Michal Vasilek [Thu, 22 Dec 2022 10:16:02 +0000 (11:16 +0100)]
libarchive: update to 3.5.3
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Rosen Penev [Sun, 19 Sep 2021 07:52:57 +0000 (00:52 -0700)]
libarchive: update to 3.5.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
537f743c492bac2385db19fd26bd3924d8e6ea04)
rebased to remove AUTORELEASE
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Rosen Penev [Tue, 3 Aug 2021 19:21:13 +0000 (12:21 -0700)]
Merge pull request #16258 from stangri/21.02-curl
[21.02] curl: enable HTTP/2 support by default
Stan Grishin [Mon, 2 Aug 2021 07:25:40 +0000 (00:25 -0700)]
Merge pull request #16275 from stangri/21.02-simple-adblock
[21.02] simple-adblock: update to 1.8.7-6
Stan Grishin [Mon, 2 Aug 2021 06:34:17 +0000 (06:34 +0000)]
simple-adblock: update to 1.8.7-6
* supports newer shellcheck
* restore EXTRA_COMMANDS compatibility with 19.07
* move status display from various functions to status_service
* bugfix: status_service line break after output
* minor arythmetic fix in status_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
Stan Grishin [Mon, 2 Aug 2021 05:58:28 +0000 (22:58 -0700)]
Merge pull request #16253 from stangri/21.02-https-dns-proxy
[21.02] https-dns-proxy: update to 2021-07-29-1
Rosen Penev [Sun, 1 Aug 2021 20:29:40 +0000 (13:29 -0700)]
Merge pull request #16266 from nxhack/2102_node_14174
[21.02] node: bump to 14.17.4
Michael Heimpold [Sun, 1 Aug 2021 10:32:47 +0000 (12:32 +0200)]
Merge pull request #16264 from mhei/21.02-php8-update
[21.02] php8 update to 8.0.9
Michael Heimpold [Sun, 1 Aug 2021 10:32:25 +0000 (12:32 +0200)]
Merge pull request #16267 from mhei/21.02-php7-update
[21.02] php7: update to 7.4.22
Michael Heimpold [Sun, 1 Aug 2021 10:31:30 +0000 (12:31 +0200)]
Merge pull request #16265 from mhei/libxml2-update
[21.02] libxml2: update to 2.9.12
Michael Heimpold [Mon, 7 Jun 2021 04:47:21 +0000 (06:47 +0200)]
php7: update to 7.4.22
This fixes:
- CVE-2021-21704
- CVE-2021-21705
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commits
-
555d0c9a291cb9ffaefaa22da36095613857e10f
-
f15aba89f725f31d03edd95e03547670ca994e47
-
741d6d6768e4d3d9a85d83fb7a6dce422cefde5a)
Michael Heimpold [Tue, 18 May 2021 22:12:32 +0000 (00:12 +0200)]
libxml2: update to 2.9.12
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
6b932d3ff77c63fe01080139c147c86da12f0c88)
Michael Heimpold [Thu, 29 Jul 2021 20:20:45 +0000 (22:20 +0200)]
php8: add CI runtime test
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
2dad6524460a62f879e0df2786090d99e6c837fa)
Michael Heimpold [Thu, 29 Apr 2021 19:07:13 +0000 (21:07 +0200)]
Hirokazu MORIKAWA [Sat, 31 Jul 2021 02:30:27 +0000 (11:30 +0900)]
node: bump to 14.17.4
July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Stan Grishin [Fri, 30 Jul 2021 23:20:34 +0000 (23:20 +0000)]
curl: enable HTTP/2 support by default
Description: Lack of support of HTTP/2 by default starts to hurt,
for example with https-dns-proxy package, some DoH resolvers (like mullvad)
no longer support HTTP/1 and are not usable.
This enables HTTP/2 support by default (which would bring ~68Kb libnghttp).
