feed/packages.git
7 years agoopenldap: update to 2.4.45 4482/head
W. Michael Petullo [Wed, 14 Jun 2017 22:17:41 +0000 (18:17 -0400)]
openldap: update to 2.4.45

Fixes CVE-2017-9287

Signed-off-by: W. Michael Petullo <mike@flyn.org>
7 years agomosquitto: fix empty client-nossl package
Karl Palsson [Wed, 7 Jun 2017 15:40:28 +0000 (15:40 +0000)]
mosquitto: fix empty client-nossl package

Fallout of PROVIDES handling.
Fixes: https://github.com/openwrt/packages/issues/4432
Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agoMerge pull request #4443 from MikePetullo/lede-17.01-libdmapsharing
Hannu Nyman [Tue, 6 Jun 2017 06:50:51 +0000 (09:50 +0300)]
Merge pull request #4443 from MikePetullo/lede-17.01-libdmapsharing

libdmapsharing: update to 2.9.38

7 years agolibdmapsharing: update to 2.9.38 4443/head
W. Michael Petullo [Mon, 5 Jun 2017 21:23:31 +0000 (17:23 -0400)]
libdmapsharing: update to 2.9.38

Signed-off-by: W. Michael Petullo <mike@flyn.org>
7 years agotor: update to version 0.2.9.10
Hauke Mehrtens [Mon, 13 Mar 2017 21:31:21 +0000 (22:31 +0100)]
tor: update to version 0.2.9.10

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agonet/mosquitto: bump to 1.4.12 for CVE-2017-7650
Karl Palsson [Mon, 29 May 2017 10:49:08 +0000 (10:49 +0000)]
net/mosquitto: bump to 1.4.12 for CVE-2017-7650

Dot release, primarily due to CVE-2017-7650 but also rolls up some
earlier patches.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agocanutils: rework recipe
Yegor Yefremov [Fri, 10 Mar 2017 13:56:40 +0000 (14:56 +0100)]
canutils: rework recipe

Don't group any utilities but just list them all as they are.

Fixes:
https://github.com/openwrt/packages/issues/3695

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
7 years agovsftpd: create directory for extra config files
Hannu Nyman [Tue, 9 May 2017 13:30:05 +0000 (16:30 +0300)]
vsftpd: create directory for extra config files

* create /etc/vsftpd directory for extra config files
  like userlist, certificate and key
* modify config file to use that directory
* include that directory in conffiles for backup

* use PKG_HASH
* update URL

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 3f390c55097e6d447c9c788d8b836519127fc1de)

7 years agoMerge pull request #4300 from mrnuke/for-17.01-gpsd
Hannu Nyman [Mon, 8 May 2017 07:14:49 +0000 (10:14 +0300)]
Merge pull request #4300 from mrnuke/for-17.01-gpsd

utils/gpsd: Backport ncurses6 support from master

7 years agognutls: updated to 3.5.11
Nikos Mavrogiannopoulos [Mon, 8 May 2017 03:38:19 +0000 (05:38 +0200)]
gnutls: updated to 3.5.11

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agoocserv: updated to 0.11.8
Nikos Mavrogiannopoulos [Mon, 8 May 2017 03:36:59 +0000 (05:36 +0200)]
ocserv: updated to 0.11.8

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agonet/mosquito: bump to 1.4.11
Karl Palsson [Wed, 5 Apr 2017 14:01:59 +0000 (14:01 +0000)]
net/mosquito: bump to 1.4.11

Full changelog available at:
https://mosquitto.org/2017/02/version-1-4-11-released/

Mostly ipv6 and websockets fixes, but requires a patch (submitted
upstream) to work around an accidental glibc dependency upstream.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agonet/mosquitto: support more config fields in init script
Karl Palsson [Thu, 4 May 2017 11:13:04 +0000 (11:13 +0000)]
net/mosquitto: support more config fields in init script

Adds the "notifications" option which is important when connecting
mosquitto to rabbitmq for instance.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agonet/mosquitto: Added further security configuration options for bridge section
David Thornley [Tue, 2 May 2017 02:08:46 +0000 (12:08 +1000)]
net/mosquitto: Added further security configuration options for bridge section

Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
7 years agonet/mosquitto: use PROVIDES for -client tools also
Karl Palsson [Wed, 5 Apr 2017 13:59:29 +0000 (13:59 +0000)]
net/mosquitto: use PROVIDES for -client tools also

