Commit Graph

5422 Commits

Author SHA1 Message Date
Josef Schlehofer e4f1737056 git: Update to version 2.23.0
Refresh patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit d8d736711d)
2019-10-21 03:33:24 +02:00
Josef Schlehofer 45f3e75558 dnscrypt-proxy2: Update to version 2.0.28
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 4370331d79)
2019-10-21 03:33:04 +02:00
Dirk Brenken 0b3bd00861 travelmate: update 1.5.0
* add WPA3 support
* fix service status message
* refine trigger handling

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ab51b1ba34)
2019-10-20 07:24:28 +02:00
Dirk Brenken 6da95de9ef adblock: minor update 3.8.6-2
* fix service status message
* refine readme regarding reload cron job (provided by @novoid)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit a94610c88f)
2019-10-20 07:20:30 +02:00
Josef Schlehofer a454ee3cd6 bind: Update to version 9.14.6
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 61dcd6849f)
2019-10-20 02:06:08 +02:00
Josef Schlehofer 98519844ac bind: Update to version 9.14.5
Add PKG_LICENSE_FILES

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 8ca1525a8d)
2019-10-20 02:05:55 +02:00
Jan Pavlinec fe3c979d61 irssi: update to version 1.2.2 (security fix)
Fixes CVE-2019-15717

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from commit b42159dea3)
2019-10-20 00:24:00 +02:00
Rosen Penev 068c774beb rtorrent: Switch to using static libtorrent
rtorrent is the only user of libtorrent. Statically link to save space.

Added usleep patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 358495f118)
2019-10-19 12:07:57 -07:00
Rosen Penev 09ee71062e rtorrent: Update to 0.9.8
Switch to codeload. A lot simpler.

Remove upstreamed patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 84c92f215d)
2019-10-19 12:06:25 -07:00
Rosen Penev df85170032 rtorrent: Enable IPv6 support
Other Makefile cleanups as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 343e2a07e4)
2019-10-19 12:06:12 -07:00
Rosen Penev d92c307c61 knxd: Makefile cleanups
argp-standalone is only needed for non GLIBC targets.

Added PKG_BUILD_PARALLEL for faster compilation.

Removed unnecessary C/LDFLAGS.

Remove libstdcpp depends. It's included with libfmt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 5a7ac1d83b)
2019-10-17 16:39:03 -07:00
Carey Sonsino 82a2e3f55f dcwifi: Add Dual Channel Wi-Fi component packages
dcstad: Dual Channel Wi-Fi Station Daemon
dcwapd: Dual Channel Wi-Fi Access Point Daemon
libdcwproto: Dual Channel Wi-Fi Protocol Library
libdcwsocket: Dual Channel Wi-Fi Socket Library
macremapper: MAC Address Remapper Linux Kernel Module
mrmctl: Userland tool to get/set remap rules

Signed-off-by: Carey Sonsino <careys@edgewaterwireless.com>
Signed-off-by: Carey Sonsino <csonsino@gmail.com>
2019-10-16 16:55:38 +00:00
Petr Štetiar 6a4c0cab44 cgi-io: iron out extra compiler warnings
Fixes following errors:

 main.c:458:37: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 main.c:463:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
 main.c:518:35: error: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 main.c:157:3: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
 main.c:763:3: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb6cdb804c)
2019-10-11 16:13:29 +02:00
Petr Štetiar 6677274844 cgi-io: cmake: enable extra compiler warnings
Spotting issues during compilation is cheaper.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4e7411a8d0)
2019-10-11 16:13:20 +02:00
Petr Štetiar 0698c1ab29 cgi-io: cmake: fix libraries lookup
In order to make it compile properly in more environments.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fd47e99be4)
2019-10-11 16:13:11 +02:00
Ansuel Smith af5585ac88 cgi-io: fix read after end errors
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 535b2b6bd8)
2019-10-11 14:33:24 +02:00
Jo-Philipp Wich 92bea7f8e9 cgi-io: use splice() to stream backup archive
This improves the I/O performance when outputting large backups.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a8b4a28372)
2019-10-11 14:33:24 +02:00
Jo-Philipp Wich a1e87b4e0e cgi-io: pass appropriate HTTP error codes to failure()
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c22db6531)
2019-10-11 14:33:23 +02:00
Jo-Philipp Wich 13075d4d51 cgi-io: add download operation
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.

