aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* | | | | | | | snowflake: run snowflake-proxy with procd-ujailDaniel Golle2022-09-25
| |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | snowflake-proxy doesn't write any files => run in read-only rootfs environment the process needs to read SSL certs but no other files => only exposed path is /etc/ssl/certificates (read-only) running as unpriviledged user with no additional capabilities => set no-new-privs bit By default procd-ujail also isolates the process by executing it in a separate new IPC and PID namespace. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | | | | snowflake: add packageDaniel Golle2022-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package Tor's Snowflake system components so users can offer e.g. a standalone Snowflake proxy on their routers or other devices. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | | | | poemgr: update to latest HEADDavid Bauer2022-09-24
| |_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 8988247 Makefile: Enable warnings as errors (-Werror) aea39ca Makefile: Respect the CFLAGS and LDFLAGS that have been passed in 189594f poemgr: Fix compiler warnings in poemgr.c 0e1a8cf pd69104: Avoid self-induced pointer casts 2d53298 uswflex: Remove unused variables and declarations d345441 poemgr: Reorganize poemgr.h to remove forward declarations df1a7bc contrib: remove unneccessary functions.sh loading 056a6a9 poemgr: Fix name based profile selection b8f8f23 poemgr: prolong the power budget detection delay 9e8344a poemgr: configure power_budget to override detected limit Signed-off-by: David Bauer <mail@david-bauer.net>
* | | | | | gatling: add package gatlingMartin Hübner2022-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gatling is a high-performance webserver from fefe. It gives a fairly decent feature-set at really small size. And its fast. Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com> Signed-off-by: Martin Hübner <martin.hubner@web.de>
* | | | | | dnsproxy: Update to 0.45.0Tianling Shen2022-09-23
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | | | dnslookup: Update to 1.8.0Tianling Shen2022-09-23
| |/ / / / |/| | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | | glib2: backport locale fixRosen Penev2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes compilation with non English locale. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | libowfat: fix glibc compilationRosen Penev2022-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ported Fedora patch. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | libsoup3: update maintainerRosen Penev2022-09-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | Merge pull request #19422 from paper42/knot-resolver-5.5.3Josef Schlehofer2022-09-23
|\ \ \ \ \ | |_|/ / / |/| | | | knot-resolver: update to 5.5.3
| * | | | knot-resolver: update to 5.5.3Michal Vasilek2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fixes CVE-2022-40188 Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
* | | | | pdns-recursor: update to 4.7.3Peter van Dijk2022-09-22
|/ / / / | | | | | | | | | | | | Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | | libsoup3: addRosen Penev2022-09-22
| | | | | | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | openwisp-config: cleanup MakefileNick Hainke2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The license identifier has a typo. Fix it. Use SPDX instead of license boilerplate. Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | openwisp-monitoring: cleanup MakefileNick Hainke2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The license identifier has a typo. Fix it. Use SPDX instead of license boilerplate. Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | netsniff-ng: Build and package mausezahnMartin Blumenstingl2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mausezahn is a multicast traffic generator which is part of the netsniff-ng sources. This utility is needed for the upcoming kernel-selftests-net-forwarding package. Add a new package for it. netsniff-ng will automatically detect all installed dependencies and build only the utilities whose dependencies are installed (meaning: mausezahn is not build when for example libcli is not installed and other tools are not build if for example zlib is missing). Depending on the selected packages (netsniff-ng or mausezahn) the OpenWrt build system has to trigger netsniff-ng's configure script, which will then pick up and automatically build the programs (mausezahn, netsniff-ng, trafgen, ...) for which all dependencies are installed. Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
* | | | libcli: Add new packageMartin Blumenstingl2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This package is a dependency for building mausezahn as part of the netsniff-ng sources. mausezahn is a multicast traffic generator used by the upcoming kernel-selftests-net-forwarding package. Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
* | | | open-vm-tools: enable debugging for vcenterFlorian Eckert2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Updating tools.conf to get more info during deployment and template cloning. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | open-vm-tools: enable dnet supportFlorian Eckert2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | Enable dnet support to get guestinfo and nicinfo Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | open-vm-tools: enable deploypkg pluginFlorian Eckert2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | Enable support functions for guest package deployment. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | libmspack: initial checkinFlorian Eckert2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | libmspack is a library for some loosely related Microsoft compression formats: CAB, CHM, HLP, LIT, KWAJ and SZDD Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | hping3: add new packageAlexander E. Patrakov2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new package would help measuring one-way delays using ICMP type 13 packets. This is important for various scripts that automatically adjust CAKE shaper bandwidth based on the observed bufferbloat. They need to understand whether the delay is on the way up or on the way down, so that they can adjust the bandwidth of the proper part of the shaper. https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848 https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379 V2: refreshed patches Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
