W. Michael Petullo [Mon, 10 May 2021 18:19:47 +0000 (13:19 -0500)]
libgcrypt: update to 1.9.3
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Mon, 10 May 2021 18:19:34 +0000 (13:19 -0500)]
libgpg-error: update to 1.42
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Daniel Golle [Mon, 10 May 2021 02:42:01 +0000 (03:42 +0100)]
lvm2: update to version 2.03.12
Two notable changes are devices file and metadata based autoactivation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 10 May 2021 02:17:25 +0000 (03:17 +0100)]
exim: update to version 4.94.2
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 17 Mar 2021 21:09:50 +0000 (21:09 +0000)]
auc: support queue_position status from server
Display position in queue while waiting for build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Michael Heimpold [Sat, 8 May 2021 21:11:22 +0000 (23:11 +0200)]
Merge pull request #15552 from mhei/php7-update
php7: update to 7.4.18
Philip Prindeville [Fri, 7 May 2021 23:28:37 +0000 (17:28 -0600)]
Merge pull request #15575 from pprindeville/strongswan-always-generate-var-strongswan
strongswan: swanctl init script doesn't load connections
Rosen Penev [Fri, 7 May 2021 22:55:52 +0000 (15:55 -0700)]
Merge pull request #15474 from ja-pa/unbound-ttl-neg
unbound: add cache-max-negative-ttl config option
Rosen Penev [Thu, 6 May 2021 21:33:52 +0000 (14:33 -0700)]
Merge pull request #15553 from PolynomialDivision/add-samplicator
samplicator: add samplicator
Rosen Penev [Thu, 6 May 2021 21:32:44 +0000 (14:32 -0700)]
Merge pull request #15539 from ja-pa/tailscale
tailscale: add new package
Sergio E. Nemirowski [Wed, 5 May 2021 18:39:56 +0000 (21:39 +0300)]
vim: install vimdiff symlink for vim-full
vim-full comes with diff feature
Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
Andy Walsh [Thu, 6 May 2021 09:03:26 +0000 (11:03 +0200)]
samba4: update to 4.13.8
* update to 4.13.8
* remove faulty io_uring kernel detection
* fixes CVE's: CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2021-20254
* resolves #15512
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Florian Eckert [Thu, 6 May 2021 10:16:09 +0000 (12:16 +0200)]
Merge pull request #15537 from aaronjg/mwan3/notrack
mwan3: allow interfaces with no tracking IPs
Florian Eckert [Thu, 6 May 2021 10:15:34 +0000 (12:15 +0200)]
Merge pull request #15562 from TDT-AG/pr/
20200503-mwan3
mwan3: update ubus status for no tracked interfaces
Philip Prindeville [Wed, 5 May 2021 17:40:19 +0000 (11:40 -0600)]
strongswan: swanctl init script doesn't load connections
Fixes issue #15446
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Wed, 5 May 2021 17:35:51 +0000 (11:35 -0600)]
Merge pull request #15554 from pprindeville/fix-dhcp-route-whitespaces
isc-dhcpd: handle extra spaces in routes
Alexandru Ardelean [Tue, 4 May 2021 12:20:29 +0000 (15:20 +0300)]
tcpreplay: bump to version 4.3.4
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dobroslaw Kijowski [Tue, 4 May 2021 07:36:33 +0000 (09:36 +0200)]
adguardhome: bump to 0.106.1
* Create working directory when it is not present. Apparently
some recent change made adguardhome fail to start when working
directory is missing.
* Full changelog available at:
* https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Alexandru Ardelean [Wed, 28 Apr 2021 07:39:11 +0000 (10:39 +0300)]
stress-ng: bump to version 0.12.07
Refreshed patch.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Javier Marcet [Tue, 4 May 2021 07:57:38 +0000 (07:57 +0000)]
python-dotenv: update to v0.17.1
Signed-off-by: Javier Marcet <javier@marcet.info>
Rosen Penev [Wed, 5 May 2021 03:16:05 +0000 (20:16 -0700)]
Merge pull request #15566 from BKPepe/hwdata
hwdata: update to version 0.347
Dirk Brenken [Tue, 4 May 2021 18:06:41 +0000 (20:06 +0200)]
Merge pull request #15572 from dibdot/banip
banip: update to 0.7.8
Dirk Brenken [Tue, 4 May 2021 14:32:35 +0000 (16:32 +0200)]
banip: update to 0.7.8
* fix pid file processing of the background monitor plus child
processes (bug reported in the forum)
* made the enabled/disabled switch of the background monitor functional
Signed-off-by: Dirk Brenken <dev@brenken.org>
Nick Hainke [Fri, 30 Apr 2021 21:57:09 +0000 (23:57 +0200)]
samplicator: add samplicator
Samplicator receives UDP datagrams on a given port and resends those
datagrams to a specified set of receivers.
