feed/packages.git
4 years agomwan3: add default rule for ipv6 in example config
Aaron Goodman [Thu, 16 Jul 2020 01:41:46 +0000 (21:41 -0400)]
mwan3: add default rule for ipv6 in example config

default rule only applied to ipv4 with dest_ip 0.0.0.0/0
and error was hidden when trying to apply it in ip6table

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 2a5e9be83eaac46ed18a1784c03e38ce5712fed3)

4 years agomwan3: don't try to use ipv6 if not installed
Aaron Goodman [Thu, 16 Jul 2020 01:40:16 +0000 (21:40 -0400)]
mwan3: don't try to use ipv6 if not installed

fix issue  #11826

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit a0d66d4eebefe6e89c582df2b4dc972ea7c5c7f5)

4 years agomwan3: be more efficient with sleep after killing trackers
Aaron Goodman [Thu, 4 Jun 2020 20:43:23 +0000 (16:43 -0400)]
mwan3: be more efficient with sleep after killing trackers

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 84a53b7c792217ccb0a3d95e8fcf63d2843cdc43)

4 years agomwan3: don't add single ipv4 to connected list if already covered by a cidr
Aaron Goodman [Fri, 29 May 2020 23:47:38 +0000 (19:47 -0400)]
mwan3: don't add single ipv4 to connected list if already covered by a cidr

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit da9a626f78791b953a58ccd30987983ff52c8afc)

4 years agomwan3: update version to 2.8.9
Florian Eckert [Tue, 14 Jul 2020 10:49:20 +0000 (12:49 +0200)]
mwan3: update version to 2.8.9

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2594258c4b85e62c71cfbd267367c0dcfb34260b)

4 years agomwan3: cleanup function mwan3_create_iface_route
Florian Eckert [Tue, 14 Jul 2020 10:02:01 +0000 (12:02 +0200)]
mwan3: cleanup function mwan3_create_iface_route

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit d0c248a7dab92c81e348a31cf35c2e972f26ca39)

4 years agomwan3: fix shellcheck warning SC2086
Florian Eckert [Tue, 14 Jul 2020 08:46:24 +0000 (10:46 +0200)]
mwan3: fix shellcheck warning SC2086

Add double quote to prevent globbing and word splitting where there is
no regression.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit feae9e57423897e14dfb9f45f2defb97f480a731)

4 years agomwan3: fix shellcheck warning SC2166
Florian Eckert [Tue, 14 Jul 2020 09:47:15 +0000 (11:47 +0200)]
mwan3: fix shellcheck warning SC2166

Replace -o boolean check with ||.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c0fdfaa17490f5e67bc24a326f10af1c7d0201cf)

4 years agomwan3: remove unused variable complained by shellcheck
Florian Eckert [Tue, 14 Jul 2020 07:42:17 +0000 (09:42 +0200)]
mwan3: remove unused variable complained by shellcheck

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 644d9a25df0f352ff93646b50d5305b9837f4371)

4 years agomwan3: fix shellcheck warning SC2039
Florian Eckert [Tue, 14 Jul 2020 07:24:28 +0000 (09:24 +0200)]
mwan3: fix shellcheck warning SC2039

Replace all `==` with `=`.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 0ed7524f810c5d994b7fd1d24be77f0469c8ccdc)

4 years agomwan3: move redirect error output to trash
Florian Eckert [Tue, 14 Jul 2020 08:59:44 +0000 (10:59 +0200)]
mwan3: move redirect error output to trash

This suppress the following output on `mwan3 restart`:
> Dump terminated

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit facf8ea299b185a82ae803d68e2b54a9599d8c14)

4 years agoMerge pull request #12937 from rs/nextdns-1.7.1-openwrt-19.07
Hannu Nyman [Sun, 26 Jul 2020 14:54:20 +0000 (17:54 +0300)]
Merge pull request #12937 from rs/nextdns-1.7.1-openwrt-19.07

[19.07] nextdns: Update to version 1.7.1

4 years agonextdns: Update to version 1.7.1
Olivier Poitrey [Sun, 26 Jul 2020 14:42:57 +0000 (14:42 +0000)]
nextdns: Update to version 1.7.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
4 years agonetdata: update to version 1.23.2
Josef Schlehofer [Fri, 24 Jul 2020 13:40:07 +0000 (15:40 +0200)]
netdata: update to version 1.23.2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2de28dd95b8c92e2e76038314cab2e180a4cd554)

4 years agoadmin/netdata: Update to 1.22.1
Daniel Engberg [Thu, 14 May 2020 08:45:46 +0000 (10:45 +0200)]
admin/netdata: Update to 1.22.1

Update netdata to 1.22.1
Disable cloud functionality
Shoehorn patches from FreeBSD's ports repo
Remove cloud notifications and netdata's self-update feature
json-c is no longer optional

