aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
...
| * | sqm-scripts: Change iptables dependency to iptables-nftToke Høiland-Jørgensen2022-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's only one of the shaper scripts (simple.qos) that uses iptables, and it should be fine with iptables-nft for compatibility with the new default nft-based firewall. Confusingly, we still need the iptables-mod-ipopt package to get the DSCP match module; we never used CONNMARK, though, so drop the iptables-mod-conntrack-extra dependency while we're at it. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* | | Merge pull request #17748 from neheb/8Florian Eckert2022-02-03
|\ \ \ | | | | | | | | xinetd: fix bad printf formats
| * | | xinetd: fix bad printf formatsRosen Penev2022-01-30
| | | | | | | | | | | | | | | | | | | | | | | | Easier to use the proper C macro. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | Merge pull request #17762 from stangri/master-https-dns-proxyStan Grishin2022-02-02
|\ \ \ \ | | | | | | | | | | https-dns-proxy: update to 2021-11-22-1
| * | | | https-dns-proxy: update to 2021-11-22-1Stan Grishin2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update to 2021-11-22 upstream source * update patch file * update init script to preserve manual entries (fixes https://github.com/stangri/source.openwrt.melmac.net/issues/149) * update init script service_triggers Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | | | | adguardhome: Bump adguardhome to v0.107.3 stableJames White2022-02-02
| | | | | | | | | | | | | | | | | | | | Signed-off-by: James White <james@jmwhite.co.uk>
* | | | | apache2: security update to version 2.4.52Josef Schlehofer2022-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes CVEs: - CVE-2021-44790 - CVE-2021-44224 Refreshed patches Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | | | strongswan: Update to 5.9.5Philip Prindeville2022-02-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | wg-installer: use babeld add_interface functionNick Hainke2022-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With commit 385200443554 ("babeld: add add_interface function") babeld has a new ubus function allowing to dynamically add an interface. Before the add_interface function, we were required to reload babeld. The reload influenced the babeld routing. However, the remove part is still missing and will be added at a later stage. Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | | bind: bump to 9.18.0Noah Meyerhans2022-02-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* | | | | samba4: update to 4.14.12Andy Walsh2022-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update to 4.14.12 * fixes: CVE-2021-44142, CVE-2022-0336 Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* | | | | chaosvpn: fix build on macosSergey V. Lobanov2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | chaosvpn Makefile detects Darwin (macos) and changes compilation flags for macos target, but OpenWrt is always Linux so build fails. This patch redefines OS=Linux to use Linux compilation flags. Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | | | nut: fix build on macosSergey V. Lobanov2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nut build fails on macos due to: 1. configure script can not use AR env var due to OpenWrt build system provides only executable name (e.g. aarch64-openwrt-linux-musl-gcc-ar) but configure script checks if AR has '/'. As a result, configure script ignores AR env var and uses system `ar` but macos `ar` is not compatible with the objects generated by OpenWrt GCC toolchain. This commit explicitly sets ac_cv_path_AR=$(TARGET_AR) to use OpenWrt toolchain AR. 2. configure script detects if build host is macos and adds macosx_ups driver as a build target, but this driver can not be build with OpenWrt toolchain because OpenWrt is Linux. This commit explicitly disables macosx_ups driver using configure flag --without-macosx_ups Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | | | softethervpn: fix build on macosSergey V. Lobanov2022-01-31
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | host-compile fails on macos due to several reasons: 1. host-compile Makefile always selected for linux 2. macos host cc (clang) fails due to implicit-function-declaration 3. ar and ranlib tools are hardcoded in softethervpn Makefiles All three issues are fixed by this patch Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | | bridge-utils: update to 1.7.1Rosen Penev2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | Added missing limits header for PATH_MAX. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | linuxptp: fix bad formats with ppc64 and mips64Rosen Penev2022-01-31
| | | | | | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | ddns-scripts: remove extra pipeAndré Herbst2022-01-31
|/ / / | | | | | | | | | | | | The extra pipe caused an error WARN : PID 'xyz' exit WITH ERROR '2' when executing ddns update. Signed-off-by: André Herbst <moormaster@gmx.net>
* | | knxd: fix build on macosSergey V. Lobanov2022-01-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | knxd compilation fails on macos due to clang does not support exit() builtin function that is used to detect build cc This commit adds a patch to fix this issue (replaces `exit 0` by `return 0` in conftest.c) Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | dnsproxy: Update to 0.41.0Tianling Shen2022-01-30
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | coova-chilli: add interface_trigger "wan"Thibaut VARÈNE2022-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This intends to replace the hotplug script. It still hardcodes "wan" interface name (as several other packages do) for lack of a deterministic way to detect the actual wan iface before it is brought up, but at least it is fully integrated with procd and will not start a disabled service. The interface trigger forcefully restarts chilli as a simple reload may not be sufficient to recover from wan changes. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* | | coova-chilli: remove hotplug callThibaut VARÈNE2022-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This hotplug trigger unconditionaly restarts coova-chilli when the "wan" interface sees action "ifup", without checking whether or not the service is disabled or the upstream interface is actually called "wan". This hotplug could be replaced by a suitable service trigger instead. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* | | coova-chilli: execute firewall cleanup at shutdownThibaut VARÈNE2022-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Coova Chilli creates "undo" firewall scripts that are intended to be run when the daemon is shut down. Failure to do so results in leftover entries in firewall and duplicated ones if chilli is subsequently restarted. Execute these scripts when the service stops. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* | | coova-chilli: postpone startup until wan is availableThibaut VARÈNE2022-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | Coova Chilli will fail to start if e.g. it cannot resolve names in its configuration (like uamserver, radiusserver, etc) which is typically the case when wan is unavailable. Prevent this situation by delaying startup if wan is not available. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* | | radsecproxy: fix compilation with newer GCCRosen Penev2022-01-29
