feed/packages.git
3 years agonode: bump to v14.16.1
Hirokazu MORIKAWA [Mon, 12 Apr 2021 01:53:35 +0000 (10:53 +0900)]
node: bump to v14.16.1

April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)

OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.

NODEJS_ICU_SMALL is default

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agosafe-search: prevent duplicate cron job installation
Gregory L. Dietsche [Fri, 9 Apr 2021 01:14:45 +0000 (20:14 -0500)]
safe-search: prevent duplicate cron job installation

This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.

To reproduce this bug, perform the following:
  - Install safe-search
  - Perform an OpenWRT firmware upgrade (choose to preserve user settings)
  - Install safe-search again

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 49535edffdd44e1db109f687a5f6e87b7fe0ea3c)

3 years agonetdata: disable shared memory totals by default
Tiago Gaspar [Sat, 10 Apr 2021 23:21:58 +0000 (00:21 +0100)]
netdata: disable shared memory totals by default

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 5f65d87bb7727be85e7d3e02045302d6eb76ff7e)

3 years agohttps-dns-proxy: bugfix: race condition with dnsmasq
Stan Grishin [Sun, 11 Apr 2021 01:30:23 +0000 (01:30 +0000)]
https-dns-proxy: bugfix: race condition with dnsmasq

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agosimple-adblock: update to 1.8.7-3
Stan Grishin [Sat, 10 Apr 2021 18:54:49 +0000 (18:54 +0000)]
simple-adblock: update to 1.8.7-3

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoadblock: fix games_tracking source url
Dirk Brenken [Fri, 9 Apr 2021 16:42:30 +0000 (18:42 +0200)]
adblock: fix games_tracking source url

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ec20e9df96f74c29699aa2df8de63cb9a8c32a2a)

3 years agoMerge pull request #15372 from farmergreg/21.02-safe-search
Josef Schlehofer [Thu, 8 Apr 2021 21:30:28 +0000 (23:30 +0200)]
Merge pull request #15372 from farmergreg/21.02-safe-search

[21.02] safe-search: check for changed IP addresses weekly

3 years agoMerge pull request #15371 from farmergreg/21.02-family-dns
Josef Schlehofer [Thu, 8 Apr 2021 21:28:05 +0000 (23:28 +0200)]
Merge pull request #15371 from farmergreg/21.02-family-dns

[21.02] net/family-dns: Correct Reference to IPKG_INSTROOT

3 years agofamily-dns: Correct Reference to IPKG_INSTROOT 15371/head
Greg Dietsche [Sun, 28 Feb 2021 19:40:22 +0000 (13:40 -0600)]
family-dns: Correct Reference to IPKG_INSTROOT

IPKG_INSTROOT was misspelled.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 1569131f952915eb12b91268bdf11df3a005fe75)

3 years agosafe-search: check for changed IP addresses weekly 15372/head
Gregory L. Dietsche [Wed, 10 Mar 2021 03:34:24 +0000 (21:34 -0600)]
safe-search: check for changed IP addresses weekly

The current default of hourly is too fast. Some services such as
DuckDuckGo return IPs from a pool based on the user's location instead
of a fixed IP address. This change prevents unnecessary writes to the
flash memory by only updating once per week.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 7164ccf1553a990d8823bc545d970334fa0cd32e)

3 years agominisatip: add libdvbcsa support
Rosen Penev [Mon, 5 Apr 2021 02:31:56 +0000 (19:31 -0700)]
minisatip: add libdvbcsa support

Unconditionally enable with BUILD_PATENTED.

Simplify configure args.

Add missing PKG_CONFIG_DEPENDS

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3d65773650e42c32a2c30d336f266f4fd8723d40)

3 years agoopenvpn: fix invoking user up & down commands from hotplug wrapper
Jo-Philipp Wich [Sat, 27 Mar 2021 19:33:44 +0000 (20:33 +0100)]
openvpn: fix invoking user up & down commands from hotplug wrapper

This commit adds a number of fixes to the OpenVPN up/down hotplug command
wrapper which currently fails to actually invoke user defined up and down
commands for uci configurations not using external native configurations.

