aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
* Merge pull request #15588 from flyn-org/nfdumpRosen Penev2021-05-10
|\ | | | | nfdump: update to 1.6.23
| * nfdump: update to 1.6.23W. Michael Petullo2021-05-10
| | | | | | | | Signed-off-by: W. Michael Petullo <mike@flyn.org>
* | Merge pull request #15585 from ja-pa/tailscale-1.8.1Rosen Penev2021-05-10
|\ \ | |/ |/| tailscale: update to version 1.8.1
| * tailscale: update to version 1.8.1Jan Pavlinec2021-05-10
| | | | | | | | | | | | Add readme with simple tailscale howto. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | Merge pull request #15575 from ↵Philip Prindeville2021-05-07
|\ \ | | | | | | | | | | | | pprindeville/strongswan-always-generate-var-strongswan strongswan: swanctl init script doesn't load connections
| * | strongswan: swanctl init script doesn't load connectionsPhilip Prindeville2021-05-05
| | | | | | | | | | | | | | | | | | Fixes issue #15446 Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | Merge pull request #15474 from ja-pa/unbound-ttl-negRosen Penev2021-05-07
|\ \ \ | |_|/ |/| | unbound: add cache-max-negative-ttl config option
| * | unbound: add cache-max-negative-ttl config optionJan Pavlinec2021-04-20
| | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | Merge pull request #15553 from PolynomialDivision/add-samplicatorRosen Penev2021-05-06
|\ \ \ | | | | | | | | samplicator: add samplicator
| * | | samplicator: add samplicatorNick Hainke2021-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Samplicator receives UDP datagrams on a given port and resends those datagrams to a specified set of receivers. Use Cases: - replicate Flow Samples to multiple receivers - use with conntrackd to synchronize via unicast to multiple targets Signed-off-by: Nick Hainke <vincent@systemli.org>
* | | | Merge pull request #15539 from ja-pa/tailscaleRosen Penev2021-05-06
|\ \ \ \ | | | | | | | | | | tailscale: add new package
| * | | | tailscale: add new packageJan Pavlinec2021-04-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | | samba4: update to 4.13.8Andy Walsh2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update to 4.13.8 * remove faulty io_uring kernel detection * fixes CVE's: CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2021-20254 * resolves #15512 Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* | | | | Merge pull request #15537 from aaronjg/mwan3/notrackFlorian Eckert2021-05-06
|\ \ \ \ \ | | | | | | | | | | | | mwan3: allow interfaces with no tracking IPs
| * | | | | mwan3: allow interfaces with no tracking IPsAaron Goodman2021-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the procd refactor, support for interfaces with no tracking IPs was inadvertentiy removed. This commit restores the previous behavior Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
* | | | | | Merge pull request #15562 from TDT-AG/pr/20200503-mwan3Florian Eckert2021-05-06
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | mwan3: update ubus status for no tracked interfaces
| * | | | | mwan3: update ubus status for not tracked interfacesFlorian Eckert2021-05-03
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
| * | | | | mwna3: fix whitespaceFlorian Eckert2021-05-03
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | Merge pull request #15554 from pprindeville/fix-dhcp-route-whitespacesPhilip Prindeville2021-05-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | isc-dhcpd: handle extra spaces in routes
| * | | | | | isc-dhcpd: handle extra spaces in routesPhilip Prindeville2021-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | | | tcpreplay: bump to version 4.3.4Alexandru Ardelean2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* | | | | | | adguardhome: bump to 0.106.1Dobroslaw Kijowski2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create working directory when it is not present. Apparently some recent change made adguardhome fail to start when working directory is missing. * Full changelog available at: * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1 Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* | | | | | | banip: update to 0.7.8Dirk Brenken2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fix pid file processing of the background monitor plus child processes (bug reported in the forum) * made the enabled/disabled switch of the background monitor functional Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | | | | Merge pull request #15532 from dangowrt/bunch-of-updatesEneas U de Queiroz2021-05-03
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | a bunch of package updates
| * | | | | | opentracker: update to git HEADDaniel Golle2021-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| * | | | | | gnunet-fuse: update to version 0.14.0Daniel Golle2021-04-29
| | |/ / / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* | | | | | haproxy: Update HAProxy to v2.2.14Christian Lachner2021-05-01
| |_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | - Update haproxy download URL and hash Signed-off-by: Christian Lachner <gladiac@gmail.com>
* | | | | nextdns: Update to version 1.32.1Olivier Poitrey2021-04-30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* | | | | adblock: update to 4.1.2Dirk Brenken2021-04-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * preserve DNS cache after adblock processing (unbound & bind) * fix redirect issue with oisd basic url * cosmetics Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | | bind: bump to 9.17.12Noah Meyerhans2021-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: * CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. * CVE-2021-25214 - Insufficient IXFR checks could result in named serving a zone without an SOA record at the apex, leading to a RUNTIME_CHECK assertion failure when the zone was subsequently refreshed. This has been fixed by adding an owner name check for all SOA records which are included in a zone transfer. Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* | | | | knxd: pumb to upstream version 0.14.51Othmar Truniger2021-04-28
| |_|/ / |/| | | | | | | | | | | Signed-off-by: Othmar Truniger <github@truniger.ch>
* | | | adguardhome: bump to 0.106.0Dobroslaw Kijowski2021-04-28
