1. 27 Apr, 2021 10 commits
  2. 23 Apr, 2021 1 commit
  3. 22 Apr, 2021 4 commits
  4. 14 Apr, 2021 1 commit
  5. 12 Apr, 2021 1 commit
  6. 07 Apr, 2021 4 commits
  7. 05 Apr, 2021 7 commits
    • Martin Weinelt's avatar
      Merge pull request #2192 from txt-file/patch-1 · 2e675207
      Martin Weinelt authored
      contrib/actions: use apt-get instead of apt
    • Vieno Hakkerinen's avatar
      contrib/actions: use apt-get instead of apt · ca7a8ff5
      Vieno Hakkerinen authored
      apt does not have a stable CLI interface. Don't use it in scripts.
    • Martin Weinelt's avatar
    • Martin Weinelt's avatar
      contrib/actions: drop custom sources.list · 394bc8e6
      Martin Weinelt authored
    • Martin Weinelt's avatar
      Revert "actions: pin Ubuntu version" · e6b996f0
      Martin Weinelt authored
      This reverts commit d9621048.
    • Martin Weinelt's avatar
      modules: update packages · 272e30fd
      Martin Weinelt authored
      fdd4afe6a adblock: fix init status command
      5a8a7aeab libreswan: update cu 3.32
      7af60cc3e libftdi1: Improve build binary reproducibility
      aa3e95ac6 https-dns-proxy: bugfix: correct PROCD firewall object
      abb3c7ede mariadb: update to version 10.2.37
      cb6509e88 gnutls: patch security issue
      41388ed8a php: add fix for updated ICU 68+
      353063521 https-dns-proxy: support for additional Force DNS ports
      44b301125 bind: update to version 9.16.13
      612fbeb58 nnn: update to version 3.4
      1952a1c2a python-aiohttp: backport fix for CVE-2021-21330
      13ab7af3f icu: update to 68.2
      2120a3cf5 icu: update to 68.1
      10712797f icu: fix compilation under CentOS 7
      79ddd0328 icu: update to 67.1
      227597c97 haproxy: Update HAProxy to v2.0.21
      a8a405928 tmate: add new package
      01ab015a9 msgpack-c: add new package
      97beb7d36 minidlna: update to 1.3.0
      0494d8706 tor: update to version
      40d56e46b mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
      b66d262d7 net/mosquitto: bump to 1.6.14
      e573dac5f CI: backport GitHub action CI
      81fa8cf89 nextdns: Update to version 1.11.0
      af02206e2 vpn-policy-routing: better processing of custom user files
      5c58de5e6 libpam: update to 1.5.1
      86a70892d libpam: update to 1.5.0
      ef17e4a30 libpam: update to 1.4.0
      85d122fdc nano: update to 5.6.1
      a6a27c904 ninja: update to 1.10.2
      b4adde587 ninja: fix typo
      7fd680224 ninja: use for CMake
      1299b07ee ninja: update to 1.10.1
      86bb11e97 vpn-policy-routing: update to 0.3.2-18
      2faeeb18e python-maho-mqtt: bump to versio 1.5.1
      5c95dda73 unbound: update to 1.13.1
      3abe9d0ae vpn-policy-routing: bugfix: netflix user file missing redirect
      904d911c5 vpn-policy-routing: update user netflix file
      2666b3d00 nano: update to version 5.6
      7d26130b3 vpn-policy-routing: custom user scripts improvements
      7d9d8616c libedit: update to version 20210216-3.1
      ca01f389d libedit: update to version 20193112-3.1
      855023214 adblock: update blocklist sources
      39f3941cd knot: update to version 3.0.4
      1662ca26b knot: update to 3.0.3
      9389a5dd1 knot: disable embedded xdp
      7619ff0df knot: update to 3.0.2
      5ddcc2e05 knot: disable libnghttp2 autodetection
      fb103be86 knot: update to version 3.0.1
      523011bf4 screen: backport fix for CVE-2021-26937
      8e1b62d4b openvswitch: update to version 2.11.6 (security fix)
      5e24f6db6 vpn-policy-routing: update to version 0.3
      0d0e4b96b netdata: update to version 1.29.2
      2980cb8db netdata: update to version 1.29.1
      f05ba1bbc python3: Update to 3.7.10, refresh patches
      7be89f1f3 zerotier: bump to 1.6.4
      fcf72948a bind: bump to 9.16.12
      feb1a188e ksmbd: remove kmod-crypto-arc4 dependency
      2f7026e65 htop: update to 3.0.5-1
      ad186135a python-paho-mqtt: Update to version 1.5.0
      3f0dbcdae isc-dhcp: seeing crashes when attempting to update dynamic dns
      95fa96bda ttyd: force enable authentication for login
      1a4184c07 https-dns-proxy: support for force DNS/DNS hijacking
      b1fec2b7b mosquitto: bump to 1.6.13
      5954e5695 getdns: disable static linking of getdns utilities
      db69f0b57 zerotier: update to 1.6.3
      1cec6bcfa getdns: Fix TLS V1.3 Ciphersuites option in Stubby
      d7b42dcaa getdns: fix compilation without deprecated OpenSSL APIs
      798c3ba3f keepalived: fix config typo
