aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
* Merge pull request #19529 from blocktrron/qcsuperDavid Bauer2022-10-08
|\ | | | | qcsuper: add Package w/ necessary dependencies
| * qcsuper: add packageDavid Bauer2022-10-06
| | | | | | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* | Merge pull request #19543 from stangri/master-https-dns-proxyStan Grishin2022-10-07
|\ \ | | | | | | https-dns-proxy: update to 2022-08-12-1
| * | https-dns-proxy: update to 2022-08-12-1Stan Grishin2022-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | * update to upstream version 2022-08-12 * add ca_certs_file option for CA certs file for curl * add procd_add_interface_trigger for wan6 (hopefully fixes https://github.com/openwrt/packages/issues/19531) Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | samba4: remove duplicate entry from libldb-fix-musl-libc-unkown-type-error.patchAndrew Sim2022-10-07
| | | | | | | | | | | | Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | samba4: update to 4.17.0Andrew Sim2022-10-07
|/ / | | | | | | Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | snowflake: update to version 2.3.1Daniel Golle2022-10-07
| | | | | | | | | | | | | | 03b2b56f Fix broker race condition 36f03dfd Record proxy type for proxy relay stats Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | gnunnet: halt build if any command failsEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | There are many places in the packages' install recipes whith multiple commands being executed in the same shell invocation, separated with a semicolon (;). The return status will depend only on the last command being run. The same thing happens in loops, where only the last file will determine the result of the command. Change the ';' to '&&', and exit the loop if any operation fails. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | gnunnet: don't copy non-existing filesEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are six places pointing to files that do not exist any more: - gns-import.sh in package gnunet-gns (dropped in v0.11.0) - libgnunetdnsstub.so* in gnunet-vpn (integrated into util in v0.11.0) - libgnunettun.so* in gnunet-vpn (integrated into util in v0.11.0) - gnunet-service-ats-new in package gnunet (dropped in v0.12.0) - libgnunetreclaimattribute.so.* (integrated into reclaim in v0.13.0) - libgnunetabe.so.* in gnunet-reclaim (dropped in v0.17.2) They were not noticed because their failing copy commands were part of loops in which only the last operation had its exit status checked. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | gnunet: gnunet-rest: add libjose dependencyEneas U de Queiroz2022-10-06
| | | | | | | | | | | | | | | | According to the package's configure.ac, reclaimID OpenID Connect plugin depends on jose. It is installed by the gnunet-rest plugin package: libgnunnetrest_openid_connect.so. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | acme: remove help info of unused commandGlen Huang2022-10-06
| | | | | | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* | acme: fix acmesh dnsapi dependenciesGlen Huang2022-10-06
|/ | | | Signed-off-by: Glen Huang <i@glenhuang.com>
* Merge pull request #19532 from ↵Philip Prindeville2022-10-05
|\ | | | | | | | | pprindeville/isc-dhcp-drop-gratuitous-named-reload isc-dhcp: avoid gratuitous reload of named
| * isc-dhcp: avoid gratuitous reload of namedPhilip Prindeville2022-10-05
| | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | lighttpd: remove deprecated modulesGlenn Strauss2022-10-05
| | | | | | | | Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | Merge pull request #19520 from dyarkovoy/masterFlorian Eckert2022-10-05
|\ \ | | | | | | mwan3: support offload routing modifier
| * | mwan3: support offload routing modifierDenys Yarkovyi2022-10-05
| | | | | | | | | | | | Signed-off-by: Denys Yarkovyi <dyarkovoy@gmail.com>
* | | https-dns-proxy: add settings for canary domainsStan Grishin2022-10-04
| | | | | | | | | | | | | | | | | | | | | | | | * add setting to enable/disable blocking access to iCloud Private Relay resolvers * add setting to enable/disable blocking access to Mozilla resolvers * rename variables loaded from config in the init script Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | https-dns-proxy: bugfix: prevent canary domains duplicatesStan Grishin2022-10-04
| | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-04
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide: fix security issues by bumping all packages using libwolfssl"). Signed-off-by: Petr Štetiar <ynezz@true.cz>
* | Merge pull request #19501 from stangri/master-simple-adblockStan Grishin2022-10-03
|\ \ | | | | | | simple-adblock: allow domains bugfix & canary domains support
| * | simple-adblock: allow domains bugfix & canary domains supportStan Grishin2022-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fix bug in download_lists and adb_allow to prevent unintended exclisions from the block-lists of domains containing allowed domain. Fixes issue: https://github.com/stangri/source.openwrt.melmac.net/issues/160 * add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains, disabled by default Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | samba4: update waf-cross-answersAndrew Sim2022-10-03
| | | | | | | | | | | | | | | | | | * update waf-cross-answers for 4.14.x Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | samba4: update to 4.14.14Andrew Sim2022-10-03
| | | | | | | | | | | | | | | | | | | | | * update to 4.14.14 * fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742 Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
* | | gg: Update to 0.2.13Tianling Shen2022-10-02
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | dnsproxy: Update to 0.45.2Tianling Shen2022-10-02
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | cloudflared: Update to 2022.9.1Tianling Shen2022-10-02
|/ / | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | https-dns-proxy: uci wrappers & iCloud canary domainsStan Grishin2022-09-30