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 626c304d67fa92d1eb87e34bbfa9a55a191387c5)

4 years agonetdata: update to version 1.20.0
Josef Schlehofer [Sun, 23 Feb 2020 09:27:35 +0000 (10:27 +0100)]
netdata: update to version 1.20.0

- Add libuv dependency which is now required. Otherwise during
compiling, I have received this error:

configure: error: libuv required but not found. Try installing 'libuv1-dev' or 'libuv-devel'.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 8aa816c81642747dd99aaee2785c17bae6032f13)

4 years agoMerge pull request #12896 from ja-pa/tor-0.4.2.8
Rosen Penev [Thu, 23 Jul 2020 20:15:24 +0000 (13:15 -0700)]
Merge pull request #12896 from ja-pa/tor-0.4.2.8

[OpenWrt 19.07] tor: update to version 0.4.2.8 (security fix)

4 years agoliblz4: fix previous patch
Rosen Penev [Tue, 21 Jul 2020 22:00:38 +0000 (15:00 -0700)]
liblz4: fix previous patch

Previous patch was incomplete.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2860cf169a7f54f4061500052b0ea9f0301c5325)

4 years agomeson: allow compilation in a subdirectory
Rosen Penev [Sat, 18 Apr 2020 07:01:28 +0000 (00:01 -0700)]
meson: allow compilation in a subdirectory

Small tweak to get it to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e74498c97ac74bf4b6ae8eb55f53dcd3b1ba1dc2)

4 years agoliblz4: add patch removing distutils requirement
Rosen Penev [Tue, 21 Jul 2020 21:06:39 +0000 (14:06 -0700)]
liblz4: add patch removing distutils requirement

Allows meson to compile on systems that lack distutils.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit cb44cd60c499d78592170d88a3c9f03991071e10)

4 years agoliblz4: convert to meson
Rosen Penev [Sat, 18 Jul 2020 23:16:51 +0000 (16:16 -0700)]
liblz4: convert to meson

Faster compilation

Before:

Executed in   13.68 secs   fish           external
   usr time   12.51 secs    0.00 micros   12.51 secs
   sys time    1.78 secs  345.00 micros    1.78 secs

After:

Executed in    9.60 secs   fish           external
   usr time   10.66 secs  281.00 micros   10.66 secs
   sys time    1.39 secs   36.00 micros    1.39 secs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c639477965d5356a3354ccd1a9ac3db6270f0ac9)

4 years agotor: update to version 0.4.2.8 (security fix)
Jan Pavlinec [Tue, 21 Jul 2020 12:48:44 +0000 (14:48 +0200)]
tor: update to version 0.4.2.8 (security fix)

Fixes
CVE-2020-15572

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
4 years agomocp: disable ffmpeg
Rosen Penev [Thu, 30 Apr 2020 00:10:21 +0000 (17:10 -0700)]
mocp: disable ffmpeg

The recent update to ffmpeg broke this.

Instead, use the relevant libraries separately.

Added AAC support. AAC is very common and was recently fixed to be
compatible with BUILD_PATENTED.

Explicitly pass all configure arguments, to avoid future breakage.

Remove autoreconf. autotools files are not being patched.

Add PKG_BUILD_PARALLEL for speed.

Other minor cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit dd77091337c9cc6dd49da04cbeb7c8d01b739e86)

4 years agompd: update to 0.21.25
Rosen Penev [Tue, 21 Jul 2020 00:50:38 +0000 (17:50 -0700)]
mpd: update to 0.21.25

pulseaudio-daemon depends on alsa-lib, which depends on @AUDIO_SUPPORT.
Enables -full on platforms lacking AUDIO_SUPPORT.

Simplified LDFLAGS slighly.

Removed pointless ICU dependency. I managed to patch meson.build to fix
iconv compilation. The original error was that without the header, it
was prefixing the iconv check with __buildin_ , which does not work
with uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agodovecot: remove incorrect PKG_BUILD_DEPENDS
Ian Cooper [Wed, 29 Apr 2020 23:05:31 +0000 (00:05 +0100)]
dovecot: remove incorrect PKG_BUILD_DEPENDS

The package Makefile contains a PKG_BUILD_DEPENDS=libiconv
line, which apart from being incorrect if libiconv-full is
specified in the build configuration, is also unnecessary,
since the package Makefile already includes nls.mk which
sets PKG_BUILD_DEPENDS appropriately.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry picked from commit 645bea6d88b2b04a7ac95cb2fdc1006d59635098)

4 years agofaad2: update to 2.9.2
Rosen Penev [Tue, 12 May 2020 22:08:50 +0000 (15:08 -0700)]
faad2: update to 2.9.2

Removed upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ad1203ebb9da640ada304a03450226acf4505748)

4 years agoxz: update to 5.2.5
Rosen Penev [Sat, 28 Mar 2020 02:56:16 +0000 (19:56 -0700)]
xz: update to 5.2.5

Switched to smaller xz archive.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8c5d0c673d824e95a8659eb67351b457f5472ca9)

4 years agozstd: fix compilation without host distutils
Rosen Penev [Tue, 9 Jun 2020 23:20:45 +0000 (16:20 -0700)]
zstd: fix compilation without host distutils

This is the case in debian.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ec3798645d644d5fa9727a301b4ccdd24e278063)

4 years agozstd: update to 1.4.5
Rosen Penev [Wed, 3 Jun 2020 21:35:39 +0000 (14:35 -0700)]
zstd: update to 1.4.5

Switch to zst archives for smaller size.