      d41a0b75a keepalived: add script security param to fix warning
      dbc66a08f ksmbd: update to 3.3.4
      86c880712 ksmbd-tools: update to 3.3.4
      dee2e818b keepalived: set default run directory for pid file on build
      cf7969564 simple-adblock: remove dependency on jsonfilter & old code
      bee91a9d8 sudo: backport patches for CVE-2021-3156
      46d327a59 samba4: fix for #13758
      e8d15424b nextdns: Update to version 1.10.1
      11e9a2e17 php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
      aae5144e7 msmtp: update to version 1.8.14
      8e54decfa youtube-dl: update to version 2021.1.16
      3b582ebd3 youtube-dl: update to version 2020.12.7
      46253b17d https-dns-proxy: bugfix: high CPU utilization
      cc38c62ad openwisp-config: update to version 0.5.0
      50725c4c8 Revert "libzip: update to 1.7.3"
      d8f0ebaa3 libzip: update to 1.7.3
      9a0a7f928 libzip: update to 1.7.1 (closes #12512)
      5fc922043 libzip: update to 1.6.1
      9174036e4 libzip: update to 1.6.0
      92f095b21 libzip: fix musl-fts failure
      a0d9d76b2 libzip: add package
      93d3bfd08 nano: update to 5.5
      1224d6c21 idevicerestore: update to 1.0.0
      9cfae98a7 idevicerestore: update to 2020-04-20
      23f85f8fa idevicerestore: update to 2020-02-17
      cb2d40346 idevicerestore: Update to 2019-12-26
      202469750 idevicerestore: Add package
      646461e2b libirecovery: update to official tarball
      4f3b1aa38 libirecovery: fix version
      e871dcf6b libirecovery: Update to 1.0.0
      4175b8074 libirecovery: Add package
      7707d2d78 haproxy: Update HAProxy to v2.0.20
      8cc7aef3c nextdns: Update to version 1.9.6
      67a324b5e syslog-ng: update to version 3.30.1
      9e29bd4de https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support
      6d2ea90c3 haveged: update to 1.9.14
      64b8dade4 usbmuxd: update to 1.1.1
      42f227066 usbmuxd: enable systemd support
      13485a4e5 usbmuxd: Update to 2020-01-20
      c5aae4a76 usbmuxd: Update to latest master
      0d0820d43 usbmuxd: Update to latest git version
      46ecb7d58 imobiledevice: backport iOS 14 backup patch.
      c71f4a82e libimobiledevice: update to 1.3.0
      2ca8db427 libimobiledevice: update to 2020-02-19
      2e2775dbc libimobiledevice: Update to 2020-01-20
      cbda7d908 libimobiledevice: Update to latest master
      f988eff7a libimobiledevice: Update to 2019-11-29
      b856f627b libusbmuxd: update to 2.0.2
      d59f1c90d libusbmuxd: Several fixes
      a17c2aec3 libusbmuxd: Update to 2.0.1
      5fc564827 libplist: add missing pkgconfig files in libplist 2.2
      7660f6fa2 libplist: update to 2.2.0
      8c28123e7 libplist: Several fixes
      a60434422 libplist: Update to 2.1.0
      3645d2876 libplist: Switch to normal releases
      cafbae712 php7: drop patch for openssl deprecated API (fixes #14357)
      4d1e525fc netdata: update to version 1.28.0
      0563feebc adblock: backport fixes
      40c1005f2 htop: update to 3.0.4-1
      6bd3f5c37 mwan3: use ping -I for ipv6 after tunnel kernel fix
      2a7bbad22 noddos: remove
      182264c5b ulogd: Add back autoreconf
      6106d1f28 ulogd2: Build IPFIX module
      c8730e951 ulogd2: Backport upstream patches
      5845691cb net: ulogd2: add myself as maintainer
      df1c29679 nut: fix _ handling
      e04535e99 qemu: bump PKG_RELEASE
      3eb2e140e simple-adblock: config update
      dc529c8cd wsdd2: update to git 2020-11-19
      adb214338 samba4: update to 4.11.17
      304888a37 htop: update to 3.0.3-1
      0266f31c9 htop: update to 3.0.2-1
      391267fc9 qemu: add patch for qga guest-shutdown command
      4626c3bd6 utils/lcd4linux: fix package source
      dc015ffe2 simple-adblock: bugfix - config update
      9ca6bdaa0 https-dns-proxy: update binary to 2020-08-21
      13d999882 zerotier: add patch to avoid including sys/auxv.h
      061f81ff6 miniupnpd: Don't override ipv6_listening_ip
    • Martin Weinelt's avatar
      modules: update OpenWrt · 87209b9f
      Martin Weinelt authored
      81266d9001 openssl: bump to 1.1.1k
      6165bb0d60 openssl: sync package download URLs with master
      c336db7a78 mbedtls: update to 2.16.10
      616fff2a94 mwlwifi: add PKG_FLAGS:=nonshared
      dce6b118eb scripts: bundle-libraries.sh: fix broken SDK compiler
      afdd5dcd0d build: reduce number of files passed to ipk-remove
      1fcd833c9a build: call ipkg-remove using xargs if #args>=512
      33df82be36 build: package-ipkg: avoid calling wildcard twice