In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.

Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".

Below is an example for the required acl rules to grant download access
to files or block devices:

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "cgi-io",
        "objects": [
            [ "download", "read" ]
        ]
    }'

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "file",
        "objects": [
            [ "/etc/config/*", "read" ],
            [ "/dev/mtdblock*", "read" ]
        ]
    }'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab2a2b080d)
2019-10-11 14:33:23 +02:00
Jo-Philipp Wich 0fc83858fc cgi-io: use different acl scopes for path and command permissions
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.

The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.

Write access to a path can be granted by using an ubus call in the
following form:

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "file",
        "objects": [
            [ "/var/lib/uploads/*", "write" ]
        ]
    }'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c8a86c8c8e)
2019-10-11 14:31:49 +02:00
Jo-Philipp Wich 76d741c990 cgi-io: require whitelisting upload locations
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.

To setup the required ACLs, the following ubus command may be used
on the command line:

ubus call session grant '{
  "ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
  "scope": "cgi-io",
  "objects": [
    [ "/etc/certificates/*", "write" ],
    [ "/var/uploads/*", "write" ]
  ]
}'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22be9a1c01)
2019-10-11 14:04:11 +02:00
Dirk Brenken 5c54504498 banip: update 0.3.1
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
  DoH DNS server addresses, to effectively block client side DoH
  communication, e.g. via Firefox or Chrome

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 70ab67649b)
2019-10-09 19:40:04 +02:00
Dirk Brenken bfdbf137ea banip: update 0.3.0
* new 'ca-bundle' dependency as all https connections
  are now validated by default
* automatically select the download utility: 'aria2', 'curl',
  'uclient-fetch' with libustream-* or wget are supported
* track & ban failed LuCI login attempts as well
* add a small log/banIP background monitor to block
  SSH/LuCI brute force attacks in realtime (disabled by default)
* add a config version check (please update your default config!)
* made the automatic wan detection more stable
* fix the IPv6 logfile parser
* fix the service status message
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ff8b853a6d)
2019-10-09 19:39:19 +02:00
Karl Palsson 6b8870a353 net/mosquitto: drop obsolete libuuid dependency
libuuid was dropped as a dependency in mosquitto 1.6.0

Signed-off-by: Karl Palsson <karlp@etactica.com>
2019-10-09 13:50:14 +00:00
Hannu Nyman 7af62d891a Merge pull request #10165 from stangri/19.07-simple-adblock
[19.07] simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
2019-10-07 18:09:35 +03:00
Josef Schlehofer 9fd74cbb02 unbound: Update to version 1.9.4
Fixes CVE-2019-16866

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 1caf170daf)
2019-10-07 01:12:20 +02:00
Stan Grishin aac235151b simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-10-06 09:34:03 -07:00
Christian Lachner 62e42b4720 haproxy: Update HAProxy to v2.0.7
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-2.0.7.html)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2019-10-05 14:05:19 +02:00
Stan Grishin fe2114d785 simple-adblock: bugfix and improvements (check description)
Signed-off-by: Stan Grishin <stangri@melmac.net>
2019-10-03 18:42:14 -07:00
William Fleurant d0fff76c2e yggdrasil: bump to 0.3.9
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry-picked from 7296ff1b5c)
2019-09-29 19:04:31 -07:00
Josef Schlehofer e59ac33808 dnscrypt-proxy2: Update to version 2.0.27
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit b9fbb90fd4)
2019-09-29 20:42:31 +02:00
Claudius Ellsel 05ad389f41 adblock: More cosmetic changes and more detailed installation instructions to README.md
Signed-off-by: Claudius Ellsel <claudius.ellsel@live.de>
(cherry picked from commit 6121af755d)
2019-09-29 08:01:02 +02:00
Claudius Ellsel df4452ade3 adblock: Cosmetic changes to README.md
Add code blocks for easier reading and change "dns" to "DNS".