Use Cases:
- replicate Flow Samples to multiple receivers
- use with conntrackd to synchronize via unicast to multiple targets
Signed-off-by: Nick Hainke <vincent@systemli.org>
Josef Schlehofer [Mon, 3 May 2021 18:00:46 +0000 (20:00 +0200)]
hwdata: update to version 0.347
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Jan Pavlinec [Mon, 3 May 2021 11:38:44 +0000 (13:38 +0200)]
libmaxminddb: update to version 1.6.0
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Mon, 3 May 2021 11:23:11 +0000 (13:23 +0200)]
python-typing-extensions: update to version 3.10.0.0
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Eneas U de Queiroz [Mon, 3 May 2021 14:30:53 +0000 (11:30 -0300)]
Merge pull request #15532 from dangowrt/bunch-of-updates
a bunch of package updates
Florian Eckert [Mon, 3 May 2021 08:52:26 +0000 (10:52 +0200)]
mwan3: update ubus status for not tracked interfaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 3 May 2021 08:51:44 +0000 (10:51 +0200)]
mwna3: fix whitespace
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Philip Prindeville [Sat, 1 May 2021 02:39:10 +0000 (20:39 -0600)]
isc-dhcpd: handle extra spaces in routes
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Aaron Goodman [Wed, 28 Apr 2021 23:42:38 +0000 (19:42 -0400)]
mwan3: allow interfaces with no tracking IPs
In the procd refactor, support for interfaces with no tracking IPs was
inadvertentiy removed. This commit restores the previous behavior
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Hannu Nyman [Sat, 1 May 2021 20:50:21 +0000 (23:50 +0300)]
nano: update version to 5.7
Upgrade nano editor to version 5.7.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Christian Lachner [Sat, 1 May 2021 09:06:22 +0000 (11:06 +0200)]
haproxy: Update HAProxy to v2.2.14
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Josef Schlehofer [Sat, 1 May 2021 10:32:55 +0000 (12:32 +0200)]
Merge pull request #14237 from commodo/python-abi-version
python3: introduce libpython3 with ABI_VERSION flag
Olivier Poitrey [Fri, 30 Apr 2021 15:51:07 +0000 (15:51 +0000)]
nextdns: Update to version 1.32.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Michael Heimpold [Fri, 30 Apr 2021 19:39:13 +0000 (21:39 +0200)]
php7: update to 7.4.18
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Dirk Brenken [Fri, 30 Apr 2021 15:05:16 +0000 (17:05 +0200)]
Merge pull request #15547 from dibdot/adblock
adblock: update to 4.1.2
Dirk Brenken [Fri, 30 Apr 2021 10:02:21 +0000 (12:02 +0200)]
adblock: update to 4.1.2
* preserve DNS cache after adblock processing (unbound & bind)
* fix redirect issue with oisd basic url
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Hirokazu MORIKAWA [Fri, 30 Apr 2021 03:48:52 +0000 (12:48 +0900)]
icu: add ABI_VERSION
To prevent inconsistencies in the coming version (69.1).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Paul Spooren [Thu, 29 Apr 2021 21:09:22 +0000 (23:09 +0200)]
attendedsysupgrade-common: update to 2021
* Use $(COMMITCOUNT)
* Use SPDX
* Use CA (ucert) public key
* Update repo link
* Update maintainer email
* Format description
Signed-off-by: Paul Spooren <mail@aparcar.org>
Michael Heimpold [Fri, 30 Apr 2021 03:40:44 +0000 (05:40 +0200)]
Merge pull request #15543 from mhei/php8-update
php8: update to 8.0.5
Noah Meyerhans [Thu, 29 Apr 2021 16:05:26 +0000 (09:05 -0700)]
bind: bump to 9.17.12
Fixes the following security issues:
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Michael Heimpold [Thu, 29 Apr 2021 19:07:13 +0000 (21:07 +0200)]
php8: update to 8.0.5
Also update opcache makefile patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jan Pavlinec [Wed, 28 Apr 2021 12:13:06 +0000 (14:13 +0200)]
tailscale: add new package
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Othmar Truniger [Thu, 29 Apr 2021 05:29:56 +0000 (07:29 +0200)]
knxd: pumb to upstream version 0.14.51
Signed-off-by: Othmar Truniger <github@truniger.ch>
Dobroslaw Kijowski [Wed, 28 Apr 2021 19:14:20 +0000 (21:14 +0200)]
adguardhome: bump to 0.106.0
* Full changelog available at:
* https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.0
* Add build time LDFLAG introduced in commit [1].