Signed-off-by: Stan Grishin <stangri@melmac.net>
Stan Grishin [Fri, 30 Jul 2021 00:02:42 +0000 (00:02 +0000)]
https-dns-proxy: update to 2021-07-29-01
* update binary to the latest commit (2021-07-29) to fix #16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace
Signed-off-by: Stan Grishin <stangri@melmac.net>
Olivier Poitrey [Thu, 29 Jul 2021 23:34:26 +0000 (23:34 +0000)]
nextdns: Update to version 1.35.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Nick Hainke [Tue, 27 Jul 2021 13:49:48 +0000 (15:49 +0200)]
dawn: update to 2021-07-27
276ca16 msghandler: fix rrm array parsing
1e4871d datastorage: debug rrm capabilities
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
6582979678714d4c71276adf4caa6e09f8f3c76b)
Dirk Brenken [Sun, 25 Jul 2021 19:41:58 +0000 (21:41 +0200)]
travelmate: update to 2.0.4
* code cleanup
* add auto login script for Julianahoeve beach resort (NL)
* add auto login script for Vodafone hotspots (DE)
* add auto login script for telekom hotspots (DE)
* enhance captive portal detection to support html redirects as well
* change default captive portal detection url to
'detectportal.firefox.com'
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
380a5110b4d8df56c2a66c78657ee84bbcd611d3)
Stan Grishin [Tue, 27 Jul 2021 03:36:14 +0000 (20:36 -0700)]
Merge pull request #16145 from stangri/21.02-vpn-policy-routing
[21.02] vpn-policy-routing: update to 0.3.5-1
Dirk Brenken [Mon, 26 Jul 2021 15:40:13 +0000 (17:40 +0200)]
adblock: bugfix 4.1.3-3
* fix regex to prepare google safesearch domains
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
69a2a68c31b2abf93786c337db55088115c3aa42)
Rosen Penev [Thu, 22 Jul 2021 22:25:50 +0000 (15:25 -0700)]
librouteros: don't build docs
Fixes compilation without host pod2man.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e41fd1794be2e8cc78c3df4bc4f4e05100eda959)
Josef Schlehofer [Sat, 24 Jul 2021 15:27:40 +0000 (17:27 +0200)]
Merge pull request #16213 from
1715173329/yq-2102
[openwrt-21.02] yq: Update to 4.11.2
Tianling Shen [Sat, 24 Jul 2021 10:27:59 +0000 (18:27 +0800)]
yq: Update to 4.11.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d8fcfb062814fb6b5cee97f35373f864cf4dd00d)
Josef Schlehofer [Wed, 21 Jul 2021 21:28:05 +0000 (23:28 +0200)]
syslog-ng: update to version 3.33.2
Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
4b06f9ff4c3c5abe54ccd9248de9cf52f198d63d)
Scott Lamb [Thu, 15 Jul 2021 18:24:59 +0000 (11:24 -0700)]
ddns-scripts: use https for google ipv6 ddns url
This matches an ipv4 change in
21f5cdd2fa and has the same rationale.
Google requires https for both ipv6 and ipv6.
Signed-off-by: Scott Lamb <slamb@slamb.org>
(cherry picked from commit
e5f45b94c0ecfd9548d2efa7bba04e014dc66bf3)
Rosen Penev [Sun, 11 Jul 2021 09:01:06 +0000 (02:01 -0700)]
erlang: disable PIE
Fails to compile with it on.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
5685d9226860a2a008bbcf8d8cf9aae212afa904)
George Iv [Mon, 19 Jul 2021 12:46:16 +0000 (15:46 +0300)]
yggdrasil: bump to 0.4.0
- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
e135c4c86764f84339bba44d87153ed7db14d396)
Rosen Penev [Wed, 21 Jul 2021 03:55:51 +0000 (20:55 -0700)]
Merge pull request #16165 from stangri/21.02-vpnbypass
[21.02] vpnbypass: update to 1.3.2-1
Stan Grishin [Sun, 18 Jul 2021 19:45:37 +0000 (19:45 +0000)]
vpnbypass: updates to 1.3.2-1
bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 20 Jul 2021 09:14:50 +0000 (02:14 -0700)]
Merge pull request #16154 from nwidger/niels/delve-1.7.0-openwrt-21.02
[openwrt-21.02] delve: Update to 1.7.0
Rosen Penev [Tue, 20 Jul 2021 09:14:18 +0000 (02:14 -0700)]
Merge pull request #16156 from
1715173329/yq-2102
[openwrt-21.02] yq: Update to 4.11.0
Josef Schlehofer [Mon, 19 Jul 2021 11:55:52 +0000 (13:55 +0200)]
Revert "net/miniupnpd: ext_ip_reserved_ignore support"
This patch is causing several issues [1], which then were reported to
upstream [2] and it was not accepted by upstream [3]. This results that
nobody maintain this custom patch and it is not useful as it is changing
addr_is_reserved behavior.