 - Use the `--setenv` to pass the user configured `up` and `down` commands
   as `user_up` and `user_down` environment variables respectively

 - Instead of attempting to scrape the `up` and `down` settings from the
   (possibly generated) native OpenVPN configuration in
   `/etc/hotplug.d/openvpn/01-user`, read them from the respective
   environment variables instead

 - Fix parsing of native configuration values in `get_openvpn_option()`;
   first try to parse a given setting as single quoted value, then as
   double quoted and finally as non-quoted, potentially white-space
   escaped one. This ensures that `up '/bin/foo'` is interpreted as
   `/bin/foo` and not `'/bin/foo'`

Ref: https://forum.openwrt.org/t/openvpn-up-down-configuration-ignored/91126
Supersedes: #15121, #15284
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry-picked from commit 7f065a94bb2663d32da7424c777a580d470728a0)

3 years agoopenvpn: add OpenVPN option server-poll-timeout
Alexander Egorenkov [Sun, 21 Mar 2021 09:57:31 +0000 (10:57 +0100)]
openvpn: add OpenVPN option server-poll-timeout

See https://www.mankier.com/8/openvpn#--server-poll-timeout

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry-picked from commit 5789faab67db9b2bde999d24a3dbc26c4a82981d)

3 years agoopenvpn: update to 2.5.1
Magnus Kroken [Wed, 24 Feb 2021 18:00:23 +0000 (19:00 +0100)]
openvpn: update to 2.5.1

Set myself as maintainer.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit 204c0901b83b20e34ed12e4ea41236e2261d4099)

3 years agocurl: update to version 7.76.0
Jan Pavlinec [Thu, 1 Apr 2021 08:58:11 +0000 (10:58 +0200)]
curl: update to version 7.76.0

Fixes CVE-2021-22876 and CVE-2021-22890

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit b971310549ac145f88d0251f03ffaa294f51c1e2)

3 years agolibdvbcsa: add new package
Rafał Dzięgiel [Sun, 2 Aug 2020 09:52:07 +0000 (11:52 +0200)]
libdvbcsa: add new package

Libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm DVB/CSA - with encryption and decryption capabilities.

OpenWrt packages like `tvheadend` and `minisatip` can benefit from it.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
(cherry picked from commit 51c5a8b4bcb5ba4d7447bd6ce77ddc41a46570aa)

3 years agopython-pytest: update to version 6.2.3
Jan Pavlinec [Tue, 6 Apr 2021 10:00:28 +0000 (12:00 +0200)]
python-pytest: update to version 6.2.3

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 4e979ceb6b5b78c136a5981e85e53f27d31510e3)

3 years agoknot-resolver: update to version 5.3.1
Jan Pavlinec [Tue, 6 Apr 2021 10:41:02 +0000 (12:41 +0200)]
knot-resolver: update to version 5.3.1

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 3e3025b1910b158ce35921b4b6fc22579cf4824b)

3 years agoyoutube-dl: update to version 2021.4.7
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 701ded952a2505d3c39184767d2d55d1e299ec0f)

3 years agozeroconf: update to version 0.29.0
Josef Schlehofer [Tue, 6 Apr 2021 20:48:19 +0000 (22:48 +0200)]
zeroconf: update to version 0.29.0

Update copyright in Makefile

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 757b0ea64710c692579ca59b4afbd49d4c025728)

3 years agoksmbd: update to 3.3.8
Rosen Penev [Wed, 7 Apr 2021 04:48:16 +0000 (21:48 -0700)]
ksmbd: update to 3.3.8

Major changes are:
  clean-up codes using checkpatch --strict option.
  fix several warning and build failure from linux-next.
  change the minimum supported kernel version to v5.4.
  use xarray for tree connect list.
  fix reviews from lkml.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fa6f182a21c597cd792bfe83fc68c9c5d0b196b3)

3 years agoksmbd-tools: update to 3.3.8
Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8

Major changes are:
  disable symlink by default.
  remove smack inherit leftovers.
  Enable guest access on IPC$ share by default.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c6fa2d5bfaf24f347efd7156b2ad5b1cf62bd9a9)

3 years agoksmbd-tools: Add a mDNS TXT record for the ksmbd service
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service

MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.

Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.

Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit 272b0a5c1873a34f6609e7af38395cea3f02bda5)

3 years agoxinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
Sven Roederer [Sat, 3 Apr 2021 16:47:02 +0000 (18:47 +0200)]
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh

Avoid "file not found"-error when embedding via Imagebuilder.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit bdab7e6bfed9d29f51589ed4461dd927dc78eaf1)

3 years agostrongswan: bump to 5.9.2
Philip Prindeville [Sun, 4 Apr 2021 20:17:15 +0000 (14:17 -0600)]
strongswan: bump to 5.9.2

Retire weak algorithms like MD5 and 3DES.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ae3d5aa73ee2bb608a97ce55742489780f07b779)

3 years agostrongswan: force PIC on all builds
Philip Prindeville [Wed, 24 Feb 2021 21:46:33 +0000 (14:46 -0700)]
strongswan: force PIC on all builds

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit a72780a9c25eeff46319d6be1bc33e515deb703c)

3 years agostrongswan: migrate to swanctl configs
Philip Prindeville [Wed, 10 Feb 2021 05:49:30 +0000 (22:49 -0700)]
strongswan: migrate to swanctl configs

Derived from the ipsec initd script, with the following changes:

(1) various code improvements, corrections (get rid of left/right
    updown scripts, since there's only one), etc;
(2) add reauth and fragmentation parameters;
(3) add x.509 certificate-based authentication;

and other minor changes.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit f9d91f1f470aaa6d3da5aab97bf5ece139d8c5bd)

3 years agostrongswan: remove synthesized ipsec conf files
Philip Prindeville [Thu, 1 Apr 2021 20:43:12 +0000 (14:43 -0600)]
strongswan: remove synthesized ipsec conf files

If you shutdown ipsec service, and it doesn't clean up
/var/ipsec/ipsec.conf, then when you start swanctl service it
might see an incompatible file on startup.  Remedy is to
remove unneeded files when shutting down the service.  They
can always be regenerated when the service starts again.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit baa38a14200d0549a0531be92f3ef89e526063ac)

3 years agostrongswan: move ipsec conf files to subpackage
Philip Prindeville [Sat, 27 Mar 2021 19:37:21 +0000 (13:37 -0600)]
strongswan: move ipsec conf files to subpackage

These config files are only used by the ipsec interface to charon,
and shouldn't be part of the base package.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit e626255b371b8bd7811ea870525b32c0a4b2f589)

3 years agostrongswan: make the include's in the .conf files persistent
Philip Prindeville [Wed, 10 Feb 2021 06:42:00 +0000 (23:42 -0700)]
strongswan: make the include's in the .conf files persistent

Having scripts diddle user written config files seems potentially
dangerous.  Plus there's really no downside to including some
empty files.  Best to just make the includes be permanent.

Additional feature suggested by Luiz: if a -opkg version of the
config file was created unnecessarily, remove it as part of the
upgrade process since changes won't be happening to that file
as an artifact of the service starting.  The include lines are
now permanent, which means that (1) additional configuration
synthesized by UCI won't be anywhere that opkg (or sysupgrade,
for that matter) cares about since it won't be persistent, and
(2) if changes are being made, then they're being done by a
person with an editor and they really should be distinguished.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 643df01275798dc4a44d33ac1a8b630c91a80c8c)

3 years agostrongswan: change maintainers
Philip Prindeville [Fri, 26 Mar 2021 03:37:56 +0000 (21:37 -0600)]
strongswan: change maintainers

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0bd4410e304f6164a1e0766815a1ca080dbeaa17)

3 years agostrongswan: fix local_gateway discovery
Philip Prindeville [Mon, 15 Feb 2021 21:51:02 +0000 (14:51 -0700)]
strongswan: fix local_gateway discovery

This has been observed by myself and @luizluca: ip route get is
appending uid0 to the output, as seen from:

root@OpenWrt2:~# ip route get 1.1.1.1
1.1.1.1 via 174.27.160.1 dev eth3 src 174.27.182.184 uid 0
    cache
root@OpenWrt2:~#

so the fix is an anchored match, discarding all else. Also, using
ip -o means never having to do multiline matches...

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ec72d3a9e47954f0be844fb32abb5ca1e4dda667)

3 years agomtd-rw: fix build failure with kernel 5.10
David Bauer [Fri, 26 Feb 2021 14:38:15 +0000 (15:38 +0100)]
mtd-rw: fix build failure with kernel 5.10

When building mtd-rw for a target based on Kernel 5.10 which has
CONFIG_MTD disabled the build fails with

ERROR: "put_mtd_device" [../mtd-rw.ko] undefined!
ERROR: "get_mtd_device" [../mtd-rw.ko] undefined!

Omit building the package for such a target.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c6b3d949295e687c54a6d87f60f49f7ccc4bdcdf)

3 years agoclamav: update to 0.103.1
Rosen Penev [Sun, 28 Feb 2021 12:06:30 +0000 (04:06 -0800)]
clamav: update to 0.103.1

Convert to using CMake in order to speed up compilation and to fix
compilation under glibc.