[1]: https://github.com/AdguardTeam/AdGuardHome/commit/
1d07afb30ee9ff00de72182200b7e1c6d1606d77#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R67
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Daniel Golle [Wed, 28 Apr 2021 18:06:38 +0000 (19:06 +0100)]
python-gnupg: update to version 0.4.7
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 18:01:36 +0000 (19:01 +0100)]
perl-mail-spamassassin: update to version 3.4.6
Fixes CVE-2020-1946
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 18:01:01 +0000 (19:01 +0100)]
perl-net-dns: update to version 1.30
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:51:43 +0000 (18:51 +0100)]
opentracker: update to git HEAD
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:46:03 +0000 (18:46 +0100)]
libksba: update to version 1.5.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:45:06 +0000 (18:45 +0100)]
libinput: update to version 1.17.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:42:56 +0000 (18:42 +0100)]
libextractor: update to version 1.11
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:40:23 +0000 (18:40 +0100)]
libassuan: update to version 2.5.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:38:31 +0000 (18:38 +0100)]
Jinja2: update to version 2.11.3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 17:19:25 +0000 (18:19 +0100)]
gnunet-fuse: update to version 0.14.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 16:57:17 +0000 (17:57 +0100)]
debian-archive-keyring: update to 2021.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 28 Apr 2021 16:54:49 +0000 (17:54 +0100)]
exfatprogs: update to version 1.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Alexandru Ardelean [Tue, 15 Dec 2020 09:07:21 +0000 (11:07 +0200)]
python3: introduce libpython3 with ABI_VERSION flag
Related to discussion:
https://github.com/openwrt/packages/pull/14060
Every once in a while a version bump will occur that requires an ABI
change. Example: Python 3.8 to 3.9. When this happens some Python packages
would need to be rebuilt. In setups where everything gets rebuilt, this
isn't a problem.
It's usually a bigger problem when needing to upgrade something via
opkg.
To accommodate for this, we add a libpython with it's own ABI_VERSION
flag. If this ABI_VERSION changes, then this should propagate forward.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Hirokazu MORIKAWA [Tue, 27 Apr 2021 02:05:12 +0000 (11:05 +0900)]
libupm: Disable node.js support
Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Rosen Penev [Wed, 28 Apr 2021 01:53:59 +0000 (18:53 -0700)]
Merge pull request #15516 from ja-pa/engineio-socketio-update
python-engineio & python-socketio: package update
Aleksander Jan Bajkowski [Thu, 22 Apr 2021 11:20:46 +0000 (13:20 +0200)]
net-tools: bump to 2.10
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
Hirokazu MORIKAWA [Tue, 27 Apr 2021 02:07:04 +0000 (11:07 +0900)]
libmraa: Disable node.js support
Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Josef Schlehofer [Tue, 27 Apr 2021 22:08:33 +0000 (00:08 +0200)]
Merge pull request #15525 from
1715173329/xray
xray-core: remove PROVIDES
Jan Hak [Tue, 27 Apr 2021 11:08:21 +0000 (13:08 +0200)]
libedit: update to version
20210419-3.1
Signed-off-by: Jan Hak <jan.hak@nic.cz>
Moritz Warning [Tue, 27 Apr 2021 15:13:27 +0000 (17:13 +0200)]
zerotier: update to 1.6.5
Minor ZeroTier update. Refreshed patches.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Josef Schlehofer [Tue, 27 Apr 2021 22:01:16 +0000 (00:01 +0200)]
Merge pull request #15517 from
1715173329/yq
yq: Update to 4.7.1
Josef Schlehofer [Tue, 27 Apr 2021 22:00:29 +0000 (00:00 +0200)]
Merge pull request #15515 from ja-pa/gitlab-runner-13.11.0
gitlab-runner: update to version 13.11.0
Josef Schlehofer [Tue, 27 Apr 2021 22:00:11 +0000 (00:00 +0200)]
Merge pull request #15514 from ja-pa/redis-6.2.2
redis: update to version 6.2.2
Tianling Shen [Tue, 27 Apr 2021 11:51:57 +0000 (19:51 +0800)]
xray-core: use `$(INSTALL_DATA)` to install configuration files
Using `$(INSTALL_CONF)` will cause the program has no access to
configurations file when someone enabled the selinux support.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 27 Apr 2021 11:42:41 +0000 (19:42 +0800)]
xray-core: remove PROVIDES
Xray now is no longer planning to keep compatibility with original
v2ray. Remove PROVIDES before it is totally broken.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Daniel Golle [Mon, 26 Apr 2021 18:19:10 +0000 (19:19 +0100)]
uvol: fix emmitting ubus event when removing UBI volume
In case a volume which is down is removed, no ubus event needs to be
fired. Don't try.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 26 Apr 2021 18:16:19 +0000 (19:16 +0100)]
auc: compare versions using dpkg/opkg's verrevcmp
Using strcmp() to compare a version string doesn't work well.
