Jeffery To [Fri, 18 Jun 2021 08:33:55 +0000 (16:33 +0800)]
addrwatch: Various fixes
Makefile changes include:
* Include syslog output module
* Move main binary (back) to /usr/sbin, as it is system administration
related and requires superuser privileges
New patches:
* 003-add-space-for-null-byte.patch - from
https://github.com/fln/addrwatch/commit/
374cfd2cabe4db9882d8a210adff430cc579f859
* 004-more-specific-library-linking.patch - from
https://github.com/fln/addrwatch/commit/
27b57d9da322fc16c6904d8e35aae4557a3e517b
* 005-use-c99-format-macro-constants.patch - from
https://github.com/fln/addrwatch/pull/28
Init script changes include:
* Fix command-line option names and format (from
https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)
* Always use the --quiet command-line option, as the procd instance is
not configured to capture stdout/stderr
* Change the syslog config option to start the syslog output module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 15 Jul 2021 08:05:33 +0000 (16:05 +0800)]
addrwatch: fix broken conffiles
This is
704e733e51071c864265ff55a8568be3edb82c1f but applied for
addrwatch only.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Thu, 27 Feb 2020 04:54:28 +0000 (20:54 -0800)]
addrwatch: update to 1.0.2
Switch to standard tarball to avoid autoreconfig.
Fix license information.
Add PKG_BUILD_PARALLEL for faster compilation.
Add PKG_INSTALL for consistency with other packages.
Removed upstreamed patches. Refresh remaining one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f1a7d509b5ba1b784c96b24f47c9e0b40da57a3f)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Thu, 28 Nov 2019 07:33:24 +0000 (23:33 -0800)]
addrwatch: Add missing limits header for PATH_MAX
Fixes compilation on musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
8003eea2b9e70cc2850e9489f47403c86586bdcd)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Mon, 1 Mar 2021 22:46:44 +0000 (14:46 -0800)]
luajit: for powerpc, add FPU dependency
powerpc support as of 2.1 does not work with soft float.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d23ca0010c7c67bd6883a00cf92e90e0bbd08c77)
Rosen Penev [Sat, 20 Mar 2021 22:23:22 +0000 (15:23 -0700)]
luajit: fix compilation with host clang
It errors out with this section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
0e620f1fa147a7d510f6c499e5062d5dec063dcb)
Donald Hoskins [Mon, 22 Jun 2020 04:03:34 +0000 (00:03 -0400)]
[LuaJIT] Allow MIPS64 support
Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit
d325fbffbe9a06ff8e7682c974d82e371b0da811)
Rosen Penev [Fri, 17 Jan 2020 02:07:52 +0000 (18:07 -0800)]
luajit: do not install static libraries to InstallDev
The dynamic library change removed static libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
51de4b2e35607ab9561b58d581b832fcaa8978b5)
Rosen Penev [Wed, 15 Jan 2020 04:07:05 +0000 (20:07 -0800)]
luajit: use dynamic buildmode
Reduces package size with about 50%
Fixes: https://github.com/openwrt/packages/issues/10848
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d9487590c64e3636cc4bfa845964c1c3e90e066c)
Rosen Penev [Thu, 15 Jul 2021 02:23:31 +0000 (19:23 -0700)]
Merge pull request #16062 from miska/snort3
snort3: Backport update to the stable version
James Vorderbruggen [Sun, 13 Jun 2021 16:09:57 +0000 (12:09 -0400)]
yggdrasil: allow HTTPS connections
Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
(cherry picked from commit
ffff3473966c42133b8faed7d8a120739c5451d4)
George Iv [Sun, 28 Mar 2021 17:39:44 +0000 (13:39 -0400)]
yggdrasil: bump to 0.3.16
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
76b642b50ff8a606780c43eef2bb030a60dcdb17)
George Iv [Mon, 28 Sep 2020 10:04:14 +0000 (06:04 -0400)]