* | | | vim: update to 9.0Nick Hainke2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patches: - 001-support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch -> https://github.com/vim/vim/commit/8f1dde5021d9623a951d1ccbc78cf1b1a55ccd7a - 020-macos.patch -> https://github.com/vim/vim/commit/5289783e0b07cfc3f92ee933261ca4c4acdca007 Refresh patches: - 002-remove_helptags_generation.patch Release Notes: https://www.vim.org/vim90.php Add to configure_args: --disable-libsodium Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | xz: update to 5.2.6Nick Hainke2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Release Notes: https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | realtek-poe: Update package to v1.0Alexandru Gagniuc2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | v1.0 fixes a bug with MCU communication, and allows shutting down individual ports over ubus. A summarry of commands can be shown with: ubus -v list poe Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
* | | | bind: bump to 9.18.7Noah Meyerhans2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes multiple security issues: CVE-2022-38178 - Fix memory leak in EdDSA verify processing CVE-2022-3080 - Fix serve-stale crash that could happen when stale-answer-client-timeout was set to 0 and there was a stale CNAME in the cache for an incoming query CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0 and later versions. The openssldh_compare(), openssldh_paramcompare(), and openssldh_todns() functions were affected CVE-2022-2881 - When an HTTP connection was reused to get statistics from the stats channel, and zlib compression was in use, each successive response sent larger and larger blocks of memory, potentially reading past the end of the allocated buffer CVE-2022-2795 - Prevent excessive resource use while processing large delegations Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* | | | opendoas: avoid libpam dependencyEneas U de Queiroz2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package is failing to build because it picks up libpam dependency regardless of `BUSYBOX_CONFIG_PAM`. Use configure args --with-pam, --without-pam to assert the option. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | | wifi-presence: Update to version v0.2.0Adam Williams2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version better decodes SSID names which contain emoji, control characters, and other non-ascii characters. https://github.com/awilliams/wifi-presence/pull/8 Signed-off-by: Adam Williams <pwnfactory@gmail.com>
* | | | yq: Update to 4.27.5Tianling Shen2022-09-22
| | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | gg: Update to 0.2.11Tianling Shen2022-09-22
| | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | glib2: update to 2.74.0Rosen Penev2022-09-22
| | | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patch and delete pointless one. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | Merge pull request #19410 from robimarko/mdioStijn Tintel2022-09-21
|\ \ \ \ | | | | | | | | | | mdio-tools: update to 1.2.0
| * | | | mdio-tools: update to 1.2.0Robert Marko2022-09-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the mdio-netlink kmod and userspace mdio-tools to version 1.2.0. This allows dropping the time64 musl patch which was upstreamed. [v1.2.0] - 2022-09-15 --------------------- - mdio: A new addressing mode "mmd-c22": Used to access MMDs attached to MDIO controllers without Clause 45 support by using registers 13 and 14 in the device's Clause 22 register space - mdio: Pretty print gigabit link capability information from a PHY's extended status register - mdio: Pretty print lots of status information from MMDs (C45 PHYs) - mvls: Decode priority override information of ATU entries - mvls: Table listings now always prints out the device information, even on single chip systems. Signed-off-by: Robert Marko <robimarko@gmail.com>
* | | | | lighttpd: update to lighttpd 1.4.67 release hashGlenn Strauss2022-09-21
| |/ / / |/| | | | | | | | | | | | | | | | | | | * update to lighttpd 1.4.67 release hash Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | | | Merge pull request #19417 from mhei/libxml2-update-2.10.2Michael Heimpold2022-09-21
|\ \ \ \ | | | | | | | | | | libxml2: update to 2.10.2 (closes #19288)
| * | | | libxml2: update to 2.10.2 (closes #19288)Michael Heimpold2022-09-20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes: - CVE-2022-2309 Release Notes: - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0 - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.1 - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.2 Also drop removed docbook compile switch. Disable PKG_FIXUP to allow backporting. Signed-off-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* | | | Merge pull request #19414 from G-M0N3Y-2503/docker-updateHannu Nyman2022-09-20
|\ \ \ \ | | | | | | | | | | Docker: Update to v20.10.18
| * | | | dockerd: Update to v20.10.18Gerard Ryan2022-09-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
| * | | | docker: Update to v20.10.18Gerard Ryan2022-09-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
| * | | | libnetwork: Update to 0dde5c8 for Docker v20.10.18Gerard Ryan2022-09-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
| * | | | containerd: Update to v1.6.8 for Docker v20.10.18Gerard Ryan2022-09-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
| * | | | runc: Update to v1.1.4 for Docker v20.10.18Gerard Ryan2022-09-20
| |/ / / | | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
* | | | Merge pull request #19335 from db260179/master-openconnectFlorian Eckert2022-09-20
|\ \ \ \ | |/ / / |/| | | vpnc-script: restart dnsmasq when openconnect disconnects
| * | | vpnc-script: restart dnsmasq when openconnect disconnectsDavid Bentham2022-09-19
| | | | | | | | | | | | | | | | Signed-off-by: David Bentham <db260179@gmail.com>
* | | | Merge pull request #19314 from TDT-AG/pr/2022-09-05-collectdFlorian Eckert2022-09-19
|\ \ \ \ | | | | | | | | | | collectd: extend network uci plugin
| * | | | collectd: extend network uci pluginFlorian Eckert2022-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network plugin from collectd also has the option to encrypt the metrics when sending them to another server. Until now, this was not possible via the UCI. This commit adds that feature. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | jose: fix static library usageRosen Penev2022-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When libjose is built statically, it must use --whole-archive as it uses GCC's constructor attribute to initialize itself. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | v2ray-geodata: Update to latest versionTianling Shen2022-09-18
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | | xray-core: Update to 1.6.0Tianling Shen2022-09-18
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | | telldus-core: add missing includeRosen Penev2022-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Needed for memset. Signed-off-by: Rosen Penev <rosenp@gmail.com>
Powered by cgit, Themed by Ted Yin.