14962 from EricLuehrsen/unbound_1131_1907

[openwrt-19.07] unbound: update to 1.13.1

3 years agounbound: update to 1.13.1 14962/head
Eric Luehrsen [Sun, 21 Feb 2021 05:51:49 +0000 (00:51 -0500)]
unbound: update to 1.13.1

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
3 years agoMerge pull request #14918 from stangri/19.07-vpn-policy-routing
Dirk Brenken [Sat, 27 Feb 2021 05:21:20 +0000 (06:21 +0100)]
Merge pull request #14918 from stangri/19.07-vpn-policy-routing

[19.07] vpn-policy-routing: bugfix: netflix user file missing redirect