aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #15517 from 1715173329/yqJosef Schlehofer2021-04-28
|\ | | | | yq: Update to 4.7.1
| * yq: Update to 4.7.1Tianling Shen2021-04-26
| | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | Merge pull request #15515 from ja-pa/gitlab-runner-13.11.0Josef Schlehofer2021-04-28
|\ \ | | | | | | gitlab-runner: update to version 13.11.0
| * | gitlab-runner: update to version 13.11.0Jan Pavlinec2021-04-26
| | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | Merge pull request #15514 from ja-pa/redis-6.2.2Josef Schlehofer2021-04-28
|\ \ \ | | | | | | | | redis: update to version 6.2.2
| * | | redis: update to version 6.2.2Jan Pavlinec2021-04-26
| |/ / | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | uvol: fix emmitting ubus event when removing UBI volumeDaniel Golle2021-04-26
| | | | | | | | | | | | | | | | | | | | | In case a volume which is down is removed, no ubus event needs to be fired. Don't try. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | auc: compare versions using dpkg/opkg's verrevcmpDaniel Golle2021-04-26
|/ / | | | | | | | | | | | | Using strcmp() to compare a version string doesn't work well. Use verrevcmp() function from opkg instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | net/mosquitto: port is optional in root configKarl Palsson2021-04-26
| | | | | | | | | | | | | | | | | | From mosquitto 2.x, port became optional and deprecated in the config, and it was recommended that listeners be used instead. Drop the hard requirement in our config conversion script. Reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: <karlp@etactica.com>
* | net/mosquitto: fix log_type conversion in configKarl Palsson2021-04-26
|/ | | | | | As reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: Karl Palsson <karlp@etactica.com>
* dbus: fix new cmake buildRosen Penev2021-04-25
| | | | | | CMake was using the wrong paths. Fix them up. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* h2o: only install one copy of the .soPeter van Dijk2021-04-25
| | | | | | | | | | | | | | | | | | I noticed that the package contained 3 identical copies of the lib: root@52170cbc2408:/# ls -ali /usr/lib/libh2o* 162653 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so 162660 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13 162661 -rwxr-xr-x 1 root root 348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13.6 so this commit fixes that: root@472ad3a8404e:/# ls -ali /usr/lib/libh2o* 289858 lrwxrwxrwx 1 root root 21 Apr 25 12:43 /usr/lib/libh2o-evloop.so -> libh2o-evloop.so.0.13 289859 lrwxrwxrwx 1 root root 23 Apr 25 12:43 /usr/lib/libh2o-evloop.so.0.13 -> libh2o-evloop.so.0.13.6 289860 -rw-r--r-- 1 root root 348857 Apr 25 12:41 /usr/lib/libh2o-evloop.so.0.1 Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* h2o: remove useless ruby dependencyPeter van Dijk2021-04-25
| | | | | | | | h2o is the library dnsdist uses to offer DNS over HTTPS to clients. dnsdist is the only user of h2o in this tree. While h2o can depend on Ruby (to build mruby support), this is disabled in the OpenWRT build of h2o. Hence, the Ruby dependency is unnecessary, and removing it saves a few megabytes of disk space. Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* Merge pull request #15511 from PowerDNS/unbound-htppsMirko Vogt2021-04-25
|\ | | | | unbound: fix typo in assist name of https-dns-proxy
| * unbound: fix typo in assist name of https-dns-proxyPeter van Dijk2021-04-25
|/ | | | | | I left the old version in, in case users have configs that already correct for this error. Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* Merge pull request #15507 from hswong3i/master-SQUID_enable-ssl-crtdRosen Penev2021-04-25
|\ | | | | squid: Enable dynamic SSL certificate generation
| * squid: Enable dynamic SSL certificate generationWong Hoi Sing Edison2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintainer: @neheb / @BKPepe / @zhanhb Compile tested: ipq806x, generic, netgear_r7800, master Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07 Description: Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`): https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on ssl_bump splice all In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration: https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB ssl_bump stare all ssl_bump bump all This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode. Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | conntrack-tools: add a patch to fix endianness issueTao Gong2021-04-24
| | | | | | | | Signed-off-by: Tao Gong <gongtao0607@gmail.com>
* | coremark: bump to 2021-03-12Aleksander Jan Bajkowski2021-04-24
|/ | | | Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
* ksmbd: update to 3.3.9Rosen Penev2021-04-24
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ksmbd-tools: update to 3.3.9Rosen Penev2021-04-24
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uacme: add use_auto_stagingLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | Staging certificates have the advantage that their retry limits are loose. Therefore they can be obtained quickly when automatic retries are used. Unfortunately they can not be used for deployments because their CA is not accepted by clients. Production certificates do not have this limitation, but their retry limits are strict. For production certificates, automatic retries can only be performed a few times per hour. This makes automatic obtainment of certificates tenacious. With use_auto_staging=1, the advantages of the two certificate types are combined. Uacme will first obtain a staging certificate. When the staging certificate is successfully obtained, uacme will switch and obtain a production certificate. Since the staging certificate has already been successfully obtained, we can ensure that the production certificate is successfully obtained in the first attempt. This means that "retries" are performed on the staging certificate and the production certificate is obtained in the first attempt. In summary, this feature enables fast obtaining of production certificates when automatic retries are used. By default, this feature is set to use_auto_staging=0, which means that uacme will behave as before by default. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* uacme: do not override production state dir variableLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | With this commit, issue_cert() can be called multiple times alternating between staging and production certificates within a script. Before this commit, the production state dir was stored in $STATE_DIR. But in the case of $use_staging=1, this variable was overwritten in issue_cert() with $STAGING_STATE_DIR. This made it impossible to call issue_cert() with $use_staging=0 afterwards. Now the production state dir is stored in $PRODUCTION_STATE_DIR. This way it is not overridden anymore and issue_cert() can be called multiple times alternating with production and staging. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* Merge pull request #15466 from cotequeiroz/muttRosen Penev2021-04-24
|\ | | | | mutt: don't use host mailpath definition
| * mutt: don't use host mailpath definitionEneas U de Queiroz2021-04-19
| | | | | | | | | | | | | | | | Use configure --with-mailpath=/var/mail instead of letting it guess the value base on the host path. If configure can't find it, the package will fail to build. The path was taken from the current bot build. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | fwknop: Remove unnecessary get_bool() function.Oldřich Jedlička2021-04-24
| | | | | | | | | | | | | | The get_bool() functionality was already merged to lib/functions.sh, so it is redundant in the init script. Remove it. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* | gummiboot: add new packageOskari Rauta2021-04-24
| | | | | | | | Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* | gnu-efi: add new packageOskari Rauta2021-04-24
| | | | | | | | Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* | Merge pull request #15505 from gstrauss/lighttpd-1.4.59-2Rosen Penev2021-04-24
|\ \ | | | | | | lighttpd: patches from upstream
| * | lighttpd: patches from upstreamGlenn Strauss2021-04-23
|/ / | | | | | | | | | | | | | | | | | | | | - ignore Content-Length from backend if 101 Switching Protocols - close HTTP/2 connection after bad password - skip cert chain build for self-issued certs - meson zstd fix - ls-hpack upstream update - discard some HTTP/2 DATA frames received after response Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | Merge pull request #15503 from dibdot/banipDirk Brenken2021-04-23
|\ \ | | | | | | banip: fix housekeeping
| * | banip: fix housekeepingDirk Brenken2021-04-23
|/ / | | | | | | | | | | * fix whitelist housekeeping if you switch between normal- and 'whitelist only' mode Signed-off-by: Dirk Brenken <dev@brenken.org>
* | Merge pull request #15488 from Ansuel/improve-atlasJosef Schlehofer2021-04-23
|\ \ | | | | | | atlas-sw-probe: improve key creation
| * | atlas-sw-probe: improve key creationAnsuel Smith2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* | | Merge pull request #15493 from dibdot/banIPDirk Brenken2021-04-22
|\ \ \ | | | | | | | | banip: update to 0.7.7
| * | | banip: update to 0.7.7Dirk Brenken2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * add a "whitelist only" mode, this option allows to restrict Internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the Internet. Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | gnunet: update to v0.14.1Daniel Golle2021-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * lots of fixes for many subsystems * new messenger group chat service * 'abd' temporarily removed due to upstream issue Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | Merge pull request #15494 from mstorchak/tmuxRosen Penev2021-04-21
|\ \ \ \ | | | | | | | | | | tmux: update to 3.2
| * | | | tmux: update to 3.2Maxim Storchak2021-04-22
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | - switch to $(AUTORELEASE) - change dependency from libevent2 to libevent2-core Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* | | | Merge pull request #15495 from mkrkn/masterRosen Penev2021-04-21
|\ \ \ \ | |/ / / |/| | | openvpn: update to 2.5.2
| * | | openvpn: update to 2.5.2Magnus Kroken2021-04-22
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* | | uvol: improve autopart and lvm scripts, fix F2FS volumesDaniel Golle2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use sfdisk to get GPT partition by name as partition names are not known by the kernel if added via partx. Make sure physical volume names are unique, if possible correlate with the disks serial number and/or card's cid. mkf2fs apparently returns 134 even in case format succeeded, so don't fail in that case (this fixes rw volumes large enough for F2FS to be selected by the lvm scripts of uvol). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | node: Resolve ICU conflictHirokazu MORIKAWA2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | Resolve conflicts between OpenWrt's ICU package and the ICU shipped with node.js. https://github.com/openwrt/packages/issues/15437 Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
* | | dockerd: Updated to 20.10.6Gerard Ryan2021-04-21
| | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
* | | docker: Updated to 20.10.6Gerard Ryan2021-04-21
| | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
* | | libnetwork: Updated to 2021-01-26 for docker 20.10.6Gerard Ryan2021-04-21
| | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
* | | containerd: Updated to 1.4.4 for docker 20.10.6Gerard Ryan2021-04-21
| | | | | | | | | | | | Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
* | | Merge pull request #15471 from TDT-AG/pr/20200420-stunnelFlorian Eckert2021-04-21
|\ \ \ | |/ / |/| | stunnel: update to 5.59
| * | stunnel: update to 5.59Florian Eckert2021-04-20
| | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | Merge pull request #15483 from oskarirauta/feature_mtoolsRosen Penev2021-04-20
|\ \ \ | | | | | | | | mtools: add new package
Powered by cgit, Themed by Ted Yin.