[1] https://github.com/openwrt/packages/issues/15258
[2] https://github.com/miniupnp/miniupnp/issues/542
[3] https://github.com/miniupnp/miniupnp/pull/511
This reverts commit
b76aa9919489f49b472a8f939f6d46ca33d05f64.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
107f3376b5114cd17c115e25026b031bd439e9be)
Jan Hak [Mon, 19 Jul 2021 14:50:43 +0000 (16:50 +0200)]
knot: update to version 3.0.8
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
5f374929cfdf59fd1b2ec558cd024f5b301d3169)
Jan Hak [Mon, 21 Jun 2021 08:52:32 +0000 (10:52 +0200)]
knot: update to version 3.0.7
Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit
8d66f49baef164e6c7a621dd7e72328f62f242f4)
Tianling Shen [Mon, 19 Jul 2021 14:14:58 +0000 (22:14 +0800)]
yq: Update to 4.11.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a5f657ecf791faca53ab85393a8fc0ddc4de8683)
Niels Widger [Mon, 19 Jul 2021 12:35:46 +0000 (08:35 -0400)]
delve: Update to 1.7.0
See
https://github.com/go-delve/delve/blob/master/CHANGELOG.md#170-2021-07-19
for changes.
Signed-off-by: Niels Widger <niels@qacafe.com>
(cherry picked from
098d61ca1)
Rosen Penev [Mon, 19 Jul 2021 10:38:16 +0000 (03:38 -0700)]
Merge pull request #16150 from jefferyto/golang-1.16.6-openwrt-21.02
[openwrt-21.02] golang: Update to 1.16.6
Jeffery To [Sun, 18 Jul 2021 22:44:52 +0000 (06:44 +0800)]
golang: Update to 1.16.6
Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
c0c62227bd23e0ad9b3a0db1a907bc5bf18579c8)
Rosen Penev [Sun, 18 Jul 2021 04:30:46 +0000 (21:30 -0700)]
Merge pull request #16147 from luizluca/21.02/sane-fix_backport
[21.02] sane-backends fix usbid generation (backport)
Sebastian Kemper [Sat, 17 Jul 2021 12:03:40 +0000 (14:03 +0200)]
sane-backends: use macros (properly), remove chmod
- use $(INSTALL_DIR) instead of mkdir
- using $(INSTALL_CONF) and then running chmod is pointless, use
$(INSTALL_DATA) directly
- /etc/xinetd.d/sane-port doesn't need read protection from non-root
users, use $(INSTALL_DATA) as well
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
f37006c2e641882dde01512f8a035bf42c6f46b8)
Sebastian Kemper [Sat, 17 Jul 2021 11:55:46 +0000 (13:55 +0200)]
sane-backends: fix usbid file generation
On some build systems (build bots, Debian Buster for example) the
current mechanism in the Build/Install define doesn't run. Replace it
with shell fu that works.
Issue was reported, see [1].
