Olivier Poitrey [Sat, 1 Feb 2020 07:58:58 +0000 (09:58 +0200)]
nextdns: Update to version 1.4.23
Changelog:
* Fix OpenWRT with existing forwarder + fix dnsmasq restore issue
* Refactor service execution to better report errors
* Refactor merlin tz setup so it does not need to curl on boot
* Improve upgrade command for install.sh
* Do not mask curl error on install
* Fix timezone logging issue with Merlin
* Add support for Merlin John's fork
* Add raspbian support to installer
* Fix upgrade not reinstalling service
* Limit the aarch64 fix to merlin
* Reset DHCP DNS to self on Merlin router setup
* Fix memory issue with aarch64 based router
* Update Go version
* Allow override of detected env
* Setup timezone correctly on Merlin init script
* Don't ignore curl error on install
* Fix Asus Merlin John’s fork trust store issue
* Fix synology auto setup
* Fix report client info not enabled with setup-router option
* Add support for edgeos DHCP lease file locations
* Fix signal handling when running as a service
* Fix exit menu keyboard shortcut
* Do not fail on upgrade if uninstall failed
* Fix exit menu in installer
* Remove failing upx (for now)
* Make sure nextdns keeps running once ssh session is closed
* Add auto setup of Synology with DHCP server enabled
* Use router's DNS to discover more names
* Get A/AAAA from both answer and addition sections
* Ignore certain invalid names during discovery
* Fix activate with setup-router
* Fix serveral install issues
* Add exponential backoff to mdns probe retry
* Correctly end dhcp lease probing when discovery is cancelled
* Store DHCP/MDNS discovered addrs separately to avoid ping/pong
discovery
* Add DHCP lease support to client discovery
* Do not report mdns listen unreachable error as start will retry
* Reimplement mdns client discovery
* Fix installer GOARCH detection with arm6+
* Fix bin install on platforms needing sudo
* Correctly detect edgeos and ddwrt as routers
* Fix install.sh sudo
* Disable upx as it break many platforms
* Fix installer regression with merlin
* Fix mips64 detection
* Fix OpenWRT detection
* Fix UPX post build script
* Fix install with John's Asuswrt-Merlin fork
* Fix more DDWRT
* Fix DDWRT support
* Fix merlin service add/remove
* Use UPX to compress binaries typicially used on routers
* Revert "Remove direct dep on reflect"
* Use letters for installer menus
* Fix install script for upgrades not working if binary is running
* Do not return an error on mdns listen if at least one interface worked
* Fix installer for synology
* Fix pfSense support
* Remove the logs for each server on each connect
* Move install instructions to wiki
* Fix install.sh uid detection with merlin
* Fix install.sh for arm6+
* Add Synology init system support
* Fix install.sh
* Add a generic router setup that just changes the listen to public
* Update README
* Add auto setup support for EdgeOS
* Restore per OS install instruction in readme during installer beta
* Refactor install.sh
* Remove dep on golang.org/x/net/ipv[4|6]
* Remove direct dep on reflect
* Rewrite the zeroconf code to use dnsmessage instead miekg/dns
* Add auto setup support for DD-WRT
* Improve arch detection
* Add auto setup support for OpenWRT
* Add automatic router setup support
* Fix service
* Remove dep en seq on sysv style init scripts
* Add Entware init system support
* Report init system used on install and in UA
* Add EdgeOS support
* Reads /etc/hosts before forwarding queries to the upstream
* Fix localhost resolution with Linux arch empty /etc/hosts
* Use /etc/hosts file to resolve listen address and list on all IPs
listed
* Add support for multiple router firmware
* Fix hardened privacy disabling dual stack
* Add a config set sub command and refactor commands handling
* Add support for activate on freebsd
* Fix inverted MAC matching
* Add unit test for conf prefix match #35
* Activate uses listen address instead of static 127.0.0.1
* Improve FreeBSD integration
* Add FreeBSD support
* Fix a typo
* Use zip for windows archive
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Edited PKG_RELEASE to 1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
a3b028b3579ca43f91879726f73b331d46cce433)
Hannu Nyman [Sat, 1 Feb 2020 07:28:04 +0000 (09:28 +0200)]
Merge pull request #11197 from Ansuel/backport
Backport
Ansuel Smith [Fri, 31 Jan 2020 22:07:54 +0000 (23:07 +0100)]
uwsgi: backport master changes to 19.07
To support new luci version uwsgi has been changed.