yggdrasil: bump to 0.3.15
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
6b2b73018107a8b588756f09c1fde78a305d3692)
William Fleurant [Fri, 24 Jul 2020 03:35:18 +0000 (23:35 -0400)]
yggdrasil: Ygg-over-ygg bugfix
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
1d78e7dc3157b113f3026ffdacff09a63d18755c)
George Iv [Fri, 3 Apr 2020 14:25:35 +0000 (10:25 -0400)]
yggdrasil: bump to 0.3.14
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
860f1a111351407b3982e268215edf08123516ae)
William Fleurant [Sun, 23 Feb 2020 03:31:04 +0000 (22:31 -0500)]
yggdrasil: bump to 0.3.13
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
0642927d5dfc4dfe5fa1daa7d61d875677fbfa9c)
William Fleurant [Mon, 25 Nov 2019 00:18:53 +0000 (19:18 -0500)]
yggdrasil: bump to 0.3.12
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
be4fe496ce7135bd4978cb7be7a563639babea69)
George Iv [Thu, 14 Nov 2019 09:16:02 +0000 (04:16 -0500)]
yggdrasil: Change package configuration to UCI
Signed-off-by: George Iv <57254463+zhoreeq@users.noreply.github.com>
(cherry picked from commit
6857fd45c8498ea1fa97cfe8370ecaab2db03e5b)
William Fleurant [Mon, 11 Nov 2019 05:10:48 +0000 (00:10 -0500)]
yggdrasil: fixes build name and version #10309
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
bd415bc7bfd368f4dace5123cb6664344fc3011b)
William Fleurant [Sat, 26 Oct 2019 17:41:13 +0000 (13:41 -0400)]
yggdrasil: uci firewall Section name and cover both IP versions
- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
2baab77b77c3db5cb8bb61e5697373e5b8e9ac58)
William Fleurant [Sat, 26 Oct 2019 04:24:30 +0000 (00:24 -0400)]
yggdrasil: bump to 0.3.11
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit
06bdd7aebfc5b84382af6f89e52aa96e6559d1d4)
Rosen Penev [Tue, 13 Jul 2021 06:15:11 +0000 (23:15 -0700)]
Merge pull request #16109 from nxhack/1907_libuv
[19.07] libuv: fix CVE-2021-22918
Josef Schlehofer [Mon, 12 Jul 2021 14:14:31 +0000 (16:14 +0200)]
syslog-ng: disable mqtt
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e319e89fde0f3c6b3c8ecfffe9bd759c9a44ac15)
Hirokazu MORIKAWA [Mon, 12 Jul 2021 06:13:13 +0000 (15:13 +0900)]
libuv: fix CVE-2021-22918
idna: fix OOB read in punycode decoder
libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.
libuv/libuv@
b7466e3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Josef Schlehofer [Sun, 11 Jul 2021 18:16:47 +0000 (20:16 +0200)]
syslog-ng: update to version 3.33.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
2b4be08a8c4fbe3d6dec90b91726375e9b38db61)
Josef Schlehofer [Sun, 11 Jul 2021 18:44:23 +0000 (20:44 +0200)]
Merge pull request #16087 from turris-cz/19.07/lxc-update-gpg-keyserver
lxc: add patch to switch GPG server
Josef Schlehofer [Sun, 11 Jul 2021 17:38:48 +0000 (19:38 +0200)]
czmq: disable nss
While bumping czmq to version 4.2.1 from master branch into OpenWrt
19.07, it automatically detects nss when compiled before czmq.
These steps can verify this:
make package/nss/compile V=s
make package/czmq/compile V=s
Then czmq requires many dependencies:
Package czmq is missing dependencies for the following libraries:
libnspr4.so
libnss3.so
libnssutil3.so
libplc4.so
libplds4.so
libsmime3.so
libsoftokn3.so
libssl3.so
And this fails. If you are using SDK and wants to have just a few
packages then czmq gets compiled if any of those packages are not
present in build system.
This was also mentioned in the release notes for czmq 4.2.1:
https://github.com/zeromq/czmq/releases/tag/v4.2.1
> Note for packagers: NSS can now be used and linked against to avoid using
an internal embedded reimplementation of SHA. It is enabled by default if
present.
NSS was disabled before, so let's disable it.