      3402334413 kernel: bump 4.14 to 4.14.224
      55e9d87754 kernel: bump 4.14 to 4.14.223
      c64742a96e wolfssl: bump to v4.7.0-stable
      4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
      0a08a9a2b4 build: fix checks for GCC11
      a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
      b4a4d04b91 kernel: bump 4.14 to 4.14.222
      86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
      e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
      a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1
      Fixes: CVE-2021-3450, CVE-2021-3449, CVE-2021-3336, CVE-2021-27803
  8. 15 Mar, 2021 1 commit
  9. 07 Mar, 2021 2 commits
  10. 28 Feb, 2021 1 commit
  11. 18 Feb, 2021 2 commits
    • Andreas Ziegler's avatar
      modules: update OpenWrt routing packages · e511b3bc
      Andreas Ziegler authored
      e26b474 Merge pull request #644 from ecsv/batadv-for-19.07
      369908c alfred: Start up alfred without valid interfaces
      97e7600 alfred: Fix procd process handling for disable state
      0a3432d Merge pull request #636 from ecsv/batadv-for-19.07
      596dc84 batman-adv: Merge bugfixes from 2021.0
      862a2df batctl: Merge bugfixes from 2021.0
    • Andreas Ziegler's avatar
      modules: update OpenWrt · 6d3da664
      Andreas Ziegler authored
      6aef4bc7c3 lantiq: fritz7320: enable USB power supply
      6bf5bfc19f openssl: bump to 1.1.1j
      f44153038e OpenWrt v19.07.7: revert to branch defaults
      d5ae565873 OpenWrt v19.07.7: adjust config defaults
      c4a6851c72 kernel: bump 4.14 to 4.14.221
      f8b849103d ramips: ethernet: Disable TSO support to improve stability
  12. 15 Feb, 2021 2 commits
    • David Bauer's avatar
      actions: pin Ubuntu version · d9621048
      David Bauer authored
      ubuntu-latest is now assigned to Ubuntu 20.04. As we use custom apt
      sources for 18.04, pin to this version for now to fix the CI.
    • David Bauer's avatar
      modules: update OpenWrt · 429223b9
      David Bauer authored
      fec1aa6dfb mt76: update to the latest version
      224fa47bf9 ramips: mark toggle input on EX6150 as a switch
      3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
      171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
      2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
      d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
      cf5e5204d9 bcm63xx: sprom: override the PCI device ID
      4465b44fc1 kernel: bump 4.14 to 4.14.219
      4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
      ab9cb390be hostapd: fix P2P group information processing vulnerability
      1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
      312c05611b kernel: bump 4.14 to 4.14.218
      3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
      e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
      2044c01de8 wolfssl: Update to v4.6.0-stable
      5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box
  13. 01 Feb, 2021 1 commit
    • David Bauer's avatar
      modules: update OpenWrt · 39c1f672
      David Bauer authored
      a7a207e18b mt76: update to the latest version
      1ce5008597 wireguard: Fix compile with kernel 4.14.217
      2ecb22dc51 kernel: bump 4.14 to 4.14.217
      11f4918ebb dnsmasq: backport fixes
      9999c87d3a netifd: fix IPv6 routing loop on point-to-point links
      250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links
      d816c6cd31 kernel: bump 4.14 to 4.14.216
      c21d59dc11 imagebuilder: pass IB=1 on checking requirements
  14. 25 Jan, 2021 2 commits
    • David Bauer's avatar
      Merge pull request #2178 from T-X/pr-bridge-fix-mc-snoopers-join-deadlock · ec8c4043
      David Bauer authored
      kernel: bridge: Fix a deadlock when enabling multicast snooping
    • Linus Lüssing's avatar
      kernel: bridge: Fix a deadlock when enabling multicast snooping · 13cb7504
      Linus Lüssing authored
      [ Upstream commit 851d0a73c90e6c8c63fef106c6c1e73df7e05d9d ]
      From: Joseph Huang <Joseph.Huang@garmin.com>
      When enabling multicast snooping, bridge module deadlocks on multicast_lock
      if 1) IPv6 is enabled, and 2) there is an existing querier on the same L2
      The deadlock was caused by the following sequence: While holding the lock,
      br_multicast_open calls br_multicast_join_snoopers, which eventually causes
      IP stack to (attempt to) send out a Listener Report (in igmp6_join_group).
