feed/packages.git
3 years agoxray-core: remove PROVIDES
Tianling Shen [Tue, 27 Apr 2021 11:42:41 +0000 (19:42 +0800)]
xray-core: remove PROVIDES

Xray now is no longer planning to keep compatibility with original
v2ray. Remove PROVIDES before it is totally broken.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 92efcc295648e9c16f3fb2d183019be9e275c3ea)

3 years agonet/mosquitto: port is optional in root config
Karl Palsson [Mon, 26 Apr 2021 09:36:49 +0000 (09:36 +0000)]
net/mosquitto: port is optional in root config

From mosquitto 2.x, port became optional and deprecated in the config,
and it was recommended that listeners be used instead.  Drop the hard
requirement in our config conversion script.

Reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: <karlp@etactica.com>
3 years agonet/mosquitto: fix log_type conversion in config
Karl Palsson [Mon, 26 Apr 2021 09:34:52 +0000 (09:34 +0000)]
net/mosquitto: fix log_type conversion in config

As reported in: https://github.com/openwrt/packages/issues/15506

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agoksmbd: update to 3.3.9
Rosen Penev [Sat, 24 Apr 2021 08:27:35 +0000 (01:27 -0700)]
ksmbd: update to 3.3.9

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 9c6fc23e01a2227770659d0060dbabb491fdff67)

3 years agoksmbd-tools: update to 3.3.9
Rosen Penev [Sat, 24 Apr 2021 09:18:40 +0000 (02:18 -0700)]
ksmbd-tools: update to 3.3.9

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2e7c403fff0d3c07bdd6e5d8f925ce154a473491)

3 years agolighttpd: patches from upstream
Glenn Strauss [Fri, 23 Apr 2021 23:06:27 +0000 (19:06 -0400)]
lighttpd: patches from upstream

- ignore Content-Length from backend if 101 Switching Protocols
- close HTTP/2 connection after bad password
- skip cert chain build for self-issued certs
- meson zstd fix
- ls-hpack upstream update
- discard some HTTP/2 DATA frames received after response

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 52f85a0e1fd885d5bf9cbb6de74a146aa0d6c843)

3 years agobanip: fix housekeeping
Dirk Brenken [Fri, 23 Apr 2021 13:03:53 +0000 (15:03 +0200)]
banip: fix housekeeping

* fix whitelist housekeeping if you switch between normal- and
  'whitelist only' mode

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7cfb0f4657dea6a7844df28268e7e8af6eb00db4)

3 years agoMerge pull request #15502 from TDT-AG/pr/20210422-stunnel
Florian Eckert [Fri, 23 Apr 2021 09:36:22 +0000 (11:36 +0200)]
Merge pull request #15502 from TDT-AG/pr/20210422-stunnel

stunnel: update version to 5.59

3 years agoMerge pull request #15501 from mkrkn/openwrt-21.02
Josef Schlehofer [Thu, 22 Apr 2021 20:11:18 +0000 (22:11 +0200)]
Merge pull request #15501 from mkrkn/openwrt-21.02

[21.02] openvpn: update to 2.5.2

3 years agoopenvpn: update to 2.5.2 15501/head
Magnus Kroken [Wed, 21 Apr 2021 20:45:03 +0000 (22:45 +0200)]
openvpn: update to 2.5.2

Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.

OpenVPN 2.5.2 also includes other bug fixes and improvements.

Add CI build test script.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from 6186fe732b058ef7f1ae43cce2184ba0c4d90184)

3 years agostunnel: update to 5.59 15502/head
Florian Eckert [Mon, 19 Apr 2021 14:45:19 +0000 (16:45 +0200)]
stunnel: update to 5.59

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2d56dbfc27f3a954fd34b8b261d576716dbfbed5)

3 years agostunnel: update to 5.58
Florian Eckert [Mon, 22 Feb 2021 08:52:52 +0000 (09:52 +0100)]
stunnel: update to 5.58

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 389c7f12cb197f3cef25db44d3787b7175c47776)

3 years agobanip: update to 0.7.7
Dirk Brenken [Wed, 21 Apr 2021 19:00:52 +0000 (21:00 +0200)]
banip: update to 0.7.7

* add a "whitelist only" mode, this option allows to restrict Internet
  access from/to a small number of secure websites/IPs, and block access
  from/to the rest of the Internet.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 515397b009155776e4fd15aaa723875373c75279)