Backport this changes to 19.07
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Fri, 31 Jan 2020 22:06:46 +0000 (23:06 +0100)]
nginx: backport master changes to 19.07
Currently luci is broken in 19.07.
Changes done to fix this problem didn't merge in the
19.07 release.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Rosen Penev [Fri, 31 Jan 2020 00:30:01 +0000 (16:30 -0800)]
Merge pull request #11184 from micmac1/19.07-maria-10.2.31
[19.07] mariadb: security bump to 10.2.31
Rosen Penev [Fri, 31 Jan 2020 00:27:49 +0000 (16:27 -0800)]
Merge pull request #11176 from jefferyto/python-fix-float-byte-order-openwrt-19.07
[openwrt-19.07] python,python3: Fix float byte order detection
Sebastian Kemper [Thu, 30 Jan 2020 20:33:56 +0000 (21:33 +0100)]
mariadb: security bump to 10.2.31
Addresses CVE-2020-2574.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Eneas U de Queiroz [Thu, 16 Jan 2020 17:07:40 +0000 (14:07 -0300)]
python-certify: bump to 2019.11.28
This is a regular Mozilla CA bundle update.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
c799f2a913cedfba87d57ecb0ea0cbc8a186489f)
Jeffery To [Thu, 30 Jan 2020 11:12:25 +0000 (19:12 +0800)]
python3: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.
Fixing byte order detection allows the repr() of floats to be
shorter[2]. sys.float_repr_style should be 'short' instead of 'legacy'
on supported platforms.
See #11134.
[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/3.8/whatsnew/3.1.html#other-language-changes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 30 Jan 2020 10:28:49 +0000 (18:28 +0800)]
python: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.
Fixing byte order detection allows the repr() of floats to be shorter (a
feature backported to Python 2.7 from Python 3.1[2]).
sys.float_repr_style should be 'short' instead of 'legacy' on supported
platforms.
See #11134.
[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/2.7/whatsnew/2.7.html#python-3-1-features
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
a0da5aec7f4ae24feb3c4f2fb3bf3c1c9cb9e639)
Omitted PKG_RELEASE change
Rosen Penev [Wed, 31 Jul 2019 06:33:40 +0000 (23:33 -0700)]
python: Replace utime with utimes
Optionally fixes compilation with uClibc-ng.
Based on the surrounding code, this looks like an oversight.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from
608df65a627e22db08f04bab0cb97c246ff40449)
Adjusted PKG_RELEASE
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Sebastian Kemper [Sat, 26 Oct 2019 12:47:52 +0000 (14:47 +0200)]
libxslt/host: depend on libxml2/host
The host build requires libxml2-dev. This commit adds the dependency for
libxml2/host, as the host system may not have it installed. This also
avoids using the host's xml2-config (in /usr/bin for instance) while
linking to libraries in staging_dir/hostpkg.
ldd staging_dir/hostpkg/bin/xsltproc | grep xml2
libxml2.so.2 => /home/sk/tmp/openwrt/staging_dir/hostpkg/lib/libxml2.so.2 (0x00007fcc0644c000)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
05f0beb6a82c43838196035d15d6757b1e571aa6)
Jan Pavlinec [Wed, 24 Jul 2019 13:33:48 +0000 (15:33 +0200)]
libxslt: patch security issues
Fixes:
CVE-2019-13117
CVE-2019-13118
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from
f77c53cff150d99fd0e27de670fa87f11246310d)
Florian Eckert [Mon, 14 Oct 2019 10:38:02 +0000 (12:38 +0200)]
libxslt: add host build
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from
48ad713a1407711404a7913f179702d30632da5a)
Rosen Penev [Tue, 28 Jan 2020 09:57:06 +0000 (01:57 -0800)]
Merge pull request #11149 from nickberry17/add_mm_to_19
backport ModemManager and dependencies to 19.07
Nicholas Smith [Tue, 28 Jan 2020 01:52:04 +0000 (11:52 +1000)]
