feed/packages.git
23 months agolibarchive: add missing CONFLICT 20155/head
Michal Vasilek [Thu, 22 Dec 2022 12:05:51 +0000 (13:05 +0100)]
libarchive: add missing CONFLICT

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agolibarchive: fix CVE-2022-36227
Michal Vasilek [Thu, 22 Dec 2022 10:16:29 +0000 (11:16 +0100)]
libarchive: fix CVE-2022-36227

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agolibarchive: update to 3.5.3
Michal Vasilek [Thu, 22 Dec 2022 10:16:02 +0000 (11:16 +0100)]
libarchive: update to 3.5.3

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agolibarchive: update to 3.5.2
Rosen Penev [Sun, 19 Sep 2021 07:52:57 +0000 (00:52 -0700)]
libarchive: update to 3.5.2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 537f743c492bac2385db19fd26bd3924d8e6ea04)

rebased to remove AUTORELEASE
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agoMerge pull request #16258 from stangri/21.02-curl
Rosen Penev [Tue, 3 Aug 2021 19:21:13 +0000 (12:21 -0700)]
Merge pull request #16258 from stangri/21.02-curl

[21.02] curl: enable HTTP/2 support by default

3 years agoMerge pull request #16275 from stangri/21.02-simple-adblock
Stan Grishin [Mon, 2 Aug 2021 07:25:40 +0000 (00:25 -0700)]
Merge pull request #16275 from stangri/21.02-simple-adblock

[21.02] simple-adblock: update to 1.8.7-6

3 years agosimple-adblock: update to 1.8.7-6 16275/head
Stan Grishin [Mon, 2 Aug 2021 06:34:17 +0000 (06:34 +0000)]
simple-adblock: update to 1.8.7-6

* supports newer shellcheck
* restore EXTRA_COMMANDS compatibility with 19.07
* move status display from various functions to status_service
* bugfix: status_service line break after output
* minor arythmetic fix in status_service

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoMerge pull request #16253 from stangri/21.02-https-dns-proxy
Stan Grishin [Mon, 2 Aug 2021 05:58:28 +0000 (22:58 -0700)]
Merge pull request #16253 from stangri/21.02-https-dns-proxy

[21.02] https-dns-proxy: update to 2021-07-29-1

3 years agoMerge pull request #16266 from nxhack/2102_node_14174
Rosen Penev [Sun, 1 Aug 2021 20:29:40 +0000 (13:29 -0700)]
Merge pull request #16266 from nxhack/2102_node_14174

[21.02] node: bump to 14.17.4

3 years agoMerge pull request #16264 from mhei/21.02-php8-update
Michael Heimpold [Sun, 1 Aug 2021 10:32:47 +0000 (12:32 +0200)]
Merge pull request #16264 from mhei/21.02-php8-update

[21.02] php8 update to 8.0.9

3 years agoMerge pull request #16267 from mhei/21.02-php7-update
Michael Heimpold [Sun, 1 Aug 2021 10:32:25 +0000 (12:32 +0200)]
Merge pull request #16267 from mhei/21.02-php7-update

[21.02] php7: update to 7.4.22

3 years agoMerge pull request #16265 from mhei/libxml2-update
Michael Heimpold [Sun, 1 Aug 2021 10:31:30 +0000 (12:31 +0200)]
Merge pull request #16265 from mhei/libxml2-update

[21.02] libxml2: update to 2.9.12

3 years agophp7: update to 7.4.22 16267/head
Michael Heimpold [Mon, 7 Jun 2021 04:47:21 +0000 (06:47 +0200)]
php7: update to 7.4.22

This fixes:
    - CVE-2021-21704
    - CVE-2021-21705

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commits
  - 555d0c9a291cb9ffaefaa22da36095613857e10f
  - f15aba89f725f31d03edd95e03547670ca994e47
  - 741d6d6768e4d3d9a85d83fb7a6dce422cefde5a)

3 years agolibxml2: update to 2.9.12 16265/head
Michael Heimpold [Tue, 18 May 2021 22:12:32 +0000 (00:12 +0200)]
libxml2: update to 2.9.12

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 6b932d3ff77c63fe01080139c147c86da12f0c88)

