aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
...
* | | | Merge pull request #15328 from ja-pa/atlas-probe-v2Rosen Penev2021-04-16
|\ \ \ \ | |_|/ / |/| | | atlas-sw-probe: add new package
| * | | atlas-sw-probe: add new packageJan Pavlinec2021-04-09
| | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
| * | | atlas-probe: add new packageJan Pavlinec2021-04-09
| | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | Merge pull request #15431 from pprindeville/strongswan-add-gencertsPhilip Prindeville2021-04-15
|\ \ \ \ | |_|_|/ |/| | | strongswan: add certificate generation utility
| * | | strongswan: add certificate generation utilityPhilip Prindeville2021-04-15
| | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | Merge pull request #15432 from turris-cz/clamav-add-libiconv-dependencyJosef Schlehofer2021-04-15
|\ \ \ \ | |/ / / |/| | | clamav: add libiconv dependencies when build with NLS
| * | | clamav: add libiconv dependencies when build with NLSJosef Schlehofer2021-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NLS means Native Language Support and when you have it enabled (it is not default), clamav can not be compiled as it shows following error: Package clamav is missing dependencies for the following libraries: libiconv.so.2 Also, it is required that package libiconv-full is compiled first/before than clamav and then try to compile clamav. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | | Merge pull request #15430 from pprindeville/strongswan-add-ipsec-warningPhilip Prindeville2021-04-15
|\ \ \ \ | | | | | | | | | | strongswan: add deprecation warning to ipsec script
| * | | | strongswan: add deprecation warning to ipsec scriptPhilip Prindeville2021-04-14
| |/ / / | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | openvpn-easy-rsa: add missing configfileLuiz Angelo Daros de Luca2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | /etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile and changes were lost during upgrades. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* | | | Merge pull request #15421 from ja-pa/onionshare-v2Rosen Penev2021-04-14
|\ \ \ \ | | | | | | | | | | onionshare-cli: add new package
| * | | | onionshare-cli: add new packageJan Pavlinec2021-04-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | | ngircd: update to 26.1Rosen Penev2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch to AUTORELEASE for simplicity. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | ocserv: don't build with libseccomp on ARCEneas U de Queiroz2021-04-14
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libseccomp can't be built on ARC, so we must disable the option here as well. A different fix was first proposed by @zxlhhyccc in #15377. Fixes: #15313 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | | Merge pull request #15406 from pprindeville/strongswan-add-chacha20poly1305Philip Prindeville2021-04-13
|\ \ \ \ | | | | | | | | | | strongswan: handle chacha20poly1305 as AEAD
| * | | | strongswan: handle chacha20poly1305 as AEADPhilip Prindeville2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | chacha20policy1305 is also an AEAD cipher, and hence does not permit a hash algorithm. Fixes issue #15397. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
| * | | | strongswan: fail on serious configuration errorsPhilip Prindeville2021-04-13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
| * | | | strongswan: drop subshell when possiblePhilip Prindeville2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A subshell caused by $(...) can't persistently modify globals as a side-effect. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | hcxdumptool: update to 6.1.6Rosen Penev2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix compilation without deprecated OpenSSL APIs. Backport upstream patch to fix stdout. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | hcxtools: update to 6.1.6Rosen Penev2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add patch fixing compilation without deprecated OpenSSL APIs. Fix installation. This never worked as the section was misnamed. Updated tool names. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | ooniprobe: update to version 3.9.2Jan Pavlinec2021-04-13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | | Merge pull request #15379 from jow-/bonding-accept-uci-listFlorian Eckert2021-04-13
|\ \ \ \ \ | | | | | | | | | | | | bonding: accept list of slaves in uci list notation
| * | | | | bonding: accept list of slaves in uci list notationJo-Philipp Wich2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework the bonding.sh protocol handler to accept slave interface names encoded in uci list notation. Also replace ifconfig up/down with ip link calls while we're at it. Fixes: #11455 Fixes: https://github.com/openwrt/luci/issues/4473 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* | | | | | squid: update to 4.14Rosen Penev2021-04-12
| |/ / / / |/| | | | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | Merge pull request #15382 from cotequeiroz/strongswanPhilip Prindeville2021-04-11
|\ \ \ \ \ | | | | | | | | | | | | strongswan: libnttft must not select strongswan
| * | | | | strongswan: libnttft must not select strongswanEneas U de Queiroz2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The strongswan-libnttfft package should not select the strongswan package, but should depend on it instead. Otherwise a circular dependency is created. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* | | | | | https-dns-proxy: bugfix: race condition with dnsmasqStan Grishin2021-04-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.net>
* | | | | | simple-adblock: update to 1.8.7-3Stan Grishin2021-04-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.net>
* | | | | | ovsd: improve package style and update sourceDaniel Golle2021-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix post-merge comments in #15316 and update source. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | | | safe-search: prevent duplicate cron job installationGregory L. Dietsche2021-04-10