Removed patches in favor of a better solution for uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8c23fef9dace93ef742093da8468e84057337c56)
(changed to gz since 19.07 has no zstd support)

4 years agozstd: remove lto and as-needed flags
Rosen Penev [Sun, 26 Apr 2020 02:50:05 +0000 (19:50 -0700)]
zstd: remove lto and as-needed flags

The former can be implemented as a meson argument.

The latter is already default.

No compiled difference, therefore no PKG_RELEASE bump.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3c9dbc1429532d9d370d0b976ac812845b43a897)

4 years agozstd: convert to meson
Rosen Penev [Sat, 18 Apr 2020 07:00:23 +0000 (00:00 -0700)]
zstd: convert to meson

Allows faster build with ninja. Unfortunately, the LTO stage slows it
massively.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 779a4dca67560a6d68ed479f58128fab52bbc221)

4 years agoaria2: Build with MIPS16
Rosen Penev [Tue, 24 Dec 2019 02:42:30 +0000 (18:42 -0800)]
aria2: Build with MIPS16

All the computationally expensive stuff is in the libraries, not the
package itself.

Saves several kilobytes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a5e7d0a9046305e083033f9a88065e252156407a)

4 years agoaria2: Update to 1.35.0
Xingwang Liao [Tue, 8 Oct 2019 02:04:53 +0000 (10:04 +0800)]
aria2: Update to 1.35.0

* remove OpenSSL patch, it has already merged to the source.

Signed-off-by: Xingwang Liao <kuoruan@gmail.com>
(cherry picked from commit 2384acdc9d50f7e1d343c7b465288022097fac61)

4 years agolibvorbis: update to 1.3.7
Rosen Penev [Sat, 11 Jul 2020 22:37:21 +0000 (15:37 -0700)]
libvorbis: update to 1.3.7

Switched to CMake for the faster compilation and the simpler Makefile.

Minor Makefile cleanups.

Before:

time make package/libvorbis/compile -j 12
Executed in   24.40 secs   fish           external
   usr time   21.17 secs    0.00 micros   21.17 secs
   sys time    3.05 secs  426.00 micros    3.05 secs

After:

time make package/libvorbis/compile -j 12
Executed in    9.19 secs   fish           external
   usr time   11.29 secs    0.00 micros   11.29 secs
   sys time    1.43 secs  421.00 micros    1.43 secs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0ef247cf5da5d04bff1a8ff993622a22b2fdca1f)

4 years agomsmtp: update to version 1.8.11
Josef Schlehofer [Fri, 17 Jul 2020 15:37:00 +0000 (17:37 +0200)]
msmtp: update to version 1.8.11

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit dd44bf2e7a563a611bac24ea2a177b3d9273ede4)

4 years agomsmtp: update to version 1.8.10
Josef Schlehofer [Sat, 23 May 2020 21:26:03 +0000 (23:26 +0200)]
msmtp: update to version 1.8.10

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e193db6b6946815098f946573efd4581106fb659)

4 years agosquid: update to version 4.12
Josef Schlehofer [Thu, 16 Jul 2020 17:47:29 +0000 (19:47 +0200)]
squid: update to version 4.12

- Fixes CVEs:

CVE-2019-12519
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12528
CVE-2019-12529
CVE-2019-12824
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679

CVE-2020-8449
CVE-2020-8450
CVE-2020-11945
CVE-2020-14058
CVE-2020-15049

- Remove patch for cross-compilation
The patch should not be included in the OpenWrt at all without any
commit message/description.
Is not needed and there should be used HOST variables instead of BUILD variables (e.g.
   HOSTCXX)
However, the BUILDCXX is set in Makefile to HOSTCXX

- Renumber glibc patch and refresh it

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3401e29aa7643bfba29e80c23cf5c613a0160d73)

4 years agosquid: fix 'localhet' typo in squid.conf
Jonathan Elchison [Tue, 3 Mar 2020 20:47:32 +0000 (15:47 -0500)]
squid: fix 'localhet' typo in squid.conf

Signed-off-by: Jonathan Elchison <JElchison@Gmail.com>
(cherry picked from commit 2ba6546dd8fde73b694735af20214b52af6675b3)

4 years agoquasselc: fix compilation with newer glib2
Rosen Penev [Sun, 19 Apr 2020 00:30:35 +0000 (17:30 -0700)]
quasselc: fix compilation with newer glib2

Needed to fix LDFLAGS variable.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 030cc5570ca9caa0f2b7392c6df6667582dee72d)

4 years agogkrellmd: update to 2.3.11
Rosen Penev [Thu, 23 Apr 2020 00:55:03 +0000 (17:55 -0700)]
gkrellmd: update to 2.3.11

Added nls.mk as this is now required.