3 years agophp8: add CI runtime test 16264/head
Michael Heimpold [Thu, 29 Jul 2021 20:20:45 +0000 (22:20 +0200)]
php8: add CI runtime test

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2dad6524460a62f879e0df2786090d99e6c837fa)

3 years agophp8: update to 8.0.9
Michael Heimpold [Thu, 29 Apr 2021 19:07:13 +0000 (21:07 +0200)]
php8: update to 8.0.9

Also update opcache makefile patch.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commits
 - 5e82e6be718186aab63b71f9396732cd341f924c
 - 0154157b6c6ef5f2907dca0aa3c14588cfc196d2
 - 961b7c5a25be907d9b89d3b18cd83618d8e38453
 - 7ddd5280d48609cad139e80774a57cc6c51921ee
 - 9080dce60f8c3013747058971b9af38867ba1073)

3 years agonode: bump to 14.17.4 16266/head
Hirokazu MORIKAWA [Sat, 31 Jul 2021 02:30:27 +0000 (11:30 +0900)]
node: bump to 14.17.4

July 2021 Security Releases:

Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agocurl: enable HTTP/2 support by default 16258/head
Stan Grishin [Fri, 30 Jul 2021 23:20:34 +0000 (23:20 +0000)]
curl: enable HTTP/2 support by default

Description: Lack of support of HTTP/2 by default starts to hurt,
for example with https-dns-proxy package, some DoH resolvers (like mullvad)
no longer support HTTP/1 and are not usable.

This enables HTTP/2 support by default (which would bring ~68Kb libnghttp).

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agohttps-dns-proxy: update to 2021-07-29-01 16253/head
Stan Grishin [Fri, 30 Jul 2021 00:02:42 +0000 (00:02 +0000)]
https-dns-proxy: update to 2021-07-29-01

* update binary to the latest commit (2021-07-29) to fix #16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agonextdns: Update to version 1.35.0
Olivier Poitrey [Thu, 29 Jul 2021 23:34:26 +0000 (23:34 +0000)]
nextdns: Update to version 1.35.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agodawn: update to 2021-07-27
Nick Hainke [Tue, 27 Jul 2021 13:49:48 +0000 (15:49 +0200)]
dawn: update to 2021-07-27

276ca16 msghandler: fix rrm array parsing
1e4871d datastorage: debug rrm capabilities

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 6582979678714d4c71276adf4caa6e09f8f3c76b)

3 years agotravelmate: update to 2.0.4
Dirk Brenken [Sun, 25 Jul 2021 19:41:58 +0000 (21:41 +0200)]
travelmate: update to 2.0.4

* code cleanup
* add auto login script for Julianahoeve beach resort (NL)
* add auto login script for Vodafone hotspots (DE)
* add auto login script for telekom hotspots (DE)
* enhance captive portal detection to support html redirects as well
* change default captive portal detection url to
  'detectportal.firefox.com'

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 380a5110b4d8df56c2a66c78657ee84bbcd611d3)

3 years agoMerge pull request #16145 from stangri/21.02-vpn-policy-routing
Stan Grishin [Tue, 27 Jul 2021 03:36:14 +0000 (20:36 -0700)]
Merge pull request #16145 from stangri/21.02-vpn-policy-routing

[21.02] vpn-policy-routing: update to 0.3.5-1

3 years agoadblock: bugfix 4.1.3-3
Dirk Brenken [Mon, 26 Jul 2021 15:40:13 +0000 (17:40 +0200)]
adblock: bugfix 4.1.3-3

* fix regex to prepare google safesearch domains

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 69a2a68c31b2abf93786c337db55088115c3aa42)

3 years agolibrouteros: don't build docs
Rosen Penev [Thu, 22 Jul 2021 22:25:50 +0000 (15:25 -0700)]
librouteros: don't build docs

Fixes compilation without host pod2man.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e41fd1794be2e8cc78c3df4bc4f4e05100eda959)

3 years agoMerge pull request #16213 from 1715173329/yq-2102
Josef Schlehofer [Sat, 24 Jul 2021 15:27:40 +0000 (17:27 +0200)]
Merge pull request #16213 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.11.2

3 years agoyq: Update to 4.11.2 16213/head
Tianling Shen [Sat, 24 Jul 2021 10:27:59 +0000 (18:27 +0800)]
yq: Update to 4.11.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d8fcfb062814fb6b5cee97f35373f864cf4dd00d)