This is required only for OpenWrt 19.07 as this is done differently in OpenWrt 21.02 and OpenWrt
master and czmq is compiled there.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Wed, 16 Jun 2021 01:36:03 +0000 (18:36 -0700)]
apache: update to 2.4.48
Fixes:
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(partially cherry picked from commit
6dfd07097de4e737444cf70c62d34453bbf84f7a)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[removed patch, which is not in OpenWrt 19.07 branch, used integer in
PKG_RELEASE instead of autorelease]
Jan Pavlinec [Fri, 22 Jan 2021 12:25:56 +0000 (13:25 +0100)]
czmq: update to version 4.2.1
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit
39b4c6454561e09d51e8ec062920727c584dca08)
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Hrusecky [Wed, 7 Jul 2021 10:39:31 +0000 (12:39 +0200)]
snort3: Backport stable version from 21.02
Update snort3 from beta to the stable version available in 21.02 version
of feeds.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Michal Hrusecky [Wed, 7 Jul 2021 10:36:20 +0000 (12:36 +0200)]
libdaq3: New package, dependency of snort3
Backport from 21.02 in order to satisfy dependencies of snort3 to allow
upgrade to stable version of snort3 from beta available now.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Josef Schlehofer [Sun, 30 May 2021 22:37:42 +0000 (00:37 +0200)]
msmtp: update to version 1.8.15
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
110abfb9f6a1718d1817a27cab96c28db4ee6012)
Josef Schlehofer [Tue, 6 Jul 2021 14:20:02 +0000 (16:20 +0200)]
Merge pull request #16051 from BKPepe/openwrt-19.07
python3: update to version 3.7.11
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
701ded952a2505d3c39184767d2d55d1e299ec0f)
Josef Schlehofer [Thu, 11 Feb 2021 13:55:39 +0000 (14:55 +0100)]
youtube-dl: update to version 2021.2.10
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a7523a9fabae8842a2fd015d416d6634d5fb7496)
Josef Schlehofer [Tue, 6 Jul 2021 07:14:42 +0000 (09:14 +0200)]
python3: update to version 3.7.11
Fixes: CVE-2021-3426
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Rosen Penev [Sat, 3 Jul 2021 22:17:09 +0000 (15:17 -0700)]
Merge pull request #16004 from commodo/python-dateutil-setuptools-scm
[19.07] python-dateutil: pin setuptools-scm version to 5.0.2
Rosen Penev [Sat, 3 Jul 2021 22:15:49 +0000 (15:15 -0700)]
Merge pull request #16023 from rs/nextdns-1.34.2-openwrt-19.07
[19.07] nextdns: Update to version 1.34.2
Olivier Poitrey [Fri, 2 Jul 2021 18:54:53 +0000 (18:54 +0000)]
nextdns: Update to version 1.34.2
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Florian Eckert [Fri, 2 Jul 2021 06:57:15 +0000 (08:57 +0200)]
Merge pull request #15663 from Ansuel/fix-ddns-script
[19-07] ddns-scripts: standardize required params declaration
Ansuel Smith [Wed, 19 May 2021 17:50:37 +0000 (19:50 +0200)]
ddns-scripts: standardize required params declaration
The luci app scan the script and search for params in the form of
$required_params.
This script use the form "${required_params}" and cause confusion
with the luci app by hiding needed values. Fix this by using the
standard way to declare required params following other ddns scripts.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Alexandru Ardelean [Wed, 30 Jun 2021 14:24:25 +0000 (17:24 +0300)]
python-dateutil: pin setuptools-scm version to 5.0.2
This is known to still work with Python2.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Wed, 30 Jun 2021 14:23:00 +0000 (17:23 +0300)]
Revert "python-dateutil: disable setuptools-scm for build"
This reverts commit
29da5d65b6dc10ee6c2f8bfc7c868245289b2157.
That fix doesn't work fully correct as the egg directory has version 0.0.0.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Tue, 29 Jun 2021 09:03:16 +0000 (12:03 +0300)]
python-dateutil: disable setuptools-scm for build
Fixes https://github.com/openwrt/packages/issues/15988
It seems that the newer setuptools-scm package (6.0.1) has some
Python3-only syntax.
For the 19.07 release, where Python2 is still around this causes the
python-dateutil package to fail to build.
See https://github.com/pypa/setuptools_scm/issues/541
However, removing 'setuptools-scm' from the build also works.