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | * Full changelog available at: * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.0 * Add build time LDFLAG introduced in commit [1]. [1]: https://github.com/AdguardTeam/AdGuardHome/commit/1d07afb30ee9ff00de72182200b7e1c6d1606d77#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R67 Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* | | net-tools: bump to 2.10Aleksander Jan Bajkowski2021-04-27
| | | | | | | | | | | | Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
* | | Merge pull request #15525 from 1715173329/xrayJosef Schlehofer2021-04-28
|\ \ \ | | | | | | | | xray-core: remove PROVIDES
| * | | xray-core: use `$(INSTALL_DATA)` to install configuration filesTianling Shen2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Using `$(INSTALL_CONF)` will cause the program has no access to configurations file when someone enabled the selinux support. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
| * | | xray-core: remove PROVIDESTianling Shen2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Xray now is no longer planning to keep compatibility with original v2ray. Remove PROVIDES before it is totally broken. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | | zerotier: update to 1.6.5Moritz Warning2021-04-28
|/ / / | | | | | | | | | | | | | | | Minor ZeroTier update. Refreshed patches. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* | | net/mosquitto: port is optional in root configKarl Palsson2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | From mosquitto 2.x, port became optional and deprecated in the config, and it was recommended that listeners be used instead. Drop the hard requirement in our config conversion script. Reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: <karlp@etactica.com>
* | | net/mosquitto: fix log_type conversion in configKarl Palsson2021-04-26
| | | | | | | | | | | | | | | | | | As reported in: https://github.com/openwrt/packages/issues/15506 Signed-off-by: Karl Palsson <karlp@etactica.com>
* | | unbound: fix typo in assist name of https-dns-proxyPeter van Dijk2021-04-25
| | | | | | | | | | | | | | | | | | I left the old version in, in case users have configs that already correct for this error. Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | Merge pull request #15507 from hswong3i/master-SQUID_enable-ssl-crtdRosen Penev2021-04-25
|\ \ \ | | | | | | | | squid: Enable dynamic SSL certificate generation
| * | | squid: Enable dynamic SSL certificate generationWong Hoi Sing Edison2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintainer: @neheb / @BKPepe / @zhanhb Compile tested: ipq806x, generic, netgear_r7800, master Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07 Description: Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`): https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on ssl_bump splice all In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration: https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB ssl_bump stare all ssl_bump bump all This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode. Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | conntrack-tools: add a patch to fix endianness issueTao Gong2021-04-24
|/ / / | | | | | | | | | Signed-off-by: Tao Gong <gongtao0607@gmail.com>
* | | ksmbd-tools: update to 3.3.9Rosen Penev2021-04-24
| | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | uacme: add use_auto_stagingLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Staging certificates have the advantage that their retry limits are loose. Therefore they can be obtained quickly when automatic retries are used. Unfortunately they can not be used for deployments because their CA is not accepted by clients. Production certificates do not have this limitation, but their retry limits are strict. For production certificates, automatic retries can only be performed a few times per hour. This makes automatic obtainment of certificates tenacious. With use_auto_staging=1, the advantages of the two certificate types are combined. Uacme will first obtain a staging certificate. When the staging certificate is successfully obtained, uacme will switch and obtain a production certificate. Since the staging certificate has already been successfully obtained, we can ensure that the production certificate is successfully obtained in the first attempt. This means that "retries" are performed on the staging certificate and the production certificate is obtained in the first attempt. In summary, this feature enables fast obtaining of production certificates when automatic retries are used. By default, this feature is set to use_auto_staging=0, which means that uacme will behave as before by default. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* | | uacme: do not override production state dir variableLeonardo Mörlein2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this commit, issue_cert() can be called multiple times alternating between staging and production certificates within a script. Before this commit, the production state dir was stored in $STATE_DIR. But in the case of $use_staging=1, this variable was overwritten in issue_cert() with $STAGING_STATE_DIR. This made it impossible to call issue_cert() with $use_staging=0 afterwards. Now the production state dir is stored in $PRODUCTION_STATE_DIR. This way it is not overridden anymore and issue_cert() can be called multiple times alternating with production and staging. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
* | | fwknop: Remove unnecessary get_bool() function.Oldřich Jedlička2021-04-24
| | | | | | | | | | | | | | | | | | | | | The get_bool() functionality was already merged to lib/functions.sh, so it is redundant in the init script. Remove it. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* | | lighttpd: patches from upstreamGlenn Strauss2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - ignore Content-Length from backend if 101 Switching Protocols - close HTTP/2 connection after bad password - skip cert chain build for self-issued certs - meson zstd fix - ls-hpack upstream update - discard some HTTP/2 DATA frames received after response Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* | | banip: fix housekeepingDirk Brenken2021-04-23
| | | | | | | | | | | | | | | | | | * fix whitelist housekeeping if you switch between normal- and 'whitelist only' mode Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | Merge pull request #15488 from Ansuel/improve-atlasJosef Schlehofer2021-04-23
|\ \ \ | | | | | | | | atlas-sw-probe: improve key creation
Powered by cgit, Themed by Ted Yin.