Eric Luehrsen [Wed, 22 Mar 2017 01:43:42 +0000 (21:43 -0400)]
unbound: support copy without dash update
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Sat, 18 Mar 2017 02:45:47 +0000 (22:45 -0400)]
unbound: fix hotplug iface and ntp restarts
Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.
Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Sun, 5 Mar 2017 19:52:28 +0000 (14:52 -0500)]
unbound: bugfix init race condition invalid FQDN
options 'add_local_fqdn' and 'add_wan_fqdn' can be affected
by race conditions when they are at level 4. Interface name
may not be returned by network tools. The conf file has bad
record formats and Unbound just will not load. Detect this
and fall back to only the host FQDN (level 3).
squash: improve documentation wording and format codes.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Audric Schiltknecht [Sun, 12 Mar 2017 20:11:48 +0000 (16:11 -0400)]
unbound: fix odhcpd trigger script
Read UNBOUND_TXT_DOMAIN from main unbound configuration.
This prevents records to be added into Unbound in the default 'lan' zone.
Signed-off-by: Audric Schiltknecht <storm+github@chemicalstorm.org>
Thomas Heil [Mon, 3 Apr 2017 11:50:03 +0000 (13:50 +0200)]
package: haproxy
[RELEASE] Released version 1.7.5 due to bug in compression
Released version 1.7.5 with the following main changes :
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Thomas Heil [Tue, 28 Mar 2017 11:16:19 +0000 (13:16 +0200)]
package: haproxy
Correct Download Url to http://www.haproxy.org/download/1.7/src
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Thomas Heil [Tue, 28 Mar 2017 09:42:16 +0000 (11:42 +0200)]
package: haproxy bump to latest stable 1.7.4
[RELEASE] Released version 1.7.4
Released version 1.7.4 with the following main changes :
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Thomas Heil [Tue, 28 Mar 2017 09:34:23 +0000 (11:34 +0200)]
package: memcached - upgrade to latest stable
bump to version 1.4.36
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Thomas Heil [Mon, 27 Mar 2017 08:03:16 +0000 (10:03 +0200)]
[libs/pcre]: fix CVE-2017-7186
Fix CVE-2017-7186 mentioned in https://bugs.exim.org/show_bug.cgi?id=2052
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
heil [Thu, 16 Mar 2017 21:35:59 +0000 (22:35 +0100)]
package: haproxy
- bump to stable 1.7.3 and pending patches from upstream
Signed-off-by: heil <heil@terminal-consulting.de>
Jo-Philipp Wich [Tue, 14 Mar 2017 13:01:44 +0000 (14:01 +0100)]
Merge pull request #4120 from gabri94/lede-17.01
openwisp-config: new package
gabri94 [Fri, 3 Mar 2017 13:26:06 +0000 (14:26 +0100)]
openwisp-config: new package
Signed-off-by: Gabriele Gemmi <gabriel@autistici.org>
Dirk Brenken [Sat, 4 Mar 2017 16:20:24 +0000 (18:20 +0200)]
adblock: backport updates upto 2.4.0-2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Original commit messages:
adblock: update 2.3.2
* optimize memory consumption &
enable overall sort only on devices with > 64MB RAM,
this prevents sort related kernel dumps
(cherry picked from commit
8c5b9a0802dec0876488779f0836c5b4698388cc)
adblock: release 2.4.0
* add tld compression,
this new "top level domain compression" removes up to 40 thousand
needless host entries from the block lists and
lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
(cherry picked from commit
ed470f0dcc66f42bc57e3795e3c9f37629e2cbcd)
adblock: release 2.4.0 (release 2)
* add missing sort step if tld compression was disabled
(cherry picked from commit
b3b9972eacdf4acc5ff231f7aa5c32d14fbc4841)
Hannu Nyman [Thu, 2 Mar 2017 12:37:18 +0000 (14:37 +0200)]
Merge pull request #4072 from EricLuehrsen/unbound_17_01
[lede-17.01] unbound: service update respective of 1.6.1-2
Eric Luehrsen [Thu, 2 Mar 2017 05:28:35 +0000 (00:28 -0500)]
unbound: improve maintenance of trust anchor
Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.
Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.
The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Thu, 23 Feb 2017 02:35:56 +0000 (21:35 -0500)]
unbound: Update to 1.6.1 with 2017 trust anchor
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.