Fixed license information.

Several small fixes and cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4426e4c69b3edbc7dca679c71769c690318b4659)

4 years agosumo: Update to 1.3.1
Rosen Penev [Fri, 4 Oct 2019 01:27:01 +0000 (18:27 -0700)]
sumo: Update to 1.3.1

Converted to CMake for simplicity.

Added upstream patch to use sleep_for instead of deprecated usleep.

Added patch to fix compilation with musl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a9abe60ef4678254abac66e42e0f20b14fc6fb2d)

4 years agoMerge pull request #12881 from jefferyto/python3-backport-patches-openwrt-19.07
Rosen Penev [Mon, 20 Jul 2020 10:24:29 +0000 (03:24 -0700)]
Merge pull request #12881 from jefferyto/python3-backport-patches-openwrt-19.07

[openwrt-19.07] python3: Backport security fixes

4 years agopython3: Backport security fixes
Jeffery To [Sun, 19 Jul 2020 22:02:38 +0000 (06:02 +0800)]
python3: Backport security fixes

This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agoMerge pull request #12877 from jefferyto/golang-1.13.14-openwrt-19.07
Rosen Penev [Sun, 19 Jul 2020 21:40:04 +0000 (14:40 -0700)]
Merge pull request #12877 from jefferyto/golang-1.13.14-openwrt-19.07

[openwrt-19.07] golang: Update to 1.13.14

4 years agogolang: Update to 1.13.14
Jeffery To [Sun, 19 Jul 2020 19:11:51 +0000 (03:11 +0800)]
golang: Update to 1.13.14

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agohaveged: update to 1.9.13
Hannu Nyman [Sat, 18 Jul 2020 11:11:34 +0000 (14:11 +0300)]
haveged: update to 1.9.13

Update haveged to version 1.9.13.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 28cf20129081f9c6b8778b243cc3df1f610544c4)

4 years agolibvorbisidec: update to version 20180319
Josef Schlehofer [Thu, 16 Jul 2020 17:13:24 +0000 (19:13 +0200)]
libvorbisidec: update to version 20180319

Fixes CVE-2018-5147

- Change PKG_SOURCE_URL
fatal: unable to access 'https://git.xiph.org/tremor.git/': Failed to connect to git.xiph.org port 443: Connection refused
because they changed the URL of the repository
- Removes PKG_SOURCE_SUBDIR and PKG_SOURCE
Those are already defaults
- Fix indentation in description

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 406d0d9f3fd9ad88b701b07019ac69ee7d7d19b1)

4 years agodnscrypt-proxy2: update to version 2.0.44
Josef Schlehofer [Thu, 16 Jul 2020 13:25:02 +0000 (15:25 +0200)]
dnscrypt-proxy2: update to version 2.0.44

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 01ff758894d4efecdd69bf79f86014d82b91dd01)

4 years agoMerge pull request #12676 from BKPepe/bind-openwrt19.07
Josef Schlehofer [Thu, 16 Jul 2020 08:18:36 +0000 (10:18 +0200)]
Merge pull request #12676 from BKPepe/bind-openwrt19.07

[19.07] bind: update to version 9.16.x

4 years agoopenvswitch: bump to version 2.11.3
Yousong Zhou [Tue, 14 Jul 2020 11:02:52 +0000 (19:02 +0800)]
openvswitch: bump to version 2.11.3

Two patches were backported to fix issue openwrt/packages#12737

  0002-compat-Fix-ipv6_dst_lookup-build-error.patch
  0003-compat-Backport-ipv6_stub-change.patch

One was deleted as it is now part of 2.11.3

  0005-datapath-conntrack-fix-include-for-IP6_DEFRAG_CONNTR.patch

Other patches refreshed

Reported-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agoMerge pull request #12732 from TDT-AG/pr/20200706-mwan3
Rosen Penev [Mon, 13 Jul 2020 00:59:25 +0000 (17:59 -0700)]
Merge pull request #12732 from TDT-AG/pr/20200706-mwan3

mwan3: sync with master branch

4 years agoMerge pull request #12767 from jonathanunderwood/openwrt-19.07
Rosen Penev [Thu, 9 Jul 2020 06:04:26 +0000 (23:04 -0700)]
Merge pull request #12767 from jonathanunderwood/openwrt-19.07