modemmanager: add ModemManager to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Nicholas Smith [Tue, 28 Jan 2020 01:51:42 +0000 (11:51 +1000)]
libqmi: add libqmi to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Nicholas Smith [Tue, 28 Jan 2020 01:51:25 +0000 (11:51 +1000)]
libmbim: add libmbim to packages
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
Rosen Penev [Mon, 27 Jan 2020 23:48:22 +0000 (15:48 -0800)]
Merge pull request #11143 from Andy2244/smbd-rename_ksmbd-update-3.1.1-(19.07)
[19.07] smbd: update to 3.1.1, rename to "ksmbd", "ksmbd-tools"
Rosen Penev [Mon, 27 Jan 2020 23:48:09 +0000 (15:48 -0800)]
Merge pull request #11144 from Andy2244/wsdd2-rename_ksmbd-(19.07)
[19.07] wsdd2: update for renamed smbd->ksmbd
Andy Walsh [Fri, 13 Dec 2019 14:29:32 +0000 (15:29 +0100)]
glib2: fix mips16 build, add size reducing static link, fpic CFLAGS
* allows building as mips16 (fixes broken mips16/32 mixed static linking)
* add some static link related flags to reduce target binary size
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry-picked from
a558b209440590deb5fae5ff32e4731c5e516194)
Rosen Penev [Sun, 3 Nov 2019 04:54:54 +0000 (21:54 -0700)]
glib2: Disable Werror
On GCC9, it throws a Wformat-nonliteral error. Unfortunately, there's no
easy was to fix it as it is fortify-headers where the warning ultimately
comes from.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
abdec8939e0d7cadaf0e82d9e7bb17e843525ad7)
Andy Walsh [Mon, 27 Jan 2020 21:16:27 +0000 (22:16 +0100)]
wsdd2: update for renamed smbd->ksmbd
* update for renamed smbd->ksmbd
* fix build warning for global network.sh include
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Mon, 27 Jan 2020 21:03:28 +0000 (22:03 +0100)]
smbd: update to 3.1.1, rename to "ksmbd", "ksmbd-tools"
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Hannu Nyman [Sun, 26 Jan 2020 20:39:33 +0000 (22:39 +0200)]
Merge pull request #11123 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: fix deleting server items, configurable dnsmasq settings change
Rosen Penev [Sun, 26 Jan 2020 18:48:13 +0000 (10:48 -0800)]
Merge pull request #11129 from Robby-/openwrt-19.07-freeradius3_update_3_0_20
[19.07] freeradius3: Update to 3.0.20
Jiri Slachta [Sun, 26 Jan 2020 17:27:49 +0000 (18:27 +0100)]
Merge pull request #11126 from micmac1/19.07-tiff
[19.07] tiff: update version to 4.1.0
Robby K [Sun, 26 Jan 2020 13:43:06 +0000 (14:43 +0100)]
freeradius3: Update to 3.0.20
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
https://github.com/FreeRADIUS/freeradius-server/commit/
bf1a1eda2387745bbe538998f3d2e6514f981bfd
https://github.com/FreeRADIUS/freeradius-server/commit/
a3c46544b38ab46218c385d0ee197538fad5b3da
Signed-off-by: Robby K <robbyke@gmail.com>
Jiri Slachta [Mon, 11 Nov 2019 20:49:06 +0000 (21:49 +0100)]
tiff: update version to 4.1.0
Signed-off-by: Jiri Slachta <jiri@slachta.eu>
Stan Grishin [Sun, 26 Jan 2020 04:14:56 +0000 (21:14 -0700)]
https-dns-proxy: fix deleting server items, configurable dnsmasq settings change
Signed-off-by: Stan Grishin <stangri@melmac.net>
Rosen Penev [Tue, 2 Jul 2019 17:07:53 +0000 (10:07 -0700)]
avrdude: Fix GPIO path building
%ud is a GNU extension. It's not really supported elsewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
536c6b8be7cb620f6258cbcb7e85a50662976f2b)
Rosen Penev [Thu, 23 Jan 2020 02:41:20 +0000 (18:41 -0800)]
Merge pull request #10990 from BKPepe/django-19.07
[OpenWrt 19.07] django: update to version 1.11.27
Rosen Penev [Mon, 20 Jan 2020 22:55:29 +0000 (14:55 -0800)]
Merge pull request #11078 from ddast/radicale_add_urllib_dep
radicale-py3: Add python3-urllib dependency
Dennis Dast [Mon, 20 Jan 2020 19:43:34 +0000 (20:43 +0100)]
radicale-py3: Add python3-urllib dependency
Depend on python3-urllib instead of python3-email (python3-urllib has
python3-email as a dependency).