File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Sat, 25 Feb 2017 18:49:45 +0000 (13:49 -0500)]
unbound: bugfix add_local_fqdn with empty ULA
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Sat, 11 Feb 2017 20:25:22 +0000 (15:25 -0500)]
unbound: improve robustness with dhcp scripts
When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Mon, 6 Feb 2017 04:48:18 +0000 (23:48 -0500)]
Unbound: bug fix odhcpd and add auto adblock
Bug fix dhcp4_slaac6 option was adding to all IP6 routes.
Filtering was added to this process to only include addresses
served from "this dhcp interface."
adblock 2.3.0 file output is now detected and automatically
integrated into Unbound local-zones. adblock deposites its
block site zone-files into /var/lib/unbound. If this is not
desired, then disable adblock or reconfigure to avoid Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Mon, 23 Jan 2017 06:48:32 +0000 (01:48 -0500)]
unbound: error in README.md for unbound+dnsmasq
Rafał Miłecki [Mon, 26 Sep 2016 05:59:30 +0000 (07:59 +0200)]
pptpd: run service in foreground for procd compatibility
To have service working nicely with procd it should be running in the
foreground. Otherwise it's not possible to e.g. stop it with the init.d
script. Luckily for us pptpd has a simple switch that allows it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 15e7f611afb ("pptpd: convert init script to procd")
Rafał Miłecki [Wed, 22 Feb 2017 07:19:49 +0000 (08:19 +0100)]
lighttpd: fix regression in local-redir used with url.rewrite-once
This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793
This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Mon, 20 Feb 2017 11:18:17 +0000 (12:18 +0100)]
lighttpd: update to 1.4.45
Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
783 root 1124 S {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
799 root 1164 S /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
It was hanging until getting random pool:
[ 176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[ 176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[ 176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[ 176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hannu Nyman [Mon, 20 Feb 2017 15:11:19 +0000 (17:11 +0200)]
Merge pull request #4042 from commodo/backport-ncurses-fixes
[lede-17.01] python,python3: backport fixes for `ncurses` extension builds
Alexandru Ardelean [Mon, 13 Feb 2017 14:12:39 +0000 (16:12 +0200)]
python3: fix ncursesw definition collisions
setup.py seems to add the host's /usr/include/ncursesw
header.
Reported-by: Arturo Rinaldi <arturo@arduino.org>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 13 Feb 2017 14:10:16 +0000 (16:10 +0200)]
python: remove setupterm() redefinition
It's not 100% aligned with the ncurses' definition.
Reported-by: Arturo Rinaldi <arturo@arduino.org>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dirk Brenken [Thu, 16 Feb 2017 14:18:41 +0000 (15:18 +0100)]
adblock: update 2.3.1
* various optimizations & corner case fixes
* removed no longer needed debug information
* polished up for forthcoming LEDE release ;-)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5cf40c94ee85d7f192f42892a374a9a6853a0a0f)
Stijn Tintel [Tue, 14 Feb 2017 13:46:23 +0000 (14:46 +0100)]
net-snmp: add engineID config options
According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Yousong Zhou [Mon, 13 Feb 2017 11:47:28 +0000 (19:47 +0800)]
xl2tpd: backporting fix for race condition causing xl2tpd hang
The patch was taken from https://github.com/xelerance/xl2tpd/pull/125
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Nikos Mavrogiannopoulos [Sun, 12 Feb 2017 10:26:49 +0000 (11:26 +0100)]
gnutls: updated to 3.5.9
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 12 Feb 2017 09:25:51 +0000 (10:25 +0100)]
ocserv: updated to 0.11.7
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Dirk Brenken [Sun, 12 Feb 2017 07:20:10 +0000 (08:20 +0100)]
adblock: 2.3.0 (package release 3)
* refine too optimistic wget/uclient-fetch timeout defaults
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5e4cd25103da0d1549db435fa086259f3fcc5744)
Stijn Tintel [Fri, 10 Feb 2017 08:30:57 +0000 (09:30 +0100)]
vallumd: bump to 0.1.3
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hannu Nyman [Thu, 9 Feb 2017 20:49:53 +0000 (22:49 +0200)]
Merge pull request #3971 from chris5560/lede-17.01
[lede-17.01] ddns-scripts: New update url for service duiadns.net
Christian Schoenebeck [Thu, 9 Feb 2017 20:25:18 +0000 (21:25 +0100)]
[lede-17.01] ddns-scripts: New update url for service duiadns.net
- new update url for service duiadns.net
- updated public_suffix_list.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Daniel Engberg [Mon, 6 Feb 2017 23:23:09 +0000 (00:23 +0100)]
libs/gnutls: Don't link libidn unintentionally
Fixes compilation reported by by buildbots.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
c7c951eada3682c2a2bac73cbe95ee15f174317f)
Dirk Brenken [Mon, 6 Feb 2017 16:07:48 +0000 (17:07 +0100)]
adblock: 2.3.0 (package release 2)
* update readme regarding unbound integration
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
1e7a1b380bd16ceef3b9dd46cb9c72a445f2ce7f)
Ian Leonard [Fri, 3 Feb 2017 11:02:52 +0000 (03:02 -0800)]
opus: update to 1.1.4
Includes fix for CVE 2017-0381.