[19.07] stubby: remove libbsd dependency and fix compilation with deprecated OpenSSL APIs

4 years agogetdns: fix compilation without deprecated OpenSSL APIs
Rosen Penev [Tue, 7 Jul 2020 21:57:59 +0000 (14:57 -0700)]
getdns: fix compilation without deprecated OpenSSL APIs

Since DSA is enabled, dsa.h is needed. Normally this header is included
implicitly with engine.h but with OPENSSL_API_COMPAT >= 0x10100000L ,
this is not so.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agogetdns: properly remove libbsd support
Rosen Penev [Tue, 7 Jul 2020 21:20:01 +0000 (14:20 -0700)]
getdns: properly remove libbsd support

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agoMerge pull request #12756 from jefferyto/python3-maxminddb-fix-build-openwrt-19.07
Rosen Penev [Wed, 8 Jul 2020 18:04:23 +0000 (11:04 -0700)]
Merge pull request #12756 from jefferyto/python3-maxminddb-fix-build-openwrt-19.07

[openwrt-19.07] python3-maxminddb: Fix build when using newer setuptools

4 years agoMerge pull request #12755 from jefferyto/python-host-platform-openwrt-19.07
Rosen Penev [Wed, 8 Jul 2020 18:03:38 +0000 (11:03 -0700)]
Merge pull request #12755 from jefferyto/python-host-platform-openwrt-19.07

[openwrt-19.07] python3: Use default _PYTHON_HOST_PLATFORM

4 years agontpd: update to version 4.2.8p15 (security fix)
Peter Wagner [Wed, 8 Jul 2020 17:11:22 +0000 (19:11 +0200)]
ntpd: update to version 4.2.8p15 (security fix)

Fixes:
CVE-2020-11868
CVE-2018-8956
CVE-2020-13817
CVE-2020-1502

Signed-off-by: Peter Wagner <tripolar@gmx.at>
4 years agopython3-maxminddb: Fix build when using newer setuptools
Jeffery To [Wed, 8 Jul 2020 09:30:57 +0000 (17:30 +0800)]
python3-maxminddb: Fix build when using newer setuptools

This package fails to build with newer setuptools, because setuptools
removed the (deprecated) Features feature in v46.0.0[1].

This adapts a commit[2] to remove the use of this feature. (Changes to
code formatting prevent the original commit/patch to be used.)

[1]: https://github.com/pypa/setuptools/blob/aff64ae89e00e25fb3868bf528a14c18e7af0cf4/CHANGES.rst#v4600
[2]: https://github.com/maxmind/MaxMind-DB-Reader-python/commit/3aac426e354f91814f6fd0829baee137b0bb093f

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agopython3: Use default _PYTHON_HOST_PLATFORM
Jeffery To [Wed, 8 Jul 2020 09:10:14 +0000 (17:10 +0800)]
python3: Use default _PYTHON_HOST_PLATFORM

This lets the Python build process set _PYTHON_HOST_PLATFORM instead of
forcing an explicit value.

Also:

* Save the target _PYTHON_HOST_PLATFORM value during Build/InstallDev
  for use when building target Python packages (in python3-package.mk).

* Use the (mostly) default PYTHON_FOR_BUILD value, instead patch
  configure to remove the platform triplet from the sysconfigdata file
  name.

* Remove the "CROSS_COMPILE=yes" make variable (there is no indication
  that this variable is necessary).

* Force host pip to build packages from source instead of downloading
  binary wheels.

  Previously, host pip can download universal (platform-independent)
  wheels but not platform-specific wheels, because of the custom
  _PYTHON_HOST_PLATFORM value. (Packages that do not have universal
  wheels would be compiled from source.)

  With a correct _PYTHON_HOST_PLATFORM, host pip can install
  platform-specific wheels as well. However, the pre-built shared object
  (.so) files in these wheels will have the host's platform triplet in
  their file names. When target Python packages are built (using the
  target's _PYTHON_HOST_PLATFORM), Python will not use these shared
  object files.

  By forcing host pip to build packages from source, the built shared
  object files will not have the platform triplet in their file names.
  (Host Python has been patched to remove the platform triplet from file
  names.) This allows these packages to be used when building target
  Python packages.

  (The net effect of this complete change is that platform-dependent
  packages will continue to be compiled from source, while
  platform-independent packages will now also be compiled from source.)

Fixes https://github.com/openwrt/packages/issues/12680.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agoMerge pull request #12722 from jonathanunderwood/openwrt-19.07-getdns-1.6.0
Rosen Penev [Mon, 6 Jul 2020 22:37:16 +0000 (15:37 -0700)]
Merge pull request #12722 from jonathanunderwood/openwrt-19.07-getdns-1.6.0

[19.07] getdns: update to version 1.6.0

4 years agomwan3: Fix mwan3 start not doing anything Due to a missing config load function call...
Michiel Blokzijl [Fri, 3 Jul 2020 17:54:19 +0000 (18:54 +0100)]
mwan3: Fix mwan3 start not doing anything Due to a missing config load function call, mwan3 start runs ifup for an empty list of interfaces, thus not calling ifup at all.