[1] https://github.com/openwrt/packages/issues/16085
Fixes #16085
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
977109e28613820ff451908289ff6e4cc671ec32)
Stan Grishin [Sun, 18 Jul 2021 00:30:49 +0000 (00:30 +0000)]
vpn-policy-routing: update to 0.3.5-1
support for 21.02.0-rc2 and up
support for reloading a single interface on ifup/ifupdate
rename config file
updated shellcheck compatibility
remove obsolete create/remove_lock
interface processing optimizations to speed up reloads
drop dependency on curl in user scripts
uniform styling of functions
Signed-off-by: Stan Grishin <stangri@melmac.net>
Alexandru Ardelean [Mon, 24 May 2021 16:21:05 +0000 (19:21 +0300)]
stress-ng: bump to version 0.12.10
Patch `010-soft-float.patch` can be dropped.
It was upstreamed via https://github.com/ColinIanKing/stress-ng/pull/126
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
6f48074e79fd5185798d2bf60583313d93cfde6c)
Alexandru Ardelean [Wed, 28 Apr 2021 07:39:11 +0000 (10:39 +0300)]
stress-ng: bump to version 0.12.07
Refreshed patch.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
96692fa6c181db11bc4b72e073c52b025cbd4c98)
Alexandru Ardelean [Mon, 29 Mar 2021 08:51:51 +0000 (11:51 +0300)]
stress-ng: bump to version 0.12.06
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
940492c577b9f6c36e3f4f4b9ed8c75586871348)
Alexandru Ardelean [Mon, 8 Mar 2021 10:04:53 +0000 (12:04 +0200)]
stress-ng: bump to version 0.12.04
Refreshed patch.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
987c82cc73c3dca39658b36dc3a791aae4cb4d54)
Luiz Angelo Daros de Luca [Thu, 15 Jul 2021 16:56:52 +0000 (13:56 -0300)]
ruby: update to 3.0.2
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
1b41e8f641b612e3738ba391cf3ee97d0b8ff288)
Rosen Penev [Thu, 15 Jul 2021 18:44:35 +0000 (11:44 -0700)]
Merge pull request #16119 from commodo/python-updates1-21.02
[21.02] python-{simplejson,cffi}: bump versions
Rosen Penev [Thu, 15 Jul 2021 18:42:00 +0000 (11:42 -0700)]
Merge pull request #16125 from jefferyto/addrwatch-fixes-openwrt-21.02
[openwrt-21.02] addrwatch: Various fixes
Rosen Penev [Thu, 15 Jul 2021 18:41:42 +0000 (11:41 -0700)]
Merge pull request #16128 from
1715173329/yq-2102
[openwrt-21.02] yq: Update to 4.9.8
Nick Hainke [Sun, 11 Jul 2021 12:01:14 +0000 (14:01 +0200)]
dawn: update to 2021-07-11
ec9a3a9 fix GCC11 compilation
Thanks to neheb and cotequeiroz.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
ee4616fb43b489003cab957e3a2d6f5f14c6fb97)
Nick Hainke [Thu, 8 Jul 2021 14:45:55 +0000 (16:45 +0200)]
dawn: update to 2021-07-08
555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
163ccbf0236824b29fd2158d3a287dda5e427b00)
Tianling Shen [Thu, 15 Jul 2021 09:24:46 +0000 (17:24 +0800)]
yq: Update to 4.9.8
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
855e5b6eb5f84fe8463623cde279d561f5b00264)
Jeffery To [Fri, 18 Jun 2021 08:33:55 +0000 (16:33 +0800)]
addrwatch: Various fixes
Makefile changes include:
* Remove USE_UCLIBC, as uclibc is no longer supported
* Package output modules
* Move main binary (back) to /usr/sbin, as it is system administration
related and requires superuser privileges
New patches:
* 003-add-space-for-null-byte.patch - from
https://github.com/fln/addrwatch/commit/
374cfd2cabe4db9882d8a210adff430cc579f859
* 004-more-specific-library-linking.patch - from
https://github.com/fln/addrwatch/commit/
27b57d9da322fc16c6904d8e35aae4557a3e517b
* 005-use-c99-format-macro-constants.patch - from
https://github.com/fln/addrwatch/pull/28
Init script changes include:
* Change from explicit disable to explicit enable, so that the service
is disabled by default and on first install
* Set config option default values to default values of the main binary