Signed-off-by: Dennis Dast <mail@ddast.de>
Matt Merhar [Mon, 20 Jan 2020 03:39:44 +0000 (22:39 -0500)]
nut: fix other/otherflag custom variables in nut-server.init
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry-picked from
0b04dd34a0cd706a7be33da3b7536f3c50714c8e)
Sebastian Kemper [Wed, 27 Nov 2019 18:52:27 +0000 (19:52 +0100)]
nut: update OpenSSL 1.1.0 patch
Replaces OpenWrt patch with upstream patch. Also removes
0002-Fix-check-for-empty-string.patch as this is included in upstream
OpenSSL 1.1.0 patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
7d4f1b8589bc425acfd4d71a6e6be08a66d8f3dc)
Sebastian Kemper [Wed, 27 Nov 2019 18:41:40 +0000 (19:41 +0100)]
nut: fix CGI setup
This commit makes
- the libgd dependency (as well as specifying libs and includes)
- the configure argument "--with-cgi"
dependant on whether the package nut-web-cgi is selected.
nut-web-cgi is also added to PKG_CONFIG_DEPENDS.
Resolves: #10641
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from
cdd660a41dbfb87c9a253a7ebf856d7b733b752f)
Hannu Nyman [Sun, 19 Jan 2020 20:49:31 +0000 (22:49 +0200)]
Merge pull request #11063 from EricLuehrsen/openwrt-19.07-unbound
[openwrt-19.07] unbound: improve dependencies for okpg
Eric Luehrsen [Sat, 18 Jan 2020 02:42:40 +0000 (21:42 -0500)]
unbound: improve dependencies for okpg
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
cherry pick
6505154a7450fe871396a4a05bcd2423f0f8aafb
Rosen Penev [Sun, 19 Jan 2020 20:17:06 +0000 (12:17 -0800)]
Merge pull request #11061 from cotequeiroz/afalg_1.1.0-19.07
[19.07] afalg_engine: bump to v1.1.0
Eneas U de Queiroz [Sun, 19 Jan 2020 18:55:37 +0000 (15:55 -0300)]
afalg_engine: bump to v1.1.0
This version is up to 20% faster than 1.0.1.
Build without cryptouser information, which is not available in 19.07.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Josef Schlehofer [Sat, 11 Jan 2020 22:11:02 +0000 (23:11 +0100)]
btrfs-progs: update to version 5.4.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c864563372d45c6040366d4f39447e6c8a5e6aab)
Josef Schlehofer [Thu, 16 Jan 2020 11:45:15 +0000 (12:45 +0100)]
libseccomp: add seccomp-syscalls.h to InstallDev
In the version 2.4.2, there was introduced a new header file.
Ship it to InstallDev
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hannu Nyman [Sat, 18 Jan 2020 22:08:39 +0000 (00:08 +0200)]
Merge pull request #11051 from wvdakker/openwrt-19.07
[Openwrt 19.07] Shorewall: Bump to 5.2.3.5
W. van den Akker [Sat, 18 Jan 2020 21:25:26 +0000 (22:25 +0100)]
Shorewall6-lite: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:23:30 +0000 (22:23 +0100)]
Shorewall6: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:22:12 +0000 (22:22 +0100)]
Shorewall: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:21:10 +0000 (22:21 +0100)]
Shorewall-lite: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
W. van den Akker [Sat, 18 Jan 2020 21:20:18 +0000 (22:20 +0100)]
Shorewall-core: Bump to 5.2.3.5
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
Eneas U de Queiroz [Thu, 16 Jan 2020 18:21:21 +0000 (15:21 -0300)]
afalg_engine: fix ENGINES location, zero-copy
Use a fixed ENGINES_DIR location, instead of trying to read it from the
openssl Makefile.
It also fixes the zero-copy config option not being passed down to the
cmake options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from
6a5f7920e96ca8718129041c048d638c62e65959)
Eneas U de Queiroz [Fri, 1 Nov 2019 03:00:27 +0000 (00:00 -0300)]
afalg_engine: add new package
This is an alternate AF_ALG engine for openssl, based on the devcrypto
engine, but using the AF_ALG interface instead of /dev/crypto.
