feed/packages.git
2 years agoMerge pull request #18711 from BKPepe/beep-update
Jeffery To [Wed, 8 Jun 2022 15:15:04 +0000 (23:15 +0800)]
Merge pull request #18711 from BKPepe/beep-update

beep: change git repository includes CVE fixes

2 years agobeep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532
Josef Schlehofer [Tue, 1 Jan 2019 02:38:00 +0000 (03:38 +0100)]
beep: change git repository to fix CVE-2018-0492 and CVE-2018-1000532

1. Changed Git repository, which is used for Fedora packaging
https://github.com/johnath/beep/issues/11#issuecomment-450277122

Fixed CVEs:
CVE-2018-0492 - https://nvd.nist.gov/vuln/detail/CVE-2018-0492
CVE-2018-1000532 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000532

2. Fixed SPDX License Identifier

3. Add patch to comment out -D_FORTIFY_SOURCE
Otherwise, it can not be built by default.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agoMerge pull request #18680 from graysky2/htop
Jeffery To [Tue, 7 Jun 2022 07:49:28 +0000 (15:49 +0800)]
Merge pull request #18680 from graysky2/htop

htop: update to 3.2.1

2 years agoMerge pull request #18576 from stangri/master-curl
Stan Grishin [Mon, 6 Jun 2022 22:56:19 +0000 (01:56 +0300)]
Merge pull request #18576 from stangri/master-curl

curl: bump to 7.83.1

2 years agocurl: bump to 7.83.1
Stan Grishin [Thu, 19 May 2022 09:17:21 +0000 (09:17 +0000)]
curl: bump to 7.83.1

* https://curl.se/changes.html#7_83_1

Signed-off-by: Stan Grishin <stangri@melmac.ca>
2 years agomicropython-lib: Update to latest master
Jeffery To [Mon, 6 Jun 2022 09:24:31 +0000 (17:24 +0800)]
micropython-lib: Update to latest master

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agogg: Update to 0.2.6
Tianling Shen [Sun, 5 Jun 2022 20:13:17 +0000 (04:13 +0800)]
gg: Update to 0.2.6

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agogolang: Update to 1.18.3
Jeffery To [Mon, 6 Jun 2022 08:24:05 +0000 (16:24 +0800)]
golang: Update to 1.18.3

Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed
buffer larger than 1<<32 - 1).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agoxray-core: Update to 1.5.7
Tianling Shen [Sun, 5 Jun 2022 12:41:16 +0000 (20:41 +0800)]
xray-core: Update to 1.5.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agoglib2: update libintl handling
Sebastian Kemper [Mon, 6 Jun 2022 08:07:08 +0000 (10:07 +0200)]
glib2: update libintl handling

glib2's meson.build runs check cc.has_function('ngettext', args :
osx_ldflags) and, if successful, it never looks for non-libc libintl.
For musl and glibc this test is always successful.

glib2 unconditionally sets ENABLE_NLS, so during compile <libintl.h>
gets included always. But then we have a disconnect when the OpenWrt pkg
is being built with BUILD_NLS=y, because the <libintl.h> will be from
libintl-full but glib2 will not link to libintl-full.

With BUILD_NLS=n there's no problem, because the <libintl.h> will be
from libc.

In lieu of proper libintl detection in glib2's meson build, removing the
SED call from the Makefile together with the added patch sorts this out.
The SED call can be removed because when we force libintl-full use, the
meson build will put the necessary linker flag into the pkg-config file
itself.

Alpine Linux does something similar (see [1]), but they always force
the use of the external libintl. I assume they always go for full NLS
support.