3 years agonode: Resolve ICU conflict
Hirokazu MORIKAWA [Wed, 21 Apr 2021 02:27:24 +0000 (11:27 +0900)]
node: Resolve ICU conflict

Resolve conflicts between OpenWrt's ICU package and the ICU shipped with node.js.

https://github.com/openwrt/packages/issues/15437

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agodockerd: Updated to 20.10.6
Gerard Ryan [Wed, 21 Apr 2021 11:04:48 +0000 (21:04 +1000)]
dockerd: Updated to 20.10.6

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agodocker: Updated to 20.10.6
Gerard Ryan [Wed, 21 Apr 2021 11:04:21 +0000 (21:04 +1000)]
docker: Updated to 20.10.6

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agolibnetwork: Updated to 2021-01-26 for docker 20.10.6
Gerard Ryan [Wed, 21 Apr 2021 11:01:36 +0000 (21:01 +1000)]
libnetwork: Updated to 2021-01-26 for docker 20.10.6

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agocontainerd: Updated to 1.4.4 for docker 20.10.6
Gerard Ryan [Wed, 21 Apr 2021 11:00:07 +0000 (21:00 +1000)]
containerd: Updated to 1.4.4 for docker 20.10.6

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agoMerge pull request #15478 from rs/nextdns-1.32.0-openwrt-21.02
Rosen Penev [Wed, 21 Apr 2021 00:29:49 +0000 (17:29 -0700)]
Merge pull request #15478 from rs/nextdns-1.32.0-openwrt-21.02

[21.02] nextdns: Update to version 1.32.0

3 years agopython-psycopg2: Add new package
Daniel Danzberger [Sat, 6 Feb 2021 06:58:38 +0000 (07:58 +0100)]
python-psycopg2: Add new package

Psycopg is the most popular PostgreSQL adapter for the Python programming language
It's used by the python-sqlalchemy for postgresql

This package was removed by this commit for lacking python3 support:
c37b15e1c49cf27de8f34f43e93a7a5c184be9e0

Version 2.8.6 used in this package now supports pyhton3

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
(cherry picked from commit 7cfb9a04af856b3d09a9768bb104f77dbb1acb68)

3 years agoatlas-sw-probe: add new package
Jan Pavlinec [Fri, 26 Mar 2021 11:59:34 +0000 (12:59 +0100)]
atlas-sw-probe: add new package

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit c65a659e6d9e71a5d74927f40490ee40a16d84db)

3 years agoatlas-probe: add new package
Jan Pavlinec [Fri, 26 Mar 2021 11:58:59 +0000 (12:58 +0100)]
atlas-probe: add new package

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit cb30c106c09f6e8b9a93e87c3de65f3b3a14db8e)

3 years agonextdns: Update to version 1.32.0 15478/head
Olivier Poitrey [Tue, 20 Apr 2021 15:08:40 +0000 (15:08 +0000)]
nextdns: Update to version 1.32.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15470 from rs/nextdns-1.12.5-openwrt-21.02
Rosen Penev [Tue, 20 Apr 2021 01:59:33 +0000 (18:59 -0700)]
Merge pull request #15470 from rs/nextdns-1.12.5-openwrt-21.02

[21.02] nextdns: Update to version 1.12.5

3 years agonextdns: Update to version 1.12.5 15470/head
Olivier Poitrey [Tue, 20 Apr 2021 01:38:41 +0000 (01:38 +0000)]
nextdns: Update to version 1.12.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15462 from rs/nextdns-1.12.3-openwrt-21.02
Rosen Penev [Tue, 20 Apr 2021 00:47:43 +0000 (17:47 -0700)]
Merge pull request #15462 from rs/nextdns-1.12.3-openwrt-21.02

[21.02] nextdns: Update to version 1.12.3

3 years agonextdns: Update to version 1.12.3 15462/head
Olivier Poitrey [Mon, 19 Apr 2021 23:23:44 +0000 (23:23 +0000)]
nextdns: Update to version 1.12.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15458 from rs/nextdns-1.31.3-openwrt-21.02
Rosen Penev [Mon, 19 Apr 2021 23:08:33 +0000 (16:08 -0700)]
Merge pull request #15458 from rs/nextdns-1.31.3-openwrt-21.02

[21.02] nextdns: Update to version 1.31.3

3 years agonextdns: Update to version 1.31.3 15458/head
Olivier Poitrey [Mon, 19 Apr 2021 22:50:29 +0000 (22:50 +0000)]
nextdns: Update to version 1.31.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agocollectd: update PKG_RELEASE
Florian Eckert [Tue, 23 Mar 2021 09:22:12 +0000 (10:22 +0100)]
collectd: update PKG_RELEASE