Use verrevcmp() function from opkg instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tianling Shen [Mon, 26 Apr 2021 11:18:02 +0000 (19:18 +0800)]
yq: Update to 4.7.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Jan Pavlinec [Mon, 26 Apr 2021 10:38:11 +0000 (12:38 +0200)]
python-socketio: update to version 5.2.1
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Mon, 26 Apr 2021 10:37:31 +0000 (12:37 +0200)]
python-engineio: update to version 4.1.0
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Mon, 26 Apr 2021 10:13:30 +0000 (12:13 +0200)]
gitlab-runner: update to version 13.11.0
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Pavlinec [Mon, 26 Apr 2021 09:49:33 +0000 (11:49 +0200)]
redis: update to version 6.2.2
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Karl Palsson [Mon, 26 Apr 2021 09:36:49 +0000 (09:36 +0000)]
net/mosquitto: port is optional in root config
From mosquitto 2.x, port became optional and deprecated in the config,
and it was recommended that listeners be used instead. Drop the hard
requirement in our config conversion script.
Reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: <karlp@etactica.com>
Karl Palsson [Mon, 26 Apr 2021 09:34:52 +0000 (09:34 +0000)]
net/mosquitto: fix log_type conversion in config
As reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: Karl Palsson <karlp@etactica.com>
Rosen Penev [Sun, 18 Apr 2021 03:09:37 +0000 (20:09 -0700)]
dbus: fix new cmake build
CMake was using the wrong paths. Fix them up.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Peter van Dijk [Sun, 25 Apr 2021 13:00:48 +0000 (15:00 +0200)]
h2o: only install one copy of the .so
I noticed that the package contained 3 identical copies of the lib:
root@
52170cbc2408:/# ls -ali /usr/lib/libh2o*
162653 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so
162660 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13
162661 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13.6
so this commit fixes that:
root@
472ad3a8404e:/# ls -ali /usr/lib/libh2o*
289858 lrwxrwxrwx 1 root root 21 Apr 25 12:43 /usr/lib/libh2o-evloop.so -> libh2o-evloop.so.0.13
289859 lrwxrwxrwx 1 root root 23 Apr 25 12:43 /usr/lib/libh2o-evloop.so.0.13 -> libh2o-evloop.so.0.13.6
289860 -rw-r--r-- 1 root root 348857 Apr 25 12:41 /usr/lib/libh2o-evloop.so.0.1
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Peter van Dijk [Sun, 25 Apr 2021 13:00:39 +0000 (15:00 +0200)]
h2o: remove useless ruby dependency
h2o is the library dnsdist uses to offer DNS over HTTPS to clients. dnsdist is the only user of h2o in this tree.