[1] https://git.alpinelinux.org/aports/tree/main/glib/musl-libintl.patch

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2 years agonfs-kernel-server: disable IPv6 for host
Rosen Penev [Wed, 9 Mar 2022 04:48:10 +0000 (20:48 -0800)]
nfs-kernel-server: disable IPv6 for host

Some issue with static libtirpc

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agolibtirpc: don't build host shared libraries
Rosen Penev [Sun, 6 Mar 2022 06:55:31 +0000 (22:55 -0800)]
libtirpc: don't build host shared libraries

Avoids having to use rpath hacks.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agontfs-3g: update to 2022.5.17
Rosen Penev [Thu, 2 Jun 2022 23:01:50 +0000 (16:01 -0700)]
ntfs-3g: update to 2022.5.17

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agoksmbd-tools: update to 3.4.5
Rosen Penev [Fri, 3 Jun 2022 23:48:12 +0000 (16:48 -0700)]
ksmbd-tools: update to 3.4.5

Major changes are:

Add support for Heimdal as the Kerberos 5 implementation.
Add smbd max io size parameter.
Accept global share options.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agolibndpi: fix pcre2 dependency name
Toni Uhlig [Sat, 4 Jun 2022 11:20:16 +0000 (13:20 +0200)]
libndpi: fix pcre2 dependency name

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2 years agoxfrpc: fix bug of xfrpc.init
Dengfeng Liu [Sat, 4 Jun 2022 11:55:27 +0000 (19:55 +0800)]
xfrpc: fix bug of xfrpc.init

replace xfrpc with xfrp

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2 years agoxfrpc: update to 1.05.561
Dengfeng Liu [Sat, 4 Jun 2022 04:28:55 +0000 (12:28 +0800)]
xfrpc: update to 1.05.561

support tcp mux and default to turn it on

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2 years agohtop: update to 3.2.1
John Audia [Sat, 4 Jun 2022 12:58:11 +0000 (08:58 -0400)]
htop: update to 3.2.1

Build-tested: x86/64
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
2 years agoirqbalance: remove local patch for socket directory
Hannu Nyman [Sat, 4 Jun 2022 11:12:28 +0000 (14:12 +0300)]
irqbalance: remove local patch for socket directory

Upstream has finally patched the UI communication socket
creation to happen only if the irqbalance UI is enabled.

As we do not use the irqbalance UI, we can remove
our local fix implemented by 4f0c847828.
(If you want to enable irqbalance UI, the fix is still needed.)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2 years agoirqbalance: update to 1.9.0
Hannu Nyman [Sat, 4 Jun 2022 09:11:11 +0000 (12:11 +0300)]
irqbalance: update to 1.9.0

Update irqbalance to version 1.9.0
* adopt AUTORELEASE

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2 years agoopen-iscsi: update to 2.1.7
Lucian Cristian [Wed, 1 Jun 2022 17:02:46 +0000 (17:02 +0000)]
open-iscsi: update to 2.1.7

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agoopenpyxl: bump to version 3.0.10
Alexandru Ardelean [Fri, 3 Jun 2022 07:12:14 +0000 (10:12 +0300)]
openpyxl: bump to version 3.0.10

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2 years agopillow: bump to version 9.1.1
Alexandru Ardelean [Fri, 3 Jun 2022 07:11:11 +0000 (10:11 +0300)]
pillow: bump to version 9.1.1

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2 years agominiflux: update to 2.0.37
Michal Vasilek [Fri, 3 Jun 2022 14:52:51 +0000 (16:52 +0200)]
miniflux: update to 2.0.37

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agolibndpi: update to 4.2
Toni Uhlig [Fri, 3 Jun 2022 20:20:51 +0000 (22:20 +0200)]
libndpi: update to 4.2

 - removed clunky sed patching, issue was fixed upstream

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2 years agosamba4: add riscv64 support
Zoltan HERPAI [Mon, 30 May 2022 17:52:51 +0000 (19:52 +0200)]
samba4: add riscv64 support

Required for sifiveu target.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2 years agoMerge pull request #18515 from paper42/yt-dlp
Josef Schlehofer [Thu, 2 Jun 2022 20:19:57 +0000 (22:19 +0200)]
Merge pull request #18515 from paper42/yt-dlp

youtube-dl: drop package, yt-dlp: add package

2 years agoMerge pull request #18654 from pprindeville/strongswan-need-kmod-chapoly
Philip Prindeville [Thu, 2 Jun 2022 19:25:30 +0000 (13:25 -0600)]
Merge pull request #18654 from pprindeville/strongswan-need-kmod-chapoly

strongswan: add kernel module dependency on chapoly

2 years agoyggdrasil: stop properly
Maciej Krüger [Wed, 1 Jun 2022 04:44:10 +0000 (06:44 +0200)]
yggdrasil: stop properly