It is different than the AF_ALG engine that ships with OpenSSL:
- it uses sync calls, instead of async
- it suports more algorithms
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
0e0bd6da4b1a658165e4985ee00822f4eeabe5f6)
Stijn Tintel [Thu, 16 Jan 2020 21:28:55 +0000 (23:28 +0200)]
strongswan: bump to 5.8.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Paul Fertser [Thu, 21 Nov 2019 17:26:46 +0000 (20:26 +0300)]
strongswan: allow to specify per-connection reqid with UCI
This is useful to assign all traffic to a fw3 zone, e.g.:
/etc/config/ipsec:
config remote 'test'
list tunnel 'dev'
...
config 'tunnel' 'dev'
option reqid '33'
...
/etc/config/firewall:
config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...
config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019,
8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 15 Sep 2019 14:46:15 +0000 (17:46 +0300)]
strongswan: bump to 5.8.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jan Pavlinec [Thu, 16 Jan 2020 14:47:08 +0000 (15:47 +0100)]
libarchive: update to version 3.4.1 (security fix)
Fixes CVE-2019-19221
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from
df634dcc926650de22248b89620c649c0fef7602)
Eneas U de Queiroz [Fri, 6 Dec 2019 20:26:40 +0000 (17:26 -0300)]
oniguruma: bump to version 6.9.4
This version adds a new RegSet API, and fixes the following:
- CVE-2019-19012
- CVE-2019-19203
- CVE-2019-19204
- CVE-2019-19246
- some problems (found by libFuzzer test)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from
94895ec81838c02b8aa4bbc1d4af45ff2e01f004)
Stan Grishin [Thu, 16 Jan 2020 17:51:55 +0000 (10:51 -0700)]
vpn-policy-routing: bugfix: remove conflict with vpnbypass
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit
05603822d3b5ad3644db65a5d48983ca2b6f52fc)
Rosen Penev [Tue, 14 Jan 2020 20:11:06 +0000 (12:11 -0800)]
Merge pull request #11021 from jefferyto/golang-updates-openwrt-19.07
[openwrt-19.07] golang: Updates
Jeffery To [Tue, 14 Jan 2020 17:26:40 +0000 (01:26 +0800)]
golang: Update to 1.13.6
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 14 Jan 2020 16:58:28 +0000 (00:58 +0800)]
golang: Fix selection of GOARM value
This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.
Fixes #10967.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Josef Schlehofer [Sun, 12 Jan 2020 11:28:37 +0000 (12:28 +0100)]
libseccomp: update to version 2.4.2
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Sat, 11 Jan 2020 22:14:45 +0000 (23:14 +0100)]
django: update to version 1.11.27
Fixes: CVE-2019-19844
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Eric Luehrsen [Sat, 11 Jan 2020 19:13:56 +0000 (14:13 -0500)]
unbound: fix TLS forwards with optional suffix
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit
b101dd76fb4fd29cea53dbdabe7f302bdb48dca3)
Jan Pavlinec [Thu, 9 Jan 2020 00:22:26 +0000 (01:22 +0100)]
measurement-kit: update to version 0.10.8
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
744e2dd19d2a9cbd0dee6a88c19743429b8aec21)
Jan Pavlinec [Fri, 29 Nov 2019 10:48:01 +0000 (11:48 +0100)]
measurement-kit: update package
Changes:
-add InstallDev section
-remove uclibc patch (issue fixed in upstream)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
df853b2d202d6bb1ecbfce8b7c72513db3b5a36c)
Jan Pavlinec [Wed, 25 Sep 2019 10:34:30 +0000 (12:34 +0200)]
measurement-kit: update to version 0.10.6
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
2949906ec47470cd49f0a1d2f35305c4998e7711)
Rosen Penev [Sat, 11 Jan 2020 02:18:59 +0000 (18:18 -0800)]
smbd: Update to 3.0.2
Fixes a nasty stack corruption issue and a big endian fix.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from
232a271f4081ffa8bcfc591558eccab24500c526)
Rosen Penev [Sat, 11 Jan 2020 02:07:42 +0000 (18:07 -0800)]
transmission: Sync with master
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alexandru Ardelean [Tue, 10 Sep 2019 16:51:03 +0000 (19:51 +0300)]
python,python3: split python[3]-pkg-resources from setuptools
This package is required by other packages to run some binaries via
`load_entry_point`.