Assume maintainership.
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
Jo-Philipp Wich [Mon, 6 Feb 2017 10:01:12 +0000 (11:01 +0100)]
Revert "vnstat: update to v1.16"
This reverts commit
79b6e9dc61dc37e4745f08d83ce44593d256fd12.
Undo the recent vnstat update due to upstream bugs preventing database
restoration.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Luiz Angelo Daros de Luca [Wed, 18 Jan 2017 01:03:53 +0000 (23:03 -0200)]
ruby: derive ABI version from VERSION
There might be no ABI breakage when the first two number
of version are the same.
(No change on generated packages. No need to bumb release)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
heil [Sun, 22 Jan 2017 20:09:54 +0000 (21:09 +0100)]
package: pcre bump to version 8.40
Signed-off-by: heil <heil@terminal-consulting.de>
Eric Luehrsen [Thu, 29 Dec 2016 06:32:31 +0000 (01:32 -0500)]
unbound: expand UCI to cover some popular dnsmasq features
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.
- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'
README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Sat, 7 Jan 2017 19:19:22 +0000 (14:19 -0500)]
unbound: expand UCI support for odhcpd DHCP-DNS
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Thu, 29 Dec 2016 06:29:17 +0000 (01:29 -0500)]
unbound: add odhcpd specific scripts to link DHCP-DNS
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).
The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.
/etc/config/dhcp
config odhcpd 'odhcpd'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Eric Luehrsen [Fri, 23 Dec 2016 07:37:21 +0000 (02:37 -0500)]
unbound: improve NTP hotplug behavior when Unbound is disabled
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Dirk Brenken [Sat, 4 Feb 2017 20:32:50 +0000 (21:32 +0100)]
adblock: release 2.3.0
* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Michael Heimpold [Tue, 24 Jan 2017 20:39:59 +0000 (21:39 +0100)]
php7: update to 7.1.1
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Matthias Schiffer [Tue, 24 Jan 2017 11:43:13 +0000 (12:43 +0100)]
php7: fix xml2-config path to unbreak build
Partially reverts
4a984a8d6. Fixes #3907.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Hauke Mehrtens [Tue, 31 Jan 2017 22:44:00 +0000 (23:44 +0100)]
tor: update to version 0.2.9.9
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Kevin Darbyshire-Bryant [Sun, 29 Jan 2017 11:54:14 +0000 (11:54 +0000)]
libidn: install libidn.pc in staging area & refresh patches
libidn.pc file was missing in package staging area causing build
failures for other packages expecting to find libidn package config
files.
refreshed patches to clear existing patch fuzz
take over maintainership
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
p-wassi [Wed, 7 Dec 2016 21:00:50 +0000 (22:00 +0100)]
utils/gpsd: remove hotplug script
Remove a hotplug script, which starts/stops gpsd with
attaching/detaching a PL2302 USB-UART device.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
p-wassi [Wed, 7 Dec 2016 20:58:05 +0000 (21:58 +0100)]
utils/gpsd: (cosmetic) update config
Make the default config look like usual,
i.e.: indentation using tabs, single quotes, booleans 0/1
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
p-wassi [Wed, 7 Dec 2016 20:41:06 +0000 (21:41 +0100)]
utils/gpsd: Update to 3.16
Update gpsd to upstream release 3.16
The local patch is already included upstream, therefore
removed here.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Daniel Engberg [Sun, 29 Jan 2017 07:54:41 +0000 (08:54 +0100)]
net/stunnel: Update to version 5.40
Update stunnel to 5.40
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Hannu Nyman [Sun, 29 Jan 2017 15:37:06 +0000 (17:37 +0200)]
rsync and cifs-utils: update download address
samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Damiano Renfer [Sun, 29 Jan 2017 16:29:35 +0000 (17:29 +0100)]
net/dnscrypt-proxy: update to 1.9.4
Signed-off-by: Damiano Renfer damiano.renfer@gmail.com
Stijn Tintel [Mon, 30 Jan 2017 12:59:17 +0000 (13:59 +0100)]
strongswan: enable IKEv2 Mediation Extension
Closes #3905.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jo-Philipp Wich [Wed, 18 Jan 2017 11:08:40 +0000 (12:08 +0100)]
coreutils: add libcap dependency to selected applets
If libcap happens to be present in the environment, coreutils will pick it up
and link some applets against it.