While h2o can depend on Ruby (to build mruby support), this is disabled in the OpenWRT build of h2o. Hence, the Ruby dependency is unnecessary, and removing it saves a few megabytes of disk space.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Mirko Vogt [Sun, 25 Apr 2021 15:16:28 +0000 (17:16 +0200)]
Merge pull request #15511 from PowerDNS/unbound-htpps
unbound: fix typo in assist name of https-dns-proxy
Peter van Dijk [Sun, 25 Apr 2021 14:16:23 +0000 (16:16 +0200)]
unbound: fix typo in assist name of https-dns-proxy
I left the old version in, in case users have configs that already correct for this error.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Rosen Penev [Sun, 25 Apr 2021 09:00:13 +0000 (02:00 -0700)]
Merge pull request #15507 from hswong3i/master-SQUID_enable-ssl-crtd
squid: Enable dynamic SSL certificate generation
Tao Gong [Tue, 20 Apr 2021 22:46:28 +0000 (22:46 +0000)]
conntrack-tools: add a patch to fix endianness issue
Signed-off-by: Tao Gong <gongtao0607@gmail.com>
Wong Hoi Sing Edison [Sun, 25 Apr 2021 02:38:14 +0000 (10:38 +0800)]
squid: Enable dynamic SSL certificate generation
Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
Aleksander Jan Bajkowski [Sun, 4 Apr 2021 20:16:03 +0000 (22:16 +0200)]
coremark: bump to 2021-03-12
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
Rosen Penev [Sat, 24 Apr 2021 08:27:35 +0000 (01:27 -0700)]
ksmbd: update to 3.3.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 24 Apr 2021 09:18:40 +0000 (02:18 -0700)]
ksmbd-tools: update to 3.3.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Leonardo Mörlein [Sun, 11 Apr 2021 23:30:48 +0000 (01:30 +0200)]
uacme: add use_auto_staging
Staging certificates have the advantage that their retry limits are loose.
Therefore they can be obtained quickly when automatic retries are used.
Unfortunately they can not be used for deployments because their CA is not
accepted by clients. Production certificates do not have this limitation, but
their retry limits are strict. For production certificates, automatic retries
can only be performed a few times per hour. This makes automatic obtainment of
certificates tenacious.
With use_auto_staging=1, the advantages of the two certificate types are
combined. Uacme will first obtain a staging certificate. When the staging
certificate is successfully obtained, uacme will switch and obtain a production
certificate. Since the staging certificate has already been successfully
obtained, we can ensure that the production certificate is successfully
obtained in the first attempt. This means that "retries" are performed on the
staging certificate and the production certificate is obtained in the first
attempt.
In summary, this feature enables fast obtaining of production certificates when
automatic retries are used.
By default, this feature is set to use_auto_staging=0, which means that
uacme will behave as before by default.
Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
Leonardo Mörlein [Sun, 11 Apr 2021 23:30:39 +0000 (01:30 +0200)]
uacme: do not override production state dir variable
With this commit, issue_cert() can be called multiple times alternating
between staging and production certificates within a script.
Before this commit, the production state dir was stored in $STATE_DIR.
But in the case of $use_staging=1, this variable was overwritten in
issue_cert() with $STAGING_STATE_DIR. This made it impossible to call
issue_cert() with $use_staging=0 afterwards. Now the production state
dir is stored in $PRODUCTION_STATE_DIR. This way it is not overridden
anymore and issue_cert() can be called multiple times alternating with
production and staging.
Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
Rosen Penev [Sat, 24 Apr 2021 08:16:24 +0000 (01:16 -0700)]
Merge pull request #15466 from cotequeiroz/mutt
mutt: don't use host mailpath definition
Oldřich Jedlička [Sat, 9 Jan 2021 20:41:40 +0000 (21:41 +0100)]
fwknop: Remove unnecessary get_bool() function.
The get_bool() functionality was already merged to lib/functions.sh, so
it is redundant in the init script. Remove it.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Oskari Rauta [Wed, 21 Apr 2021 00:58:42 +0000 (03:58 +0300)]
gummiboot: add new package
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Wed, 21 Apr 2021 00:54:18 +0000 (03:54 +0300)]
gnu-efi: add new package
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Rosen Penev [Sat, 24 Apr 2021 08:04:44 +0000 (01:04 -0700)]
Merge pull request #15505 from gstrauss/lighttpd-1.4.59-2
lighttpd: patches from upstream
Glenn Strauss [Fri, 23 Apr 2021 23:06:27 +0000 (19:06 -0400)]
lighttpd: patches from upstream
- ignore Content-Length from backend if 101 Switching Protocols
- close HTTP/2 connection after bad password
- skip cert chain build for self-issued certs
- meson zstd fix
- ls-hpack upstream update
- discard some HTTP/2 DATA frames received after response
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
projects / feed / packages.git / log