3 years agosyslog-ng: update to version 3.33.2
Josef Schlehofer [Wed, 21 Jul 2021 21:28:05 +0000 (23:28 +0200)]
syslog-ng: update to version 3.33.2

Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4b06f9ff4c3c5abe54ccd9248de9cf52f198d63d)

3 years agoddns-scripts: use https for google ipv6 ddns url
Scott Lamb [Thu, 15 Jul 2021 18:24:59 +0000 (11:24 -0700)]
ddns-scripts: use https for google ipv6 ddns url

This matches an ipv4 change in 21f5cdd2fa and has the same rationale.
Google requires https for both ipv6 and ipv6.

Signed-off-by: Scott Lamb <slamb@slamb.org>
(cherry picked from commit e5f45b94c0ecfd9548d2efa7bba04e014dc66bf3)

3 years agoerlang: disable PIE
Rosen Penev [Sun, 11 Jul 2021 09:01:06 +0000 (02:01 -0700)]
erlang: disable PIE

Fails to compile with it on.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5685d9226860a2a008bbcf8d8cf9aae212afa904)

3 years agoyggdrasil: bump to 0.4.0
George Iv [Mon, 19 Jul 2021 12:46:16 +0000 (15:46 +0300)]
yggdrasil: bump to 0.4.0

- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit e135c4c86764f84339bba44d87153ed7db14d396)

3 years agoMerge pull request #16165 from stangri/21.02-vpnbypass
Rosen Penev [Wed, 21 Jul 2021 03:55:51 +0000 (20:55 -0700)]
Merge pull request #16165 from stangri/21.02-vpnbypass

[21.02] vpnbypass: update to 1.3.2-1

3 years agovpnbypass: updates to 1.3.2-1 16165/head
Stan Grishin [Sun, 18 Jul 2021 19:45:37 +0000 (19:45 +0000)]
vpnbypass: updates to 1.3.2-1

bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoMerge pull request #16154 from nwidger/niels/delve-1.7.0-openwrt-21.02
Rosen Penev [Tue, 20 Jul 2021 09:14:50 +0000 (02:14 -0700)]
Merge pull request #16154 from nwidger/niels/delve-1.7.0-openwrt-21.02

[openwrt-21.02] delve: Update to 1.7.0

3 years agoMerge pull request #16156 from 1715173329/yq-2102
Rosen Penev [Tue, 20 Jul 2021 09:14:18 +0000 (02:14 -0700)]
Merge pull request #16156 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.11.0

3 years agoRevert "net/miniupnpd: ext_ip_reserved_ignore support"
Josef Schlehofer [Mon, 19 Jul 2021 11:55:52 +0000 (13:55 +0200)]
Revert "net/miniupnpd: ext_ip_reserved_ignore support"

This patch is causing several issues [1], which then were reported to
upstream [2] and it was not accepted by upstream [3]. This results that
nobody maintain this custom patch and it is not useful as it is changing
addr_is_reserved behavior.

[1] https://github.com/openwrt/packages/issues/15258
[2] https://github.com/miniupnp/miniupnp/issues/542
[3] https://github.com/miniupnp/miniupnp/pull/511

This reverts commit b76aa9919489f49b472a8f939f6d46ca33d05f64.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 107f3376b5114cd17c115e25026b031bd439e9be)

3 years agoknot: update to version 3.0.8
Jan Hak [Mon, 19 Jul 2021 14:50:43 +0000 (16:50 +0200)]
knot: update to version 3.0.8

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 5f374929cfdf59fd1b2ec558cd024f5b301d3169)

3 years agoknot: update to version 3.0.7
Jan Hak [Mon, 21 Jun 2021 08:52:32 +0000 (10:52 +0200)]
knot: update to version 3.0.7

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 8d66f49baef164e6c7a621dd7e72328f62f242f4)

3 years agoyq: Update to 4.11.0 16156/head
Tianling Shen [Mon, 19 Jul 2021 14:14:58 +0000 (22:14 +0800)]
yq: Update to 4.11.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a5f657ecf791faca53ab85393a8fc0ddc4de8683)

3 years agodelve: Update to 1.7.0 16154/head
Niels Widger [Mon, 19 Jul 2021 12:35:46 +0000 (08:35 -0400)]
delve: Update to 1.7.0

See
https://github.com/go-delve/delve/blob/master/CHANGELOG.md#170-2021-07-19
for changes.