| | | | | | | | | | | | | | | | | | Errors on uninitialized variable. Only on powerpc64 for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | Merge pull request #17718 from pprindeville/isc-dhcp-fix-srvhost-rrPhilip Prindeville2022-01-28
|\ \ \ | | | | | | | | isc-dhcp: properly anchor SRV RR's
| * | | isc-dhcp: properly anchor SRV RR'sPhilip Prindeville2022-01-28
| | |/ | |/| | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | prosody: update to version 0.11.13Josef Schlehofer2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes CVEs: - CVE-2022-0217 - CVE-2021-37601 - CVE-2021-32918 - CVE-2021-32920 - CVE-2021-32921 - CVE-2021-32917 - CVE-2021-32919 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | samba4: update to 4.14.11; fix AD_DC buildAndy Walsh2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update to 4.14.11 * fix AD_DC build * add vfs_widelinks to defaults * refresh patches * fixes: #16697, #17692 * fixes: CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* | | isc-dhcp: fix build on macosSergey V. Lobanov2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | isc-dhcp uses system ar tool so build fails on Darwin build host. Embedded bind lib uses system ar and ranlib tools and fails on Darwin This patch explicitly specifies ar and ranlib tools for target build Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | Merge pull request #17713 from turris-cz/clamav-updateJosef Schlehofer2022-01-28
|\ \ \ | | | | | | | | clamav: update to version 0.104.2
| * | | clamav: update to version 0.104.2Josef Schlehofer2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backported upstream pending pull request to fix following error: CMake Error at /foo/staging_dir/host/share/cmake-3.19/Modules/FindPackageHandleStandardArgs.cmake:218 (message): Could NOT find CURSES (missing: CURSES_LIBRARY) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | | crowdsec: update from latest upstream release 1.3.0Kerma Gérald2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes (from 1.2.3): https://github.com/crowdsecurity/crowdsec/compare/v1.2.3...v1.3.0 Signed-off-by: Kerma Gérald <gandalf@gk2.net>
* | | | Merge pull request #17646 from LugicoHDPlayer/feature-ddns-scripts-one-comFlorian Eckert2022-01-27
|\ \ \ \ | | | | | | | | | | ddns-scripts: add one.com provider
| * | | | ddns-scripts: add one.com providerLuca Conte2022-01-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Luca Conte <main@lugico.de>
* | | | | miniupnpd: declare nftables variant as DEFAULT_VARIANTHannu Nyman2022-01-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Declare the nftables variant as the DEFAULT_VARIANT as nftables firewall4 is the now default in OpenWrt. Additionally, * toggle CONFLICTS placement to avoid circular dependency warning * use AUTORELEASE Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* | | | | dnsproxy: Update to 0.40.6Tianling Shen2022-01-25
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | | pdns: update to 4.6.0Peter van Dijk2022-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bump to 4.6.0 * Remove "random" backend as it is gone upstream Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | | | vnstat2: update to version 2.9Jan Hoffmann2022-01-25
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Hoffmann <jan@3e8.eu>
* | | | | proxychains-ng: update to version 4.16Daniel Bermond2022-01-25
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintainer: me Build system: Arch Linux x86_64 Build tested: ipq806x/R7800 Run tested : ipq806x/R7800 Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
* | | | wg-installer: fix multiple namespacesNick Hainke2022-01-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add flag "--lookup-default-namespace" to signal that wg-installer should look already established wireguard sessions in the default namespace. Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | Merge pull request #17543 from stintel/vallumdStijn Tintel2022-01-22
|\ \ \ \ | | | | | | | | | | vallumd: bump to 0.2.0
| * | | | vallumd: bump to 0.2.0Stijn Tintel2022-01-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* | | | | jool: remove iptables support and update templatesTiago Gaspar2022-01-21
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit removes iptables backend support and leaves only the netfilter backend support. This means that: - iptables and nftables firewall based systems (firewall3 and firewall 4) are supported trough the netfilter instance mode - the iptables/xtables mode support is disabled For more information on the modes and how to use the new netfilter instance checkout https://www.jool.mx/en/intro-jool.html This move is made out of the commit upstream that sets firewall4 as the default for new default buils and based on the conversation in #16818 and was decided that the netfilter interface is the priority since iptables support will be dropped in the foreseeable future. While at it update the templates provided. Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
* | | | libreswan: fix build on macosSergey V. Lobanov2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libreswan makefile detects macos (darwin) and changes build logic but OpenWrt is always Linux so it is required to specify linux as target platfrom This patch specifies Linux as a target platfrom Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* | | | crowdsec-firewall-bouncer: fix name in initd to start the processKerma Gérald2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer the initd need the correct binary name to start the process the link for github source need also to be fixed (only the information one) fix the BuildDate updated copyright Signed-off-by: Kerma Gérald <gandalf@gk2.net>
* | | | dnsproxy: Update to 0.40.5Tianling Shen2022-01-20
| | | | | | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | lighttpd: update to lighttpd 1.4.64 release hashGlenn Strauss2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | remove long-deprecated modules Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | | | wg-installer: remove unused dependencyNick Hainke2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the dependency "coreutils-realpath" from wg-installer-server-hotplug-olsrd. Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | wg-installer: create wireguard key if it does not existNick Hainke2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Check if the key exists which is given by option wg_key '/etc/wgserver/wg.key' Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | wg-installer: install cronjobNick Hainke2022-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Install a cronjob that removes unused wireguard interfaces every 10 minutes. Signed-off-by: Nick Hainke <vincent@systemli.org>
Powered by cgit, Themed by Ted Yin.