Dirk Brenken [Sat, 20 Aug 2022 15:51:01 +0000 (17:51 +0200)]
travelmate: update 2.1.0
* vpn support can be disabled (enabled by default), fixes #19107 (see trm_vpn option)
* vpn support can be limited to certain interfaces (see trm_vpnifacelist list option)
* openvpn support works now per instance (same as wireguard today)
* add an auto-login script for tplink-omada hotspots provided by Sebastian Muszynski <redacted>
* remove pipefail command, see #19043 for reference
Rosen Penev [Thu, 4 Aug 2022 23:47:05 +0000 (16:47 -0700)]
gerbera: remove
This was meant to be a less buggy replacement to minidlna.
Unfortunately, the opposite seems to have happened over time. In
addition, it currently doesn't build.
I don't see many people actually using this. Probably better to just
remove.
Stan Grishin [Fri, 19 Aug 2022 21:38:16 +0000 (21:38 +0000)]
simple-adblock: update to 1.9.0-1
* Update maintainer's email address
* Style Make and init file to OpenWrt standard
* Rename dnsmasq and unbound-related variables to better reflect
their use
* New 'allow' CLI parameter to quickly unblock domain(s)
* Switch to uci wrappers
* Beautify the output of the 'check' CLI parameter
* Better handling of output files directory creation error
* Support for (upcoming) dnsmasq nftsets
Hauke Mehrtens [Mon, 15 Aug 2022 14:56:14 +0000 (16:56 +0200)]
bluld: Do not include kernel headers into user space application
Remove the extra include for kernel headers from this user space
application. These extra includes are causing compile errors when
compiling with glibc. User space applications should not need such
headers.
Stijn Tintel [Tue, 16 Aug 2022 12:22:30 +0000 (15:22 +0300)]
Revert "strongswan: add strongswan-mod-socket"
The original PR for this change is #16373, where it's cleary stated it
doesn't work. This should have never been merged. It causes the
following recursive dependency:
tmp/.config-package.in:122354:error: recursive dependency detected!
tmp/.config-package.in:122354: symbol PACKAGE_strongswan-default depends on PACKAGE_strongswan-mod-socket-default
tmp/.config-package.in:123534: symbol PACKAGE_strongswan-mod-socket-default is selected by PACKAGE_strongswan-default
John Audia [Sat, 13 Aug 2022 11:18:48 +0000 (07:18 -0400)]
rsync: bump to 3.2.5
With the new OW release approaching, it might be better to get an officially
tagged upstream release in as PR#19087 just contained a fix for CVE-2022-29154
which itself introduced a few bugs.
John Audia [Sun, 7 Aug 2022 09:27:52 +0000 (05:27 -0400)]
tree: update upstream source
Update Makefile to use github mirror of new source url since current one is
going to retire. "Notice this site is likely going to be shutdown after over
28 years. I will likely be moving all my code-bases to
https://gitlab.com/OldManProgrammer"[1]
John Audia [Tue, 2 Aug 2022 06:39:29 +0000 (02:39 -0400)]
rsync: fix CVE-2022-29154
The rsync package is vulnerable to CVE-2022-29154[1], which is not yet in a
non-preview release. This commit applies the upstream commit to fix it and
several subsequent commits needed to fix bugs the initial fix introduced[2].
Rafał Miłecki [Wed, 10 Aug 2022 12:23:44 +0000 (14:23 +0200)]
ksmbd-tools: add package with hotplug.d script for auto sharing
One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.
This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/
It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.
A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.
Rafał Miłecki [Wed, 10 Aug 2022 12:23:40 +0000 (14:23 +0200)]
ksmbd-tools: append config from /var/run/config/ for runtime shares
Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots
With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.
Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.
Identical feature was added to samba36 in the OpenWrt commit 5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.
Yousong Zhou [Mon, 8 Aug 2022 12:12:19 +0000 (20:12 +0800)]
shadowsocks-libev: ss-rules: nft rule cleanup on reload
Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration. Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading
# HELP realtek_poe_switch_info information about the poe controller
# TYPE realtek_poe_switch_info gauge
realtek_poe_switch_info{mcu="ST Micro ST32F100 Microcontroller",firmware="v22.4"} 1
# HELP realtek_poe_switch_budget_watts overall power budget
# TYPE realtek_poe_switch_budget_watts gauge
realtek_poe_switch_budget_watts 77
# HELP realtek_poe_switch_consumption_watts overall power consumption
# TYPE realtek_poe_switch_consumption_watts gauge
realtek_poe_switch_consumption_watts 5
# HELP realtek_poe_port_priority poe priority of port
# TYPE realtek_poe_port_priority gauge
realtek_poe_port_priority{device="lan1"} 1
realtek_poe_port_priority{device="lan2"} 1
[...]
# HELP realtek_poe_port_consumption_watts per port power consumption
# TYPE realtek_poe_port_consumption_watts gauge
realtek_poe_port_consumption_watts{device="lan1"} 0
realtek_poe_port_consumption_watts{device="lan2"} 0
[...]
# HELP realtek_poe_port_state per port poe state
# TYPE realtek_poe_port_state gauge
realtek_poe_port_state{device="lan1",state="Disabled"} 0
realtek_poe_port_state{device="lan1",state="Searching"} 1
[...]
(states: Disabled, Searching, Delivering power, Fault, Other fault, Requesting power)
# HELP realtek_poe_port_mode per port poe mode
# TYPE realtek_poe_port_mode gauge
realtek_poe_port_mode{device="lan1",mode="PoE"} 0
realtek_poe_port_mode{device="lan1",mode="PoE+"} 1
[...]
(modes: PoE, Legacy, pre-PoE+, PoE+)
Nick Hainke [Sun, 7 Aug 2022 07:18:17 +0000 (09:18 +0200)]
gnutls: update to 3.7.7
- libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
[CVE-2022-2509]
- libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
equal to 255 times hash digest size, to comply with RFC 5869 2.3.
- libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters (#1323).
- libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
- libgnutls: New block cipher functions have been added to transparently
handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
add/remove padding if the length of the original plaintext is not a multiple
of the block size.
- libgnutls: New function for manual FIPS self-testing.
API and ABI modifications:
- gnutls_fips140_run_self_tests: New function
- gnutls_cipher_encrypt3: New function
- gnutls_cipher_decrypt3: New function
- gnutls_cipher_padding_flags_t: New enum
luajit: patch: PPC/e500 SPE: use soft float instead of failing
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
realtek-poe: Add package to control PoE for Realtek 838x devices
The realtek-poe package is used to configure the Power-over-Ethernet
controller found on Realtex 838x based switches. On many such
switches, the PoE doesn't work without this package.
Signed-off-by: Stijn Segers <redacted> Signed-off-by: Alexandru Gagniuc <redacted>