Signed-off-by: Niels Widger <niels@qacafe.com>
(cherry picked from 098d61ca1)

3 years agoMerge pull request #16150 from jefferyto/golang-1.16.6-openwrt-21.02
Rosen Penev [Mon, 19 Jul 2021 10:38:16 +0000 (03:38 -0700)]
Merge pull request #16150 from jefferyto/golang-1.16.6-openwrt-21.02

[openwrt-21.02] golang: Update to 1.16.6

3 years agogolang: Update to 1.16.6 16150/head
Jeffery To [Sun, 18 Jul 2021 22:44:52 +0000 (06:44 +0800)]
golang: Update to 1.16.6

Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit c0c62227bd23e0ad9b3a0db1a907bc5bf18579c8)

3 years agoMerge pull request #16147 from luizluca/21.02/sane-fix_backport
Rosen Penev [Sun, 18 Jul 2021 04:30:46 +0000 (21:30 -0700)]
Merge pull request #16147 from luizluca/21.02/sane-fix_backport

[21.02] sane-backends fix usbid generation (backport)

3 years agosane-backends: use macros (properly), remove chmod 16147/head
Sebastian Kemper [Sat, 17 Jul 2021 12:03:40 +0000 (14:03 +0200)]
sane-backends: use macros (properly), remove chmod

- use $(INSTALL_DIR) instead of mkdir
- using $(INSTALL_CONF) and then running chmod is pointless, use
  $(INSTALL_DATA) directly
- /etc/xinetd.d/sane-port doesn't need read protection from non-root
  users, use $(INSTALL_DATA) as well

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit f37006c2e641882dde01512f8a035bf42c6f46b8)

3 years agosane-backends: fix usbid file generation
Sebastian Kemper [Sat, 17 Jul 2021 11:55:46 +0000 (13:55 +0200)]
sane-backends: fix usbid file generation

On some build systems (build bots, Debian Buster for example) the
current mechanism in the Build/Install define doesn't run. Replace it
with shell fu that works.

Issue was reported, see [1].

[1] https://github.com/openwrt/packages/issues/16085

Fixes #16085

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 977109e28613820ff451908289ff6e4cc671ec32)

3 years agovpn-policy-routing: update to 0.3.5-1 16145/head
Stan Grishin [Sun, 18 Jul 2021 00:30:49 +0000 (00:30 +0000)]
vpn-policy-routing: update to 0.3.5-1

support for 21.02.0-rc2 and up
support for reloading a single interface on ifup/ifupdate
rename config file
updated shellcheck compatibility
remove obsolete create/remove_lock
interface processing optimizations to speed up reloads
drop dependency on curl in user scripts
uniform styling of functions

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agostress-ng: bump to version 0.12.10
Alexandru Ardelean [Mon, 24 May 2021 16:21:05 +0000 (19:21 +0300)]
stress-ng: bump to version 0.12.10

Patch `010-soft-float.patch` can be dropped.
It was upstreamed via https://github.com/ColinIanKing/stress-ng/pull/126

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 6f48074e79fd5185798d2bf60583313d93cfde6c)

3 years agostress-ng: bump to version 0.12.07
Alexandru Ardelean [Wed, 28 Apr 2021 07:39:11 +0000 (10:39 +0300)]
stress-ng: bump to version 0.12.07

Refreshed patch.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 96692fa6c181db11bc4b72e073c52b025cbd4c98)

3 years agostress-ng: bump to version 0.12.06
Alexandru Ardelean [Mon, 29 Mar 2021 08:51:51 +0000 (11:51 +0300)]
stress-ng: bump to version 0.12.06

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 940492c577b9f6c36e3f4f4b9ed8c75586871348)

3 years agostress-ng: bump to version 0.12.04
Alexandru Ardelean [Mon, 8 Mar 2021 10:04:53 +0000 (12:04 +0200)]
stress-ng: bump to version 0.12.04

Refreshed patch.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 987c82cc73c3dca39658b36dc3a791aae4cb4d54)

3 years agoruby: update to 3.0.2
Luiz Angelo Daros de Luca [Thu, 15 Jul 2021 16:56:52 +0000 (13:56 -0300)]
ruby: update to 3.0.2

