Rosen Penev [Tue, 24 Nov 2020 01:36:34 +0000 (17:36 -0800)]
Merge pull request #13986 from neheb/sysss
sysstat: update to 12.4.1
Rosen Penev [Tue, 24 Nov 2020 01:35:59 +0000 (17:35 -0800)]
Merge pull request #13985 from neheb/xfs3
xfsprogs: update to 5.9.0
Rosen Penev [Mon, 23 Nov 2020 21:58:16 +0000 (13:58 -0800)]
sysstat: update to 12.4.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 23 Nov 2020 21:46:09 +0000 (13:46 -0800)]
xfsprogs: update to 5.9.0
Add license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 23 Nov 2020 21:50:41 +0000 (13:50 -0800)]
Merge pull request #13977 from ja-pa/ooniprobe-3.0.11
ooniprobe: udpate to version 3.0.11
Rosen Penev [Mon, 23 Nov 2020 21:50:19 +0000 (13:50 -0800)]
Merge pull request #13982 from rs/nextdns-1.9.3-master
nextdns: Update to version 1.9.3
Olivier Poitrey [Mon, 23 Nov 2020 17:01:54 +0000 (17:01 +0000)]
nextdns: Update to version 1.9.3
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Rosen Penev [Mon, 23 Nov 2020 11:25:34 +0000 (03:25 -0800)]
Merge pull request #13976 from XiaoliChan/patch-1
xtables-addons: update to 3.13
Jan Pavlinec [Mon, 23 Nov 2020 11:17:48 +0000 (12:17 +0100)]
ooniprobe: udpate to version 3.0.11
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Xiaoli Chan [Mon, 23 Nov 2020 09:28:07 +0000 (17:28 +0800)]
xtables-addons: update to 3.13
Signed-off-by: Xiaoli Chan <2209553467@qq.com>
Florian Eckert [Mon, 23 Nov 2020 07:36:28 +0000 (08:36 +0100)]
Merge pull request #13643 from TDT-AG/pr/
20201012-docker-ce
docker-ce: disable docker iptables changes
Rosen Penev [Mon, 23 Nov 2020 02:30:20 +0000 (18:30 -0800)]
Merge pull request #13955 from flyn-org/luafilesystem
luafilesystem: update to 1.8.0
Rosen Penev [Mon, 23 Nov 2020 02:29:42 +0000 (18:29 -0800)]
Merge pull request #13974 from bobafetthotmail/patch-3
hwinfo: update to version 21.71
Rosen Penev [Mon, 23 Nov 2020 02:29:09 +0000 (18:29 -0800)]
Merge pull request #13975 from flyn-org/nfdump
nfdump: update to 1.6.22
Rosen Penev [Mon, 23 Nov 2020 02:28:40 +0000 (18:28 -0800)]
Merge pull request #13968 from flyn-org/daq
Provide both libdaq 2.2.2 and 3.0.0-beta1 to satisfy Snort 2 and 3.
W. Michael Petullo [Mon, 23 Nov 2020 00:53:37 +0000 (18:53 -0600)]
luafilesystem: clean up Makefile
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:32:20 +0000 (13:32 -0600)]
luafilesystem: update to 1.8.0
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Mon, 23 Nov 2020 00:47:49 +0000 (18:47 -0600)]
nfdump: update to 1.6.22
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Mon, 23 Nov 2020 00:11:57 +0000 (18:11 -0600)]
snort3: require new libdaq3 package
Snort 3.0.3-1 requires libdaq 3.0.0-beta1, but this version is no longer
compatible with Snort 2. Thus OpenWrt now provides both a libdaq and
libdaq3 package. This modifies the snort3 package to require the latter.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Fri, 20 Nov 2020 03:25:01 +0000 (21:25 -0600)]
libdaq3: add new package
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Daniel Golle [Sun, 22 Nov 2020 19:44:42 +0000 (19:44 +0000)]
libksba: update to version 1.5.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 22 Nov 2020 19:42:12 +0000 (19:42 +0000)]
libevdev: update to version 1.10.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 22 Nov 2020 18:26:12 +0000 (18:26 +0000)]
runc: remove unneeded MENU:=1
Now that runc builds according to available kernel features and there
is no longer a sub-menu to select them manually, also drop the MENU:=1
statement from the package Makefile.
