Commit Graph

5977 Commits

Author SHA1 Message Date
Stijn Tintel bf729d2f38 Merge pull request #5821 from kbabioch/feat/ipNetToPhysicalTable
net-snmp: Enable MIB ip-mib/inetNetToMediaTable
2019-02-16 17:15:04 +02:00
Yousong Zhou 40e7e241a3 shadowsocks-libev: flush ipv6 ss-rules on service stop
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-16 07:38:13 +00:00
Rosen Penev 70c34ef472 transmission: Add LTO support to shave off 35KB off of the ipk
Minor Makefile cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-15 18:07:31 -08:00
Dirk Brenken 845078e8e0 Merge pull request #8224 from dibdot/travelmate
travelmate: update 1.3.5
2019-02-15 16:32:53 +01:00
Dirk Brenken 9caef6ca4f travelmate: update 1.3.5
* rework procd trigger handling
	- react immediately on if down network events
	- remove needless apply hook in LuCI

Signed-off-by: Dirk Brenken <dev@brenken.org>
2019-02-15 09:29:58 +01:00
Luís Felipe Safady e144ffd24b prosody: Update prosody to 0.11.2 Update
Fixes CVE-2018-10847

Added PKG_CPE_ID for proper CVE tracking.

Signed-off-by: Luís Felipe Safady <lagonauta@gmail.com>
2019-02-14 22:53:44 -02:00
Maxim Cournoyer 90a713e3c6 net-snmp: disable support for perl
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.

Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.

Fixes issue #8217.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
2019-02-14 13:34:39 -05:00
Hannu Nyman c82e79713c Merge pull request #7894 from neheb/spoof
spoofer: Fix compilation without deprecated OpenSSL APIs
2019-02-14 18:30:44 +02:00
Karl Palsson fd206f5182 mosquitto: update to 1.5.7
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/

Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings

Signed-off-by: Karl Palsson <karlp@etactica.com>
2019-02-14 11:17:40 +00:00
Hannu Nyman 436f18f269 Merge pull request #8190 from cshoredaniel/pr-gitolite-dropbear
gitolite: Drop openssh dependency
2019-02-13 18:51:38 +02:00
Rosen Penev 0e17306c29 iotivity: Backport upstream patch to fix GCC 7+ compilation
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-12 11:23:14 -08:00
Hannu Nyman 3613472b24 Merge pull request #8192 from gladiac1337/feature-haproxy-v1.8.19
haproxy: Update HAProxy to v1.8.19
2019-02-12 19:30:06 +02:00
Jeffery To 457713b38c mini_snmpd: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also replaces space indentation with tabs, and removes trailing
whitespace and unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-12 20:32:10 +08:00
Yousong Zhou b69810b8ec shadowsocks-libev: ss-rules: fix flushing ipv6 rules
"-6" has to be the first argument

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-12 11:53:16 +00:00
Yousong Zhou 8cba4a7f8b shadowsocks-libev: ss-rules: tweak for readability
- quash errors on detection of ipv6 nat
 - remove unnecessary rule args "--comment ..." and "-p ..."

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-12 11:49:40 +00:00
Jeffery To a0b51e9bd6 nft-qos: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also adds a validate section to service_triggers(), and fixes some
variable name typos in qosdef_init_static().

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-12 16:31:59 +08:00
Christian Lachner b8d3db6fec haproxy: Update HAProxy to v1.8.19
- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2019-02-12 08:58:53 +01:00
Peter Wagner 5d4ec805fd irssi: update to 1.2.0
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-12 00:48:34 +01:00
Hannu Nyman a182185381 Merge pull request #8135 from ja-pa/unbound-update
unbound: update to version 1.9.0 and remove old patch
2019-02-11 21:53:37 +02:00
Yousong Zhou c84a66112c shadowsocks-libev: flush ss rules on entry
Fixes issue reported in openwrt/luci#2527

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-11 13:34:56 +00:00
Jan Pavlinec f986379802 unbound: update to version 1.9.0
Changes:
-remove old dns64 patch
-refresh openssl deprecated patch
-add DoT error log patch https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-02-11 12:34:22 +01:00
Jan Pavlinec 4729c3fddf openssh: patch scp security issues
Fixes
CVE-2019-6109
CVE-2019-6111

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-02-10 16:22:41 +01:00
Deng Qingfang b35862d06e uwsgi-cgi: update to 2.0.18 and use official tarball
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-02-10 20:25:10 +08:00
Jan Pavlinec f22d113358 obfs4proxy: update to version 0.0.9
Changes:
-remove old patch(part of 0.0.9 release)
-change the canonical upstream repo location to gitlab
-change source to gitlab
-change source package to golang-gitlab-yawning-obfs4-dev

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-02-10 01:00:27 +01:00
Hannu Nyman fb209cf568 Merge pull request #8111 from neheb/ng
ngircd: Update to 25
2019-02-08 19:31:13 +02:00
Hannu Nyman 9e5e6124b5 Merge pull request #8126 from jefferyto/tgt-init
tgt: Update init script
2019-02-08 19:30:40 +02:00
Toke Høiland-Jørgensen 56cc1423c6 Merge ACME fixes
Closes #8149

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-02-08 17:18:28 +01:00
Toke Høiland-Jørgensen 71cedd6ec4 acme: Bump package revision
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-02-08 17:17:37 +01:00
Adrien DAURIAT 3439c008e5 acme: Fix loading credentials
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )

Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-02-08 17:17:13 +01:00
Karl Palsson 6809ab1c9b mosquitto: bump to 1.5.6
This is a bugfix and security release.

CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.

=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.

CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.

CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.

Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files

Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1

Signed-off-by: Karl Palsson <karlp@etactica.com>
2019-02-08 11:55:21 +00:00
Jeffery To b7ee8141e4 wifidog-ng: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also adds a service_triggers() function and updates the timeout
value to the new max timeout in ipset 7.0.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-08 17:00:54 +08:00
Jeffery To 66c553470e tgt: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-08 16:43:06 +08:00
Hannu Nyman c845e59d0d Merge pull request #8114 from neheb/av
davfs2: Update to 1.5.5
2019-02-07 20:52:37 +02:00
Alexey I. Froloff c636bf374f net/acme: commit uhttpd configuration if update_httpd set
uhttpd configuration should be commited when update_uhttpd set.

Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
2019-02-07 15:22:56 +03:00
Alexey I. Froloff 8564f61d50 net/acme: issue_cert should always call post_checks on exit
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.

Always call post_checks when returning from issue_cert.

Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
2019-02-07 15:22:39 +03:00
David Yang 6de1efbeb5 i2pd: Update to 2.23.0, fix #7845 and #8088
Signed-off-by: David Yang <mmyangfl@gmail.com>
2019-02-07 14:58:05 +08:00
Jonas Gorski e4ab7b4fec znc: fix patches applying
git is hard. :-(

Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e0 ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-02-06 20:09:59 +01:00
Jonas Gorski 4629f043e0 znc: update to 1.7.2
Includes minor bugfixes, translation updates and most of the OpenSSL
compilation patch.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-02-06 12:51:58 +01:00
Hannu Nyman e643653a49 Merge pull request #8102 from jefferyto/clamav-init
clamav: Update init scripts
2019-02-05 17:22:44 +02:00
Jeffery To 353c51a251 wifidog-ng: Convert init script indentation to tabs
This is done to minimize disk space used. This also removes some
trailing spaces.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-04 20:36:01 +08:00
Jeffery To f5181d615c sshtunnel: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also fixes some validation, makes variable declarations local,
removes unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-04 09:17:14 +01:00
Jeffery To 37df5db70c squid: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also removes some unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-04 14:30:36 +08:00
Rosen Penev a567d60b93 ngircd: Update to 25
Remove upstreamed patch.

Switch to .xz archives for smaller size.

Add PKG_BUILD_PARALLEL to speed up compilation.

Remove maintainer.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-03 15:01:30 -08:00
Deng Qingfang 4f41588c29 bind: update to 9.12.3-P1 and other
Refresh patches
Remove --enable-static and --enable-dynamic because they're enabled by default
Enable parallel compilation
Fix compile without IPv6

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-02-03 12:25:52 -08:00
Dave Taht e5910b9834 bcp38: Allow class-e through bcp38
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as
unicast globally rout-able and reachable address space
240/4 is already enabled throughout linux and openwrt.

Permit these address blocks under bcp38 address validation, ie. remove
those ranges from the block list:

list match '0.0.0.0/8'       # RFC 1700
list match '240.0.0.0/4'     # RFC 5745

Signed-off-by: Dave Taht <dave.taht@gmail.com>
[bump package - minor tweaks to commit message - remove commented lines]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-02-03 15:38:32 +00:00
Jeffery To 549bf0ec44 socat: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also adds a service_triggers() function and removes some
unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-03 19:59:43 +08:00
Jeffery To 0fb4847b4b snort: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also fixes a variable name typo ("CONFIGFILE" instead of
"config_file").

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-03 19:20:44 +08:00
Jeffery To f9386270db pptpd: Update init script
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.

This also adds a service_triggers() function and removes some
unnecessary curly brackets.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-02-03 19:10:10 +08:00
Rosen Penev b958f62462 davfs2: Update to 1.5.5
Switched URL to @SAVANNAH for more mirrors.

Added PKG_BUILD_PARALLEL for faster compilation.

Added PKG_LICENSE info.

Minor reorganization for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-02 14:11:47 -08:00
Hannu Nyman fdc5c5be60 Merge pull request #8100 from yangfl/lighttpd
lighttpd: Fix mod_auth
2019-02-02 20:06:48 +02:00