This release fixes some bugs and these vulnerabilities:

* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 1b41e8f641b612e3738ba391cf3ee97d0b8ff288)

3 years agoMerge pull request #16119 from commodo/python-updates1-21.02
Rosen Penev [Thu, 15 Jul 2021 18:44:35 +0000 (11:44 -0700)]
Merge pull request #16119 from commodo/python-updates1-21.02

[21.02] python-{simplejson,cffi}: bump versions

3 years agoMerge pull request #16125 from jefferyto/addrwatch-fixes-openwrt-21.02
Rosen Penev [Thu, 15 Jul 2021 18:42:00 +0000 (11:42 -0700)]
Merge pull request #16125 from jefferyto/addrwatch-fixes-openwrt-21.02

[openwrt-21.02] addrwatch: Various fixes

3 years agoMerge pull request #16128 from 1715173329/yq-2102
Rosen Penev [Thu, 15 Jul 2021 18:41:42 +0000 (11:41 -0700)]
Merge pull request #16128 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.9.8

3 years agodawn: update to 2021-07-11
Nick Hainke [Sun, 11 Jul 2021 12:01:14 +0000 (14:01 +0200)]
dawn: update to 2021-07-11

ec9a3a9 fix GCC11 compilation

Thanks to neheb and cotequeiroz.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ee4616fb43b489003cab957e3a2d6f5f14c6fb97)

3 years agodawn: update to 2021-07-08
Nick Hainke [Thu, 8 Jul 2021 14:45:55 +0000 (16:45 +0200)]
dawn: update to 2021-07-08

555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 163ccbf0236824b29fd2158d3a287dda5e427b00)

3 years agoyq: Update to 4.9.8 16128/head
Tianling Shen [Thu, 15 Jul 2021 09:24:46 +0000 (17:24 +0800)]
yq: Update to 4.9.8

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 855e5b6eb5f84fe8463623cde279d561f5b00264)

3 years agoaddrwatch: Various fixes 16125/head
Jeffery To [Fri, 18 Jun 2021 08:33:55 +0000 (16:33 +0800)]
addrwatch: Various fixes

Makefile changes include:

* Remove USE_UCLIBC, as uclibc is no longer supported

* Package output modules

* Move main binary (back) to /usr/sbin, as it is system administration
  related and requires superuser privileges

New patches:

* 003-add-space-for-null-byte.patch - from
  https://github.com/fln/addrwatch/commit/374cfd2cabe4db9882d8a210adff430cc579f859

* 004-more-specific-library-linking.patch - from
  https://github.com/fln/addrwatch/commit/27b57d9da322fc16c6904d8e35aae4557a3e517b

* 005-use-c99-format-macro-constants.patch - from
  https://github.com/fln/addrwatch/pull/28

Init script changes include:

* Change from explicit disable to explicit enable, so that the service
  is disabled by default and on first install

* Set config option default values to default values of the main binary

* Fix command-line option names and format (from
  https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)

* Always use the --quiet command-line option, as the procd instance is
  not configured to capture stdout/stderr

* Change the syslog config option to start the syslog output module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 31ae85bca963ce240c9e1b8df55294587b079161)

3 years agoyggdrasil: allow HTTPS connections
James Vorderbruggen [Sun, 13 Jun 2021 16:09:57 +0000 (12:09 -0400)]
yggdrasil: allow HTTPS connections

Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
(cherry picked from commit ffff3473966c42133b8faed7d8a120739c5451d4)

3 years agoyggdrasil: bump to 0.3.16
George Iv [Sun, 28 Mar 2021 17:39:44 +0000 (13:39 -0400)]
yggdrasil: bump to 0.3.16

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit 76b642b50ff8a606780c43eef2bb030a60dcdb17)

3 years agopython-cffi: bump to version 1.14.6 16119/head
Alexandru Ardelean [Tue, 13 Jul 2021 08:20:08 +0000 (11:20 +0300)]
python-cffi: bump to version 1.14.6

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit e08b94b7538474812c18fc109f0372bbb2710d1f)

3 years agopython-simplejson: bump to version 3.17.3
Alexandru Ardelean [Tue, 13 Jul 2021 08:13:23 +0000 (11:13 +0300)]
python-simplejson: bump to version 3.17.3