Previously it was using killall with procd respand enabled

This was causing yggdrasil to restart after being killed

root@r3test-hap:/# service yggdrasil stop ; echo $? ; sleep 10s ; ps | grep yggdrasil
Terminated
143
 6701 root      653m S    /usr/sbin/yggdrasil -useconffile /tmp/yggdrasil.conf
 6748 root      1308 S    grep yggdrasil

Now it's just using whatever procd is using and see there, it actually stops

root@r3test-hap:/# service yggdrasil stop ; echo $? ; sleep 10s ; ps | grep yggdrasil
0
 6802 root      1308 S    grep yggdrasil

I assume there was some procd bug that kept it from being used properly

Signed-off-by: Maciej Krüger <mkg20001@gmail.com>
2 years agoMerge pull request #18669 from wigyori/openblas-riscv
Alexandru Ardelean [Thu, 2 Jun 2022 11:27:37 +0000 (14:27 +0300)]
Merge pull request #18669 from wigyori/openblas-riscv

openblas: compile with RISCV64_GENERIC target on riscv64 arch

2 years agomosh-full: Add perlbase-text dependency
Jottr Doe [Wed, 18 May 2022 17:15:19 +0000 (19:15 +0200)]
mosh-full: Add perlbase-text dependency

Fixes https://github.com/openwrt/packages/issues/18182

Signed-off-by: Jottr Doe <jottr@users.noreply.github.com>
2 years agomosh-full: Sort dependencies alphabetically
Jottr Doe [Wed, 18 May 2022 17:13:47 +0000 (19:13 +0200)]
mosh-full: Sort dependencies alphabetically

Signed-off-by: Jottr Doe <jottr@users.noreply.github.com>
2 years agoopenconnect: make the host dependency optional
Rui Salvaterra [Tue, 31 May 2022 07:36:33 +0000 (08:36 +0100)]
openconnect: make the host dependency optional

According to David Woodhouse, OpenConnect has no issues reconnecting on any
interface. Make the host dependency optional, as it can cause issues in multiple
WAN scenarios.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoopenconnect: avoid using the --juniper switch
Rui Salvaterra [Tue, 31 May 2022 08:06:49 +0000 (09:06 +0100)]
openconnect: avoid using the --juniper switch

The --juniper switch has been deprecated in favour of --protocol=nc. Fix the
proto script thusly, while keeping compatibility with existing configurations.

Note that, as far as UCI is concerned, if both options juniper and vpn_protocol
are specified, the latter takes precedence.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoopenconnect: fix inclusion of netifd proto scripts
Rui Salvaterra [Tue, 24 May 2022 16:13:04 +0000 (17:13 +0100)]
openconnect: fix inclusion of netifd proto scripts

This is the preferred way, according to the wiki.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoRevert "openconnect: drop the dependency on resolveip"
Rui Salvaterra [Tue, 31 May 2022 09:47:01 +0000 (10:47 +0100)]
Revert "openconnect: drop the dependency on resolveip"

Using resolveip is more robust and predictable than depending on nslookup and
awk.

This reverts commit 131ec7b3bd6895aa3f86f57169dd23c15f174fe2.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agodocker-compose: Update to version 2.6.0
Javier Marcet [Tue, 31 May 2022 19:03:28 +0000 (21:03 +0200)]
docker-compose: Update to version 2.6.0

What's Changed:

 - fix TestLocalComposeUp which fail locally and bump compose-go to
 1.2.7 by @glours
 - attach only to services declared by project applying profiles by
 @ndeloof
 - Add ddev's e2e test by @ulyssessouza
 - Fix local run of make e2e-compose-standalone by @ulyssessouza
 - fix: prevent flickering prompt when pulling same image from N
 services by @maxcleme
 - add tags property to build section by @glours
 - update golang version to 1.18 by @glours
 - bump compose-go to 1.2.6 by @maxcleme
 - add e2e tests to verify env variables priority by @glours
 - Import dotenv file to os environment by @ulyssessouza

New Contributors:

 - @maxcleme made their first contribution

Signed-off-by: Javier Marcet <javier@marcet.info>
2 years agoopenfortivpn: update to 1.17.3
Lucian Cristian [Wed, 1 Jun 2022 14:51:07 +0000 (14:51 +0000)]
openfortivpn: update to 1.17.3

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agogddrescue: update to 1.26
Lucian Cristian [Wed, 1 Jun 2022 14:53:16 +0000 (14:53 +0000)]
gddrescue: update to 1.26

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agonode: bump to v16.15.0
Hirokazu MORIKAWA [Wed, 1 Jun 2022 03:22:34 +0000 (12:22 +0900)]
node: bump to v16.15.0

Description:
Update from  v16.15.0
Changed handling of host's npm problems due to npm updates.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2 years agostrongswan: add kernel module dependency on chapoly
Philip Prindeville [Wed, 1 Jun 2022 00:41:28 +0000 (18:41 -0600)]
strongswan: add kernel module dependency on chapoly

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2 years agolibs: openblas: compile with RISCV64_GENERIC target on riscv64 arch
Zoltan HERPAI [Mon, 23 May 2022 21:25:55 +0000 (23:25 +0200)]
libs: openblas: compile with RISCV64_GENERIC target on riscv64 arch

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2 years agoci: Use openwrt/gh-action-sdk@v5
Jeffery To [Tue, 31 May 2022 07:02:04 +0000 (15:02 +0800)]
ci: Use openwrt/gh-action-sdk@v5

The previous build errors with v5 have been fixed. This version builds
packages as a normal user instead of as root.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agoMerge pull request #18584 from mpratt14/golang-bootstrap-arch
Jeffery To [Tue, 31 May 2022 06:59:04 +0000 (14:59 +0800)]
Merge pull request #18584 from mpratt14/golang-bootstrap-arch

golang: some makefile fixes

2 years agolibreswan: update to 4.7
Lucian Cristian [Mon, 30 May 2022 17:26:40 +0000 (20:26 +0300)]
libreswan: update to 4.7

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agopdns-recursor: update to 4.7.0
Peter van Dijk [Mon, 30 May 2022 15:07:28 +0000 (17:07 +0200)]
pdns-recursor: update to 4.7.0

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
2 years agoxray-core: Update to 1.5.6
Tianling Shen [Mon, 30 May 2022 16:33:29 +0000 (00:33 +0800)]
xray-core: Update to 1.5.6

Updated geodata to latest version while at it.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agoyq: Update to 4.25.2
Tianling Shen [Mon, 30 May 2022 13:11:52 +0000 (21:11 +0800)]
yq: Update to 4.25.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agocloudflared: Update to 2022.5.3
Tianling Shen [Mon, 30 May 2022 13:11:34 +0000 (21:11 +0800)]
cloudflared: Update to 2022.5.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agonspr: update to 4.34
Lucian Cristian [Mon, 30 May 2022 17:21:23 +0000 (20:21 +0300)]
nspr: update to 4.34

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agonss: update to 3.78
Lucian Cristian [Mon, 30 May 2022 17:25:08 +0000 (20:25 +0300)]
nss: update to 3.78

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2 years agoMerge pull request #18631 from mhei/php8-update
Michael Heimpold [Mon, 30 May 2022 21:07:33 +0000 (23:07 +0200)]
Merge pull request #18631 from mhei/php8-update

php8: update to 8.1.6

2 years agoMerge pull request #18632 from mhei/libxml2-update
Michael Heimpold [Mon, 30 May 2022 21:07:21 +0000 (23:07 +0200)]
Merge pull request #18632 from mhei/libxml2-update

libxml2: update to 2.9.14

2 years agoprometheus-node-exporter: fix ubus stations
Nick Hainke [Sat, 30 Apr 2022 05:31:52 +0000 (07:31 +0200)]
prometheus-node-exporter: fix ubus stations

Not every radio has also ubus support. Only query radios with ubus
functions.