This change does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Rosen Penev [Sat, 26 Jun 2021 19:44:24 +0000 (12:44 -0700)]
Merge pull request #15974 from rs/nextdns-1.33.11-openwrt-19.07
[19.07] nextdns: Update to version 1.33.11
Olivier Poitrey [Sat, 26 Jun 2021 18:00:29 +0000 (18:00 +0000)]
nextdns: Update to version 1.33.11
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Hannu Nyman [Thu, 17 Jun 2021 16:03:11 +0000 (19:03 +0300)]
nano: update to 5.8
Update nano editor version to 5.8.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
6f2ac237a18d0c8258ca838ff4df2245960b7aef)
Karl Palsson [Fri, 11 Jun 2021 13:00:35 +0000 (13:00 +0000)]
net/mosquitto: Update to 1.6.15
This is a security release
Full release notes: https://mosquitto.org/blog/2021/06/version-2-0-11-released/
Fixes a remotely triggered memory leak
Signed-off-by: Karl Palsson <karlp@etactica.com>
David Bauer [Tue, 8 Jun 2021 15:25:37 +0000 (17:25 +0200)]
Merge pull request #15806 from blocktrron/pr-xr-usb-serial-1907
xr_usb_serial_common: fix build
David Bauer [Tue, 8 Jun 2021 15:17:56 +0000 (17:17 +0200)]
xr_usb_serial_common: add PKG_MIRROR_HASH
The CI complained about a missing PKG_MIRROR_HASH.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sat, 22 May 2021 08:39:53 +0000 (10:39 +0200)]
xr_usb_serial_common: fix build
Building the xr_usb_serial module fails for recent 4.14 kernel with
CONFIG_PM enabled:
xr_usb_serial_common.c:1574:15: error: 'ASYNCB_INITIALIZED' undeclared
(first use in this function); did you mean 'RCU_INITIALIZER'?
Use tty_port_initialized in order to determine the status of the TTY
port.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
69cf7836df9e226b4d596d057ca6ad846201e0d0)
Rosen Penev [Sun, 6 Jun 2021 19:50:20 +0000 (12:50 -0700)]
Merge pull request #15770 from DeathCamel58/libnet-1.2.x-libnet-config-fix
[19.07] libnet-1.2.x: Export `libnet-config` in development environments
Rosen Penev [Sat, 5 Jun 2021 21:29:07 +0000 (14:29 -0700)]
Merge pull request #15780 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: update to 2021-06-03-1
Stan Grishin [Fri, 4 Jun 2021 23:34:20 +0000 (23:34 +0000)]
https-dns-proxy: update to 2021-06-03-1
Signed-off-by: Stan Grishin <stangri@melmac.net>
Dylan Corrales [Thu, 3 Jun 2021 18:36:49 +0000 (14:36 -0400)]
libnet: Export `libnet-config` in development enviornments
Affects `libnet-1.2.x`
Signed-off-by: Dylan Corrales <deathcamel58@gmail.com>
Dirk Brenken [Thu, 3 Jun 2021 05:02:42 +0000 (07:02 +0200)]
banip: remove logd dependency
* removed logd dependency, see openwrt#13820 for reference
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Wed, 2 Jun 2021 05:09:08 +0000 (22:09 -0700)]
Merge pull request #15728 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default
Stan Grishin [Tue, 1 Jun 2021 04:32:42 +0000 (04:32 +0000)]
https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default
Signed-off-by: Stan Grishin <stangri@melmac.net>
Josef Schlehofer [Wed, 14 Apr 2021 22:39:03 +0000 (00:39 +0200)]
netdata: update to version 1.30.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1d532fa545eef1ebd3ebef6ab41dfd709ad991e1)
Rosen Penev [Sat, 29 May 2021 22:00:04 +0000 (15:00 -0700)]
Merge pull request #15717 from stangri/19.07-https-dns-proxy
[19.07] https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup
Stan Grishin [Sat, 29 May 2021 20:12:27 +0000 (20:12 +0000)]
https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup
Signed-off-by: Stan Grishin <stangri@melmac.net>
W. Michael Petullo [Mon, 10 May 2021 17:59:28 +0000 (12:59 -0500)]
syslog-ng: update to 3.32.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
f93ef647932aa05a7a4eab69ffd9f49441076f81)
Hannu Nyman [Sat, 1 May 2021 20:50:21 +0000 (23:50 +0300)]
nano: update version to 5.7
Upgrade nano editor to version 5.7.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
765e9868579e1da270b3c831ecf34949013cdf01)
Olivier Poitrey [Fri, 30 Apr 2021 15:51:03 +0000 (15:51 +0000)]
nextdns: Update to version 1.32.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Noah Meyerhans [Thu, 29 Apr 2021 18:08:58 +0000 (11:08 -0700)]
bind: bump to 9.16.15
Fixes the following security issues:
* CVE-2021-25216 - A specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO.
