Javier Marcet [Tue, 24 May 2022 16:39:32 +0000 (18:39 +0200)]
python-jsonschema: Update to 4.5.1
What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Javier Marcet [Tue, 24 May 2022 16:40:38 +0000 (18:40 +0200)]
python3-paramiko: update to version 2.11.0
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Javier Marcet [Tue, 24 May 2022 16:45:21 +0000 (18:45 +0200)]
docker-compose: Update to version 2.5.1
What's Changed:
- Fix relative paths on envfile label by @ulyssessouza
- down: Reject all arguments by @Jille
- Clarify what default work dir is when multiple compose files by
@quite
- compose down exit=0 if nothing to remove by @ndeloof
- cp command: copy to all containers of a service as default
behaviour by @glours
- Fix extra space printed with --no-log-prefix option by @jan4843
- bump compose-go to 1.2.5 by @ndeloof
New Contributors:
- @Jille made their first contribution
- @quite made their first contribution
- @jan4843 made their first contribution
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Use nft instead of iptables to open port 80 in the firewall when getting a
cert. Since nft doesn't allow deleting a rule by its contents, capture and
save the handle when creating the rule, and use that to delete.
The audit package in the packages feed share the same sources as the
libaudit package in the base repo. libaudit performs a host build, used
only by libsemanage in base.
There is no package depending on 'audit/host', so we can remove it to
avoid possible confusion.
The patch is a partial cherry-pick (skipped ChangeLog) of upstream
commit 6b09724c6 ("Make IPX packet interpretation dependent on the ipx
header file existing").
Rui Salvaterra [Mon, 16 May 2022 14:10:27 +0000 (15:10 +0100)]
openconnect: fix OpenSSL build without deprecated API
Backport a patch in order to allow building OpenConnect against OpenSSL 1.1.x
without the need for deprecated API (further fixes will be required for OpenSSL
3.x, though).
Leo Soares [Mon, 16 May 2022 23:02:26 +0000 (00:02 +0100)]
libcoap: make sure `libcoap-3-notls.so` is installed
This commit fixes an issue where the `libcoap-3-notls.so` is not installed,
in some cases leaving the target's root with no library and just a broken link
from `libcoap-3.so` to `libcoap-3-notls.so`.
Adam Williams [Thu, 19 May 2022 03:08:01 +0000 (21:08 -0600)]
wifi-presence: Add config for process user/group
On systems using seccomp, the hostapd socket files will be owned by the
'network' user/group ([source][0]). In this case, if wifi-presence is
run as root/root, then it does not have permissions to open the
hostapd socket files. This was discussed in awilliams/wifi-presence#3.
This change allows the process user/group to be specified in
/etc/config/wifi-presence. If no explicit user/group is set, then the
init script will use the owner of the socket files in /var/run/hostapd/
to determine the appropriate process user/group.
This is based on the toolchain GCC, and aims to share as much of its
Makefile and patches with that definition. The package requires two
additional patches:
(1) 003-dont-choke-when-building-32bit-on-64bit.patch, which fixes the
`error: size of array 'test_real_width' is negative` error that occurs
when building a 32-bit GCC on a 64-bit host. (Search the Internet for
examples of this error appearing.)
(2) 980-add-nostdinc++.patch, which backports a fix from 11.3.0 (11.2.0
only).
Stijn Tintel [Wed, 18 May 2022 10:46:01 +0000 (13:46 +0300)]
Revert "lxc: export systemd cgroups after install"
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
Jeffery To [Thu, 12 May 2022 20:50:25 +0000 (04:50 +0800)]
nsutils: Update to latest version, switch to cmake
This also:
* Adds PKG_SOURCE_DATE and PKG_SOURCE_VERSION to PKG_VERSION (by
default, when PKG_VERSION is defined, PKG_SOURCE_DATE and
PKG_SOURCE_VERSION are not used)
modemmanager: report network initiated disconnections to netifd
The new connection dispatcher scripts support integrated in
ModemManager 1.18.8 allows us to provide a openwrt-specific dispatcher
script used to report netifd that the underlying network connection is
down.
See also https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/775
Rob J. Epping [Wed, 11 May 2022 21:17:06 +0000 (23:17 +0200)]
nut: add cable type nut driver config
at least driver apcsmart-old (maybe more) allow for specifying the
type of cable used. My old UPS does will not function when cable type
is not specified.
This will add support for configuration option 'cable'