Add extra dependencies since they're now needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7cd687cb7ea576dda2a54114eb4f90838aa13580)

3 years agopython3-libsemanage: update to 3.2
Rosen Penev [Tue, 9 Mar 2021 08:05:06 +0000 (00:05 -0800)]
python3-libsemanage: update to 3.2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit acb72e74529a5f3c6ec067cfe6047b621407c29a)

3 years agosetools: update to 4.4.0
Rosen Penev [Tue, 9 Mar 2021 08:22:25 +0000 (00:22 -0800)]
setools: update to 4.4.0

Remove no longer needed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 39bce0e7191bab285d3c0fb6b205df7bcfd36e4f)

3 years agojool: Update to 4.1.5
Ondřej Caletka [Sun, 4 Apr 2021 19:53:39 +0000 (21:53 +0200)]
jool: Update to 4.1.5

Compile and run tested on: mvebu (Turris Omnia)

Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
(cherry picked from commit 0c044284b7882c71642af38077a92f99277564e9)

3 years agonut: fix typo in nutshutdown script
Sven Roederer [Sat, 3 Apr 2021 20:00:31 +0000 (22:00 +0200)]
nut: fix typo in nutshutdown script

Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec799.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit f25f49a8b7c5a038f8a50dbb74e10db19f26d15a)

3 years agomosquitto: bump to 2.0.10
Karl Palsson [Tue, 6 Apr 2021 10:33:56 +0000 (10:33 +0000)]
mosquitto: bump to 2.0.10

This is a security fix, affecting 2.0.0 through to 2.0.9.  Mosquitto instances
could be remotely DoS'd by authenticated clients.

Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agohaproxy: Update HAProxy to v2.2.13
Christian Lachner [Tue, 6 Apr 2021 05:46:03 +0000 (07:46 +0200)]
haproxy: Update HAProxy to v2.2.13

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agocache-domains: Fixed host files directory
Gerard Ryan [Fri, 2 Apr 2021 05:22:55 +0000 (15:22 +1000)]
cache-domains: Fixed host files directory
* Hid unnecessary output

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agoMerge pull request #15331 from 1715173329/xray-2102
Rosen Penev [Sun, 4 Apr 2021 02:07:23 +0000 (19:07 -0700)]
Merge pull request #15331 from 1715173329/xray-2102

[openwrt-21.02] xray-core: Update to 1.4.2

3 years agobanip: bugfix 0.7.6-2
Dirk Brenken [Sat, 3 Apr 2021 17:16:39 +0000 (19:16 +0200)]
banip: bugfix 0.7.6-2

* fix housekeeping of external list sources

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 86a20c79556284807f95aafd4f9db9633fafe5b7)

3 years agoxray-core: Update to 1.4.2 15331/head
Tianling Shen [Fri, 2 Apr 2021 08:59:11 +0000 (16:59 +0800)]
xray-core: Update to 1.4.2

Updated geo datas to latest version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 781c70077bf5dfd1c372c3a7a6955eadb3e380a2)

3 years agoxray-core: init: add browser dialer support
Tianling Shen [Fri, 2 Apr 2021 09:06:19 +0000 (17:06 +0800)]
xray-core: init: add browser dialer support

Since v1.4.1, Xray has introduced a new feature to transfer data via
browsers, which can disguise itself as a normal browser to cheat
network censorship.

For more details, see https://github.com/XTLS/Xray-core/pull/421.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 736667ce6eab44e265744337559c155aa99cbc00)

3 years agosimple-adblock: jsonOps-related bugfixes
Stan Grishin [Thu, 18 Mar 2021 01:37:42 +0000 (01:37 +0000)]
simple-adblock: jsonOps-related bugfixes

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoxray-core: Update to 1.4.1
Tianling Shen [Wed, 31 Mar 2021 08:09:36 +0000 (16:09 +0800)]
xray-core: Update to 1.4.1

Updated geodata to latest version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from ee9868cb20f78b01df1996090f1fe224a5e4c017)

3 years agoyq: Update to 4.6.3
Tianling Shen [Wed, 31 Mar 2021 08:17:18 +0000 (16:17 +0800)]
yq: Update to 4.6.3

- Re-assigned myself as the maintainer
- Used $(AUTORELEASE) for PKG_RELEASE

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 82ebe3e49a50075116da4b677eacae91e6fcd2c4)

3 years agopython3-pyroute2: update to version 0.5.16
Martin Matějek [Mon, 29 Mar 2021 20:20:57 +0000 (22:20 +0200)]
python3-pyroute2: update to version 0.5.16