So, this splits this package away from setuptools.
setuptools is pretty big, akd pkg-resources is also big, but not as big.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ed0e77f3c385770065bf6ec6ed7c3bbbb6deb395)
Reference to discussion at
https://github.com/openwrt/packages/commit/
c61579b564a3877235d74684b1a75915d77e42a9#commitcomment-
36665837
Adjusted python PKG_RELEASE items to current situation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Yousong Zhou [Wed, 8 Jan 2020 05:03:19 +0000 (13:03 +0800)]
openvswitch: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 04:58:54 +0000 (12:58 +0800)]
openvswitch: backport patch to fix compilation
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 04:03:06 +0000 (12:03 +0800)]
openvswitch: fix building failure caused by dst_ops api change
Ref: https://github.com/openwrt/packages/issues/10961
Reported-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 8 Jan 2020 03:57:10 +0000 (11:57 +0800)]
openvswitch: bump to version 2.11.1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Rosen Penev [Mon, 6 Jan 2020 01:15:37 +0000 (17:15 -0800)]
Merge pull request #10920 from Rixerx/openwrt-19.07
[19.07] zabbix: update to 4.0.16
Rosen Penev [Sun, 5 Jan 2020 23:38:13 +0000 (15:38 -0800)]
Merge pull request #10881 from mstorchak/stubby-19.07
[19.07] stubby: switch to ca-bundle
Sebastian Kemper [Mon, 14 Oct 2019 20:01:01 +0000 (22:01 +0200)]
sqlite3: bump to version 3.30.1
Fixes CVE-2019-16168
In other news:
- adds ABI_VERSION
- prefers INSTALL_DATA over CP
- removes gratuitous trailing slashes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from commit
33fecfefec690e7593dac3959ca5302c73dd8e3f)
Sebastian Kemper [Fri, 19 Jul 2019 19:21:08 +0000 (21:21 +0200)]
sqlite3: bump to 3.29.0
Fixes CVE-2019-5018
Also drops upstreamed patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
2f7fbde7d6e6297dae1e35df64a3b6af456536a9)
DENG Qingfang [Wed, 14 Aug 2019 18:42:24 +0000 (02:42 +0800)]
nginx: update to 1.16.1
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
5ffc744018a3a36a059ccb91c8ee17c51c93eb0c)
Jan Pavlinec [Mon, 30 Dec 2019 12:23:05 +0000 (13:23 +0100)]
tor: add respawn to init script
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
5bce9c3e1d043e90fb31920e7a1ff5dbe1116124)
Jan Pavlinec [Tue, 17 Dec 2019 12:44:29 +0000 (13:44 +0100)]
tor: update to version 0.4.2.5
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
a339e0ede37de1dbbb15240d6d6907b063b9866c)
Josef Schlehofer [Sat, 4 Jan 2020 19:50:31 +0000 (20:50 +0100)]
youtube-dl: update to version 2020.1.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Sat, 4 Jan 2020 00:32:02 +0000 (16:32 -0800)]
Merge pull request #10940 from Andy2244/samba-4.11.4-(19.07)
[19.07] samba4: update to 4.11.4 (python3 version), add rpcsvc-proto, add libasn1 host build
Rosen Penev [Sat, 4 Jan 2020 00:15:54 +0000 (16:15 -0800)]
Merge pull request #10938 from Andy2244/smbd-rename-3.0.1-(19.07)
[19.07] smbd: rename from cifsd, update to 3.0.1
Rosen Penev [Sat, 4 Jan 2020 00:09:13 +0000 (16:09 -0800)]
Merge pull request #10939 from Andy2244/wsdd2-init-update-(19.07)
[19.07] wsdd2: update to git (2019-12-15), bind to 'lan' only, update init for smbd
Rosen Penev [Sat, 4 Jan 2020 00:08:32 +0000 (16:08 -0800)]
Merge pull request #10937 from Andy2244/libtirpc-1.2.5-(19.07)
[19.07] libtirpc: update to 1.2.5
Andy Walsh [Sat, 4 Jan 2020 00:08:11 +0000 (01:08 +0100)]
samba4: update to 4.11.4 (python3 version), add rpcsvc-proto, add libasn1 host build
* update to 4.11.4 (python3 version)
* re-enable AD-DC option
* add 'samba_nice' UCI option via "config procd 'extra'"
* restructure buildsteps (don't rely on waf --targets logic)
* move quota option into VFS
* move ACL option into AC-DC
* add more admin-tools
* use rpath_install for libs