Earlier, PROVIDES handling was clarified for the broker and the library.
Use the same style to properly provide the -client-ssl and -client-nossl
packages.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agoadblock: backport updates to 2.6.2
Dirk Brenken [Sat, 29 Apr 2017 21:01:55 +0000 (00:01 +0300)]
adblock: backport updates to 2.6.2

Backport updates in 2.5.0-2.6.2 from master.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agocollectd: build cpufreq also for armvirt target
Hannu Nyman [Fri, 28 Apr 2017 16:13:56 +0000 (19:13 +0300)]
collectd: build cpufreq also for armvirt target

Enable collectd-mod-cpufreq also for armvirt to make it
available for ipq806x devices in LEDE buildbot builds.

LEDE phase2 buildbot for arm_cortex-a15_neon-vfpv4 that is
the package arch for ipq806x, uses armvirt SDK instead of
ipq806x SDK.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agonano: Update to version 2.7.5
Daniel Albers [Fri, 28 Apr 2017 15:29:16 +0000 (18:29 +0300)]
nano: Update to version 2.7.5

Description: fixes a crash with zero-length regex matches and further updates

Signed-off-by: Daniel Albers <Daniel.Albers@public-files.de>
(cherry picked from commit 249ae1f164d18edaa79aa28a2084857aeeacf365)

7 years agoirqbalance: backport package from master
Hannu Nyman [Thu, 27 Apr 2017 20:44:32 +0000 (23:44 +0300)]
irqbalance: backport package from master

The purpose of irqbalance is to distribute hardware interrupts across
processors/cores on a multiprocessor/-core system in order to increase
performance.

Only the cmd-line tool is compiled and installed.

Run-tested with ipq806x / R7800.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c5913bd12d73c4c781b79c16246a8e9c8d236b8f)
(cherry picked from commit c42ecd05a1c91070bc86b4d8254972562b6e0c67)
(cherry picked from commit a1a96fc9fa8312c87ee997d613e9e9de3f3a82d9)

7 years agoutils/gpsd: Backport ncurses6 support from master 4300/head
Alexandru Gagniuc [Tue, 25 Apr 2017 19:06:39 +0000 (12:06 -0700)]
utils/gpsd: Backport ncurses6 support from master

Because gpsd FTBTS without this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
7 years agoMerge pull request #4279 from equinox0815/collectd-fix-gcrypt-include-path
Hannu Nyman [Thu, 20 Apr 2017 06:19:15 +0000 (09:19 +0300)]
Merge pull request #4279 from equinox0815/collectd-fix-gcrypt-include-path

collectd: fix libgcrypt include dir

7 years agocollectd: fix libgcrypt include dir 4279/head
Christian Pointner [Wed, 19 Apr 2017 21:45:38 +0000 (23:45 +0200)]
collectd: fix libgcrypt include dir

Signed-off-by: Christian Pointner <equinox@spreadspace.org>
7 years agosubversion: add unixodbc dependency
Val Kulkov [Wed, 19 Apr 2017 14:19:18 +0000 (17:19 +0300)]
subversion: add unixodbc dependency

Compile tested: LEDE HEAD

If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.

Fixes the dependency on unixodbc if unixodbc package is selected.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
(cherry picked from commit 06a529df359b6704c383cf4881531f409ebb41b0)

7 years agoMerge pull request #4184 from luizluca/cc/ruby_update
Hannu Nyman [Wed, 19 Apr 2017 12:14:11 +0000 (15:14 +0300)]
Merge pull request #4184 from luizluca/cc/ruby_update

[lede-17.01] ruby: bump to 2.4.1

7 years agocollectd: upstream fix for vulnerabity in network plugin
Hannu Nyman [Wed, 19 Apr 2017 09:20:53 +0000 (12:20 +0300)]
collectd: upstream fix for vulnerabity in network plugin

Backport an upstream fix for a DDoS vulnerability in the
network plugin: CVE-2017-7401

The patch has been adapted from the fix for 5.6 branch,
as 5.5 is already EoL in practice.