* Fix command-line option names and format (from
https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)
* Always use the --quiet command-line option, as the procd instance is
not configured to capture stdout/stderr
* Change the syslog config option to start the syslog output module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
31ae85bca963ce240c9e1b8df55294587b079161)
James Vorderbruggen [Sun, 13 Jun 2021 16:09:57 +0000 (12:09 -0400)]
yggdrasil: allow HTTPS connections
Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
(cherry picked from commit
ffff3473966c42133b8faed7d8a120739c5451d4)
George Iv [Sun, 28 Mar 2021 17:39:44 +0000 (13:39 -0400)]
yggdrasil: bump to 0.3.16
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
76b642b50ff8a606780c43eef2bb030a60dcdb17)
Alexandru Ardelean [Tue, 13 Jul 2021 08:20:08 +0000 (11:20 +0300)]
python-cffi: bump to version 1.14.6
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
e08b94b7538474812c18fc109f0372bbb2710d1f)
Alexandru Ardelean [Tue, 13 Jul 2021 08:13:23 +0000 (11:13 +0300)]
python-simplejson: bump to version 3.17.3
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
3f2d7052743500e993a5f4a39cef0dc0eaac4d60)
Etienne Champetier [Sun, 4 Jul 2021 18:14:30 +0000 (14:14 -0400)]
openvpn: enable LZO support by default for OpenSSL variant
User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit
03c3c924965a74b650a45394cc424b4d02f333f1)
Josef Schlehofer [Mon, 12 Jul 2021 14:14:31 +0000 (16:14 +0200)]
syslog-ng: disable mqtt
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e319e89fde0f3c6b3c8ecfffe9bd759c9a44ac15)
Florian Eckert [Wed, 7 Jul 2021 15:16:41 +0000 (17:16 +0200)]
mwan3: bump PKG_VERSION to 2.10.11
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
44d79147ea9d75bb4a5488bf2f600d9c76561e60)
Florian Eckert [Mon, 5 Jul 2021 14:15:02 +0000 (16:15 +0200)]
mwan3: add troublshoot command from LuCI
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
619b721c2f9b0b1c88f9fde7da75c9e37a060a47)
Florian Eckert [Mon, 5 Jul 2021 09:26:37 +0000 (11:26 +0200)]
mwan3: cleanup help output
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
a9dac71e3d7f2d46f7d051cb8ffe235c49177848)
Josef Schlehofer [Sun, 11 Jul 2021 18:16:47 +0000 (20:16 +0200)]
syslog-ng: update to version 3.33.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
2b4be08a8c4fbe3d6dec90b91726375e9b38db61)
Josef Schlehofer [Sun, 11 Jul 2021 18:44:19 +0000 (20:44 +0200)]
Merge pull request #16088 from turris-cz/21.02/lxc-change-gpgkeyserver
lxc: add patch to switch GPG server
Rosen Penev [Wed, 16 Jun 2021 01:36:03 +0000 (18:36 -0700)]
apache: update to 2.4.48
Refreshed patch.
Fixes:
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
6dfd07097de4e737444cf70c62d34453bbf84f7a)
Rosen Penev [Sun, 11 Jul 2021 07:10:49 +0000 (00:10 -0700)]
Merge pull request #16093 from Andy2244/samba-4.14.5_(21)
[21.02] samba4: update to 4.14.5
Rosen Penev [Sun, 11 Jul 2021 07:10:44 +0000 (00:10 -0700)]
Merge pull request #16092 from Andy2244/libtirpc-1.3.2_-21]
[21.02] libtirpc: update to 1.3.2
Rosen Penev [Sun, 11 Jul 2021 07:10:36 +0000 (00:10 -0700)]
Merge pull request #16091 from Andy2244/rpcbind-1.2.6_-21]
[21.02] rpcbind: update to 1.2.6
Rosen Penev [Sun, 11 Jul 2021 07:10:32 +0000 (00:10 -0700)]
Merge pull request #16090 from Andy2244/softethervpn-5.02.5180_(21)
[21.02] softethervpn5: update to 5.02.5180
Rosen Penev [Sun, 11 Jul 2021 07:10:26 +0000 (00:10 -0700)]
Merge pull request #16094 from Andy2244/wsdd2-git-2021-06-28_(21)
[21.02] wsdd2: update to git 2021-06-28
Daniel Golle [Fri, 9 Jul 2021 01:12:00 +0000 (02:12 +0100)]
transmission: add new syscalls to seccomp filter
Testing showed that additional syscalls are needed on ARMv7.