* fix rpath + rstrip
extra:
* add rpcsvc-proto package _(don't rely on nfs-utils/host for headers, rpcgen anymore)_
* add libasn1 host build _(samba4 is looking for the bins)_
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Sat, 4 Jan 2020 00:01:43 +0000 (01:01 +0100)]
wsdd2: update to git (2019-12-15), bind to 'lan' only, update init for smbd
* update to git (2019-12-15)
* bind to 'lan' interface only
* update init for renamed cifsd->smbd
* make smbd/samba compatible _(avoid testparm dependency)_
* only start if needed
* add meta data _(vendor, model, sku)_
* update smb.conf procd location
* lower restart delay
* remove outdated patch
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Fri, 3 Jan 2020 23:55:40 +0000 (00:55 +0100)]
smbd: rename from cifsd, update to 3.0.1
* follow upstream rename to 'smbd' and 'smbd-tools'
* config is '/config/smbd' and '/etc/smbd/smb.conf'
* smbd: update to 3.0.1
* smbd: fixes delete access on readonly shares
* smbd: add patch to keep version metadata in kmod
* smbd: remove synchrous kill_server patches
* smbd-tools: update to 3.0.1
* smbd-tools: userspace service is now 'usmbd'
* smbd-tools: userspace tools are: 'smbuseradd', 'smbshareadd' with /etc/smbd/smbdpwd.db
* smbd-tools: split package into server/utils (reduce size)
* smbd-tools: fix init (luci save&apply)
* smbd-tools: remove kill_server related timeouts
* smbd-tools: add low memory options to template, to prevent oom
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Andy Walsh [Fri, 3 Jan 2020 23:48:23 +0000 (00:48 +0100)]
libtirpc: update to 1.2.5
* update to 1.2.5
* remove upstream merged patches
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Krystian Kozak [Wed, 1 Jan 2020 10:19:49 +0000 (11:19 +0100)]
zabbix: update to 4.0.16
Updated to 4.0.16 LTS version.
Compile tested: Yes, x86_64
Run tested: Yes, x86_64
Signed-off-by: Krystian Kozak <krystian.kozak20@gmail.com>
Hannu Nyman [Tue, 31 Dec 2019 15:23:20 +0000 (17:23 +0200)]
Merge pull request #10903 from stangri/19.07-vpn-policy-routing
[19.07] vpn-policy-routing: initial release
Josef Schlehofer [Tue, 31 Dec 2019 02:06:29 +0000 (03:06 +0100)]
youtube-dl: update to version 2019.12.25
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Mon, 30 Dec 2019 14:40:38 +0000 (07:40 -0700)]
vpn-policy-routing: initial release
Signed-off-by: Stan Grishin <stangri@melmac.net>
Hannu Nyman [Sun, 29 Dec 2019 13:18:27 +0000 (15:18 +0200)]
nano: update to 4.7
Update nano to version 4.7
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
c62f8962ba3cf4e044941e372a155a97e5438ebd)
Rosen Penev [Sun, 29 Dec 2019 12:36:16 +0000 (04:36 -0800)]
Merge pull request #10897 from jefferyto/golang-format-ldflags-openwrt-19.07
[openwrt-19.07] golang: Format TARGET_LDFLAGS for gcc
Jeffery To [Sun, 29 Dec 2019 10:43:01 +0000 (18:43 +0800)]
golang: Format TARGET_LDFLAGS for gcc
go invokes the external linker by calling gcc, so -zxxx options in
TARGET_LDFLAGS (in golang-package.mk) need to be formatted as -Wl,z,xxx.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from
dbd6f224c38367fb3a26b1ed0b76dd5e284a98a7)
Hannu Nyman [Sat, 28 Dec 2019 21:52:37 +0000 (23:52 +0200)]
Merge pull request #10892 from cshoredaniel/pr-19.07-radicale2-doc-passlib-bcrypt
[19.07] radicale2: Document suggested use of passlib and bcrypt
Hannu Nyman [Sat, 28 Dec 2019 21:51:39 +0000 (23:51 +0200)]
Merge pull request #10893 from cshoredaniel/pr-19.07-update-passlib-1-7-2
[19.07] passlib: Update passlib to 1.7.2
Daniel F. Dickinson [Fri, 27 Dec 2019 20:00:06 +0000 (15:00 -0500)]
radicale2: Document suggested use of passlib and bcrypt
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Rosen Penev [Sat, 28 Dec 2019 19:39:29 +0000 (11:39 -0800)]
Merge pull request #10888 from mwarning/zerotier
zerotier: backport from master