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 3f2d7052743500e993a5f4a39cef0dc0eaac4d60)

3 years agoopenvpn: enable LZO support by default for OpenSSL variant
Etienne Champetier [Sun, 4 Jul 2021 18:14:30 +0000 (14:14 -0400)]
openvpn: enable LZO support by default for OpenSSL variant

User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 03c3c924965a74b650a45394cc424b4d02f333f1)

3 years agosyslog-ng: disable mqtt
Josef Schlehofer [Mon, 12 Jul 2021 14:14:31 +0000 (16:14 +0200)]
syslog-ng: disable mqtt

For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.

---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---

This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e319e89fde0f3c6b3c8ecfffe9bd759c9a44ac15)

3 years agomwan3: bump PKG_VERSION to 2.10.11
Florian Eckert [Wed, 7 Jul 2021 15:16:41 +0000 (17:16 +0200)]
mwan3: bump PKG_VERSION to 2.10.11

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 44d79147ea9d75bb4a5488bf2f600d9c76561e60)

3 years agomwan3: add troublshoot command from LuCI
Florian Eckert [Mon, 5 Jul 2021 14:15:02 +0000 (16:15 +0200)]
mwan3: add troublshoot command from LuCI

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 619b721c2f9b0b1c88f9fde7da75c9e37a060a47)

3 years agomwan3: cleanup help output
Florian Eckert [Mon, 5 Jul 2021 09:26:37 +0000 (11:26 +0200)]
mwan3: cleanup help output

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a9dac71e3d7f2d46f7d051cb8ffe235c49177848)

3 years agosyslog-ng: update to version 3.33.1
Josef Schlehofer [Sun, 11 Jul 2021 18:16:47 +0000 (20:16 +0200)]
syslog-ng: update to version 3.33.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1

- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2b4be08a8c4fbe3d6dec90b91726375e9b38db61)

3 years agoMerge pull request #16088 from turris-cz/21.02/lxc-change-gpgkeyserver
Josef Schlehofer [Sun, 11 Jul 2021 18:44:19 +0000 (20:44 +0200)]
Merge pull request #16088 from turris-cz/21.02/lxc-change-gpgkeyserver

lxc: add patch to switch GPG server

3 years agoapache: update to 2.4.48
Rosen Penev [Wed, 16 Jun 2021 01:36:03 +0000 (18:36 -0700)]
apache: update to 2.4.48

Refreshed patch.

Fixes:

CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6dfd07097de4e737444cf70c62d34453bbf84f7a)

3 years agoMerge pull request #16093 from Andy2244/samba-4.14.5_(21)
Rosen Penev [Sun, 11 Jul 2021 07:10:49 +0000 (00:10 -0700)]
Merge pull request #16093 from Andy2244/samba-4.14.5_(21)

[21.02] samba4: update to 4.14.5

3 years agoMerge pull request #16092 from Andy2244/libtirpc-1.3.2_-21]
Rosen Penev [Sun, 11 Jul 2021 07:10:44 +0000 (00:10 -0700)]
Merge pull request #16092 from Andy2244/libtirpc-1.3.2_-21]

[21.02] libtirpc: update to 1.3.2

3 years agoMerge pull request #16091 from Andy2244/rpcbind-1.2.6_-21]
Rosen Penev [Sun, 11 Jul 2021 07:10:36 +0000 (00:10 -0700)]
Merge pull request #16091 from Andy2244/rpcbind-1.2.6_-21]

[21.02] rpcbind: update to 1.2.6

3 years agoMerge pull request #16090 from Andy2244/softethervpn-5.02.5180_(21)
Rosen Penev [Sun, 11 Jul 2021 07:10:32 +0000 (00:10 -0700)]
Merge pull request #16090 from Andy2244/softethervpn-5.02.5180_(21)

[21.02] softethervpn5: update to 5.02.5180

3 years agoMerge pull request #16094 from Andy2244/wsdd2-git-2021-06-28_(21)
Rosen Penev [Sun, 11 Jul 2021 07:10:26 +0000 (00:10 -0700)]
Merge pull request #16094 from Andy2244/wsdd2-git-2021-06-28_(21)