Since the idea of coreutils is to provide a full featured alternative to the
busybox applets, do not inhibit the optional dependency but explicitely
require libcap instead.
Fixes the following error spotted on the buildbots:
Package coreutils-dir is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 18 Jan 2017 03:03:00 +0000 (04:03 +0100)]
nail: fix build against OpenSSL with disabled SSLv3
Extend the existing patch handling disabled SSLv2 to cover the SSLv3 case as
well in order to fix the following build error reported by the buildbot:
openssl.o: In function `ssl_open':
openssl.c:(.text+0xa1c): undefined reference to `SSLv3_client_method'
collect2: error: ld returned 1 exit status
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 18 Jan 2017 02:53:03 +0000 (03:53 +0100)]
pen: update to v0.34.0
Update the pen package to upstream release v0.34.0 in order to fix the
following build error reported by the buildbot:
ssl.o: In function `ssl_create_context':
ssl.c:(.text+0x9c): undefined reference to `SSLv3_method'
collect2: error: ld returned 1 exit status
Also switch from PKG_MD5SUM to PKG_HASH with SHA256 while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 18 Jan 2017 02:40:50 +0000 (03:40 +0100)]
perl-www-curl: fix build against curl >= 7.50
Import a proposed upstream bug fix to allow building against recent curl
versions. Fixes the following error observed by the buildbots:
curlopt-constants.c:129:49: error: 'CURL_STRICTER' undeclared (first use in this function)
if (strEQ(name, "STRICTER")) return CURL_STRICTER;
Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=117793
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 Jan 2017 20:24:12 +0000 (21:24 +0100)]
socat: work around missing stddef.h include
The buildbots fail to build socat due to the following error:
nestlex.c:14:7: error: unknown type name 'ptrdiff_t'
It appears that certain source files do not include all required headers,
depending on the configure options passed to socat.
Work around the error by passing `-include stddef.h` via `TARGET_CFLAGS` to
forcibly inject this header file into all compilation units.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Peter Wagner [Tue, 17 Jan 2017 22:49:20 +0000 (23:49 +0100)]
ntpd: cleanup Makefile and hotplug script
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner [Mon, 16 Jan 2017 21:28:01 +0000 (22:28 +0100)]
ntpd: add hotplug script that signals when ntp reaches the stratum level like the sysntp implementation
use ntpq to check the status of the ntp server as all other status scripts included in the ntp tarball are
based on perl which would dramatically increase the footprint of ntpd
Signed-off-by: Peter Wagner <tripolar@gmx.at>
p-wassi [Mon, 5 Dec 2016 07:00:32 +0000 (08:00 +0100)]
libs/liboping: update to 1.9.0
Update liboping/oping/noping to upstream release 1.9.0
Also introduce new location of downloads and correct
the licence to LGPL-2.1+ (as seen in liboping's README)
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Toke Høiland-Jørgensen [Fri, 3 Feb 2017 16:06:09 +0000 (17:06 +0100)]
sqm-scripts: Bump to v1.1.3
Philip Prindeville [Fri, 3 Feb 2017 04:56:35 +0000 (21:56 -0700)]
rng-tools: start rngd early enough to actually be useful
lighttpd starts at priority 50, but promptly calls getrandom() on
initialization (li_rand_reseed() and li_rand_device_bytes() from
server_init()). If /dev/urandom (which getrandom() uses by default)
doesn't have sufficient entropy, this will block.
Since Openwrt runs the startup scripts serially, this can block
initialization indefinitely. I've seen 15-20 minutes typically.