| | | | | | | | | | | | | | | | * switch to using uci wrappers instead of direct uci calls * add support for iCloud canary domains https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | Merge pull request #19447 from turris-cz/unboundJosef Schlehofer2022-09-29
|\ \ | | | | | | unbound: update to version 1.16.3
| * | unbound: update to version 1.16.3Josef Schlehofer2022-09-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3 - Fixes: CVE-2022-3204 Refreshed one patch Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | ddns-scripts: add explicit "-d" switch for Dry RunRafał Miłecki2022-09-28
| | | | | | | | | | | | | | | | | | | | | | | | It was a bit confusing to use *verbosity* level for Dry Run mode. Add explicity switch for it and designed DRY_RUN variable to make code easier to understand. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* | | ddns-scripts: rename variable: s/ERR_UPDATE/RETRY_COUNT/Rafał Miłecki2022-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename variable to make code easier to understand. This variable specifies how many times in row ddns script tried to update IP without a success. Previous name ("ERR_UPDATE") didn't suggest it was for counting anything. It also didn't specify was error was it related to. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* | | ddns-scripts: replace IP type (name) "local" with "current"Rafał Miłecki2022-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | Local suggests something related to the local network or available locally only. All that code related to the "local" IP was actually dealing with *current* device external IP address. Using name "current" should make code a bit easier to understand. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* | | ddns-scripts: rename variable: s/retry_count/retry_max_count/Rafał Miłecki2022-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | Rename variable to make code easier to understand. This variable specifies how many times ddns script should try to send a request. Previous name ("retry_count") suggested it was for *counting* attempts. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* | | Merge pull request #19448 from stangri/master-simple-adblockStan Grishin2022-09-27
|\ \ \ | | | | | | | | simple-adblock: update to 1.9.1-1
| * | | simple-adblock: update to 1.9.1-1Stan Grishin2022-09-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * remove obsolete block-lists from config * add removal of obsolete lists to config-update * add AdGuard team's block-list to config * improve allow command * improve nftset support * move config load to uci_load_validate, which required some code refactoring which looks dramatic, but isn't * always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options for dnsmasq Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | | Merge pull request #19460 from stangri/master-curlStan Grishin2022-09-26
|\ \ \ \ | | | | | | | | | | curl: bugfix: github source url
| * | | | curl: bugfix: github source urlStan Grishin2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fixes https://github.com/openwrt/packages/issues/19456 Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | | | Merge pull request #19446 from jamesmacwhite/mwan3-config-replace-google-dnsFlorian Eckert2022-09-26
|\ \ \ \ \ | | | | | | | | | | | | mwan3: Switch default track_ip targets from Google DNS to Cloudflare DNS
| * | | | | mwan3: Switch default track_ip targets from Google DNS to Cloudflare DNSJames White2022-09-25
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: James White <james@jmwhite.co.uk>
* | | | | pagekite: add patchs for 64bit timeKarl Palsson2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://github.com/pagekite/libpagekite/pull/78 Signed-off-by: Karl Palsson <karlp@etactica.com>
* | | | | mosquitto: bump to 2.0.15Karl Palsson2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/ Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/ 2.0.15 is bigger security and bugfix release. 2.0.14 had a couple of minor changes and was skipped for OpenWrt. Signed-off-by: Karl Palsson <karlp@etactica.com>
* | | | | mosquitto: add missing 'persistence' section in configPtilopsis Leucotis2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence' section in config file. Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
* | | | | tor: update to 0.4.7.9Nick Hainke2022-09-26
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | Release Notes: https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10 Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | haproxy: Update HAProxy to v2.6.6Christian Lachner2022-09-26
| | | | | | | | | | | | | | | | | | | | | | | | - Update haproxy download URL and hash Signed-off-by: Christian Lachner <gladiac@gmail.com>
* | | | adblock: update 4.1.4-5Dirk Brenken2022-09-25
|/ / / | | | | | | | | | | | | | | | | | | | | | * auto-whitelist ext. dns lookup domain * add public doh server blocklist source * whitespace fixes in adblock.sources Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | Merge pull request #19419 from james-mcguire/masterDirk Brenken2022-09-25
|\ \ \ | | | | | | | | adblock: add lightswitch05 source
| * | | adblock: add lightswitch05 blocklist sourceJames McGuire2022-09-24
| | | | | | | | | | | | | | | | Signed-off-by: James McGuire <jamesm51@gmail.com>
* | | | snowflake: run snowflake-proxy with procd-ujailDaniel Golle2022-09-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | snowflake-proxy doesn't write any files => run in read-only rootfs environment the process needs to read SSL certs but no other files => only exposed path is /etc/ssl/certificates (read-only) running as unpriviledged user with no additional capabilities => set no-new-privs bit By default procd-ujail also isolates the process by executing it in a separate new IPC and PID namespace. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | snowflake: add packageDaniel Golle2022-09-24
| |/ / |/| | | | | | | | | | | | | | | | | Package Tor's Snowflake system components so users can offer e.g. a standalone Snowflake proxy on their routers or other devices. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Powered by cgit, Themed by Ted Yin.