[21.02] wsdd2: update to git 2021-06-28

3 years agotransmission: add new syscalls to seccomp filter
Daniel Golle [Fri, 9 Jul 2021 01:12:00 +0000 (02:12 +0100)]
transmission: add new syscalls to seccomp filter

Testing showed that additional syscalls are needed on ARMv7.
Add "getegid32", "geteuid32", "getgid32" and "getrandom" as they are
all innocent.
Bump PKG_RELEASE.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1141ee1e5163d0882c0c8ab00c200b797b1ac85f
and commit a78e527012dd0b772bcfbda980b17575410edffd)

3 years agonetdata: update to version 1.30.1
Josef Schlehofer [Wed, 14 Apr 2021 22:39:03 +0000 (00:39 +0200)]
netdata: update to version 1.30.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1d532fa545eef1ebd3ebef6ab41dfd709ad991e1)

3 years agowsdd2: update to git 2021-06-28 16094/head
Andy Walsh [Sat, 10 Jul 2021 19:11:11 +0000 (21:11 +0200)]
wsdd2: update to git 2021-06-28

* update to git 2021-06-28
* add extra startup delay

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
3 years agosamba4: update to 4.14.5 16093/head
Andy Walsh [Sat, 10 Jul 2021 19:09:29 +0000 (21:09 +0200)]
samba4: update to 4.14.5

* update to 4.14.5
* refresh patches

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
3 years agosoftethervpn5: update to 5.02.5180 16090/head
Andy Walsh [Sat, 10 Jul 2021 19:07:47 +0000 (21:07 +0200)]
softethervpn5: update to 5.02.5180

* update to 5.02.5180
* add dep: libsodium

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
3 years agorpcbind: update to 1.2.6 16091/head
Andy Walsh [Sat, 10 Jul 2021 18:56:50 +0000 (20:56 +0200)]
rpcbind: update to 1.2.6

* update to 1.2.6
* remove upstream merged patch

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
3 years agolibtirpc: update to 1.3.2 16092/head
Andy Walsh [Sat, 10 Jul 2021 18:54:53 +0000 (20:54 +0200)]
libtirpc: update to 1.3.2

* update to 1.3.2

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
3 years agolxc: add patch to switch GPG server 16088/head
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server

By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.

Use the same GPG server as LXC is using by default in the newer
releases.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoMerge pull request #16065 from 1715173329/yq-2102
Josef Schlehofer [Thu, 8 Jul 2021 04:22:32 +0000 (06:22 +0200)]
Merge pull request #16065 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.9.7

3 years agoyq: Update to 4.9.7 16065/head
Tianling Shen [Wed, 7 Jul 2021 12:28:06 +0000 (20:28 +0800)]
yq: Update to 4.9.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit faf915e97d070d05c5a27654ebb07389123f26e7)

3 years agoMerge pull request #16050 from nxhack/2102_libuv_CVE-2021-22918
Rosen Penev [Wed, 7 Jul 2021 06:02:17 +0000 (23:02 -0700)]
Merge pull request #16050 from nxhack/2102_libuv_CVE-2021-22918

[21.02] libuv: fix CVE-2021-22918

3 years agopython3: do a simple ls on pip & setuptools if not selected for build
Alexandru Ardelean [Mon, 5 Jul 2021 08:28:38 +0000 (11:28 +0300)]
python3: do a simple ls on pip & setuptools if not selected for build

I seem to forget to check/select setuptools and pip (that come bundled with
Python).
This change will do a simple 'ls' on the 2 wheel files, so that the build
fails even if just building Python.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
3 years agopython3: update to version 3.9.6
Alexandru Ardelean [Mon, 5 Jul 2021 06:28:07 +0000 (09:28 +0300)]
python3: update to version 3.9.6

Refreshed patches.
Bumped pip to 21.1.3.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 44e009364f5a115172f5825fbfd8c0b3730021a5)

3 years agomwan3: use default routes from additional tables
Daniel Golle [Sat, 3 Jul 2021 14:04:33 +0000 (15:04 +0100)]
mwan3: use default routes from additional tables

Until now the additional tables listed in gobal 'rt_table_lookup' were
not considered for interfaces.
In order to be able to also use interface-defined routes from tables
other than main, consider also tables listed in 'rt_table_lookup'.
Update version to 2.10.10 as requested by maintainer.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit cb02b42007878147b514b1cb86246bfa09615d35)