Seeding the pool early on can quickly built sufficient entropy to
complete booting without blocking.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
901ef617c7c913e94cfa88a5427d4a5511129fc8)
Jo-Philipp Wich [Thu, 26 Jan 2017 14:43:44 +0000 (15:43 +0100)]
vnstat: update to v1.16
Updates vnStat to the latest stable version, drops obsolete patches.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Dirk Brenken [Sun, 29 Jan 2017 20:24:05 +0000 (21:24 +0100)]
adblock: bugfix 2.1.5 (release 2)
* fix wget/uclient-switch
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
12c345d8036cd695f80fff42e4972ddb8b1c8aee)
Toke Høiland-Jørgensen [Sun, 29 Jan 2017 16:11:10 +0000 (17:11 +0100)]
sqm-scripts: Bump to v1.1.2, depend on kmod-sched-core
The needed shaper modules are now in kmod-sched-core, so we don't need
to depend on the full kmod-sched anymore.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Ted Hess [Thu, 26 Jan 2017 02:41:41 +0000 (21:41 -0500)]
Merge pull request #3916 from luizluca/lede-17.01
[lede-17.01] libvpx: bump to 1.6.1
Luiz Angelo Daros de Luca [Tue, 17 Jan 2017 21:21:31 +0000 (19:21 -0200)]
libvpx: bump to 1.6.1
v1.6.1:
- Faster VP9 encoding and decoding
- Bug Fixes
Now the ABI_VERSION is derived from PKG_VERSION
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Dirk Brenken [Mon, 23 Jan 2017 18:03:41 +0000 (19:03 +0100)]
adblock: update 2.1.5
* fix init boot function
* made fetch utility check more bullet proof
* automatically switch between default wget & uclient-fetch
configuration
* output link to online documentation on error
* update documentation
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
92c098fc02aae304a9a76795659fe22a5b7d6f01)
Álvaro Fernández Rojas [Mon, 23 Jan 2017 16:53:03 +0000 (17:53 +0100)]
unzip: patch CVE-2014-9913 and CVE-2016-9844 vulnerabilities
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Toke Høiland-Jørgensen [Sun, 22 Jan 2017 19:02:59 +0000 (20:02 +0100)]
sqm-scripts: Bump to v1.1.1, depend on kmod-sched-cake
This release contains several bug fixes for LEDE-17.01. The
kmod-sched-cake dependency is to avoid having scripts that fail
silently.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Stijn Tintel [Fri, 20 Jan 2017 05:39:36 +0000 (06:39 +0100)]
vallumd: bump to 0.1.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Ted Hess [Sat, 21 Jan 2017 12:44:39 +0000 (07:44 -0500)]
Merge pull request #3890 from dibdot/lede-17.01
[lede-17.01] travelmate: bugfix 0.3.2
Dirk Brenken [Sat, 21 Jan 2017 06:37:04 +0000 (07:37 +0100)]
[lede-17.01] travelmate: bugfix 0.3.2
* refine/speed-up (re-)connect handling
* fix minor build error in init script
* better logging & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Ted Hess [Thu, 19 Jan 2017 20:33:07 +0000 (15:33 -0500)]
icecast: Fix configure if both vorbis and tremor host packages installed
Signed-off-by: Ted Hess <thess@kitschensync.net>
(cherry picked from commit
c82573e64e27a58b3bffda336c51d3545cc88204)
Daniel Engberg [Mon, 16 Jan 2017 21:05:19 +0000 (22:05 +0100)]
net/socat: Update to 1.7.3.1 and fix SSL
Update to 1.7.3.1
Fix SSL builds
Source: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/socat/patches/#dirlist
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
8c0a4bf6c57cfd2e03fbd98225e3435038f33d5c)
Dirk Brenken [Fri, 20 Jan 2017 08:57:33 +0000 (09:57 +0100)]
adblock: bugfix 2.1.2
* fix minor build error in init script
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
d960507c5fd3cc65e50589ee846c92cdc0edbf89)
Ted Hess [Fri, 20 Jan 2017 19:31:01 +0000 (14:31 -0500)]
Merge pull request #3879 from chris5560/lede-17.01
[lede-17.01] ddns-scripts: fix detecting local ip from ip command
Jo-Philipp Wich [Tue, 17 Jan 2017 21:52:04 +0000 (22:52 +0100)]
mosquitto: fix provides <=> package name conflicts
The virtual package declared by PROVIDES must not have the same name as the
variant declaring it, otherwise buildroot will fail with errors like:
cp: '.../pkginfo/mosquitto.provides' and '.../pkginfo/mosquitto.provides' are the same file
In order to fix the above error, rename the existing "mosquitto" and
"libmosquitto" packages into "mosquitto-ssl" and "libmosquitto-ssl"
respectively.