Add "getegid32", "geteuid32", "getgid32" and "getrandom" as they are
all innocent.
Bump PKG_RELEASE.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
1141ee1e5163d0882c0c8ab00c200b797b1ac85f
and commit
a78e527012dd0b772bcfbda980b17575410edffd)
Josef Schlehofer [Wed, 14 Apr 2021 22:39:03 +0000 (00:39 +0200)]
netdata: update to version 1.30.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1d532fa545eef1ebd3ebef6ab41dfd709ad991e1)
Andy Walsh [Sat, 10 Jul 2021 19:11:11 +0000 (21:11 +0200)]
wsdd2: update to git 2021-06-28
* update to git 2021-06-28
* add extra startup delay
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 10 Jul 2021 19:09:29 +0000 (21:09 +0200)]
samba4: update to 4.14.5
* update to 4.14.5
* refresh patches
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 10 Jul 2021 19:07:47 +0000 (21:07 +0200)]
softethervpn5: update to 5.02.5180
* update to 5.02.5180
* add dep: libsodium
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 10 Jul 2021 18:56:50 +0000 (20:56 +0200)]
rpcbind: update to 1.2.6
* update to 1.2.6
* remove upstream merged patch
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 10 Jul 2021 18:54:53 +0000 (20:54 +0200)]
libtirpc: update to 1.3.2
* update to 1.3.2
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Thu, 8 Jul 2021 04:22:32 +0000 (06:22 +0200)]
Merge pull request #16065 from
1715173329/yq-2102
[openwrt-21.02] yq: Update to 4.9.7
Tianling Shen [Wed, 7 Jul 2021 12:28:06 +0000 (20:28 +0800)]
yq: Update to 4.9.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
faf915e97d070d05c5a27654ebb07389123f26e7)
Rosen Penev [Wed, 7 Jul 2021 06:02:17 +0000 (23:02 -0700)]
Merge pull request #16050 from nxhack/2102_libuv_CVE-2021-22918
[21.02] libuv: fix CVE-2021-22918
Alexandru Ardelean [Mon, 5 Jul 2021 08:28:38 +0000 (11:28 +0300)]
python3: do a simple ls on pip & setuptools if not selected for build
I seem to forget to check/select setuptools and pip (that come bundled with
Python).
This change will do a simple 'ls' on the 2 wheel files, so that the build
fails even if just building Python.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 5 Jul 2021 06:28:07 +0000 (09:28 +0300)]
python3: update to version 3.9.6
Refreshed patches.
Bumped pip to 21.1.3.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
44e009364f5a115172f5825fbfd8c0b3730021a5)
Daniel Golle [Sat, 3 Jul 2021 14:04:33 +0000 (15:04 +0100)]
mwan3: use default routes from additional tables
Until now the additional tables listed in gobal 'rt_table_lookup' were
not considered for interfaces.
In order to be able to also use interface-defined routes from tables
other than main, consider also tables listed in 'rt_table_lookup'.