Run-tested with R7800/ipq806x.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoMerge pull request #4277 from nxhack/cve_2017_7868
Hannu Nyman [Wed, 19 Apr 2017 09:16:26 +0000 (12:16 +0300)]
Merge pull request #4277 from nxhack/cve_2017_7868

[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868

7 years ago[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868 4277/head
Hirokazu MORIKAWA [Wed, 19 Apr 2017 02:29:47 +0000 (11:29 +0900)]
[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868

icu: CVE-2017-7867 CVE-2017-7868: Heap-buffer-overflow in utf8TextAccess

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
icu: increase PKG_RELEASE

7 years agolua-bencode: download .tar.gz instead of using hg
Hannu Nyman [Tue, 18 Apr 2017 20:33:47 +0000 (23:33 +0300)]
lua-bencode: download .tar.gz instead of using hg

Avoid using 'hg' (Mercurial) to download sources.

'hg' is not an official prerequisite and it is not installed
in all buildslaves in Openwrt and LEDE buildbots, which
leads to frequent build failures.

Download the .tar.gz source archive instead.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 74e53c48425609b4f0adb0b284b71a85e4e40b88)

7 years agodovecot: disable ICU normalization support for FTS #4077
Lucian Cristian [Tue, 18 Apr 2017 19:46:09 +0000 (22:46 +0300)]
dovecot: disable ICU normalization support for FTS #4077

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit a00af843750043d59906a5712254298ddfb30b82)

7 years agodovecot: change the maintainer to me
Lucian Cristian [Mon, 6 Mar 2017 00:14:01 +0000 (02:14 +0200)]
dovecot: change the maintainer to me

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 1c38b1d22f4e83c5b46c5ee37cd110cb19ff5a85)

7 years agolighttpd: disable trigger_b4_dl module due to buildbot failure
Hannu Nyman [Tue, 18 Apr 2017 13:16:37 +0000 (16:16 +0300)]
lighttpd: disable trigger_b4_dl module due to buildbot failure

trigger_b4_dl fails to build in the 17.01 buildbot and that causes
also three other modules to be unbuilt (userdir, usertrack, webdav).

As a quick fix, disable trigger_b4_dl to see if the three missing
modules then build ok in the buildbot.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoRevert "lighttpd: add new modules, upd URLs, add restart()"
Hannu Nyman [Sun, 9 Apr 2017 18:38:28 +0000 (21:38 +0300)]
Revert "lighttpd: add new modules, upd URLs, add restart()"

This reverts commit 18d7593c726938a17c2d7fb23aa9de64fb1e8aa5.

Buildbot did not build the new version successfully due to
krb5 detection problems. Let's revert to the previous version,
so that 17.01.1 can be built in a stable way.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agolighttpd: add new modules, upd URLs, add restart()
Glenn Strauss [Sat, 8 Apr 2017 08:10:59 +0000 (11:10 +0300)]
lighttpd: add new modules, upd URLs, add restart()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
cherry picked from commit 6e788aca0c5c004c3fe493ab31929fec97506070
Hopefully this will fix compilation of some plugins in the 17.01 buildbot.
signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

7 years agoMerge pull request #4238 from EricLuehrsen/unbound_17_01
Hannu Nyman [Thu, 6 Apr 2017 07:19:48 +0000 (10:19 +0300)]
Merge pull request #4238 from EricLuehrsen/unbound_17_01

[lede-17.01] unbound: merge trunk bugfixes for March 2017

7 years agounbound: improve interface trigger behavior 4238/head
Eric Luehrsen [Sat, 25 Mar 2017 05:53:28 +0000 (01:53 -0400)]
unbound: improve interface trigger behavior

procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.

Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: support copy without dash update
Eric Luehrsen [Wed, 22 Mar 2017 01:43:42 +0000 (21:43 -0400)]
unbound: support copy without dash update

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: fix hotplug iface and ntp restarts
Eric Luehrsen [Sat, 18 Mar 2017 02:45:47 +0000 (22:45 -0400)]
unbound: fix hotplug iface and ntp restarts

Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.

Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: bugfix init race condition invalid FQDN
Eric Luehrsen [Sun, 5 Mar 2017 19:52:28 +0000 (14:52 -0500)]
unbound: bugfix init race condition invalid FQDN

options 'add_local_fqdn' and 'add_wan_fqdn' can be affected
by race conditions when they are at level 4. Interface name
may not be returned by network tools. The conf file has bad
record formats and Unbound just will not load. Detect this
and fall back to only the host FQDN (level 3).

squash: improve documentation wording and format codes.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: fix odhcpd trigger script
Audric Schiltknecht [Sun, 12 Mar 2017 20:11:48 +0000 (16:11 -0400)]
unbound: fix odhcpd trigger script

Read UNBOUND_TXT_DOMAIN from main unbound configuration.
This prevents records to be added into Unbound in the default 'lan' zone.