      Since the destination Ethernet address is a multicast address, br_dev_xmit
      feeds the packet back to the bridge via br_multicast_rcv, which in turn
      calls br_multicast_add_group, which then deadlocks on multicast_lock.
      The fix is to move the call br_multicast_join_snoopers outside of the
      critical section. This works since br_multicast_join_snoopers only deals
      with IP and does not modify any multicast data structures of the bridge,
      so there's no need to hold the lock.
      Steps to reproduce:
      1. sysctl net.ipv6.conf.all.force_mld_version=1
      2. have another querier
      3. ip link set dev bridge type bridge mcast_snooping 0 && \
         ip link set dev bridge type bridge mcast_snooping 1 < deadlock >
      A typical call trace looks like the following:
      [  936.251495]  _raw_spin_lock+0x5c/0x68
      [  936.255221]  br_multicast_add_group+0x40/0x170 [bridge]
      [  936.260491]  br_multicast_rcv+0x7ac/0xe30 [bridge]
      [  936.265322]  br_dev_xmit+0x140/0x368 [bridge]
      [  936.269689]  dev_hard_start_xmit+0x94/0x158
      [  936.273876]  __dev_queue_xmit+0x5ac/0x7f8
      [  936.277890]  dev_queue_xmit+0x10/0x18
      [  936.281563]  neigh_resolve_output+0xec/0x198
      [  936.285845]  ip6_finish_output2+0x240/0x710
      [  936.290039]  __ip6_finish_output+0x130/0x170
      [  936.294318]  ip6_output+0x6c/0x1c8
      [  936.297731]  NF_HOOK.constprop.0+0xd8/0xe8
      [  936.301834]  igmp6_send+0x358/0x558
      [  936.305326]  igmp6_join_group.part.0+0x30/0xf0
      [  936.309774]  igmp6_group_added+0xfc/0x110
      [  936.313787]  __ipv6_dev_mc_inc+0x1a4/0x290
      [  936.317885]  ipv6_dev_mc_inc+0x10/0x18
      [  936.321677]  br_multicast_open+0xbc/0x110 [bridge]
      [  936.326506]  br_multicast_toggle+0xec/0x140 [bridge]
      Fixes: 4effd28c1245 ("bridge: join all-snoopers multicast address")
      Signed-off-by: default avatarJoseph Huang <Joseph.Huang@garmin.com>
      Acked-by: default avatarNikolay Aleksandrov <nikolay@nvidia.com>
      Link: https://lore.kernel.org/r/20201204235628.50653-1-Joseph.Huang@garmin.com
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      [linus.luessing@c0d3.blue: backported to 4.4]
  15. 19 Jan, 2021 1 commit
    • David Bauer's avatar
      modules: update OpenWrt · 9df297bd
      David Bauer authored
      6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults
      b12284a14c OpenWrt v19.07.6: adjust config defaults
      8055e38794 dnsmasq: Backport some security updates
      733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download
      53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download
      e30d3ea95f mbedtls: update to 2.16.9
      c7b9c85819 kernel: bump 4.14 to 4.14.215
      c9388fa986 kernel: bump 4.14 to 4.14.214
      e290024717 glibc: update to latest 2.27 commit
      2c37993c8a build/prereq: merge ifndef IB block together
      79b1fa1702 build, imagebuilder: Do not require compilers
      58138df2d5 build, imagebuilder: Do not require libncurses-dev
      42e478eb0d build/json: add filesystem information