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 1e2ba94064c3b99bd8543df9283933d84fdc4707)

3 years agocollectd: add percent calculation of bad block to ubi plugin
Florian Eckert [Thu, 11 Mar 2021 15:49:50 +0000 (16:49 +0100)]
collectd: add percent calculation of bad block to ubi plugin

This patche adds the percent evaluation for the bad blocks.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b4e24c12a6c187565e63b9365df6f88d954bf8c6)

3 years agocollectd: prepare ubi plugin for percent calculation
Florian Eckert [Thu, 11 Mar 2021 15:49:18 +0000 (16:49 +0100)]
collectd: prepare ubi plugin for percent calculation

This patche change prepares the ubi plugin to add the bad block evaluation in
percent.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 4927b53333652825a73bf0ecd53914636af6b6d3)

3 years agocollectd: upate PKG_RELEASE number
Florian Eckert [Fri, 12 Mar 2021 15:30:31 +0000 (16:30 +0100)]
collectd: upate PKG_RELEASE number

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6e41bf73ba3e80e206066cbcb8373a82efcbbf95)

3 years agocollectd: make compile time debug option configurable
Florian Eckert [Mon, 8 Mar 2021 13:40:34 +0000 (14:40 +0100)]
collectd: make compile time debug option configurable

Enables the compiler option that collectd is compiled with
debugging support. This is used at development stages to get
more messages from the collectd during development.

This option is default disabled.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a4f74eb11c1bfa6d708934b3885be589e39e8851)

3 years agocollectd: fix COLLECTD_PLUGINS_SELECTED end of line
Florian Eckert [Mon, 8 Mar 2021 12:00:32 +0000 (13:00 +0100)]
collectd: fix COLLECTD_PLUGINS_SELECTED end of line

This removes the trailing back slash. This is not needed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 416ba35d50e3381a23caf0ee0d0758a26e29a4f5)

3 years agocollectd: fix smart disk detection
Florian Eckert [Mon, 8 Mar 2021 15:30:53 +0000 (16:30 +0100)]
collectd: fix smart disk detection

On my system the attribute DEVTYPE was not set. The plugin could not
read any data and the function call blocked forever on this function and did
not returned. By removing it, all block devices under `/sys/class/block`
were checked.

Block devices that do not support SMART were not evaluated. The
collected displays the following message.

smart plugin: checking SMART status of /dev/loop4.
smart plugin: unable to open /dev/loop4.

If you do not like this message, you could only enable device in the uci that
does support SMART.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 543a2a970c062c30ac33f49f67ea952eb0adbed3)

3 years agocollectd: enable collectd-mod-smart
Florian Eckert [Mon, 8 Mar 2021 08:56:45 +0000 (09:56 +0100)]
collectd: enable collectd-mod-smart

Switching on compilation for collectd smart plugin.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 092902a87ee14e3b4b0b37a4ddb81719ae27fcc8)

3 years agolibatasmart: initial checkin
Florian Eckert [Fri, 5 Mar 2021 16:26:45 +0000 (17:26 +0100)]
libatasmart: initial checkin

This library is required by the smart plugin of the collectd.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 87e52cf180921d1fb778298c1ee699e652639b79)

3 years agoadblock: update to 4.1.1
Dirk Brenken [Sat, 17 Apr 2021 07:41:17 +0000 (09:41 +0200)]
adblock: update to 4.1.1

* support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain
  clients based on their IP (currently only supported by bind!)
* avoid promiscuous mode in tcpdump setup for adblock reporting
* speed up dns report preparation
* support dns report mailing (/etc/init.d/adblock report mail)
* fix bind autodetection
* update LuCI-frontend (separate PR)
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c531b6daea6962c32813b5815105343a76746147)

3 years agosquid: update to 4.14
Rosen Penev [Mon, 12 Apr 2021 05:48:55 +0000 (22:48 -0700)]
squid: update to 4.14

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 682aebbaea976bee8aa5cc6e2d5818364256b33f)

3 years agopsmisc: move killall to /usr/libexec and add ALTERNATIVES
Josef Schlehofer [Sun, 18 Apr 2021 11:59:30 +0000 (13:59 +0200)]
psmisc: move killall to /usr/libexec and add ALTERNATIVES

Currently, this package can not be installed while using standard path
of busybox, because binary killall wants to be installed on the same
location as busybox.