Signed-off-by: Audric Schiltknecht <storm+github@chemicalstorm.org>
7 years agopackage: haproxy
Thomas Heil [Mon, 3 Apr 2017 11:50:03 +0000 (13:50 +0200)]
package: haproxy
[RELEASE] Released version 1.7.5 due to bug in compression

 Released version 1.7.5 with the following main changes :
  - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
  - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
  - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
  - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
  - DOC: fix parenthesis and add missing "Example" tags
  - DOC: update the contributing file
  - DOC: log-format/tcplog/httplog update
  - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy
Thomas Heil [Tue, 28 Mar 2017 11:16:19 +0000 (13:16 +0200)]
package: haproxy
Correct Download Url to http://www.haproxy.org/download/1.7/src

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy bump to latest stable 1.7.4
Thomas Heil [Tue, 28 Mar 2017 09:42:16 +0000 (11:42 +0200)]
package: haproxy bump to latest stable 1.7.4
    [RELEASE] Released version 1.7.4

    Released version 1.7.4 with the following main changes :
        - MINOR: config: warn when some HTTP rules are used in a TCP proxy
        - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
        - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
        - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
        - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
        - BUG/MINOR: Fix "get map <map> <value>" CLI command
        - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
        - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
        - BUG/MINOR: checks: attempt clean shutw for SSL check
        - CONTRIB: tcploop: add limits.h to fix build issue with some compilers
        - CONTRIB: tcploop: make it build on FreeBSD
        - CONTRIB: tcploop: fix time format to silence build warnings
        - CONTRIB: tcploop: report action 'K' (kill) in usage message
        - CONTRIB: tcploop: fix connect's address length
        - CONTRIB: tcploop: use the trash instead of NULL for recv()
        - BUG/MEDIUM: listener: do not try to rebind another process' socket
        - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
        - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
        - BUG/MEDIUM: connection: ensure to always report the end of handshakes
        - BUG: payload: fix payload not retrieving arbitrary lengths
        - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
        - MINOR: doc: 2.4. Examples should be 2.5. Examples
        - BUG/MEDIUM: stream: fix client-fin/server-fin handling
        - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
        - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
        - DOC/MINOR: Fix typos in proxy protocol doc
        - DOC: Protocol doc: add checksum, TLV type ranges
        - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
        - DOC: Protocol doc: add noop TLV
        - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
        - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
        - MINOR: server: irrelevant error message with 'default-server' config file keyword.
        - MINOR: doc: fix use-server example (imap vs mail)
        - BUG/MEDIUM: tcp: don't require privileges to bind to device
        - BUILD: make the release script use shortlog for the final changelog
        - BUILD: scripts: fix typo in announce-release error message

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: memcached - upgrade to latest stable
Thomas Heil [Tue, 28 Mar 2017 09:34:23 +0000 (11:34 +0200)]
package: memcached - upgrade to latest stable
bump to version 1.4.36

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agoruby: bump to 2.4.1 4184/head
Luiz Angelo Daros de Luca [Thu, 23 Mar 2017 03:40:46 +0000 (00:40 -0300)]
ruby: bump to 2.4.1

This releases contains only bug and security fixes,
mostly backported from devel branch.

(cherry picked from commit 26d19b5cb1293d0e2058c09bb63c007bd124cdb2)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
7 years ago[libs/pcre]: fix CVE-2017-7186
Thomas Heil [Mon, 27 Mar 2017 08:03:16 +0000 (10:03 +0200)]
[libs/pcre]: fix CVE-2017-7186
Fix CVE-2017-7186 mentioned in https://bugs.exim.org/show_bug.cgi?id=2052

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy
heil [Thu, 16 Mar 2017 21:35:59 +0000 (22:35 +0100)]
package: haproxy
 - bump to stable 1.7.3 and pending patches from upstream

Signed-off-by: heil <heil@terminal-consulting.de>
7 years agoMerge pull request #4120 from gabri94/lede-17.01
Jo-Philipp Wich [Tue, 14 Mar 2017 13:01:44 +0000 (14:01 +0100)]
Merge pull request #4120 from gabri94/lede-17.01

openwisp-config: new package

7 years agoopenwisp-config: new package 4120/head
gabri94 [Fri, 3 Mar 2017 13:26:06 +0000 (14:26 +0100)]
openwisp-config: new package