Signed-off-by: Martin Matějek <martin.matejek@gmx.com>
(cherry picked from commit df4b1ae24e5532e8d3c634d8ae82f87c8f6ea8e0)

3 years agobanip: update to 0.7.6
Dirk Brenken [Sun, 28 Mar 2021 15:06:46 +0000 (17:06 +0200)]
banip: update to 0.7.6

* rework the central iptables function to significantly
  reduce the code complexity and the overall number of iptables calls
* check early and only once in the chain for ctstate NEW and
  return otherwise (thanks @ldir-EDB0)
* made the whitelist ordering within the chain more flexible

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1235acdde621d5ba5dd85d3e232db1162f1f086f)

3 years agohwdata: update to version 0.345
Josef Schlehofer [Mon, 8 Mar 2021 09:41:31 +0000 (10:41 +0100)]
hwdata: update to version 0.345

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5e30a07908e195d8bf3966532b3466da519a25b1)

3 years agopython-zipp: update to version 3.4.1
Jan Pavlinec [Mon, 8 Mar 2021 14:23:44 +0000 (15:23 +0100)]
python-zipp: update to version 3.4.1

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 7f850739791257905cd6e3ec36dba18713f0af55)

3 years agosubversion: update to 1.14.1
Jan Pavlinec [Mon, 8 Mar 2021 12:52:09 +0000 (13:52 +0100)]
subversion: update to 1.14.1

Fixes CVE-2020-17525

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 0dd5354abce28eed9e4944f61b80c441c18956a1)

3 years agozstd: update to version 1.4.9
Jan Pavlinec [Wed, 10 Mar 2021 12:10:58 +0000 (13:10 +0100)]
zstd: update to version 1.4.9

Fixes CVE-2021-24032

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit ebc4939dd235f3cdc8a69182426bd94cfece4cf0)

3 years agogit: update to version 2.30.2
Jan Pavlinec [Wed, 10 Mar 2021 09:51:57 +0000 (10:51 +0100)]
git: update to version 2.30.2

Fixes CVE-2021-21300

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit a4f058ec5cad69c981ca47d2f922a4abf22d5319)

3 years agoCI: use new `openwrt` Docker username
Paul Spooren [Thu, 18 Mar 2021 06:25:16 +0000 (20:25 -1000)]
CI: use new `openwrt` Docker username

We now own `openwrtorg` and `openwrt`, where the latter replaces the
former. Slowly migrate over.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit b164a3aa32caa181feff8074ecce3a42b052b060)

3 years agoreptyr: add mips64el to the DEPENDS list
Rosen Penev [Sun, 21 Mar 2021 01:39:46 +0000 (18:39 -0700)]
reptyr: add mips64el to the DEPENDS list

MIPS is completely unsupported.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 03515d00cdaa6a9d91d8c003fc27a1e59258d8fa)

3 years agobind: update to 9.17.11
Rosen Penev [Sat, 20 Mar 2021 22:21:51 +0000 (15:21 -0700)]
bind: update to 9.17.11

Backport upstream OpenSSL deprecated API patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit dd64cb713bc3d08b94b544d95dd22151f0e71394)

3 years agonetdata: update to version 1.29.3
Josef Schlehofer [Sun, 21 Mar 2021 23:56:07 +0000 (00:56 +0100)]
netdata: update to version 1.29.3

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5074fbbfdc8536daf1d979f7ead32cebb1ec2acb)

3 years agosshpass: update to version 1.09
Josef Schlehofer [Mon, 22 Mar 2021 01:00:46 +0000 (02:00 +0100)]
sshpass: update to version 1.09

Changelog [1]:
Version 1.09
* Explicitly set the controlling TTY

Version 1.08
* Report when IP key has changed
* Scrub the environment variable for -e

Version 1.07
* Pass signals that should terminate to ssh
* Fix race around signal handling
* Report IPC errors to stderr
* Report if can't open -f password file

[1] https://sourceforge.net/p/sshpass/code/76/tree/trunk/ChangeLog

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5799d0b1eea5e2cf90c05eab7729112288874470)

3 years agonnn: update to version 3.6
Josef Schlehofer [Mon, 22 Mar 2021 01:09:02 +0000 (02:09 +0100)]
nnn: update to version 3.6

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ad116f29ceb1470e38bece6b5a71b737f976939b)

3 years agosyslog-ng: update to version 3.31.2
Josef Schlehofer [Sun, 21 Mar 2021 23:50:54 +0000 (00:50 +0100)]
syslog-ng: update to version 3.31.2

