aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
...
* | | | adguardhome: bump to 0.106.0Dobroslaw Kijowski2021-04-28
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | * Full changelog available at: * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.0 * Add build time LDFLAG introduced in commit [1]. [1]: https://github.com/AdguardTeam/AdGuardHome/commit/1d07afb30ee9ff00de72182200b7e1c6d1606d77#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R67 Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* | | net-tools: bump to 2.10Aleksander Jan Bajkowski2021-04-27
| | | | | | | | | | | | Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
* | | Merge pull request #15525 from 1715173329/xrayJosef Schlehofer2021-04-28
|\ \ \ | | | | | | | | xray-core: remove PROVIDES
| * | | xray-core: use `$(INSTALL_DATA)` to install configuration filesTianling Shen2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Using `$(INSTALL_CONF)` will cause the program has no access to configurations file when someone enabled the selinux support. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
| * | | xray-core: remove PROVIDESTianling Shen2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Xray now is no longer planning to keep compatibility with original v2ray. Remove PROVIDES before it is totally broken. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | zerotier: update to 1.6.5Moritz Warning2021-04-28
|/ / / | | | | | | | | | | | | | | | Minor ZeroTier update. Refreshed patches. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* | | net/mosquitto: port is optional in root configKarl Palsson2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | From mosquitto 2.x, port became optional and deprecated in the config, and it was recommended that listeners be used instead. Drop the hard requirement in our config conversion script. Reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: <karlp@etactica.com>
* | | net/mosquitto: fix log_type conversion in configKarl Palsson2021-04-26
| | | | | | | | | | | | | | | | | | As reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: Karl Palsson <karlp@etactica.com>
* | | unbound: fix typo in assist name of https-dns-proxyPeter van Dijk2021-04-25
| | | | | | | | | | | | | | | | | | I left the old version in, in case users have configs that already correct for this error. Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | Merge pull request #15507 from hswong3i/master-SQUID_enable-ssl-crtdRosen Penev2021-04-25
|\ \ \ | | | | | | | | squid: Enable dynamic SSL certificate generation
| * | | squid: Enable dynamic SSL certificate generationWong Hoi Sing Edison2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintainer: @neheb / @BKPepe / @zhanhb Compile tested: ipq806x, generic, netgear_r7800, master Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07 Description: Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`): https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on ssl_bump splice all In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration: https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB ssl_bump stare all ssl_bump bump all This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode. Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | conntrack-tools: add a patch to fix endianness issueTao Gong2021-04-24
|/ / / | | | | | | | | | Signed-off-by: Tao Gong <gongtao0607@gmail.com>
* | | ksmbd-tools: update to 3.3.9Rosen Penev2021-04-24
| | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | uacme: add use_auto_stagingLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Staging certificates have the advantage that their retry limits are loose. Therefore they can be obtained quickly when automatic retries are used. Unfortunately they can not be used for deployments because their CA is not accepted by clients. Production certificates do not have this limitation, but their retry limits are strict. For production certificates, automatic retries can only be performed a few times per hour. This makes automatic obtainment of certificates tenacious. With use_auto_staging=1, the advantages of the two certificate types are combined. Uacme will first obtain a staging certificate. When the staging certificate is successfully obtained, uacme will switch and obtain a production certificate. Since the staging certificate has already been successfully obtained, we can ensure that the production certificate is successfully obtained in the first attempt. This means that "retries" are performed on the staging certificate and the production certificate is obtained in the first attempt. In summary, this feature enables fast obtaining of production certificates when automatic retries are used. By default, this feature is set to use_auto_staging=0, which means that uacme will behave as before by default. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* | | uacme: do not override production state dir variableLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this commit, issue_cert() can be called multiple times alternating between staging and production certificates within a script. Before this commit, the production state dir was stored in $STATE_DIR. But in the case of $use_staging=1, this variable was overwritten in issue_cert() with $STAGING_STATE_DIR. This made it impossible to call issue_cert() with $use_staging=0 afterwards. Now the production state dir is stored in $PRODUCTION_STATE_DIR. This way it is not overridden anymore and issue_cert() can be called multiple times alternating with production and staging. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* | | fwknop: Remove unnecessary get_bool() function.Oldřich Jedlička2021-04-24
| | | | | | | | | | | | | | | | | | | | | The get_bool() functionality was already merged to lib/functions.sh, so it is redundant in the init script. Remove it. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* | | lighttpd: patches from upstreamGlenn Strauss2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - ignore Content-Length from backend if 101 Switching Protocols - close HTTP/2 connection after bad password - skip cert chain build for self-issued certs - meson zstd fix - ls-hpack upstream update - discard some HTTP/2 DATA frames received after response Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | | banip: fix housekeepingDirk Brenken2021-04-23
| | | | | | | | | | | | | | | | | | * fix whitelist housekeeping if you switch between normal- and 'whitelist only' mode Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | Merge pull request #15488 from Ansuel/improve-atlasJosef Schlehofer2021-04-23