Fixes: 3a06ce559 ("runc: Updated to v1.0.0-rc92 for dockerd")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Alberto Bursi [Sun, 22 Nov 2020 16:54:28 +0000 (17:54 +0100)]
hwinfo: update to version 21.71
update to upstream version 21.71
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
Hannu Nyman [Sun, 22 Nov 2020 08:44:33 +0000 (10:44 +0200)]
runc: remove garbage (fix
3a06ce5595)
Remove garbage files introduced with
3a06ce5595
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Luiz Angelo Daros de Luca [Sun, 22 Nov 2020 05:27:41 +0000 (02:27 -0300)]
hplip: bump to 3.20.9
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Fri, 20 Nov 2020 23:39:40 +0000 (20:39 -0300)]
sabe-backends: update to 1.0.31
* adds the canon_lide70 backend
* avision: adds support for the KODAK i1120, fixes thread cancellation issues,
disables exposure option for non-filmscanners
* canon_dr: improves error reporting
* dmc: fixes compiler warnings on the scan area options
* epsonds: rewrites the network I/O following changes made to the
* epson2 backend in 1.0.30 to fix security issues. Network support is still
unsupported.
* fujitsu: adds support for the fi-800R and a card scanning slot, fixes a bug
when reading hardware sensors on the first invocation. Adds USB IDs for
fi-7800 and fi-7900.
* genesys: adds support for the Canon 5600F, Canon LiDE 90, Plustek OpticFilm
7200 and 7200 (v2), 7400, 7600i, 8100 and 8200i. Fixes several issues with the
Canon 8600F. Adds 4800dpi support for the Canon LiDE 210 and fixes 3200dpi
flatbed support on the Canon 8400F. Adds an option to fill dark calibration
with a constant. Adds transparency support for gl847 chipset based devices.
Fixes CIS scanner support for gl842 chipset based devices. Removes lineart and
image enhancement emulation support.
* gphoto: supports the PLANon DocuPen RC800 (with a recent enough version of
gphoto2)
* gt68xx: modifies scan cancellation behaviour
* hp5400: adds button support, fixes a scan cancellation crash issue
* pixma: add supports for the i-SENSYS MF440 Series and untested support for the
PIXMMA G7000 Series and GM4000 Series as well as the i-SENSYS MF720 Series.
* plustek: fixes a potential buffer overrun
* test: adds gamma options
Patches:
- ADD: 102-pixma_Restore_old_behaviour_in_case_XML_support_is_missing.patch:
pixma was failing to detect libxml2, even when it exists
(https://gitlab.com/sane-project/backends/-/issues/345)
- DROP: 100-fix-bigendian.patch: fix in release
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Fri, 20 Nov 2020 23:36:06 +0000 (20:36 -0300)]
ruby: update to version 2.7.2
This release contains intentional incompatibility. Deprecation warnings are
off by default on 2.7.2 and later. You can turn on deprecation warnings by
specifying the -w or -W:deprecated option at the command-line. Please check
the topics below for details.
* Feature #17000 2.7.2 turns off deprecation warnings by default
* Feature #16345 Don’t emit deprecation warnings by default.
This release contains the new version of webrick with a security fix described in the article.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Daniel Golle [Fri, 20 Nov 2020 00:30:38 +0000 (00:30 +0000)]
podman: improve packaging
* keep /etc/containers accross sysupgrade
* make 'runc' the default run-time for now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Gerard Ryan [Sun, 8 Nov 2020 02:05:23 +0000 (12:05 +1000)]
runc: Updated to v1.0.0-rc92 for dockerd
SELinux and Seccomp are now enabled via the kernel options themselves
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Daniel Golle [Sun, 22 Nov 2020 01:09:52 +0000 (01:09 +0000)]
gnunet-secushare: remove package
It stopped building against current gnunet a while ago.
Drop it for now.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 19 Nov 2020 13:35:13 +0000 (13:35 +0000)]
runc: enable seccomp support by default
It's nice to have seccomp support which is enabled in OpenWrt on
supported platforms on targets which are not marked as SMALL_FLASH.