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Moritz Warning [Tue, 27 Apr 2021 15:13:27 +0000 (17:13 +0200)]
zerotier: update to 1.6.5
Minor ZeroTier update. Refreshed patches.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Josef Schlehofer [Wed, 28 Apr 2021 08:06:26 +0000 (10:06 +0200)]
Merge pull request #15509 from hswong3i/openwrt-19.07-SQUID_enable-ssl-crtd
[openwrt-19.07][cherry-pick] squid: Enable dynamic SSL certificate generation
Wong Hoi Sing Edison [Sun, 25 Apr 2021 02:38:14 +0000 (10:38 +0800)]
squid: Enable dynamic SSL certificate generation
Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit
dbda77686d5dccb3d3999ed2e7dec18aab11fff8)
Karl Palsson [Mon, 26 Apr 2021 09:29:57 +0000 (09:29 +0000)]
mosquitto: fix log_type config support
As pointed out in https://github.com/openwrt/packages/issues/15506
The remainder of that patch isn't appropriate for 1907 however.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rosen Penev [Sat, 24 Apr 2021 09:18:40 +0000 (02:18 -0700)]
ksmbd-tools: update to 3.3.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
2e7c403fff0d3c07bdd6e5d8f925ce154a473491)
Josef Schlehofer [Wed, 10 Feb 2021 10:37:09 +0000 (11:37 +0100)]
dnscrypt-proxy2: sync blocked-names to upstream one
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
d53d2df2832c392b8426cda4c99efeda17039ca7)
James Long [Wed, 10 Feb 2021 03:49:13 +0000 (11:49 +0800)]
dnscrypt-proxy2: upgrade to 2.0.45
Signed-off-by: James Long <james@jclong.net>
(cherry picked from commit
6467b6535b401bfc046096dc535729896697b0a1)
Dirk Brenken [Thu, 22 Apr 2021 13:16:03 +0000 (15:16 +0200)]
adblock: fix polish source URL
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Wed, 21 Apr 2021 00:29:37 +0000 (17:29 -0700)]
Merge pull request #15477 from rs/nextdns-1.32.0-openwrt-19.07
[19.07] nextdns: Update to version 1.32.0
Olivier Poitrey [Tue, 20 Apr 2021 15:08:39 +0000 (15:08 +0000)]
nextdns: Update to version 1.32.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Rosen Penev [Tue, 20 Apr 2021 01:59:37 +0000 (18:59 -0700)]
Merge pull request #15468 from rs/nextdns-1.12.5-openwrt-19.07
[19.07] nextdns: Update to version 1.12.5
Olivier Poitrey [Tue, 20 Apr 2021 01:38:38 +0000 (01:38 +0000)]
nextdns: Update to version 1.12.5
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Hannu Nyman [Sun, 18 Apr 2021 15:26:43 +0000 (18:26 +0300)]
irqbalance: upgrade to version 1.8.0
Upgrade irqbalance to version 1.8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
6631cfaa61ff75d97ef1a41c6ec031198103c7df)
Rosen Penev [Tue, 24 Nov 2020 01:26:43 +0000 (17:26 -0800)]
pulseaudio: update to 14.0
Remove upstreamed OpenSSL patch.
Update MESON_ARGS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
325c5650406f43106c594c1886e1031cc94ed60a)
Rosen Penev [Mon, 10 Aug 2020 20:47:10 +0000 (13:47 -0700)]
pulseaudio: fix compilation without deprecated OpenSSL APIs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ca2da3f3158beb865da373b03bd184d57f33dd25)
Rosen Penev [Thu, 30 Jul 2020 23:41:16 +0000 (16:41 -0700)]
pulseaudio: fix compilation with ICONV_FULL
Reordered check to check external iconv first.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
67f8f57d06ab8776ad58371bb2a3be5cc995fcd6)
Jeffery To [Sun, 10 May 2020 19:02:05 +0000 (03:02 +0800)]
pulseaudio: Update ARM NEON/VFP detection
With openwrt/openwrt@
8dcc1087602e2dd606e4f6e81a06aee62cfd4f4c, the ARM
FPU compiler options are no longer part of CONFIG_TARGET_OPTIMIZATION.
This updates various packages that look for NEON/VFP support to search
CONFIG_CPU_TYPE instead.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Tue, 5 May 2020 01:04:19 +0000 (18:04 -0700)]
pulseaudio: do not build NEON with unsupported platforms
Unfortunately, meson's check is totally broken.
Fortunately, it's fairly easy to workaround.