Signed-off-by: Nick Hainke <vincent@systemli.org>
[fixup, call ubus.connect() once per scrape]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agolibxml2: update to 2.9.14
Michael Heimpold [Sun, 29 May 2022 20:01:45 +0000 (22:01 +0200)]
libxml2: update to 2.9.14

This fixes CVE-2022-29824.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 years agophp8: update to 8.1.6
Michael Heimpold [Sun, 29 May 2022 09:05:11 +0000 (11:05 +0200)]
php8: update to 8.1.6

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 years agoi2pd: Update package
R4SAS I2P [Sat, 28 May 2022 17:41:49 +0000 (20:41 +0300)]
i2pd: Update package

* Update to 2.42.1
* Replace spaces with tabulation in init file

Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
2 years agoMerge pull request #18511 from jefferyto/circleci-add-keys
Etienne Champetier [Sun, 29 May 2022 01:16:46 +0000 (21:16 -0400)]
Merge pull request #18511 from jefferyto/circleci-add-keys

CircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key

2 years agobanip: mark as broken
Dirk Brenken [Fri, 27 May 2022 19:23:56 +0000 (21:23 +0200)]
banip: mark as broken

banIP 0.7.x is not compatible with new nft firewall (default in master and 22.03).
Mark the package as BROKEN for now.

Signed-off-by: Dirk Brenken <dev@brenken.org>
2 years agogolang: do not rely on Go script host detection
Michael Pratt [Fri, 27 May 2022 06:25:52 +0000 (02:25 -0400)]
golang: do not rely on Go script host detection

for some use cases, for example:
a system with 64 bit kernel
and 32 bit userspace programs

the local Go installation is "detected"
using the kernel "uname",
causing build failure if they happen to differ

by adding the argument GOHOSTARCH using the corresponding make variable
it would be fully controlled in the openwrt git tree
based on the HOST_ARCH make variable.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2 years agogolang: enable verbose output
Michael Pratt [Fri, 20 May 2022 09:09:40 +0000 (05:09 -0400)]
golang: enable verbose output

allow the building script of Go to output verbose
when make is executed with "V=s..."

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2 years agogolang: split compile recipe into configure and compile
Michael Pratt [Fri, 20 May 2022 08:38:41 +0000 (04:38 -0400)]
golang: split compile recipe into configure and compile

the default Configure recipe for packages
assumes that there is a "configure" script
in the source tree directory

Go does not have such a script,
configure and compile is done with the same script

so split the current Compile recipe
into both Configure and Compile recipes

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2 years agolua-openssl: update to version 0.8.2-1
Maciej Krüger [Wed, 25 May 2022 14:56:59 +0000 (16:56 +0200)]
lua-openssl: update to version 0.8.2-1

Signed-off-by: Maciej Krüger <mkg20001@gmail.com>
2 years agogcc: depend on libzstd
W. Michael Petullo [Thu, 26 May 2022 00:19:03 +0000 (19:19 -0500)]
gcc: depend on libzstd

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2 years agostubby: restart on trigger interfaces
Aleksandr V. Piskunov [Mon, 23 May 2022 17:06:37 +0000 (20:06 +0300)]
stubby: restart on trigger interfaces

Force restart stubby if any of the trigger interfaces goes up or down.
Avoids DoT DNS lookup timeouts when default route changes, in case of multiple
upstream interfaces.

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
2 years agohfsprogs: update to 540.1.linux3
Rosen Penev [Fri, 29 Apr 2022 20:36:04 +0000 (13:36 -0700)]
hfsprogs: update to 540.1.linux3

Updates hfsprogs from 2011 to 2013 version.

Updated patches to latest Debian ones. Kept custom OpenWrt ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agovpnc: Update to 0.5.3+git20220517
Andreas Erhard [Wed, 18 May 2022 08:04:39 +0000 (10:04 +0200)]
vpnc: Update to 0.5.3+git20220517

The new version of vpnc supports additional DH groups for improved key exchange security.