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch prevents multiple cron jobs from being created to run the safe-search-maintenance script. To reproduce this bug, perform the following: - Install safe-search - Perform an OpenWRT firmware upgrade (choose to preserve user settings) - Install safe-search again Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
* / / / / adblock: fix games_tracking source urlDirk Brenken2021-04-09
|/ / / / | | | | | | | | Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | Merge pull request #6924 from derekyerger/strongswan-lattice-sha3Philip Prindeville2021-04-08
|\ \ \ \ | | | | | | | | | | strongswan: add more crypto plugins
| * | | | strongswan: add more crypto pluginsDerek Yerger2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds modules for BLISS signature scheme, NTRU and New Hope key exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD, ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE XOF, and the Number Theoretic Transform library. Signed-off-by: Derek Yerger <derek@altdevs.net>
* | | | | Merge pull request #15353 from ja-pa/knot-resolver-5.3.1Josef Schlehofer2021-04-07
|\ \ \ \ \ | | | | | | | | | | | | knot-resolver: update to version 5.3.1
| * | | | | knot-resolver: update to version 5.3.1Jan Pavlinec2021-04-06
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | | ksmbd-tools: update to 3.3.8Rosen Penev2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes are: disable symlink by default. remove smack inherit leftovers. Enable guest access on IPC$ share by default. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | ksmbd-tools: Add a mDNS TXT record for the ksmbd serviceKirill Nikolaev2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag. Symptoms of the problem (which are also debugging steps): * Finder refuses to open the OpenWRT "computer" in the Network list. * Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown. * `dns-sd -L OpenWrt _smb._tcp` doesn't return any address. Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
* | | | | ooniprobe: update to version 3.9.0Jan Pavlinec2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove getrescources call because it is no longer required. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | | mosquitto: bump to 2.0.10Karl Palsson2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances could be remotely DoS'd by authenticated clients. Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt CVE number has not yet been assigned. Signed-off-by: Karl Palsson <karlp@etactica.com>
* | | | | haproxy: Update HAProxy to v2.2.13Christian Lachner2021-04-06
|/ / / / | | | | | | | | | | | | | | | | | | | | - Update haproxy download URL and hash Signed-off-by: Christian Lachner <gladiac@gmail.com>
* | | | Merge pull request #15337 from SvenRoederer/xinetd-includeFlorian Eckert2021-04-06
|\ \ \ \ | | | | | | | | | | xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
| * | | | xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.shSven Roederer2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid "file not found"-error when embedding via Imagebuilder. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* | | | | strongswan: bump to 5.9.2Philip Prindeville2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Retire weak algorithms like MD5 and 3DES. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | strongswan: force PIC on all buildsPhilip Prindeville2021-04-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | uacme: add retriesLeonardo Mörlein2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit, the acme service attempted to obtain certificates once and then terminated, regardless of whether the certificate could be obtained or not. This commit introduces a new uci option "retries" to the "certificate" section. If this option is set to N, the acme service will attempt to obtain the certificate up to N times before terminating. There is a waiting pause between the retries to comply with the rate limits of Let'sEncrypt. The waiting pause is: - 2 minutes for staging certificates - 24 minutes for production certificates The current "Failed Validation" rate limits of Let'sEncrypt are: - staging: 60 per hour -> 1 failure every 1 minute in avg. - production: 5 per hour -> 1 failure every 12 minutes in avg. This means that we are within rate limits by a factor of two. By default the option "retries" is set to "1", which means that acme behaves as before by default. If the variable is set to "0", infinite retries are performed. This feature is helpful, when you already want to initiate the certificate request, but you are still waiting for your dns server to be configured, your network to appear or other conditions. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* | | | | uacme: propagate rc of uacme in issue_cert()Leonardo Mörlein2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, issue_cert always returned 1 no matter if uacme returned 1, 2, 3, ... With this commit, the return code of the uacme binary is propagated. Therefore the caller of issue_cert can differentiate between "no renew necessary" and "an error occurred". Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* | | | | uacme: allow including run-uacmeLeonardo Mörlein2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this commit, the run-acme script can be included into other scripts by setting INLCUDE_ONLY=1. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* | | | | jool: Update to 4.1.5Ondřej Caletka2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | Compile and run tested on: mvebu (Turris Omnia) Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
* | | | | strongswan: migrate to swanctl configsPhilip Prindeville2021-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Derived from the ipsec initd script, with the following changes: (1) various code improvements, corrections (get rid of left/right updown scripts, since there's only one), etc; (2) add reauth and fragmentation parameters; (3) add x.509 certificate-based authentication; and other minor changes. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | Merge pull request #15339 from pprindeville/strongswan-reset-ipsec.confPhilip Prindeville2021-04-03
|\ \ \ \ \ | | | | | | | | | | | | strongswan: remove synthesized ipsec conf files
Powered by cgit, Themed by Ted Yin.