Signed-off-by: Gabriele Gemmi <gabriel@autistici.org>
7 years agoadblock: backport updates upto 2.4.0-2
Dirk Brenken [Sat, 4 Mar 2017 16:20:24 +0000 (18:20 +0200)]
adblock: backport updates upto 2.4.0-2

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Original commit messages:

adblock: update 2.3.2
* optimize memory consumption &
  enable overall sort only on devices with > 64MB RAM,
  this prevents sort related kernel dumps
(cherry picked from commit 8c5b9a0802dec0876488779f0836c5b4698388cc)

adblock: release 2.4.0
* add tld compression,
  this new "top level domain compression" removes up to 40 thousand
  needless host entries from the block lists and
  lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
(cherry picked from commit ed470f0dcc66f42bc57e3795e3c9f37629e2cbcd)

adblock: release 2.4.0 (release 2)
* add missing sort step if tld compression was disabled
(cherry picked from commit b3b9972eacdf4acc5ff231f7aa5c32d14fbc4841)

7 years agoMerge pull request #4072 from EricLuehrsen/unbound_17_01
Hannu Nyman [Thu, 2 Mar 2017 12:37:18 +0000 (14:37 +0200)]
Merge pull request #4072 from EricLuehrsen/unbound_17_01

[lede-17.01] unbound: service update respective of 1.6.1-2

7 years agounbound: improve maintenance of trust anchor 4072/head
Eric Luehrsen [Thu, 2 Mar 2017 05:28:35 +0000 (00:28 -0500)]
unbound: improve maintenance of trust anchor

Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.

Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.

The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: Update to 1.6.1 with 2017 trust anchor
Eric Luehrsen [Thu, 23 Feb 2017 02:35:56 +0000 (21:35 -0500)]
unbound: Update to 1.6.1 with 2017 trust anchor

Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.

File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: bugfix add_local_fqdn with empty ULA
Eric Luehrsen [Sat, 25 Feb 2017 18:49:45 +0000 (13:49 -0500)]
unbound: bugfix add_local_fqdn with empty ULA

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: improve robustness with dhcp scripts
Eric Luehrsen [Sat, 11 Feb 2017 20:25:22 +0000 (15:25 -0500)]
unbound: improve robustness with dhcp scripts

When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agoUnbound: bug fix odhcpd and add auto adblock
Eric Luehrsen [Mon, 6 Feb 2017 04:48:18 +0000 (23:48 -0500)]
Unbound: bug fix odhcpd and add auto adblock

Bug fix dhcp4_slaac6 option was adding to all IP6 routes.
Filtering was added to this process to only include addresses
served from "this dhcp interface."

adblock 2.3.0 file output is now detected and automatically
integrated into Unbound local-zones. adblock deposites its
block site zone-files into /var/lib/unbound. If this is not
desired, then disable adblock or reconfigure to avoid Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: error in README.md for unbound+dnsmasq
Eric Luehrsen [Mon, 23 Jan 2017 06:48:32 +0000 (01:48 -0500)]
unbound: error in README.md for unbound+dnsmasq

7 years agopptpd: run service in foreground for procd compatibility
Rafał Miłecki [Mon, 26 Sep 2016 05:59:30 +0000 (07:59 +0200)]
pptpd: run service in foreground for procd compatibility

To have service working nicely with procd it should be running in the
foreground. Otherwise it's not possible to e.g. stop it with the init.d
script. Luckily for us pptpd has a simple switch that allows it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 15e7f611afb ("pptpd: convert init script to procd")
7 years agolighttpd: fix regression in local-redir used with url.rewrite-once
Rafał Miłecki [Wed, 22 Feb 2017 07:19:49 +0000 (08:19 +0100)]
lighttpd: fix regression in local-redir used with url.rewrite-once

This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793
This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agolighttpd: update to 1.4.45
Rafał Miłecki [Mon, 20 Feb 2017 11:18:17 +0000 (12:18 +0100)]
lighttpd: update to 1.4.45

Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
  783 root      1124 S    {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
  799 root      1164 S    /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

It was hanging until getting random pool:
[  176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[  176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[  176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[  176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.