Signed-off-by: Claudius Ellsel <claudius.ellsel@live.de>
(cherry picked from commit 088a14e5ce)
2019-09-29 07:59:37 +02:00
Johannes Rothe bbc6a303a1 travelmate: add support for optional args in auto-login script
This can be helpful for example in hotels where you need to
enter a new user/password combination every week.

Signed-off-by: Johannes Rothe <mail@johannes-rothe.de>
(cherry picked from commit a7f87f939d)
2019-09-29 07:58:00 +02:00
Jan Pavlinec a0d4cc9170 treewide: add PKG_CPE_ID for cvescanner
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from ceadbcbb64)
2019-09-26 19:36:27 -07:00
Jan Pavlinec 937b19ebb7 treewide: add PKG_CPE_ID for better cvescanner coverage
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from bf2f1a0263)
2019-09-26 19:36:27 -07:00
Jan Pavlinec fac472e28a samba4: update to version 4.9.13 (security fix)
Fixes CVE-2019-10197

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from ad16f2a851)
2019-09-26 19:36:26 -07:00
Oever González 8671765883 samba4: remove double quotes for renice
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.

The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.

Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from c45974d0a3)
2019-09-26 19:36:26 -07:00
Andy Walsh cd597524d1 samba4: add python2 host dependency
* add python2/host dependency

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry-picked from c02ef3ae7f)
2019-09-26 19:36:26 -07:00
Rosen Penev d3db014eb1 samba4: Run init script through shellcheck
Some performance improvements by batching file writes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from d03b88b5b0)
2019-09-26 19:36:26 -07:00
Andy Walsh 8a20820a9b samba4: revert to 4.9.11
* revert to 4.9.x series (4.10 needs too many unofficial patches and has weird waf bugs)
* cleanup patches
* enable AD_DC build option again

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry-picked from 2f2a4bccd9)
2019-09-26 19:36:25 -07:00
Sven Eckelmann 1142f52078 treewide: Change .*GPL.*+ licenses to SPDX compatible identifier
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".

Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry-picked from bbb1ea7345)
2019-09-26 19:36:25 -07:00
Florian Eckert 605383751e keepalived: update version to 2.0.18
Update version to 2.0.18

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from 333324f973)
2019-09-26 19:36:24 -07:00
Florian Eckert 05f4ae9250 keepalived: fix shellcheck warnings
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from 7a207f87af)
2019-09-26 19:36:24 -07:00
Nikos Mavrogiannopoulos 4b3ddb1382 ocserv: updated to 0.12.4
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
(cherry-picked from cefb2f03e2)
2019-09-26 19:36:24 -07:00
Florian Eckert 6154afb3cf stunnel: fix some shellcheck warnings
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from 6713d1d771)
2019-09-26 19:36:24 -07:00
Florian Eckert 1a93b5512f stunnel: update version to 5.55
Update version to 5.55

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry-picked from a17e90591c)
2019-09-26 19:36:23 -07:00
Rosen Penev e02387b95e geth: Update to 1.9.1
Remove Upstreamed patch.

Minor cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 03b1d7c4d4)
2019-09-26 19:36:23 -07:00
Andreas Nilsen 1e48632e08 hcxtools: Update to v5.2.2
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
2019-09-26 19:47:29 +02:00
Andreas Nilsen 80002c1b99 hcxdumptool: Update to v5.2.2
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
2019-09-26 19:47:08 +02:00