Collision:
• /usr/bin/killall: busybox (new-file), psmisc (existing-file)

Many of these binaries, which provides alternatives were moved to
folder /usr/libexec like wget, sed, findutils, less.
So I moved killall to /usr/libexec and others leave in touch and added
ALTERNATIVES for it, because preinstall script is no longer necessary.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d8969e0fd1db2b2cb544cea19179a05aec5a9c28)

3 years agoirqbalance: upgrade to version 1.8.0
Hannu Nyman [Sun, 18 Apr 2021 15:26:43 +0000 (18:26 +0300)]
irqbalance: upgrade to version 1.8.0

Upgrade irqbalance to version 1.8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6631cfaa61ff75d97ef1a41c6ec031198103c7df)

3 years agoMerge pull request #15441 from 1715173329/yq-2102
Rosen Penev [Sat, 17 Apr 2021 22:40:38 +0000 (15:40 -0700)]
Merge pull request #15441 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.7.0

3 years agoyq: Update to 4.7.0 15441/head
Tianling Shen [Sat, 17 Apr 2021 19:17:10 +0000 (03:17 +0800)]
yq: Update to 4.7.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from c4d27271adbbed1c779e212bc79ed351ddde6553)

3 years agoatheepmgr: avoid libpciaccess dependency
Eneas U de Queiroz [Thu, 15 Apr 2021 20:03:35 +0000 (17:03 -0300)]
atheepmgr: avoid libpciaccess dependency

HAVE_LIBPCIACCESS that is currently passed through MAKE_VARS to disable
building with libpciaccess can't be set through the environment.
Instead, use CONFIG_CON_PCI, which can be passed through the environment
and will disable libpciaccess.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 52837117541f9a35d60a0e4befac1960ea8675fe)

3 years agoclamav: add libiconv dependencies when build with NLS
Josef Schlehofer [Wed, 14 Apr 2021 23:02:34 +0000 (01:02 +0200)]
clamav: add libiconv dependencies when build with NLS

NLS means Native Language Support and when you have it enabled (it is
not default), clamav can not be compiled as it shows following error:

Package clamav is missing dependencies for the following libraries:
libiconv.so.2

Also, it is required that package libiconv-full is compiled first/before
than clamav and then try to compile clamav.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 87be6ffe6076778336f7db752fee0ef5f3f923e8)

3 years agoopenvpn-easy-rsa: add missing configfile
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 21:09:52 +0000 (18:09 -0300)]
openvpn-easy-rsa: add missing configfile

/etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile
and changes were lost during upgrades.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit b0663e2959ff9dc37d0273aa3240a2ef0ed3c611)

3 years agocollectd: enable cpufreq for rockchip target
Tomas Lara [Tue, 13 Apr 2021 05:37:18 +0000 (01:37 -0400)]
collectd: enable cpufreq for rockchip target

Enable collectd-mod-cpufreq  for rockchip

Signed-off-by: Tomas Lara <tl849670@gmail.com>
(cherry picked from commit 6bd8d29b70bf3081d9fe0efe38a36b8f4fed77de)

3 years agoMerge pull request #15414 from luizluca/21.02/ruby-3.0.1
Luiz Angelo Daros de Luca [Tue, 13 Apr 2021 16:04:54 +0000 (13:04 -0300)]
Merge pull request #15414 from luizluca/21.02/ruby-3.0.1

[21.02] ruby: update to 3.0.1

3 years agobonding: accept list of slaves in uci list notation
Jo-Philipp Wich [Fri, 9 Apr 2021 16:52:15 +0000 (18:52 +0200)]
bonding: accept list of slaves in uci list notation

Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.

Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 57a77386de7dda12f60bf3021efcde7f059833c8)

3 years agoruby: update to 3.0.1 15414/head
Luiz Angelo Daros de Luca [Mon, 12 Apr 2021 21:19:00 +0000 (18:19 -0300)]
ruby: update to 3.0.1

Fixes two CVEs:

CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 years agonode: bump to v14.16.1
Hirokazu MORIKAWA [Mon, 12 Apr 2021 01:53:35 +0000 (10:53 +0900)]
node: bump to v14.16.1

April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)

OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.

NODEJS_ICU_SMALL is default

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agosafe-search: prevent duplicate cron job installation
Gregory L. Dietsche [Fri, 9 Apr 2021 01:14:45 +0000 (20:14 -0500)]
safe-search: prevent duplicate cron job installation

This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.