This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agoMerge pull request #4042 from commodo/backport-ncurses-fixes
Hannu Nyman [Mon, 20 Feb 2017 15:11:19 +0000 (17:11 +0200)]
Merge pull request #4042 from commodo/backport-ncurses-fixes

[lede-17.01] python,python3: backport fixes for `ncurses` extension builds

7 years agopython3: fix ncursesw definition collisions 4042/head
Alexandru Ardelean [Mon, 13 Feb 2017 14:12:39 +0000 (16:12 +0200)]
python3: fix ncursesw definition collisions

setup.py seems to add the host's /usr/include/ncursesw
header.

Reported-by: Arturo Rinaldi <arturo@arduino.org>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
7 years agopython: remove setupterm() redefinition
Alexandru Ardelean [Mon, 13 Feb 2017 14:10:16 +0000 (16:10 +0200)]
python: remove setupterm() redefinition

It's not 100% aligned with the ncurses' definition.

Reported-by: Arturo Rinaldi <arturo@arduino.org>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
7 years agoadblock: update 2.3.1
Dirk Brenken [Thu, 16 Feb 2017 14:18:41 +0000 (15:18 +0100)]
adblock: update 2.3.1

* various optimizations & corner case fixes
* removed no longer needed debug information
* polished up for forthcoming LEDE release ;-)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5cf40c94ee85d7f192f42892a374a9a6853a0a0f)

7 years agonet-snmp: add engineID config options
Stijn Tintel [Tue, 14 Feb 2017 13:46:23 +0000 (14:46 +0100)]
net-snmp: add engineID config options

According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoxl2tpd: backporting fix for race condition causing xl2tpd hang
Yousong Zhou [Mon, 13 Feb 2017 11:47:28 +0000 (19:47 +0800)]
xl2tpd: backporting fix for race condition causing xl2tpd hang

The patch was taken from https://github.com/xelerance/xl2tpd/pull/125

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agognutls: updated to 3.5.9
Nikos Mavrogiannopoulos [Sun, 12 Feb 2017 10:26:49 +0000 (11:26 +0100)]
gnutls: updated to 3.5.9

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agoocserv: updated to 0.11.7
Nikos Mavrogiannopoulos [Sun, 12 Feb 2017 09:25:51 +0000 (10:25 +0100)]
ocserv: updated to 0.11.7

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agoadblock: 2.3.0 (package release 3)
Dirk Brenken [Sun, 12 Feb 2017 07:20:10 +0000 (08:20 +0100)]
adblock: 2.3.0 (package release 3)

* refine too optimistic wget/uclient-fetch timeout defaults
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5e4cd25103da0d1549db435fa086259f3fcc5744)

7 years agovallumd: bump to 0.1.3
Stijn Tintel [Fri, 10 Feb 2017 08:30:57 +0000 (09:30 +0100)]
vallumd: bump to 0.1.3

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoMerge pull request #3971 from chris5560/lede-17.01
Hannu Nyman [Thu, 9 Feb 2017 20:49:53 +0000 (22:49 +0200)]
Merge pull request #3971 from chris5560/lede-17.01

[lede-17.01] ddns-scripts: New update url for service duiadns.net

7 years ago[lede-17.01] ddns-scripts: New update url for service duiadns.net 3971/head
Christian Schoenebeck [Thu, 9 Feb 2017 20:25:18 +0000 (21:25 +0100)]
[lede-17.01] ddns-scripts: New update url for service duiadns.net

- new update url for service duiadns.net
- updated public_suffix_list.dat

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
7 years agolibs/gnutls: Don't link libidn unintentionally
Daniel Engberg [Mon, 6 Feb 2017 23:23:09 +0000 (00:23 +0100)]
libs/gnutls: Don't link libidn unintentionally

Fixes compilation reported by by buildbots.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit c7c951eada3682c2a2bac73cbe95ee15f174317f)

7 years agoadblock: 2.3.0 (package release 2)
Dirk Brenken [Mon, 6 Feb 2017 16:07:48 +0000 (17:07 +0100)]
adblock: 2.3.0 (package release 2)

* update readme regarding unbound integration
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1e7a1b380bd16ceef3b9dd46cb9c72a445f2ce7f)

7 years agoopus: update to 1.1.4
Ian Leonard [Fri, 3 Feb 2017 11:02:52 +0000 (03:02 -0800)]
opus: update to 1.1.4

Includes fix for CVE 2017-0381.

Assume maintainership.