Bump config file

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3d817e968e8d9289255f1eea293363835f6e74a7)

3 years agogitlab-runner: update to version 13.10.0
Jan Pavlinec [Mon, 22 Mar 2021 14:53:30 +0000 (15:53 +0100)]
gitlab-runner: update to version 13.10.0

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit d7e2b608e617b6558f4373e76840f940043535d5)

3 years agogitlab-runner: update to 13.9.0
Rosen Penev [Tue, 19 Jan 2021 04:16:13 +0000 (20:16 -0800)]
gitlab-runner: update to 13.9.0

Remove no MIPS depends as it supports MIPS now.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1329b9fe2e0bdb19b0850dbaae71e374f42ae751)

3 years agognutls: update to version 3.7.1
Jan Pavlinec [Thu, 25 Mar 2021 09:48:08 +0000 (10:48 +0100)]
gnutls: update to version 3.7.1

Fixes
CVE-2021-20231
CVE-2021-20232

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 323461a1f018a1613537742779da8ee2a892f0af)

3 years agolibmariadb: add dependency on libcurl
Philip Prindeville [Tue, 16 Feb 2021 02:25:46 +0000 (19:25 -0700)]
libmariadb: add dependency on libcurl

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 5b2d35a8d005faa5c2ea6fd457fcb57141463eeb)

3 years agolibqmi: bump to 1.28.2
Nicholas Smith [Sun, 7 Mar 2021 09:44:37 +0000 (19:44 +1000)]
libqmi: bump to 1.28.2

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 570ff69ec63c737cd0f6049e476042df423fa65e)

3 years agolibqrtr-glib: add libqrtr-glib
Nicholas Smith [Wed, 24 Feb 2021 01:05:33 +0000 (11:05 +1000)]
libqrtr-glib: add libqrtr-glib

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit cfe24305de3d00916fd7deac8a93fb719cdd4df4)

3 years agolibqmi: bump to 1.28.0
Nicholas Smith [Wed, 24 Feb 2021 03:42:54 +0000 (13:42 +1000)]
libqmi: bump to 1.28.0

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit c9709a3c82b963e2b882b3a0c2c44bd7e9f8ae23)

3 years agomodemmanager: bump to 1.16.2
Nicholas Smith [Sun, 7 Mar 2021 09:50:23 +0000 (19:50 +1000)]
modemmanager: bump to 1.16.2

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 02d8bbcfe0a76a375657ce4042586d09c94ea03a)

3 years agomodemmanager: bump to version 1.16.0
Nicholas Smith [Wed, 24 Feb 2021 01:06:29 +0000 (11:06 +1000)]
modemmanager: bump to version 1.16.0

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 54a9b58ffd549bc271881a81a773be4e5c1a62d5)

3 years agobanip: update to 0.7.5-4
Dirk Brenken [Fri, 26 Mar 2021 18:19:57 +0000 (19:19 +0100)]
banip: update to 0.7.5-4

* fix another IPv4/IPv6 related iptables chain creation problem
* fix counter during ipset creation
* fix regex for debug counters
* fix ipset housekeeping for local sources

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit fb4bfd259df3e06499e2c8b7c9197755bd39ab72)

3 years agohttps-dns-proxy: bugfix: correct PROCD firewall object
Stan Grishin [Thu, 25 Mar 2021 22:55:42 +0000 (22:55 +0000)]
https-dns-proxy: bugfix: correct PROCD firewall object

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoadblock: update 4.1.0-3
Dirk Brenken [Mon, 22 Mar 2021 20:53:04 +0000 (21:53 +0100)]
adblock: update 4.1.0-3

* add a restrictive "jail mode only" variant, just point your
  jail directory to your primary dns directory
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit df9ee1388e59b964dfafd28310c59f62c9071932)

3 years agoMerge pull request #15220 from stangri/21.02-https-dns-proxy
Rosen Penev [Mon, 22 Mar 2021 18:57:03 +0000 (11:57 -0700)]
Merge pull request #15220 from stangri/21.02-https-dns-proxy

[21.02] https-dns-proxy: support for additional Force DNS ports

3 years agoMerge pull request #15227 from cotequeiroz/pic_quote-21.02
Rosen Penev [Mon, 22 Mar 2021 18:56:33 +0000 (11:56 -0700)]
Merge pull request #15227 from cotequeiroz/pic_quote-21.02

[21.02] Cherry-picks from PRs dealing with $(FPIC) quoting

3 years agonss: fix compilation with QUILT 15227/head
Eneas U de Queiroz [Sun, 21 Mar 2021 15:28:54 +0000 (12:28 -0300)]
nss: fix compilation with QUILT

Commit 657574f45 disabled building the host nsinstall program when using
QUILT.  However, the host nsinstall is needed to compile the package,
breaking compilation with QUILT.