Update version to 2.10.10 as requested by maintainer.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cb02b42007878147b514b1cb86246bfa09615d35)
Hirokazu MORIKAWA [Tue, 6 Jul 2021 05:02:43 +0000 (14:02 +0900)]
libuv: fix CVE-2021-22918
idna: fix OOB read in punycode decoder
libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.
https://github.com/libuv/libuv/commit/
b7466e31e4bee160d82a68fca11b1f61d46debae
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Nikos Mavrogiannopoulos [Mon, 5 Jul 2021 17:43:08 +0000 (19:43 +0200)]
Merge pull request #16015 from DeathCamel58/openconnect-backport-iconv/intl-fixes
openconnect: backport iconv/intl fix
Rosen Penev [Mon, 5 Jul 2021 09:54:56 +0000 (02:54 -0700)]
Merge pull request #16042 from commodo/django-bump-21.02
[21.02] django: bump to version 3.2.5
Alexandru Ardelean [Mon, 5 Jul 2021 07:35:41 +0000 (10:35 +0300)]
django: bump to version 3.2.5
Several bug-fixes.
Fix CVE-2021-35042
Release notes:
https://docs.djangoproject.com/en/3.2/releases/3.2.5/
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
3ee863421a675c41848261a17df145716a23d907)
Rosen Penev [Sat, 3 Jul 2021 22:16:37 +0000 (15:16 -0700)]
Merge pull request #16013 from commodo/python-dateutil-21.02
[21.02] python-dateutil: add setuptools-scm build dep
Rosen Penev [Sat, 3 Jul 2021 22:15:37 +0000 (15:15 -0700)]
Merge pull request #16024 from rs/nextdns-1.34.2-openwrt-21.02
[21.02] nextdns: Update to version 1.34.2
Olivier Poitrey [Fri, 2 Jul 2021 18:54:54 +0000 (18:54 +0000)]
nextdns: Update to version 1.34.2
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Baptiste Jonglez [Wed, 30 Jun 2021 12:09:42 +0000 (14:09 +0200)]
tessdata: uncompress tarball only once to speed up builds
The previous approach was to uncompress N times a big tarball (638 MB)
where N=130 is the number of supported languages. Each iteration would
only extract a single file, but it still needs to uncompress the whole
tarball. This is of course completely inefficient.
Now, we uncompress the tarball only once to extract all relevant files,
and then iterate N times to copy the file needed for each language.
This massively speeds up builds, at the expense of temporarily requiring
more build space (about 1 GB more)
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit
7fe513971f4139a52c22bae36097c950731b56f2)
Rosen Penev [Mon, 15 Mar 2021 02:31:02 +0000 (19:31 -0700)]
tessdata: update to 2.1.0
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
37bffba07477a7a7cccddb55adeea4e2c8ae2438)
Dylan Corrales [Fri, 2 Jul 2021 16:11:03 +0000 (12:11 -0400)]
openconnect: backport iconv/intl fix
This was pulled from #14741. #14734 affects me as well on Debian 11.
Signed-off-by: Dylan Corrales <deathcamel58@gmail.com>
Alexandru Ardelean [Wed, 30 Jun 2021 14:30:41 +0000 (17:30 +0300)]
python-dateutil: add setuptools-scm build dep
Following:
https://github.com/openwrt/packages/pull/16004
https://github.com/openwrt/packages/pull/15995
https://github.com/openwrt/packages/issues/15988
It seems that dateutil requires setuptools-scm to be installed.
As such, this is being added as a dependency.
Also, bump setuptools-scm to version 6.0.1
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
e2026346cceeb54216090a75c83d527f8c51f321)
Dirk Brenken [Tue, 29 Jun 2021 19:03:33 +0000 (21:03 +0200)]
adblock: update 4.1.3-2
* add a tcpdump option to resolve IPs in adblock reporting,
set 'adb_represolve' accordingly (disabled by default). If enabled
tcpdump will perform a reverse DNS (PTR) lookup for each IP address
* add 'stalkerware' source (provided by @astryzia)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
e5fd19d2e0981710b0a57b0f8528013203d2bbc6)
Oskari Rauta [Tue, 8 Jun 2021 00:15:15 +0000 (03:15 +0300)]
crun: update to 0.20
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
0b609eb373dd1c3114bbe2651791022ff413d2c2)