Signed-off-by: Andreas Erhard <andreas.erhard@i-med.ac.at>
2 years agohaproxy: Update HAProxy to v2.4.17
Christian Lachner [Mon, 16 May 2022 06:45:59 +0000 (08:45 +0200)]
haproxy: Update HAProxy to v2.4.17

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2 years agopython-jsonschema: Update to 4.5.1
Javier Marcet [Tue, 24 May 2022 16:39:32 +0000 (18:39 +0200)]
python-jsonschema: Update to 4.5.1

What's Changed:

 - Extend dynamicRef keyword by @nezhar
 - Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
 - Remove stray double-quote by @lurch
 - Ensure proper sorting of list in error message by @ssbarnea

Signed-off-by: Javier Marcet <javier@marcet.info>
2 years agopython3-paramiko: update to version 2.11.0
Javier Marcet [Tue, 24 May 2022 16:40:38 +0000 (18:40 +0200)]
python3-paramiko: update to version 2.11.0

2.11.0:

 - [Feature] Add SSH config token expansion (eg %h, %p) when parsing
 ProxyJump directives. Patch courtesy of Bruno Inec.

 - [Support] (via #2011) Apply unittest skipIf to tests currently
 using SHA1 in their critical path, to avoid failures on systems
 starting to disable SHA1 outright in their crypto backends (eg RHEL
 9). Report & patch via Paul Howarth.

 - [Support] Update camelCase method calls against the threading
 module to be snake_case; this and related tweaks should fix some
 deprecation warnings under Python 3.10. Thanks to Karthikeyan
 Singaravelan for the report, @Narendra-Neerukonda for the patch,
 and to Thomas Grainger and Jun Omae for patch workshopping.

 - [Support] Recent versions of Cryptography have deprecated Blowfish
 algorithm support; in lieu of an easy method for users to remove it
 from the list of algorithms Paramiko tries to import and use, we’ve
 decided to remove it from our “preferred algorithms” list. This will
 both discourage use of a weak algorithm, and avoid warnings. Credit
 for report/patch goes to Mike Roest.

2.10.5:

 - [Bug] Windows-native SSH agent support as merged in 2.10 could
 encounter Errno 22 OSError exceptions in some scenarios (eg server
 not cleanly closing a relevant named pipe). This has been worked
 around and should be less problematic. Reported by Danilo Campana
 Fuchs and patched by Jun Omae.

 - [Bug] OpenSSH 7.7 and older has a bug preventing it from
 understanding how to perform SHA2 signature verification for RSA
 certificates (specifically certs - not keys), so when we added SHA2
 support it broke all clients using RSA certificates with these
 servers. This has been fixed in a manner similar to what OpenSSH’s
 own client does: a version check is performed and the algorithm used
 is downgraded if needed. Reported by Adarsh Chauhan, with fix
 suggested by Jun Omae.

 - [Bug] Align signature verification algorithm with OpenSSH re:
 zero-padding signatures which don’t match their nominal size/length.
 This shouldn’t affect most users, but will help Paramiko-implemented
 SSH servers handle poorly behaved clients such as PuTTY. Thanks to
 Jun Omae for catch & patch.

Signed-off-by: Javier Marcet <javier@marcet.info>
2 years agodocker-compose: Update to version 2.5.1
Javier Marcet [Tue, 24 May 2022 16:45:21 +0000 (18:45 +0200)]
docker-compose: Update to version 2.5.1

What's Changed:

 - Fix relative paths on envfile label by @ulyssessouza
 - down: Reject all arguments by @Jille
 - Clarify what default work dir is when multiple compose files by
 @quite
 - compose down exit=0 if nothing to remove by @ndeloof
 - cp command: copy to all containers of a service as default
 behaviour by @glours
 - Fix extra space printed with --no-log-prefix option by @jan4843
 - bump compose-go to 1.2.5 by @ndeloof

New Contributors:

 - @Jille made their first contribution
 - @quite made their first contribution
 - @jan4843 made their first contribution

Signed-off-by: Javier Marcet <javier@marcet.info>
2 years agodnslookup: Update to 1.7.0
Tianling Shen [Wed, 25 May 2022 08:27:50 +0000 (16:27 +0800)]
dnslookup: Update to 1.7.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agodnsproxy: Update to 0.43.0
Tianling Shen [Wed, 25 May 2022 08:26:52 +0000 (16:26 +0800)]
dnsproxy: Update to 0.43.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agoMerge pull request #18605 from rsalvaterra/oc
Nikos Mavrogiannopoulos [Tue, 24 May 2022 12:34:58 +0000 (14:34 +0200)]
Merge pull request #18605 from rsalvaterra/oc

openconnect: three misc fixes

2 years agoopenconnect: make sure OpenSSL is built with DTLS support
Rui Salvaterra [Tue, 24 May 2022 11:03:06 +0000 (12:03 +0100)]
openconnect: make sure OpenSSL is built with DTLS support