(and it's kinda obvious that you wouldn't want to install runc on a
SMALL_FLASH target to begin with)
So let's enable seccomp by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Dirk Brenken [Sat, 21 Nov 2020 19:51:58 +0000 (20:51 +0100)]
Merge pull request #13972 from dibdot/trm
travelmate: handle invalid wireless sections
Dirk Brenken [Sat, 21 Nov 2020 17:17:51 +0000 (18:17 +0100)]
travelmate: handle invalid wireless sections
* ignore invalid wireless sections
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rosen Penev [Sat, 21 Nov 2020 06:07:23 +0000 (22:07 -0800)]
Merge pull request #13962 from neheb/muc
miniupnpc: update to 2.2.0
Paul Spooren [Wed, 18 Nov 2020 20:22:58 +0000 (10:22 -1000)]
whois: add package
Better a separate package than enabling it via busybox.
Special thanks to @neheb for the Makefile patches.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Daniel Golle [Fri, 20 Nov 2020 05:07:43 +0000 (05:07 +0000)]
debian-archive-keyring: install to expected location
'/usr/share/keyring' -> '/usr/share/keyrings'
Makes debootstrap happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 20 Nov 2020 04:40:17 +0000 (04:40 +0000)]
debian-archive-keyring: add new package
Grab debian-archive-keyring from debian.org to easy use of debootstrap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 20 Nov 2020 03:27:18 +0000 (03:27 +0000)]
xz: use ALTERNATIVES instead of copying symlinks
Installing the 'xz' package currently leads to file collisions:
Collected errors:
* check_data_file_clashes: Package xz wants to install file /usr/bin/unxz
But that file is already provided by package * busybox
* check_data_file_clashes: Package xz wants to install file /usr/bin/xz
But that file is already provided by package * busybox
* opkg_install_cmd: Cannot install package debootstrap.
Fix that by switching to use ALTERNATIVES for all multicall commands
instead of copying the symlinks into the package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
W. Michael Petullo [Fri, 20 Nov 2020 03:14:24 +0000 (21:14 -0600)]
libdaq: revert back to 2.2.2 in anticipation of libdaq3 package
Snort 3.0.3-1 requires libdaq 3.0.0-beta1, but this version is no longer
compatible with Snort 2. This reverts libdaq to 2.2.2 so that Snort 2
can compile. A separate libdaq3 package with allow Snort 3 to compile.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Rosen Penev [Fri, 20 Nov 2020 01:07:24 +0000 (17:07 -0800)]
Merge pull request #13939 from ja-pa/chrony-nts-variant
chrony: add package variant with NTS
Rosen Penev [Fri, 20 Nov 2020 01:06:30 +0000 (17:06 -0800)]
Merge pull request #13856 from peter-stadler/nginx
nginx: update to version 1.19.4
Rosen Penev [Fri, 20 Nov 2020 01:05:55 +0000 (17:05 -0800)]
Merge pull request #13762 from neheb/domo4
domoticz: fix compilation with python 3.9
Rosen Penev [Fri, 20 Nov 2020 01:02:13 +0000 (17:02 -0800)]
Merge pull request #13967 from neheb/npupnp
upmpdcli updates
Rosen Penev [Fri, 20 Nov 2020 00:44:48 +0000 (16:44 -0800)]
Merge pull request #13961 from neheb/sshfs2
sshfs: update to 3.7.1
Rosen Penev [Fri, 20 Nov 2020 00:41:04 +0000 (16:41 -0800)]
Merge pull request #13964 from neheb/lxc2
lxc: update to 4.0.5
Rosen Penev [Fri, 20 Nov 2020 00:40:42 +0000 (16:40 -0800)]
Merge pull request #13963 from neheb/memcached2
memcached: update to 1.6.8
Daniel Golle [Fri, 20 Nov 2020 00:29:47 +0000 (00:29 +0000)]
gnupg2: package gnupg2-dirmngr
dirmngr is needed to download keys from keyservers.
That being a useful thing, let's package dirmngr.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rosen Penev [Fri, 20 Nov 2020 00:24:15 +0000 (16:24 -0800)]
Merge pull request #13965 from neheb/canut
canutils: update to 2020.11.0
Rosen Penev [Fri, 20 Nov 2020 00:23:48 +0000 (16:23 -0800)]
Merge pull request #13958 from flyn-org/snort
snort: update to 2.9.16.1
Rosen Penev [Fri, 20 Nov 2020 00:22:56 +0000 (16:22 -0800)]
Merge pull request #13959 from flyn-org/snort3
Snort3 updates
Rosen Penev [Wed, 18 Nov 2020 05:52:03 +0000 (21:52 -0800)]
upmpdcli: update to 1.5.0
Add missing header for musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 05:46:38 +0000 (21:46 -0800)]
libupnpp: update to 0.20.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 05:43:30 +0000 (21:43 -0800)]
libnpupnp: update to 4.0.14
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 06:05:24 +0000 (22:05 -0800)]
canutils: update to 2020.11.0
Renamed j* tools to their new versions.