Move the native compile to Build/Configure, which will not be called for
prepare, refresh, or update targets, but will be called before
Build/Compile.

nss does not have a configure script, so Build/Configure/Default is not
being called.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit fbed6751b044d3c644065cdca37bd37cbb854723)

3 years agonss: quote $(FPIC), as it may have multiple flags
Eneas U de Queiroz [Sun, 21 Mar 2021 15:34:47 +0000 (12:34 -0300)]
nss: quote $(FPIC), as it may have multiple flags

FPIC may be defined with more than one flag.  In that case, it becomes
necessary to use it inside QUOTES in a shell context.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c5f91a2a56d9087adbc084d51aa3dae8165970f3)

3 years agotreewide: fix places where $(FPIC) is unquoted
Philip Prindeville [Fri, 19 Mar 2021 22:26:31 +0000 (16:26 -0600)]
treewide: fix places where $(FPIC) is unquoted

Fixes part of issue #14921.

When $(FPIC) gets added to TARGET_CFLAGS (for instance), we can
count on $(TARGET_CFLAGS) in turn being quoted when it gets
expanded.  But there are a few places where $(FPIC) gets
expanded directly into environment variables passed on the
command line, such as when setting lt_cv_* variables as in this
case.

It's wrong to assume that the expansion of $(FPIC) won't require
quoting (such as it containing spaces) if it has multiple compiler
flags.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0d5c6769f15f15ce950d2b41dce3341b5c160c36)

3 years agoMerge pull request #15158 from TDT-AG/pr/20210218-openwrt-21.02-watchcat
Florian Eckert [Mon, 22 Mar 2021 07:48:04 +0000 (08:48 +0100)]
Merge pull request #15158 from TDT-AG/pr/20210218-openwrt-21.02-watchcat

watchcat: update to support procd

3 years agohttps-dns-proxy: support for additional Force DNS ports 15220/head
Stan Grishin [Mon, 22 Mar 2021 07:29:01 +0000 (07:29 +0000)]
https-dns-proxy: support for additional Force DNS ports

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agotinc: new maintainer
Erwan MAS [Tue, 16 Feb 2021 04:25:40 +0000 (23:25 -0500)]
tinc: new maintainer

Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
3 years agotinc: fix missing HASH
Erwan MAS [Sun, 14 Feb 2021 19:47:43 +0000 (14:47 -0500)]
tinc: fix missing HASH

Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
3 years agotinc: Bump to version 1.1 commit 3ee0d5dd
Erwan MAS [Sun, 14 Feb 2021 19:21:34 +0000 (14:21 -0500)]
tinc: Bump to version 1.1 commit 3ee0d5dd

Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
3 years agoMerge pull request #15164 from gladiac1337/haproxy-2.2.11-21.02
Rosen Penev [Fri, 19 Mar 2021 22:51:43 +0000 (15:51 -0700)]
Merge pull request #15164 from gladiac1337/haproxy-2.2.11-21.02

[openwrt-21.02] haproxy: Update HAProxy to v2.2.11

3 years agobanip: update 0.7.5-3
Dirk Brenken [Fri, 19 Mar 2021 19:49:59 +0000 (20:49 +0100)]
banip: update 0.7.5-3

* fix iptables/chain creation in setups without IPv6 support

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 80466dd04528dac3f349c1eef35e1ac797d51cfd)

3 years agohaproxy: Update HAProxy to v2.2.11 15164/head
Christian Lachner [Fri, 19 Mar 2021 17:13:39 +0000 (18:13 +0100)]
haproxy: Update HAProxy to v2.2.11

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agotmate: add new package
Tianling Shen [Thu, 18 Mar 2021 05:12:13 +0000 (13:12 +0800)]
tmate: add new package

Tmate is a fork of tmux. It provides an instant pairing solution.
For more details, see https://tmate.io.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ccfe1bfa508e7041c4b5f902f1354ef9566bff28)

3 years agomsgpack-c: add new package
Tianling Shen [Thu, 18 Mar 2021 05:08:45 +0000 (13:08 +0800)]
msgpack-c: add new package