This commit introduces the missing config_load call.

Signed-off-by: Michiel Blokzijl <code@m01.eu>
(cherry picked from commit acfbd98ce0285f5bc12c6321a79346aecb3786c5)

4 years agomwan3: update version to 2.8.7
Florian Eckert [Wed, 17 Jun 2020 11:04:38 +0000 (13:04 +0200)]
mwan3: update version to 2.8.7

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 8030814267746ca0c09c74e23a0d9bf0877277fa)

4 years agomwan3: set status to unknown in rpcd if status file not found
Florian Eckert [Thu, 23 Jan 2020 09:24:19 +0000 (10:24 +0100)]
mwan3: set status to unknown in rpcd if status file not found

If the status file is not found then set then return the value unknown.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit e30f16beef36259c30223fc9986120f176f404ce)

4 years agomwan3: switch to procd init script
Florian Eckert [Fri, 6 Dec 2019 14:28:36 +0000 (15:28 +0100)]
mwan3: switch to procd init script

This enables the procd handling for mwan3 on config change.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a6dc75428c1e3a47700b5c164a16385b5c640b48)

4 years agomwan3: address reviewer comments on 5147dfc7
Aaron Goodman [Sat, 13 Jun 2020 19:25:42 +0000 (15:25 -0400)]
mwan3: address reviewer comments on 5147dfc7

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 38be40843b97ca3af9ebe37aae8ebfda7b6af65c)

4 years agomwan3: Use /128 for ipv6 if no other source address was found
Aaron Goodman [Fri, 29 May 2020 05:04:57 +0000 (01:04 -0400)]
mwan3: Use /128 for ipv6 if no other source address was found

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 4efaa44b213a9500a66c30b8c256138ef527dd97)

4 years agomwan3: Allow user to specify rules based on source interface
Aaron Goodman [Thu, 28 May 2020 22:29:56 +0000 (18:29 -0400)]
mwan3: Allow user to specify rules based on source interface

Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address.  With this change, the any family will work
again.

I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 5147dfc73aafd5b5accc6e480d51a639b000eac5)

4 years agomwan3: Do not mangle outgoing ipv6 pings
Aaron Goodman [Thu, 28 May 2020 22:27:59 +0000 (18:27 -0400)]
mwan3: Do not mangle outgoing ipv6 pings

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit cf38136b005219917098a0562b0833fa28e007d7)

4 years agomwan3: version bump to 2.8.6
Aaron Goodman [Wed, 20 May 2020 09:42:14 +0000 (05:42 -0400)]
mwan3: version bump to 2.8.6

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit b7d1f81f10302dc5b2de24e3e3d430770516ce45)

4 years agomwan3: force busybox ping
Aaron Goodman [Wed, 20 May 2020 09:34:16 +0000 (05:34 -0400)]
mwan3: force busybox ping

openwrt 19.07 uses iputils 20101006-1

This ancient version of iputils has a bug where the -I option is not respected.

https://github.com/iputils/iputils/issues/55
https://github.com/iputils/iputils/issues/56
https://bugs.openwrt.org/index.php?do=details&task_id=1486

Thus, we should force using busybox ping at "/bin/ping" until the iputils
version gets an upgrade in the next major release

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 35a86bdc119dda766801409a08e6d98dcf370c72)

4 years agomwan3: don't add ipv6 link local address to routing tables
Aaron Goodman [Wed, 20 May 2020 09:33:41 +0000 (05:33 -0400)]
mwan3: don't add ipv6 link local address to routing tables

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit aafdd0730c765f32ed40c8f3b2ef11ec7cece3c0)

4 years agomwan3: reduce calls to `ip route list'
Aaron Goodman [Wed, 20 May 2020 09:33:06 +0000 (05:33 -0400)]
mwan3: reduce calls to `ip route list'

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 02ebd831c1247508ab5555ffa7dbfebe95e3501d)

4 years agomwan3: Update Makefile
Brian J. Murrell [Thu, 30 Apr 2020 12:25:06 +0000 (08:25 -0400)]
mwan3: Update Makefile

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit b017fe34ddbc0387aef2bb3c36802ae64de35fc2)

4 years agomwan3: Don't use /128 address for ping source
Brian J. Murrell [Thu, 30 Apr 2020 12:23:37 +0000 (08:23 -0400)]
mwan3: Don't use /128 address for ping source

An interface can have both a /64 and a /128 from a provider.