Remove upstreamed patches.
Add missing time.h header.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 06:02:01 +0000 (22:02 -0800)]
lxc: update to 4.0.5
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 05:40:51 +0000 (21:40 -0800)]
memcached: update to 1.6.8
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 05:35:39 +0000 (21:35 -0800)]
miniupnpc: update to 2.2.0
Remove CMAKE_INSTALL. No need for it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 18 Nov 2020 05:23:06 +0000 (21:23 -0800)]
sshfs: update to 3.7.1
Remove unnecessary patch. The issue was with fuse3.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
W. Michael Petullo [Thu, 19 Nov 2020 23:04:54 +0000 (17:04 -0600)]
snort3: update to 3.0.3-1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 23:03:54 +0000 (17:03 -0600)]
libdaq: update to 3.0.0-beta1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Karl Palsson [Thu, 19 Nov 2020 21:11:18 +0000 (21:11 +0000)]
pagekitec: update to latest
Fixes for status files not being written, seen on OpenWrt
Fixes for compiler warnings, seen on OpenWrt
Full changelog: https://github.com/pagekite/libpagekite/compare/v0.91.200718...v0.91.201110
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Karl Palsson [Thu, 19 Nov 2020 21:06:57 +0000 (21:06 +0000)]
c-ares: update to latest for security fixes
Four fixes tagged as security, full changelog at https://c-ares.haxx.se/changelog.html#1_17_0
Includes fix for CVE-2020-8277
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Michael Heimpold [Thu, 19 Nov 2020 21:43:05 +0000 (22:43 +0100)]
open-plc-utils: update to latest upstream version
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Rosen Penev [Thu, 19 Nov 2020 20:59:23 +0000 (12:59 -0800)]
Merge pull request #13957 from flyn-org/php7-pecl-krb5
php7-pecl-krb5: update to 1.1.4
Rosen Penev [Thu, 19 Nov 2020 20:59:04 +0000 (12:59 -0800)]
Merge pull request #13953 from flyn-org/openldap
openldap: update to 2.4.56
Rosen Penev [Thu, 19 Nov 2020 20:58:28 +0000 (12:58 -0800)]
Merge pull request #13948 from flyn-org/gstreamer
GStreamer updates
Rosen Penev [Thu, 19 Nov 2020 20:57:56 +0000 (12:57 -0800)]
Merge pull request #13956 from flyn-org/nfdump
nfdump: update to 1.6.21
Rosen Penev [Thu, 19 Nov 2020 20:56:54 +0000 (12:56 -0800)]
Merge pull request #13950 from flyn-org/dmapd
dmapd: update 0.0.86
Rosen Penev [Thu, 19 Nov 2020 20:56:25 +0000 (12:56 -0800)]
Merge pull request #13952 from flyn-org/krb5
krb5: update to 1.18.3
Rosen Penev [Thu, 19 Nov 2020 20:55:52 +0000 (12:55 -0800)]
Merge pull request #13949 from flyn-org/vips
vips: update to 8.10.2
W. Michael Petullo [Thu, 19 Nov 2020 20:53:09 +0000 (14:53 -0600)]
snort: update to 2.9.16.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:58:03 +0000 (13:58 -0600)]
php7-pecl-krb5: update to 1.1.4
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:30:12 +0000 (13:30 -0600)]
libgcrypt: update to 1.8.7
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:29:48 +0000 (13:29 -0600)]
libgpg-error: update to 1.39
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:38:24 +0000 (13:38 -0600)]
nfdump: update to 1.6.21
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:26:24 +0000 (13:26 -0600)]
openldap: update to 2.4.56
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:24:26 +0000 (13:24 -0600)]
krb5: update to 1.18.3
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:05:39 +0000 (13:05 -0600)]
dmapd: update 0.0.86
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 19:03:37 +0000 (13:03 -0600)]
vips: update to 8.10.2
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:57:12 +0000 (12:57 -0600)]
gst1-plugins-ugly: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:56:10 +0000 (12:56 -0600)]
gst1-libav: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:55:27 +0000 (12:55 -0600)]
gst1-plugins-bad: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:55:13 +0000 (12:55 -0600)]
gst1-plugins-good: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:54:59 +0000 (12:54 -0600)]
gst1-plugins-base: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
W. Michael Petullo [Thu, 19 Nov 2020 18:54:13 +0000 (12:54 -0600)]
gstreamer1: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Daniel Golle [Thu, 19 Nov 2020 17:58:12 +0000 (17:58 +0000)]
podman: ship storage.conf and use runc by default for now
Ship podman with defaults more coherent with user expectations and
more likely to work out-of-the-box.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Florian Eckert [Thu, 19 Nov 2020 13:19:27 +0000 (14:19 +0100)]
docker-ce: update PKG_RELEASE version
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 16 Nov 2020 09:28:03 +0000 (10:28 +0100)]
docker-ce: do not delete generated iptables by docker-ce
Deleting rules that docker has created is error-prone, because with
every update docker we have to check if anything has changed.