This is needed by tmate.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit cfc965b10754fea8c71dad79e6b4cd7c02f47a9b)

3 years agowatchcat: update to support procd 15158/head
Nicholas Smith [Tue, 26 Jan 2021 00:35:57 +0000 (10:35 +1000)]
watchcat: update to support procd

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 399279b363b23a541753e69a89c2a68b4e04a3fe)

3 years agoauc: bump to version 0.1.6
Daniel Golle [Thu, 18 Mar 2021 00:31:18 +0000 (00:31 +0000)]
auc: bump to version 0.1.6

Fixes running on release branches.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 004abfec7540de3b48181c997af9ad7757700d3e)

3 years agoauc: sync with development branch
Daniel Golle [Tue, 9 Mar 2021 21:20:55 +0000 (21:20 +0000)]
auc: sync with development branch

 * update to new server API
 * include version_code in request
 * include versions of selected packages in request
 * add SHA256 verification via busybox sha256sum
 * sort attributes in policies alphabetically
 * move all API-specific string constants to precompiler macros
 * set correct MIME type for JSON post request (application/json)
 * output string error message if something goes wrong
 * auto-generate version string

(cherry squashed from commit 85ba80592ba67d4b47d914416ecec1f764dbc64b,
commit 985b0f8f637eb2d5a4ad21d90d288f13c4109313 and
commit fb26b424e8efbc47f768d41b671702e420ce3c59)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 years agotor: update to version 0.4.5.7
Jan Pavlinec [Wed, 17 Mar 2021 08:56:43 +0000 (09:56 +0100)]
tor: update to version 0.4.5.7

Fixes CVE-2021-28089 and CVE-2021-28090

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
3 years agomwan3: add connecting and disconnecting event to mwan3track
Florian Eckert [Tue, 2 Mar 2021 15:04:49 +0000 (16:04 +0100)]
mwan3: add connecting and disconnecting event to mwan3track

If the interface goes into failure state (is disconnecting)
then with this change one hotplug.d event is generated.

The same is true for the recovery state (is connecting), when the interface
comes back from a failure state.

In both cases, a hotplug.d event for the iface is triggered. Once
with the $ACTION=disconnecting and once for the $ACTION=connecting.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5348732b98818e7e3c02c84eea1beaae1e5bf580)

3 years agobanip: update to 0.7.5-2
Dirk Brenken [Mon, 15 Mar 2021 19:38:46 +0000 (20:38 +0100)]
banip: update to 0.7.5-2

* refine the new dns resolving process
* add a caching mechanism for the resolved IPs, the detached name
  lookup takes place only during 'restart' or 'reload' action, 'start'
  and 'refresh' actions are using an auto-generated backup instead.
* update the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 909a87c2f59ce49b4006383aa3a8bcb7e8b7039f)

3 years agolang/lua-libmodbus: bump to 0.7 release
Karl Palsson [Mon, 15 Feb 2021 20:42:09 +0000 (20:42 +0000)]
lang/lua-libmodbus: bump to 0.7 release

Includes fixes for OpenWrt's Lnum patched lua.
Release notes at: https://github.com/etactica/lua-libmodbus/blob/v0.7/changelog

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agonet/mosquitto: Update to 2.0.9
Karl Palsson [Mon, 15 Mar 2021 09:47:20 +0000 (09:47 +0000)]
net/mosquitto: Update to 2.0.9

This is a bugfix release, with minor security fixes for outgoing bridge
connections and the client library.

Full details here: https://mosquitto.org/blog/2021/03/version-2-0-9-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agogerbera: update to 1.7.0
Rosen Penev [Sun, 14 Mar 2021 21:58:31 +0000 (14:58 -0700)]
gerbera: update to 1.7.0

Switch to AUTORELEASE for simplicity.

Switch to building with ninja for faster compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit be54cf98eb73f355d0e74ea1f7626bd07544805c)

3 years agolibnpupnp: update to 4.1.1
Rosen Penev [Sun, 14 Mar 2021 22:20:08 +0000 (15:20 -0700)]
libnpupnp: update to 4.1.1

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 12044355b01c05e456779ac700c84704f075ce58)

3 years agopugixml: update to 1.11.4
Rosen Penev [Sun, 14 Mar 2021 21:55:49 +0000 (14:55 -0700)]
pugixml: update to 1.11.4

Switch to AUTORELEASE for simplicity.

Switch to ninja for faster compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2c8c25d6f8416eb9f1559bfe151f770ed027edc9)