In such a case, use the address from the /64 to do the ping check, not
the /128.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit 49cf5eac5cfcfbf371e84d8ddaa0e1b55175100f)

4 years agostubby: add build dependency on check package
Jonathan G. Underwood [Sun, 5 Jul 2020 19:40:35 +0000 (20:40 +0100)]
stubby: add build dependency on check package

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
4 years agoMerge pull request #12723 from jonathanunderwood/openwrt-19.07-stubby-0.3.0
Rosen Penev [Sun, 5 Jul 2020 16:34:56 +0000 (09:34 -0700)]
Merge pull request #12723 from jonathanunderwood/openwrt-19.07-stubby-0.3.0

[19.07] stubby: update to version 0.3.0

4 years agostubby: update to version 0.3.0
Jonathan G. Underwood [Wed, 1 Jul 2020 21:23:20 +0000 (22:23 +0100)]
stubby: update to version 0.3.0

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
4 years agogetdns: update to version 1.6.0
Jonathan G. Underwood [Wed, 1 Jul 2020 20:09:34 +0000 (21:09 +0100)]
getdns: update to version 1.6.0

This update also:
    - enables parallel builds
    - moves to the CMake build system
    - removes the redundant InstallDev stanza

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
4 years agoMerge pull request #12698 from Andy2244/samba-4_11_11-(19.07)
Rosen Penev [Fri, 3 Jul 2020 14:04:17 +0000 (07:04 -0700)]
Merge pull request #12698 from Andy2244/samba-4_11_11-(19.07)

[19.07] samba4: update to 4.11.11

4 years agosamba4: update to 4.11.11
Andy Walsh [Fri, 3 Jul 2020 00:12:16 +0000 (02:12 +0200)]
samba4: update to 4.11.11

* update to 4.11.11
* fixes CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
* add fix-musl_missing__nss_buflen_passwd.patch
* remove fixed tirpc include
* add extra CONFIGURE_VARS (XSLTPROC=false, WAF_NO_PREFORK=1)
* fix python3 host paths, ensure we use build hostpkg tools
* add new UCI option "enable_extra_tuning"
* update template
* add config examples for options
* fix some access warnings on samba /var dirs

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
4 years agoMerge pull request #12694 from BKPepe/mc-19.07
Dirk Brenken [Thu, 2 Jul 2020 12:00:17 +0000 (14:00 +0200)]
Merge pull request #12694 from BKPepe/mc-19.07

[19.07] mc: fix mouse handling

4 years agomc: fix mouse handling
Josef Schlehofer [Thu, 2 Jul 2020 08:52:07 +0000 (10:52 +0200)]
mc: fix mouse handling

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
4 years agotravis: improve build config
Josef Schlehofer [Fri, 19 Jun 2020 18:51:53 +0000 (20:51 +0200)]
travis: improve build config

Build config validation showed up 1 warning, 1 info
- deprecated sudo
- missing os

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 651b9f9bf1d1feedc0895e6f2de2ae58002bbc99)

4 years agotravis: Use Ubuntu 20.04 LTS - Focal Fossa
Josef Schlehofer [Fri, 19 Jun 2020 18:22:59 +0000 (20:22 +0200)]
travis: Use Ubuntu 20.04 LTS - Focal Fossa

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 995822b5f765228dc5d4496b37eb7033d3fc6e7e)

4 years agotravis: Use Ubuntu (Bionic Beaver) 18.04 LTS
Josef Schlehofer [Wed, 16 Oct 2019 13:37:15 +0000 (15:37 +0200)]
travis: Use Ubuntu (Bionic Beaver) 18.04 LTS

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f2c7a00ef4aba18a19d0fdbc6d9e28c84fab85c5)

4 years agotravis: use mpc85xx-p2020 sdk instead of ar71xx
Josef Schlehofer [Wed, 17 Jun 2020 12:47:08 +0000 (14:47 +0200)]
travis: use mpc85xx-p2020 sdk instead of ar71xx

Target ar71xx is deprecated and removed in the master branch and makes SDK
not available anymore. Travis fails because of that.
It was superseded by target ath79. These devices have 4 MB flash and/or 32 MB RAM.

However, ath79 is being used by CircleCI if you have it configured for
your repository and if you are contributing to this repository. It
is not good to have two CI for the same target. Let's use powerpc.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4526fb3eae6ed5fdbc5f6cf64a56b4471b54f9d0)

4 years agotravis: Download SDK from OpenWrt instead of LEDE
Josef Schlehofer [Wed, 16 Oct 2019 13:37:33 +0000 (15:37 +0200)]
travis: Download SDK from OpenWrt instead of LEDE

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25fc446ffbcfa7b95ca0591deac8ced90828d9a0)

4 years agobind: add nslookup alternative to busybox nslookup
Ian Cooper [Tue, 26 May 2020 15:48:52 +0000 (16:48 +0100)]
bind: add nslookup alternative to busybox nslookup

Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry picked from commit 4cb5aa57fddb83e340cfadcfbeb93a7e340ce724)

4 years agobind: update to version 9.16.3
Josef Schlehofer [Tue, 19 May 2020 10:11:53 +0000 (12:11 +0200)]
bind: update to version 9.16.3

Fixes:
CVE-2020-8616
CVE-2020-8617

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a75391575b268b379e6bc552b703dc17a76f402f)

4 years agobind: update to version (security fix)
Jan Pavlinec [Thu, 30 Apr 2020 09:39:38 +0000 (11:39 +0200)]
bind: update to version (security fix)

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit c8be44062e7bca64f70d8975d9130b81a1f6cabb)

4 years agobind9: update to 9.16.1
Noah Meyerhans [Sun, 22 Mar 2020 17:09:20 +0000 (10:09 -0700)]
bind9: update to 9.16.1

Add libuv dependency

Fix optional libxml and c-json dependency handling

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 72654d20d50abcf8f7987cc052890ada4f15a3c5)

4 years agoMerge pull request #12657 from jefferyto/python-3.7.8-openwrt-19.07
Rosen Penev [Tue, 30 Jun 2020 21:35:12 +0000 (14:35 -0700)]
Merge pull request #12657 from jefferyto/python-3.7.8-openwrt-19.07

[openwrt-19.07] python3: Update to 3.7.8, refresh/rework patches

4 years agopython3: Update to 3.7.8, refresh/rework patches
Jeffery To [Tue, 30 Jun 2020 13:20:18 +0000 (21:20 +0800)]
python3: Update to 3.7.8, refresh/rework patches

This contains a fix for CVE-2020-8492 (Denial of service in
urllib.request.AbstractBasicAuthHandler)[1].

This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.

[1]: https://docs.python.org/release/3.7.8/whatsnew/changelog.html#python-3-7-8-release-candidate-1

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4 years agosyslog-ng: detect disabled IPv6 on loopback and fallback to IPv4
Karel Kočí [Fri, 26 Jun 2020 09:37:32 +0000 (11:37 +0200)]
syslog-ng: detect disabled IPv6 on loopback and fallback to IPv4

Binding in default to IPv6 is preferable but it can be disabled in
kernel and that prevents syslog-ng to start. This setup should not be
that common but syslog is very important service and should survive
that.

This introduces new plugin defining source generator
`network_localhost`. This is used instead of original network source.

Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry picked from commit 43a8f7072ef401eaebe7f9e268cbb38085c9f384)

4 years agoMerge pull request #12628 from jonathanunderwood/openwrt-19.07-stubby-fix-tls-port
Rosen Penev [Mon, 29 Jun 2020 02:54:51 +0000 (19:54 -0700)]
Merge pull request #12628 from jonathanunderwood/openwrt-19.07-stubby-fix-tls-port

[19.07] stubby: fix handling of tls_port config option

4 years agominiupnpd: added libcap dependency
Rosen Penev [Sat, 27 Jun 2020 22:00:13 +0000 (15:00 -0700)]
miniupnpd: added libcap dependency

As miniupnpd is running as root, libcap can be used to limit its
capabilities.

libcap is very small, so this isn't a problem.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ba49c968082f01a28632bb51d6095b9a6916e26e)
(switched to use libcap as -ng is not available)

4 years agominiupnpd: update to 2.1.20200510
Rosen Penev [Thu, 25 Jun 2020 21:18:35 +0000 (14:18 -0700)]
miniupnpd: update to 2.1.20200510

Use the newly introduced configure script.

Use PKG_INSTALL for consistency between packages.

Use PKG_BUILD_PARALLEL for faster compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2b5028458e720a6f31ba0944764aa47b753814db)

4 years agominiupnpd: suppress grep and uci errors
David Ehrmann [Sat, 20 Jun 2020 22:34:39 +0000 (15:34 -0700)]
miniupnpd: suppress grep and uci errors

If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:

uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory

These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.

Suppress these errors.

Signed-off-by: David Ehrmann <ehrmann@gmail.com>
(cherry picked from commit 6ef2b5400bce73b12158b2f8d92dd9675afe8203)

4 years agominiupnpd: improve hotplug & interface handling
Kevin Darbyshire-Bryant [Thu, 14 May 2020 10:30:12 +0000 (11:30 +0100)]
miniupnpd: improve hotplug & interface handling

The existing interface selection/detection code was incomprehensible at
worst and convoluted at best.  The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice.  Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.

Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.

For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 295d77943cd8ddb1b6eb73e900d5b5221ab138e7)

4 years agostubby: fix handling of tls_port config option
Jonathan G. Underwood [Sat, 27 Jun 2020 15:43:53 +0000 (16:43 +0100)]
stubby: fix handling of tls_port config option

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>