To reproduce this bug, perform the following:
  - Install safe-search
  - Perform an OpenWRT firmware upgrade (choose to preserve user settings)
  - Install safe-search again

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 49535edffdd44e1db109f687a5f6e87b7fe0ea3c)

3 years agonetdata: disable shared memory totals by default
Tiago Gaspar [Sat, 10 Apr 2021 23:21:58 +0000 (00:21 +0100)]
netdata: disable shared memory totals by default

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 5f65d87bb7727be85e7d3e02045302d6eb76ff7e)

3 years agohttps-dns-proxy: bugfix: race condition with dnsmasq
Stan Grishin [Sun, 11 Apr 2021 01:30:23 +0000 (01:30 +0000)]
https-dns-proxy: bugfix: race condition with dnsmasq

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agosimple-adblock: update to 1.8.7-3
Stan Grishin [Sat, 10 Apr 2021 18:54:49 +0000 (18:54 +0000)]
simple-adblock: update to 1.8.7-3

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoadblock: fix games_tracking source url
Dirk Brenken [Fri, 9 Apr 2021 16:42:30 +0000 (18:42 +0200)]
adblock: fix games_tracking source url

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ec20e9df96f74c29699aa2df8de63cb9a8c32a2a)

3 years agoMerge pull request #15372 from farmergreg/21.02-safe-search
Josef Schlehofer [Thu, 8 Apr 2021 21:30:28 +0000 (23:30 +0200)]
Merge pull request #15372 from farmergreg/21.02-safe-search

[21.02] safe-search: check for changed IP addresses weekly

3 years agoMerge pull request #15371 from farmergreg/21.02-family-dns
Josef Schlehofer [Thu, 8 Apr 2021 21:28:05 +0000 (23:28 +0200)]
Merge pull request #15371 from farmergreg/21.02-family-dns

[21.02] net/family-dns: Correct Reference to IPKG_INSTROOT

3 years agofamily-dns: Correct Reference to IPKG_INSTROOT 15371/head
Greg Dietsche [Sun, 28 Feb 2021 19:40:22 +0000 (13:40 -0600)]
family-dns: Correct Reference to IPKG_INSTROOT

IPKG_INSTROOT was misspelled.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 1569131f952915eb12b91268bdf11df3a005fe75)

3 years agosafe-search: check for changed IP addresses weekly 15372/head
Gregory L. Dietsche [Wed, 10 Mar 2021 03:34:24 +0000 (21:34 -0600)]
safe-search: check for changed IP addresses weekly

The current default of hourly is too fast. Some services such as
DuckDuckGo return IPs from a pool based on the user's location instead
of a fixed IP address. This change prevents unnecessary writes to the
flash memory by only updating once per week.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 7164ccf1553a990d8823bc545d970334fa0cd32e)

3 years agominisatip: add libdvbcsa support
Rosen Penev [Mon, 5 Apr 2021 02:31:56 +0000 (19:31 -0700)]
minisatip: add libdvbcsa support

Unconditionally enable with BUILD_PATENTED.

Simplify configure args.

Add missing PKG_CONFIG_DEPENDS

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3d65773650e42c32a2c30d336f266f4fd8723d40)

3 years agoopenvpn: fix invoking user up & down commands from hotplug wrapper
Jo-Philipp Wich [Sat, 27 Mar 2021 19:33:44 +0000 (20:33 +0100)]
openvpn: fix invoking user up & down commands from hotplug wrapper

This commit adds a number of fixes to the OpenVPN up/down hotplug command
wrapper which currently fails to actually invoke user defined up and down
commands for uci configurations not using external native configurations.

 - Use the `--setenv` to pass the user configured `up` and `down` commands
   as `user_up` and `user_down` environment variables respectively

 - Instead of attempting to scrape the `up` and `down` settings from the
   (possibly generated) native OpenVPN configuration in
   `/etc/hotplug.d/openvpn/01-user`, read them from the respective
   environment variables instead

 - Fix parsing of native configuration values in `get_openvpn_option()`;
   first try to parse a given setting as single quoted value, then as
   double quoted and finally as non-quoted, potentially white-space
   escaped one. This ensures that `up '/bin/foo'` is interpreted as
   `/bin/foo` and not `'/bin/foo'`

Ref: https://forum.openwrt.org/t/openvpn-up-down-configuration-ignored/91126
Supersedes: #15121, #15284
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry-picked from commit 7f065a94bb2663d32da7424c777a580d470728a0)