3 years agolibuv: fix CVE-2021-22918 16050/head
Hirokazu MORIKAWA [Tue, 6 Jul 2021 05:02:43 +0000 (14:02 +0900)]
libuv: fix CVE-2021-22918

idna: fix OOB read in punycode decoder

libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.

https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agoMerge pull request #16015 from DeathCamel58/openconnect-backport-iconv/intl-fixes
Nikos Mavrogiannopoulos [Mon, 5 Jul 2021 17:43:08 +0000 (19:43 +0200)]
Merge pull request #16015 from DeathCamel58/openconnect-backport-iconv/intl-fixes

openconnect: backport iconv/intl fix

3 years agoMerge pull request #16042 from commodo/django-bump-21.02
Rosen Penev [Mon, 5 Jul 2021 09:54:56 +0000 (02:54 -0700)]
Merge pull request #16042 from commodo/django-bump-21.02

[21.02] django: bump to version 3.2.5

3 years agodjango: bump to version 3.2.5 16042/head
Alexandru Ardelean [Mon, 5 Jul 2021 07:35:41 +0000 (10:35 +0300)]
django: bump to version 3.2.5

Several bug-fixes.
Fix CVE-2021-35042

Release notes:
  https://docs.djangoproject.com/en/3.2/releases/3.2.5/

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 3ee863421a675c41848261a17df145716a23d907)

3 years agoMerge pull request #16013 from commodo/python-dateutil-21.02
Rosen Penev [Sat, 3 Jul 2021 22:16:37 +0000 (15:16 -0700)]
Merge pull request #16013 from commodo/python-dateutil-21.02

[21.02] python-dateutil: add setuptools-scm build dep

3 years agoMerge pull request #16024 from rs/nextdns-1.34.2-openwrt-21.02
Rosen Penev [Sat, 3 Jul 2021 22:15:37 +0000 (15:15 -0700)]
Merge pull request #16024 from rs/nextdns-1.34.2-openwrt-21.02

[21.02] nextdns: Update to version 1.34.2

3 years agonextdns: Update to version 1.34.2 16024/head
Olivier Poitrey [Fri, 2 Jul 2021 18:54:54 +0000 (18:54 +0000)]
nextdns: Update to version 1.34.2

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agotessdata: uncompress tarball only once to speed up builds
Baptiste Jonglez [Wed, 30 Jun 2021 12:09:42 +0000 (14:09 +0200)]
tessdata: uncompress tarball only once to speed up builds

The previous approach was to uncompress N times a big tarball (638 MB)
where N=130 is the number of supported languages.  Each iteration would
only extract a single file, but it still needs to uncompress the whole
tarball.  This is of course completely inefficient.

Now, we uncompress the tarball only once to extract all relevant files,
and then iterate N times to copy the file needed for each language.

This massively speeds up builds, at the expense of temporarily requiring
more build space (about 1 GB more)

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 7fe513971f4139a52c22bae36097c950731b56f2)

3 years agotessdata: update to 2.1.0
Rosen Penev [Mon, 15 Mar 2021 02:31:02 +0000 (19:31 -0700)]
tessdata: update to 2.1.0

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 37bffba07477a7a7cccddb55adeea4e2c8ae2438)

3 years agoopenconnect: backport iconv/intl fix 16015/head
Dylan Corrales [Fri, 2 Jul 2021 16:11:03 +0000 (12:11 -0400)]
openconnect: backport iconv/intl fix

This was pulled from #14741. #14734 affects me as well on Debian 11.

Signed-off-by: Dylan Corrales <deathcamel58@gmail.com>
3 years agopython-dateutil: add setuptools-scm build dep 16013/head
Alexandru Ardelean [Wed, 30 Jun 2021 14:30:41 +0000 (17:30 +0300)]
python-dateutil: add setuptools-scm build dep

Following:
  https://github.com/openwrt/packages/pull/16004
  https://github.com/openwrt/packages/pull/15995
  https://github.com/openwrt/packages/issues/15988

It seems that dateutil requires setuptools-scm to be installed.
As such, this is being added as a dependency.

Also, bump setuptools-scm to version 6.0.1

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit e2026346cceeb54216090a75c83d527f8c51f321)