Also substitute use of $(PKG_NAME) with literal "mosquitto" in
Package/* defines to improve readability of the Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Toke Høiland-Jørgensen [Thu, 19 Jan 2017 10:08:17 +0000 (11:08 +0100)]
flent-tools: Bump version
Contains bugfix from upstream.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Christian Schoenebeck [Wed, 18 Jan 2017 20:46:05 +0000 (21:46 +0100)]
[lede-17.01]ddns-scripts: fix detecting local ip from ip command
- fix detecting local ip from ip command #3834 and https://forum.lede-project.org/t/bugs-in-ddns-scripts/1000
- updated public_suffix_list.dat
- minor fixes to services files
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Karl Palsson [Tue, 17 Jan 2017 10:43:42 +0000 (10:43 +0000)]
net/mosquitto: add PROVIDES to daemon and library
Adding PROVIDES to both the daemon and library and -nossl variants allow
downstream packages to simply declare a single dependency.
mosquitto-client however, still needs to explicitly depend on the ssl or
nossl variant however.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Peter Wagner [Mon, 16 Jan 2017 17:53:08 +0000 (18:53 +0100)]
ctorrent-*: delete from repo as there is no active development since 2008 and there are alternatives like aria2
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(cherry picked from commit
7cdb8745b25a6c58e92426154f5ff6148431a348)
Ted Hess [Mon, 16 Jan 2017 13:12:28 +0000 (08:12 -0500)]
Merge pull request #3848 from jp-bennett/master
Fwknopd: Various updates
Ted Hess [Mon, 16 Jan 2017 13:04:31 +0000 (08:04 -0500)]
Merge pull request #3851 from diizzyy/patch-25
sound/shine: Fix compilation with ffmpeg and minor fixes
Daniel Engberg [Mon, 16 Jan 2017 08:52:30 +0000 (09:52 +0100)]
sound/shine: Fix compilation with ffmpeg and minor fixes
Update upstream URLs
Add upsteam patch to avoid name collision with ffmpeg
Source: https://github.com/toots/shine/commit/
3695118267be9b7a9412c86c7c5424ab47efe7ec
Refresh patches
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
danrl [Sat, 14 Jan 2017 13:54:42 +0000 (14:54 +0100)]
wireguard: new version and usability improvements
Signed-off-by: Dan Luedtke <mail@danrl.com>
Ted Hess [Mon, 16 Jan 2017 00:46:57 +0000 (19:46 -0500)]
Merge pull request #3846 from Wedmer/master
[libs/fftw3] Updated to version 3.3.6
Stijn Tintel [Sun, 15 Jan 2017 22:53:04 +0000 (23:53 +0100)]
vallumd: bump to 0.1.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Sun, 15 Jan 2017 22:20:51 +0000 (23:20 +0100)]
Merge pull request #3837 from hauke/tor
tor: update to version 0.2.9.8
Vladimir Ulrich [Sun, 15 Jan 2017 22:19:10 +0000 (01:19 +0300)]
[libs/fftw3] Updated to version 3.3.6
Signed-off-by: Vladimir Ulrich <admin@evl.su>
Hauke Mehrtens [Sat, 14 Jan 2017 16:40:43 +0000 (17:40 +0100)]
tor: log to syslog by default
Make tor log to syslog by default instead of stdout.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 14 Jan 2017 14:38:14 +0000 (15:38 +0100)]
tor: add tor-gencert, tor-resolve and torify
These are some additional applications build by the tor package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 14 Jan 2017 14:26:41 +0000 (15:26 +0100)]
tor: add geoip6 to tor-geoip
This add the IPv6 addresses to the tor-geoip6 package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 14 Jan 2017 14:29:19 +0000 (15:29 +0100)]
tor: preserve tor keys over sysupgrade
Mark the directories containing the keys for hidden services as
conffiles to preserve them over sysupgrade.
Fixes: #2247
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 14 Jan 2017 14:28:02 +0000 (15:28 +0100)]
tor: update to version 0.2.9.8
In addition update some configure options and use EXTRA_CFLAGS.
Setting RunAsDaemon to 1 will be overwritten by the init script option
"--runasdaemon 0" anyway and we want it in foreground for procd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>