Cleaning up the firewall rules is part of the docker and should and must be
cleaned up and handeled by them when the service is terminated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Wed, 11 Nov 2020 14:05:38 +0000 (15:05 +0100)]
docker-ce: add device option to expand interface blocking
If docker-ce handles the firewall and fw3 is not envolved because the
rules get not proceed, then not only docker0 should be handled but also
other interfaces and therefore other docker networks.
This commit extends the handling and introduces a new uci option
`device` in the docker config firewall section. This can be used to specify
which device is allowed to access the container. Up to now only docker0
is covert.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Wed, 11 Nov 2020 13:20:49 +0000 (14:20 +0100)]
docker-ce: remove not applicable uciupdate
As the protocol is set to none, this makes no sense here, as it cannot
be controlled and thus processed by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Wed, 11 Nov 2020 14:52:20 +0000 (15:52 +0100)]
docker-ce: set proto for docker bridge device to none
Set proto from `static` to `none`. This makes it clear that this
interface is not handled by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Wed, 11 Nov 2020 12:34:39 +0000 (13:34 +0100)]
docker-ce: make docker-ce firewall handling configurable
Openwrt has a own firewall service called fw3, that supports firewall zones.
Docker can bypass the handling of the zone rules in openwrt via custom
tables. These are "always" processed before the openwrt firewall.
Which is prone to errors!
Since not everyone is aware that the firewall of openwrt will
not be passed. And this is a security problem because a mapped port is
visible on all interfaces and so also on the WAN side.
If the firewall handling in docker is switched off, then the port in
fw3 must be explicitly released and it cannot happen that the
port is accidentally exported to the outside world via the interfaces on
the WAN zone.
So all rules for the containers should and so must be made in fw3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Tue, 10 Nov 2020 10:20:14 +0000 (11:20 +0100)]
docker-ce: add arguments call to uciadd and ucidel
Up to now only the docker0 interface and bridge is created by default.
In order to create other interfaces and to integrate them into the
openwrt these functions can now be called with arguments.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Jan Pavlinec [Wed, 18 Nov 2020 11:01:13 +0000 (12:01 +0100)]
chrony: add package variant with NTS
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Florian Eckert [Wed, 18 Nov 2020 07:30:36 +0000 (08:30 +0100)]
Merge pull request #13908 from aaronjg/mwan3-rpcd
mwan3: remove dependency on rpcd & fix iputils-ping check
Rosen Penev [Wed, 18 Nov 2020 07:15:41 +0000 (23:15 -0800)]
Merge pull request #13938 from neheb/faad2
faad2: update to 2.10.0
Rosen Penev [Wed, 18 Nov 2020 07:15:25 +0000 (23:15 -0800)]
Merge pull request #13913 from TDT-AG/pr/
20201113-libudev-zero-fix
libudev-zero: fix installation of so files.
Martin Schiller [Fri, 13 Nov 2020 14:08:58 +0000 (15:08 +0100)]
libudev-zero: fix installation of so files.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Rosen Penev [Thu, 5 Nov 2020 07:40:29 +0000 (23:40 -0800)]
faad2: update to 2.10.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>