3 years agoopenvpn: add OpenVPN option server-poll-timeout
Alexander Egorenkov [Sun, 21 Mar 2021 09:57:31 +0000 (10:57 +0100)]
openvpn: add OpenVPN option server-poll-timeout

See https://www.mankier.com/8/openvpn#--server-poll-timeout

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry-picked from commit 5789faab67db9b2bde999d24a3dbc26c4a82981d)

3 years agoopenvpn: update to 2.5.1
Magnus Kroken [Wed, 24 Feb 2021 18:00:23 +0000 (19:00 +0100)]
openvpn: update to 2.5.1

Set myself as maintainer.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit 204c0901b83b20e34ed12e4ea41236e2261d4099)

3 years agocurl: update to version 7.76.0
Jan Pavlinec [Thu, 1 Apr 2021 08:58:11 +0000 (10:58 +0200)]
curl: update to version 7.76.0

Fixes CVE-2021-22876 and CVE-2021-22890

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit b971310549ac145f88d0251f03ffaa294f51c1e2)

3 years agolibdvbcsa: add new package
Rafał Dzięgiel [Sun, 2 Aug 2020 09:52:07 +0000 (11:52 +0200)]
libdvbcsa: add new package

Libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm DVB/CSA - with encryption and decryption capabilities.

OpenWrt packages like `tvheadend` and `minisatip` can benefit from it.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
(cherry picked from commit 51c5a8b4bcb5ba4d7447bd6ce77ddc41a46570aa)

3 years agopython-pytest: update to version 6.2.3
Jan Pavlinec [Tue, 6 Apr 2021 10:00:28 +0000 (12:00 +0200)]
python-pytest: update to version 6.2.3

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 4e979ceb6b5b78c136a5981e85e53f27d31510e3)

3 years agoknot-resolver: update to version 5.3.1
Jan Pavlinec [Tue, 6 Apr 2021 10:41:02 +0000 (12:41 +0200)]
knot-resolver: update to version 5.3.1

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 3e3025b1910b158ce35921b4b6fc22579cf4824b)

3 years agoyoutube-dl: update to version 2021.4.7
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 701ded952a2505d3c39184767d2d55d1e299ec0f)

3 years agozeroconf: update to version 0.29.0
Josef Schlehofer [Tue, 6 Apr 2021 20:48:19 +0000 (22:48 +0200)]
zeroconf: update to version 0.29.0

Update copyright in Makefile

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 757b0ea64710c692579ca59b4afbd49d4c025728)

3 years agoksmbd: update to 3.3.8
Rosen Penev [Wed, 7 Apr 2021 04:48:16 +0000 (21:48 -0700)]
ksmbd: update to 3.3.8

Major changes are:
  clean-up codes using checkpatch --strict option.
  fix several warning and build failure from linux-next.
  change the minimum supported kernel version to v5.4.
  use xarray for tree connect list.
  fix reviews from lkml.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fa6f182a21c597cd792bfe83fc68c9c5d0b196b3)

3 years agoksmbd-tools: update to 3.3.8
Rosen Penev [Wed, 7 Apr 2021 04:50:36 +0000 (21:50 -0700)]
ksmbd-tools: update to 3.3.8

Major changes are:
  disable symlink by default.
  remove smack inherit leftovers.
  Enable guest access on IPC$ share by default.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c6fa2d5bfaf24f347efd7156b2ad5b1cf62bd9a9)

3 years agoksmbd-tools: Add a mDNS TXT record for the ksmbd service
Kirill Nikolaev [Mon, 5 Apr 2021 23:03:18 +0000 (01:03 +0200)]
ksmbd-tools: Add a mDNS TXT record for the ksmbd service

MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.

Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.

Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit 272b0a5c1873a34f6609e7af38395cea3f02bda5)

3 years agoxinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
Sven Roederer [Sat, 3 Apr 2021 16:47:02 +0000 (18:47 +0200)]
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh

Avoid "file not found"-error when embedding via Imagebuilder.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit bdab7e6bfed9d29f51589ed4461dd927dc78eaf1)

3 years agostrongswan: bump to 5.9.2
Philip Prindeville [Sun, 4 Apr 2021 20:17:15 +0000 (14:17 -0600)]
strongswan: bump to 5.9.2

Retire weak algorithms like MD5 and 3DES.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ae3d5aa73ee2bb608a97ce55742489780f07b779)

3 years agostrongswan: force PIC on all builds
Philip Prindeville [Wed, 24 Feb 2021 21:46:33 +0000 (14:46 -0700)]
strongswan: force PIC on all builds