Otherwise, OpenConnect will fail to connect with DTLS.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoopenconnect: don't bother loading the tun module
Rui Salvaterra [Thu, 19 May 2022 13:01:00 +0000 (14:01 +0100)]
openconnect: don't bother loading the tun module

If it exists (if it isn't built-in), it will be loaded automatically at boot.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoopenconnect: drop the dependency on resolveip
Rui Salvaterra [Tue, 17 May 2022 15:29:14 +0000 (16:29 +0100)]
openconnect: drop the dependency on resolveip

We have nslookup and awk, let's use them.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agodnsproxy: Update to 0.42.4
Tianling Shen [Mon, 23 May 2022 05:47:13 +0000 (13:47 +0800)]
dnsproxy: Update to 0.42.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agosamba4: fix build on macos
Sergey V. Lobanov [Tue, 15 Feb 2022 23:48:08 +0000 (02:48 +0300)]
samba4: fix build on macos

This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2 years agoglib2: update to 2.70.5
Rosen Penev [Mon, 16 May 2022 13:52:37 +0000 (06:52 -0700)]
glib2: update to 2.70.5

Enabled glib_checks to fix podman.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agortty: update to 8.0.1
Jianhui Zhao [Sun, 22 May 2022 14:01:18 +0000 (22:01 +0800)]
rtty: update to 8.0.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2 years agoacme: switch from iptables to nft
Toke Høiland-Jørgensen [Wed, 30 Mar 2022 10:54:51 +0000 (12:54 +0200)]
acme: switch from iptables to nft

Use nft instead of iptables to open port 80 in the firewall when getting a
cert. Since nft doesn't allow deleting a rule by its contents, capture and
save the handle when creating the rule, and use that to delete.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2 years agoaudit: remove host build
Eneas U de Queiroz [Wed, 11 May 2022 22:37:12 +0000 (19:37 -0300)]
audit: remove host build

The audit package in the packages feed share the same sources as the
libaudit package in the base repo.  libaudit performs a host build, used
only by libsemanage in base.

There is no package depending on 'audit/host', so we can remove it to
avoid possible confusion.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2 years agoaudit: avoid interferece with base libaudit build
Eneas U de Queiroz [Wed, 11 May 2022 22:08:13 +0000 (19:08 -0300)]
audit: avoid interferece with base libaudit build

Both audit in the packages feed and libaudito from the base repo use the
same sources.

Have 'audit' use a different build directory than 'libaudit' package to
avoid interference between them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2 years agoaudit: Fix compilation with kernel 5.15
Eneas U de Queiroz [Thu, 5 May 2022 12:58:02 +0000 (09:58 -0300)]
audit: Fix compilation with kernel 5.15

Linux 5.15 does not have the linux/ipx.h header.

The patch is a partial cherry-pick (skipped ChangeLog) of upstream
commit 6b09724c6 ("Make IPX packet interpretation dependent on the ipx
header file existing").

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2 years agoopenconnect: fix OpenSSL build without deprecated API
Rui Salvaterra [Mon, 16 May 2022 14:10:27 +0000 (15:10 +0100)]
openconnect: fix OpenSSL build without deprecated API

Backport a patch in order to allow building OpenConnect against OpenSSL 1.1.x
without the need for deprecated API (further fixes will be required for OpenSSL
3.x, though).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agolibcoap: make sure `libcoap-3-notls.so` is installed
Leo Soares [Mon, 16 May 2022 23:02:26 +0000 (00:02 +0100)]
libcoap: make sure `libcoap-3-notls.so` is installed

This commit fixes an issue where the `libcoap-3-notls.so` is not installed,
in some cases leaving the target's root with no library and just a broken link
from `libcoap-3.so` to `libcoap-3-notls.so`.