|\ \ \ | | | | | | | | atlas-sw-probe: improve key creation
| * | | atlas-sw-probe: improve key creationAnsuel Smith2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* | | | Merge pull request #15493 from dibdot/banIPDirk Brenken2021-04-22
|\ \ \ \ | | | | | | | | | | banip: update to 0.7.7
| * | | | banip: update to 0.7.7Dirk Brenken2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add a "whitelist only" mode, this option allows to restrict Internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the Internet. Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | | gnunet: update to v0.14.1Daniel Golle2021-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * lots of fixes for many subsystems * new messenger group chat service * 'abd' temporarily removed due to upstream issue Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | | openvpn: update to 2.5.2Magnus Kroken2021-04-22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* | | | Merge pull request #15471 from TDT-AG/pr/20200420-stunnelFlorian Eckert2021-04-21
|\ \ \ \ | |/ / / |/| | | stunnel: update to 5.59
| * | | stunnel: update to 5.59Florian Eckert2021-04-20
| | |/ | |/| | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | Merge pull request #15449 from SibrenVasse/masterRosen Penev2021-04-20
|\ \ \ | | | | | | | | openssh: update to 8.6p1
| * | | openssh: update to 8.6p1Sibren Vasse2021-04-20
| |/ / | | | | | | | | | Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
* / / nextdns: Update to version 1.32.0Olivier Poitrey2021-04-20
|/ / | | | | | | Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* | udp-broadcast-relay-redux: Add packageAaron Curley2021-04-19
| | | | | | | | | | | | | | | | This commit is largely based on the work from Daniel Dickinson in PR #2096 which was never merged. I tweaked it in a number of ways. All bugs with this package are mine, not his. Signed-off-by: Aaron Curley <accwebs@gmail.com>
* | nextdns: Update to version 1.12.5Olivier Poitrey2021-04-20
| | | | | | | | Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* | nextdns: Update to version 1.12.3Olivier Poitrey2021-04-19
| | | | | | | | Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* | nextdns: Update to version 1.31.3Olivier Poitrey2021-04-19
| | | | | | | | Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* | Merge pull request #15436 from ↵Philip Prindeville2021-04-18
|\ \ | | | | | | | | | | | | pprindeville/strongswan-gencerts-change-sysconfdir strongswan: change name of config base directory
| * | strongswan: change name of config base directoryPhilip Prindeville2021-04-15
| | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | adblock: update to 4.1.1Dirk Brenken2021-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain clients based on their IP (currently only supported by bind!) * avoid promiscuous mode in tcpdump setup for adblock reporting * speed up dns report preparation * support dns report mailing (/etc/init.d/adblock report mail) * fix bind autodetection * update LuCI-frontend (separate PR) * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | Merge pull request #14656 from stintel/miniupnpdRosen Penev2021-04-16
|\ \ \ | | | | | | | | miniupnpd: introduce IGDv1 variant
| * | | miniupnpd: introduce IGDv1 variantStijn Tintel2021-02-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Microsoft Windows, Xbox and possibly other operating systems do not support IGDv2. With IGDv2 enabled, they send a HTTP GET request for rootDesc.xml and WANIPCn.xml, and then nothing happens. The Microsoft implementation probably doesn't like the WANIPCn.xml response and decides UPnP is not available. When miniupnpd is built without IGDv2 support, after the 2 HTTP GET requests, there is a HTTP POST request to /ctl/IPConn, and miniupnpd configures the port forward as expected. The runtime option force_igd_desc_v1=yes (UCI: igvd1) does not solve this problem. It's possible this was enough in earlier miniupnpd versions, but it does not fix the problem the current version. Since we are a modern distro, we want to support the latest and greatest, so we should default to IGDv2 enabled. Introducing a menuconfig option to disable IGDv2 would only help people who build their own images, so offer a separate package variant for IGDv1. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* | | | Merge pull request #15328 from ja-pa/atlas-probe-v2Rosen Penev2021-04-16
|\ \ \ \ | |_|/ / |/| | | atlas-sw-probe: add new package
| * | | atlas-sw-probe: add new packageJan Pavlinec2021-04-09
| | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
| * | | atlas-probe: add new packageJan Pavlinec2021-04-09
| | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | Merge pull request #15431 from pprindeville/strongswan-add-gencertsPhilip Prindeville2021-04-15
|\ \ \ \ | |_|_|/ |/| | | strongswan: add certificate generation utility
| * | | strongswan: add certificate generation utilityPhilip Prindeville2021-04-15
| | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | Merge pull request #15432 from turris-cz/clamav-add-libiconv-dependencyJosef Schlehofer2021-04-15
|\ \ \ \ | |/ / / |/| | | clamav: add libiconv dependencies when build with NLS
| * | | clamav: add libiconv dependencies when build with NLSJosef Schlehofer2021-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NLS means Native Language Support and when you have it enabled (it is not default), clamav can not be compiled as it shows following error: Package clamav is missing dependencies for the following libraries: libiconv.so.2 Also, it is required that package libiconv-full is compiled first/before than clamav and then try to compile clamav. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | | Merge pull request #15430 from pprindeville/strongswan-add-ipsec-warningPhilip Prindeville2021-04-15
|\ \ \ \ | | | | | | | | | | strongswan: add deprecation warning to ipsec script
| * | | | strongswan: add deprecation warning to ipsec scriptPhilip Prindeville2021-04-14
| |/ / / | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | openvpn-easy-rsa: add missing configfileLuiz Angelo Daros de Luca2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | /etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile and changes were lost during upgrades. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* | | | Merge pull request #15421 from ja-pa/onionshare-v2Rosen Penev2021-04-14
|\ \ \ \ | | | | | | | | | | onionshare-cli: add new package
| * | | | onionshare-cli: add new packageJan Pavlinec2021-04-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Powered by cgit, Themed by Ted Yin.