Fixes compilation with all ARM platforms that don't support NEON.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
91e80e5442484e5bbb8515e686631c7e937f3a10)
Rosen Penev [Sun, 26 Apr 2020 03:27:28 +0000 (20:27 -0700)]
pulseaudio: add lto and gc-sections to reduce size
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
45e58e1cc34be2836a7baadfae8e0ccebd693cf9)
Rosen Penev [Sat, 18 Apr 2020 23:48:30 +0000 (16:48 -0700)]
pulseaudio: fix pkgconfig paths
Turns out, packages like mpd that use pkgconfig to find pulseaudio
end up using host paths.
Fixes compilation with at least mpd.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
21f67bf59915e2905b30de0f85219bcfbd23e14d)
Rosen Penev [Sat, 18 Apr 2020 09:27:55 +0000 (02:27 -0700)]
pulseaudio: update to 13.0
Converted to use meson for compilation speed.
Removed libwrap dependency. Upstream no longer supports it.
Removed intltool and glib2 host dependencies. They seem to be no
longer needed.
Removed upstream patch.
Minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
78d84d4c9cb4c6da404d47ddc7dc5c18fa4c33cb)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased on commit from master branch]
Rosen Penev [Tue, 17 Sep 2019 23:36:31 +0000 (16:36 -0700)]
pulseaudio: Backport upstream patch
Fixes compilation with recent alsa-libs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
123373b1b7de076ca58b25b1116cc4801e483cb0)
Rosen Penev [Sat, 17 Apr 2021 16:05:05 +0000 (09:05 -0700)]
Merge pull request #15384 from VolunteerComputingHelp/openwrt-19.07
Transfer of boinc 7.16.16 from 21.02 to 19.07
Josef Schlehofer [Tue, 13 Apr 2021 12:55:18 +0000 (14:55 +0200)]
Merge pull request #15413 from luizluca/19.07/ruby-2.6.7
[19.07] ruby: update to 2.6.7
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 17:58:39 +0000 (14:58 -0300)]
ruby: update to 2.6.7
Fixes two CVEs:
CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
CVE-2021-28965: XML round-trip vulnerability in REXML
After this release, ruby 2.6 is now in security maintenance phase.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Tiago Gaspar [Sat, 10 Apr 2021 23:21:58 +0000 (00:21 +0100)]
netdata: disable shared memory totals by default
Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit
5f65d87bb7727be85e7d3e02045302d6eb76ff7e)
Stan Grishin [Sun, 11 Apr 2021 01:30:45 +0000 (01:30 +0000)]
https-dns-proxy: bugfix: race condition with dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.net>
Steffen Moeller [Fri, 9 Apr 2021 01:16:10 +0000 (03:16 +0200)]
boinc: Transfer v7.16.16 from 21.02 to 19.07
Intentionally unchanged from
43d21e650d4409b45ccc2c70fe507a29f783dda3,
i.e. the pull request #14862 from neheb/boi
Signed-off-by: Steffen Moeller <moeller@debian.org>
Dirk Brenken [Fri, 9 Apr 2021 16:38:16 +0000 (18:38 +0200)]
adblock: fix games_tracking source url
Signed-off-by: Dirk Brenken <dev@brenken.org>
Dirk Brenken [Fri, 9 Apr 2021 16:34:08 +0000 (18:34 +0200)]
Merge pull request #15254 from dibdot/19.07
[19.07] travelmate: minimal change to fix cp detection
Dirk Brenken [Thu, 25 Mar 2021 11:07:32 +0000 (12:07 +0100)]
travelmate: minimal change to fix cp detection
* fix cp detection proposed by @ChristianKuehnel
* add/adapt mikrotik login script provided by @Christian Kuehnel
Signed-off-by: Dirk Brenken <dev@brenken.org>
Karel Kočí [Mon, 7 Dec 2020 15:54:11 +0000 (16:54 +0100)]
rpcd-mod-lxc: add postinst to reload rpcd on update/installation
This is dependency of luci-app-lxc and when users install that package
it is no way clear that they have to reload rpcd to get it working
correctly. Without it container listing does not work.
In general this reload should be in this package simply because other
rpcd-mod-* packages reload rpcd as well.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit
54b6116d7d3f6df94df621dcabdc0c158fd4b5f2)
Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8
Major changes are:
disable symlink by default.
remove smack inherit leftovers.
Enable guest access on IPC$ share by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
c6fa2d5bfaf24f347efd7156b2ad5b1cf62bd9a9)
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit
272b0a5c1873a34f6609e7af38395cea3f02bda5)
projects / feed / packages.git / log