Signed-off-by: Ian Leonard <antonlacon@gmail.com>
7 years agoRevert "vnstat: update to v1.16"
Jo-Philipp Wich [Mon, 6 Feb 2017 10:01:12 +0000 (11:01 +0100)]
Revert "vnstat: update to v1.16"

This reverts commit 79b6e9dc61dc37e4745f08d83ce44593d256fd12.

Undo the recent vnstat update due to upstream bugs preventing database
restoration.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agoruby: derive ABI version from VERSION
Luiz Angelo Daros de Luca [Wed, 18 Jan 2017 01:03:53 +0000 (23:03 -0200)]
ruby: derive ABI version from VERSION

There might be no ABI breakage when the first two number
of version are the same.

(No change on generated packages. No need to bumb release)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
7 years agopackage: pcre bump to version 8.40
heil [Sun, 22 Jan 2017 20:09:54 +0000 (21:09 +0100)]
package: pcre bump to version 8.40

Signed-off-by: heil <heil@terminal-consulting.de>
7 years agounbound: expand UCI to cover some popular dnsmasq features
Eric Luehrsen [Thu, 29 Dec 2016 06:32:31 +0000 (01:32 -0500)]
unbound: expand UCI to cover some popular dnsmasq features

Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.

- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'

README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: expand UCI support for odhcpd DHCP-DNS
Eric Luehrsen [Sat, 7 Jan 2017 19:19:22 +0000 (14:19 -0500)]
unbound: expand UCI support for odhcpd DHCP-DNS

This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: add odhcpd specific scripts to link DHCP-DNS
Eric Luehrsen [Thu, 29 Dec 2016 06:29:17 +0000 (01:29 -0500)]
unbound: add odhcpd specific scripts to link DHCP-DNS

The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).

The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.

/etc/config/dhcp
config odhcpd 'odhcpd'
  option leasetrigger '/usr/lib/unbound/odhcpd.sh'

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: improve NTP hotplug behavior when Unbound is disabled
Eric Luehrsen [Fri, 23 Dec 2016 07:37:21 +0000 (02:37 -0500)]
unbound: improve NTP hotplug behavior when Unbound is disabled

If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agoadblock: release 2.3.0
Dirk Brenken [Sat, 4 Feb 2017 20:32:50 +0000 (21:32 +0100)]
adblock: release 2.3.0

* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update

Signed-off-by: Dirk Brenken <dev@brenken.org>
7 years agophp7: update to 7.1.1
Michael Heimpold [Tue, 24 Jan 2017 20:39:59 +0000 (21:39 +0100)]
php7: update to 7.1.1

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
7 years agophp7: fix xml2-config path to unbreak build
Matthias Schiffer [Tue, 24 Jan 2017 11:43:13 +0000 (12:43 +0100)]
php7: fix xml2-config path to unbreak build

Partially reverts 4a984a8d6. Fixes #3907.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agotor: update to version 0.2.9.9
Hauke Mehrtens [Tue, 31 Jan 2017 22:44:00 +0000 (23:44 +0100)]
tor: update to version 0.2.9.9

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agolibidn: install libidn.pc in staging area & refresh patches
Kevin Darbyshire-Bryant [Sun, 29 Jan 2017 11:54:14 +0000 (11:54 +0000)]
libidn: install libidn.pc in staging area & refresh patches

libidn.pc file was missing in package staging area causing build
failures for other packages expecting to find libidn package config
files.

refreshed patches to clear existing patch fuzz

take over maintainership

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
7 years agoutils/gpsd: remove hotplug script
p-wassi [Wed, 7 Dec 2016 21:00:50 +0000 (22:00 +0100)]
utils/gpsd: remove hotplug script

Remove a hotplug script, which starts/stops gpsd with
attaching/detaching a PL2302 USB-UART device.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
7 years agoutils/gpsd: (cosmetic) update config
p-wassi [Wed, 7 Dec 2016 20:58:05 +0000 (21:58 +0100)]
utils/gpsd: (cosmetic) update config

Make the default config look like usual,
i.e.: indentation using tabs, single quotes, booleans 0/1

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
7 years agoutils/gpsd: Update to 3.16
p-wassi [Wed, 7 Dec 2016 20:41:06 +0000 (21:41 +0100)]
utils/gpsd: Update to 3.16

Update gpsd to upstream release 3.16
The local patch is already included upstream, therefore
removed here.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
7 years agonet/stunnel: Update to version 5.40
Daniel Engberg [Sun, 29 Jan 2017 07:54:41 +0000 (08:54 +0100)]
net/stunnel: Update to version 5.40