Signed-off-by: Leo Soares <leo@hyper.ag>
2 years agowifi-presence: Add config for process user/group
Adam Williams [Thu, 19 May 2022 03:08:01 +0000 (21:08 -0600)]
wifi-presence: Add config for process user/group

On systems using seccomp, the hostapd socket files will be owned by the
'network' user/group ([source][0]). In this case, if wifi-presence is
run as root/root, then it does not have permissions to open the
hostapd socket files. This was discussed in awilliams/wifi-presence#3.

This change allows the process user/group to be specified in
/etc/config/wifi-presence. If no explicit user/group is set, then the
init script will use the owner of the socket files in /var/run/hostapd/
to determine the appropriate process user/group.

[0]: https://github.com/openwrt/openwrt/blob/ec6293febc244d187e71a6e54f44920be679cde4/package/network/services/hostapd/files/wpad.init#L35-L36

Signed-off-by: Adam Williams <pwnfactory@gmail.com>
2 years agoMerge pull request #18586 from flyn-org/openldap
Florian Eckert [Fri, 20 May 2022 14:21:51 +0000 (16:21 +0200)]
Merge pull request #18586 from flyn-org/openldap

openldap: drop use of HTTP in favor of HTTPS

2 years agoopenldap: drop use of HTTP in favor of HTTPS
W. Michael Petullo [Fri, 20 May 2022 13:14:33 +0000 (08:14 -0500)]
openldap: drop use of HTTP in favor of HTTPS

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2 years agoMerge pull request #18494 from nemesisdesign/master
Florian Eckert [Fri, 20 May 2022 07:59:34 +0000 (09:59 +0200)]
Merge pull request #18494 from nemesisdesign/master

openwisp-config: update to 1.0.0

2 years agobluez: Update to 5.64, update/refresh patches
Jeffery To [Tue, 17 May 2022 09:38:45 +0000 (17:38 +0800)]
bluez: Update to 5.64, update/refresh patches

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agofrr: drop elfutils/host dependency
Stijn Tintel [Wed, 18 May 2022 12:35:24 +0000 (15:35 +0300)]
frr: drop elfutils/host dependency

The elfutils package moved to tools and elfutils/host no longer exists.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agoyt-dlp: add package
Michal Vasilek [Wed, 11 May 2022 16:17:15 +0000 (18:17 +0200)]
yt-dlp: add package

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agoyoutube-dl: drop package
Michal Vasilek [Wed, 11 May 2022 16:17:43 +0000 (18:17 +0200)]
youtube-dl: drop package

youtube-dl is still maintained, but moves very slowly and many other
distributions instead package an active fork, yt-dlp.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2 years agostunnel: update to version 5.64
Florian Eckert [Mon, 21 Mar 2022 09:22:13 +0000 (10:22 +0100)]
stunnel: update to version 5.64

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2 years agoMerge pull request #18361 from stangri/master-https-dns-proxy
Stan Grishin [Thu, 19 May 2022 09:00:31 +0000 (12:00 +0300)]
Merge pull request #18361 from stangri/master-https-dns-proxy

https-dns-proxy: 2021-11-22-3: add support for Canary Domains

2 years agogcc: update to allow compiling different versions
W. Michael Petullo [Wed, 18 May 2022 22:06:25 +0000 (17:06 -0500)]
gcc: update to allow compiling different versions

This is based on the toolchain GCC, and aims to share as much of its
Makefile and patches with that definition. The package requires two
additional patches:

(1) 003-dont-choke-when-building-32bit-on-64bit.patch, which fixes the
`error: size of array 'test_real_width' is negative` error that occurs
when building a 32-bit GCC on a 64-bit host. (Search the Internet for
examples of this error appearing.)

(2) 980-add-nostdinc++.patch, which backports a fix from 11.3.0 (11.2.0
only).

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2 years agogcc: change maintainer
W. Michael Petullo [Wed, 18 May 2022 21:55:39 +0000 (16:55 -0500)]
gcc: change maintainer

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2 years agozsh: update to 5.9
John Audia [Tue, 17 May 2022 18:43:06 +0000 (14:43 -0400)]
zsh: update to 5.9

Bump to latest release

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>