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit a72780a9c25eeff46319d6be1bc33e515deb703c)

3 years agostrongswan: migrate to swanctl configs
Philip Prindeville [Wed, 10 Feb 2021 05:49:30 +0000 (22:49 -0700)]
strongswan: migrate to swanctl configs

Derived from the ipsec initd script, with the following changes:

(1) various code improvements, corrections (get rid of left/right
    updown scripts, since there's only one), etc;
(2) add reauth and fragmentation parameters;
(3) add x.509 certificate-based authentication;

and other minor changes.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit f9d91f1f470aaa6d3da5aab97bf5ece139d8c5bd)

3 years agostrongswan: remove synthesized ipsec conf files
Philip Prindeville [Thu, 1 Apr 2021 20:43:12 +0000 (14:43 -0600)]
strongswan: remove synthesized ipsec conf files

If you shutdown ipsec service, and it doesn't clean up
/var/ipsec/ipsec.conf, then when you start swanctl service it
might see an incompatible file on startup.  Remedy is to
remove unneeded files when shutting down the service.  They
can always be regenerated when the service starts again.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit baa38a14200d0549a0531be92f3ef89e526063ac)

3 years agostrongswan: move ipsec conf files to subpackage
Philip Prindeville [Sat, 27 Mar 2021 19:37:21 +0000 (13:37 -0600)]
strongswan: move ipsec conf files to subpackage

These config files are only used by the ipsec interface to charon,
and shouldn't be part of the base package.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit e626255b371b8bd7811ea870525b32c0a4b2f589)

3 years agostrongswan: make the include's in the .conf files persistent
Philip Prindeville [Wed, 10 Feb 2021 06:42:00 +0000 (23:42 -0700)]
strongswan: make the include's in the .conf files persistent

Having scripts diddle user written config files seems potentially
dangerous.  Plus there's really no downside to including some
empty files.  Best to just make the includes be permanent.

Additional feature suggested by Luiz: if a -opkg version of the
config file was created unnecessarily, remove it as part of the
upgrade process since changes won't be happening to that file
as an artifact of the service starting.  The include lines are
now permanent, which means that (1) additional configuration
synthesized by UCI won't be anywhere that opkg (or sysupgrade,
for that matter) cares about since it won't be persistent, and
(2) if changes are being made, then they're being done by a
person with an editor and they really should be distinguished.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 643df01275798dc4a44d33ac1a8b630c91a80c8c)

3 years agostrongswan: change maintainers
Philip Prindeville [Fri, 26 Mar 2021 03:37:56 +0000 (21:37 -0600)]
strongswan: change maintainers

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0bd4410e304f6164a1e0766815a1ca080dbeaa17)

3 years agostrongswan: fix local_gateway discovery
Philip Prindeville [Mon, 15 Feb 2021 21:51:02 +0000 (14:51 -0700)]
strongswan: fix local_gateway discovery

This has been observed by myself and @luizluca: ip route get is
appending uid0 to the output, as seen from:

root@OpenWrt2:~# ip route get 1.1.1.1
1.1.1.1 via 174.27.160.1 dev eth3 src 174.27.182.184 uid 0
    cache
root@OpenWrt2:~#

so the fix is an anchored match, discarding all else. Also, using
ip -o means never having to do multiline matches...

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ec72d3a9e47954f0be844fb32abb5ca1e4dda667)

3 years agomtd-rw: fix build failure with kernel 5.10
David Bauer [Fri, 26 Feb 2021 14:38:15 +0000 (15:38 +0100)]
mtd-rw: fix build failure with kernel 5.10

When building mtd-rw for a target based on Kernel 5.10 which has
CONFIG_MTD disabled the build fails with

ERROR: "put_mtd_device" [../mtd-rw.ko] undefined!
ERROR: "get_mtd_device" [../mtd-rw.ko] undefined!

Omit building the package for such a target.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c6b3d949295e687c54a6d87f60f49f7ccc4bdcdf)

3 years agoclamav: update to 0.103.1
Rosen Penev [Sun, 28 Feb 2021 12:06:30 +0000 (04:06 -0800)]
clamav: update to 0.103.1

Convert to using CMake in order to speed up compilation and to fix
compilation under glibc.