Update stunnel to 5.40

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agorsync and cifs-utils: update download address
Hannu Nyman [Sun, 29 Jan 2017 15:37:06 +0000 (17:37 +0200)]
rsync and cifs-utils: update download address

samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agonet/dnscrypt-proxy: update to 1.9.4
Damiano Renfer [Sun, 29 Jan 2017 16:29:35 +0000 (17:29 +0100)]
net/dnscrypt-proxy: update to 1.9.4

Signed-off-by: Damiano Renfer damiano.renfer@gmail.com
7 years agostrongswan: enable IKEv2 Mediation Extension
Stijn Tintel [Mon, 30 Jan 2017 12:59:17 +0000 (13:59 +0100)]
strongswan: enable IKEv2 Mediation Extension

Closes #3905.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agocoreutils: add libcap dependency to selected applets
Jo-Philipp Wich [Wed, 18 Jan 2017 11:08:40 +0000 (12:08 +0100)]
coreutils: add libcap dependency to selected applets

If libcap happens to be present in the environment, coreutils will pick it up
and link some applets against it.

Since the idea of coreutils is to provide a full featured alternative to the
busybox applets, do not inhibit the optional dependency but explicitely
require libcap instead.

Fixes the following error spotted on the buildbots:

    Package coreutils-dir is missing dependencies for the following libraries:
    libcap.so.2

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agonail: fix build against OpenSSL with disabled SSLv3
Jo-Philipp Wich [Wed, 18 Jan 2017 03:03:00 +0000 (04:03 +0100)]
nail: fix build against OpenSSL with disabled SSLv3

Extend the existing patch handling disabled SSLv2 to cover the SSLv3 case as
well in order to fix the following build error reported by the buildbot:

    openssl.o: In function `ssl_open':
    openssl.c:(.text+0xa1c): undefined reference to `SSLv3_client_method'
    collect2: error: ld returned 1 exit status

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agopen: update to v0.34.0
Jo-Philipp Wich [Wed, 18 Jan 2017 02:53:03 +0000 (03:53 +0100)]
pen: update to v0.34.0

Update the pen package to upstream release v0.34.0 in order to fix the
following build error reported by the buildbot:

    ssl.o: In function `ssl_create_context':
    ssl.c:(.text+0x9c): undefined reference to `SSLv3_method'
    collect2: error: ld returned 1 exit status

Also switch from PKG_MD5SUM to PKG_HASH with SHA256 while we're at it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agoperl-www-curl: fix build against curl >= 7.50
Jo-Philipp Wich [Wed, 18 Jan 2017 02:40:50 +0000 (03:40 +0100)]
perl-www-curl: fix build against curl >= 7.50

Import a proposed upstream bug fix to allow building against recent curl
versions. Fixes the following error observed by the buildbots:

    curlopt-constants.c:129:49: error: 'CURL_STRICTER' undeclared (first use in this function)
                 if (strEQ(name, "STRICTER")) return CURL_STRICTER;

Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=117793

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agosocat: work around missing stddef.h include
Jo-Philipp Wich [Tue, 17 Jan 2017 20:24:12 +0000 (21:24 +0100)]
socat: work around missing stddef.h include

The buildbots fail to build socat due to the following error:

    nestlex.c:14:7: error: unknown type name 'ptrdiff_t'

It appears that certain source files do not include all required headers,
depending on the configure options passed to socat.

Work around the error by passing `-include stddef.h` via `TARGET_CFLAGS` to
forcibly inject this header file into all compilation units.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agontpd: cleanup Makefile and hotplug script
Peter Wagner [Tue, 17 Jan 2017 22:49:20 +0000 (23:49 +0100)]
ntpd: cleanup Makefile and hotplug script

Signed-off-by: Peter Wagner <tripolar@gmx.at>
7 years agontpd: add hotplug script that signals when ntp reaches the stratum level like the...
Peter Wagner [Mon, 16 Jan 2017 21:28:01 +0000 (22:28 +0100)]
ntpd: add hotplug script that signals when ntp reaches the stratum level like the sysntp implementation
use ntpq to check the status of the ntp server as all other status scripts included in the ntp tarball are
based on perl which would dramatically increase the footprint of ntpd

Signed-off-by: Peter Wagner <tripolar@gmx.at>