Add extra dependencies since they're now needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7cd687cb7ea576dda2a54114eb4f90838aa13580)

3 years agopython3-libsemanage: update to 3.2
Rosen Penev [Tue, 9 Mar 2021 08:05:06 +0000 (00:05 -0800)]
python3-libsemanage: update to 3.2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit acb72e74529a5f3c6ec067cfe6047b621407c29a)

3 years agosetools: update to 4.4.0
Rosen Penev [Tue, 9 Mar 2021 08:22:25 +0000 (00:22 -0800)]
setools: update to 4.4.0

Remove no longer needed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 39bce0e7191bab285d3c0fb6b205df7bcfd36e4f)

3 years agojool: Update to 4.1.5
Ondřej Caletka [Sun, 4 Apr 2021 19:53:39 +0000 (21:53 +0200)]
jool: Update to 4.1.5

Compile and run tested on: mvebu (Turris Omnia)

Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
(cherry picked from commit 0c044284b7882c71642af38077a92f99277564e9)

3 years agonut: fix typo in nutshutdown script
Sven Roederer [Sat, 3 Apr 2021 20:00:31 +0000 (22:00 +0200)]
nut: fix typo in nutshutdown script

Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec799.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit f25f49a8b7c5a038f8a50dbb74e10db19f26d15a)

3 years agomosquitto: bump to 2.0.10
Karl Palsson [Tue, 6 Apr 2021 10:33:56 +0000 (10:33 +0000)]
mosquitto: bump to 2.0.10

This is a security fix, affecting 2.0.0 through to 2.0.9.  Mosquitto instances
could be remotely DoS'd by authenticated clients.

Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agohaproxy: Update HAProxy to v2.2.13
Christian Lachner [Tue, 6 Apr 2021 05:46:03 +0000 (07:46 +0200)]
haproxy: Update HAProxy to v2.2.13

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
3 years agocache-domains: Fixed host files directory
Gerard Ryan [Fri, 2 Apr 2021 05:22:55 +0000 (15:22 +1000)]
cache-domains: Fixed host files directory
* Hid unnecessary output

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
3 years agoMerge pull request #15331 from 1715173329/xray-2102
Rosen Penev [Sun, 4 Apr 2021 02:07:23 +0000 (19:07 -0700)]
Merge pull request #15331 from 1715173329/xray-2102

[openwrt-21.02] xray-core: Update to 1.4.2

3 years agobanip: bugfix 0.7.6-2
Dirk Brenken [Sat, 3 Apr 2021 17:16:39 +0000 (19:16 +0200)]
banip: bugfix 0.7.6-2

* fix housekeeping of external list sources

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 86a20c79556284807f95aafd4f9db9633fafe5b7)

3 years agoxray-core: Update to 1.4.2 15331/head
Tianling Shen [Fri, 2 Apr 2021 08:59:11 +0000 (16:59 +0800)]
xray-core: Update to 1.4.2

Updated geo datas to latest version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 781c70077bf5dfd1c372c3a7a6955eadb3e380a2)

3 years agoxray-core: init: add browser dialer support
Tianling Shen [Fri, 2 Apr 2021 09:06:19 +0000 (17:06 +0800)]
xray-core: init: add browser dialer support

Since v1.4.1, Xray has introduced a new feature to transfer data via
browsers, which can disguise itself as a normal browser to cheat
network censorship.

For more details, see https://github.com/XTLS/Xray-core/pull/421.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 736667ce6eab44e265744337559c155aa99cbc00)

3 years agosimple-adblock: jsonOps-related bugfixes
Stan Grishin [Thu, 18 Mar 2021 01:37:42 +0000 (01:37 +0000)]
simple-adblock: jsonOps-related bugfixes

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoxray-core: Update to 1.4.1
Tianling Shen [Wed, 31 Mar 2021 08:09:36 +0000 (16:09 +0800)]
xray-core: Update to 1.4.1

Updated geodata to latest version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from ee9868cb20f78b01df1996090f1fe224a5e4c017)

3 years agoyq: Update to 4.6.3
Tianling Shen [Wed, 31 Mar 2021 08:17:18 +0000 (16:17 +0800)]
yq: Update to 4.6.3

- Re-assigned myself as the maintainer
- Used $(AUTORELEASE) for PKG_RELEASE

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 82ebe3e49a50075116da4b677eacae91e6fcd2c4)

3 years agopython3-pyroute2: update to version 0.5.16
Martin Matějek [Mon, 29 Mar 2021 20:20:57 +0000 (22:20 +0200)]
python3-pyroute2: update to version 0.5.16

Signed-off-by: Martin Matějek <martin.matejek@gmx.com>
(cherry picked from commit df4b1ae24e5532e8d3c634d8ae82f87c8f6ea8e0)