contrib/Dockerfile: use apt-get instead of apt

statuspage: fix tq width

* apt is meant for user interactive usage. apt does not guarantee a stable CLI.
* set DEBIAN_FRONTEND=noninteractive to tell apt-get that no user interaction is wanted

overflow for 'DejaVu Sans'.

contrib/actions: use apt-get instead of apt

apt does not have a stable CLI interface. Don't use it in scripts.

This reverts commit d9621048.

fdd4afe6a adblock: fix init status command
5a8a7aeab libreswan: update cu 3.32
7af60cc3e libftdi1: Improve build binary reproducibility
aa3e95ac6 https-dns-proxy: bugfix: correct PROCD firewall object
abb3c7ede mariadb: update to version 10.2.37
cb6509e88 gnutls: patch security issue
41388ed8a php: add fix for updated ICU 68+
353063521 https-dns-proxy: support for additional Force DNS ports
44b301125 bind: update to version 9.16.13
612fbeb58 nnn: update to version 3.4
1952a1c2a python-aiohttp: backport fix for CVE-2021-21330
13ab7af3f icu: update to 68.2
2120a3cf5 icu: update to 68.1
10712797f icu: fix compilation under CentOS 7
79ddd0328 icu: update to 67.1
227597c97 haproxy: Update HAProxy to v2.0.21
a8a405928 tmate: add new package
01ab015a9 msgpack-c: add new package
97beb7d36 minidlna: update to 1.3.0
0494d8706 tor: update to version 0.4.4.8
40d56e46b mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
b66d262d7 net/mosquitto: bump to 1.6.14
e573dac5f CI: backport GitHub action CI
81fa8cf89 nextdns: Update to version 1.11.0
af02206e2 vpn-policy-routing: better processing of custom user files
5c58de5e6 libpam: update to 1.5.1
86a70892d libpam: update to 1.5.0
ef17e4a30 libpam: update to 1.4.0
85d122fdc nano: update to 5.6.1
a6a27c904 ninja: update to 1.10.2
b4adde587 ninja: fix typo
7fd680224 ninja: use for CMake
1299b07ee ninja: update to 1.10.1
86bb11e97 vpn-policy-routing: update to 0.3.2-18
2faeeb18e python-maho-mqtt: bump to versio 1.5.1
5c95dda73 unbound: update to 1.13.1
3abe9d0ae vpn-policy-routing: bugfix: netflix user file missing redirect
904d911c5 vpn-policy-routing: update user netflix file
2666b3d00 nano: update to version 5.6
7d26130b3 vpn-policy-routing: custom user scripts improvements
7d9d8616c libedit: update to version 20210216-3.1
ca01f389d libedit: update to version 20193112-3.1
855023214 adblock: update blocklist sources
39f3941cd knot: update to version 3.0.4
1662ca26b knot: update to 3.0.3
9389a5dd1 knot: disable embedded xdp
7619ff0df knot: update to 3.0.2
5ddcc2e05 knot: disable libnghttp2 autodetection
fb103be86 knot: update to version 3.0.1
523011bf4 screen: backport fix for CVE-2021-26937
8e1b62d4b openvswitch: update to version 2.11.6 (security fix)
5e24f6db6 vpn-policy-routing: update to version 0.3
0d0e4b96b netdata: update to version 1.29.2
2980cb8db netdata: update to version 1.29.1
f05ba1bbc python3: Update to 3.7.10, refresh patches
7be89f1f3 zerotier: bump to 1.6.4
fcf72948a bind: bump to 9.16.12
feb1a188e ksmbd: remove kmod-crypto-arc4 dependency
2f7026e65 htop: update to 3.0.5-1
ad186135a python-paho-mqtt: Update to version 1.5.0
3f0dbcdae isc-dhcp: seeing crashes when attempting to update dynamic dns
95fa96bda ttyd: force enable authentication for login
1a4184c07 https-dns-proxy: support for force DNS/DNS hijacking
b1fec2b7b mosquitto: bump to 1.6.13
5954e5695 getdns: disable static linking of getdns utilities
db69f0b57 zerotier: update to 1.6.3
1cec6bcfa getdns: Fix TLS V1.3 Ciphersuites option in Stubby
d7b42dcaa getdns: fix compilation without deprecated OpenSSL APIs
798c3ba3f keepalived: fix config typo
d41a0b75a keepalived: add script security param to fix warning
dbc66a08f ksmbd: update to 3.3.4
86c880712 ksmbd-tools: update to 3.3.4
dee2e818b keepalived: set default run directory for pid file on build
cf7969564 simple-adblock: remove dependency on jsonfilter & old code
bee91a9d8 sudo: backport patches for CVE-2021-3156
46d327a59 samba4: fix for #13758
e8d15424b nextdns: Update to version 1.10.1
11e9a2e17 php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
aae5144e7 msmtp: update to version 1.8.14
8e54decfa youtube-dl: update to version 2021.1.16
3b582ebd3 youtube-dl: update to version 2020.12.7
46253b17d https-dns-proxy: bugfix: high CPU utilization
cc38c62ad openwisp-config: update to version 0.5.0
50725c4c8 Revert "libzip: update to 1.7.3"
d8f0ebaa3 libzip: update to 1.7.3
9a0a7f928 libzip: update to 1.7.1 (closes #12512)
5fc922043 libzip: update to 1.6.1
9174036e4 libzip: update to 1.6.0
92f095b21 libzip: fix musl-fts failure
a0d9d76b2 libzip: add package
93d3bfd08 nano: update to 5.5
1224d6c21 idevicerestore: update to 1.0.0
9cfae98a7 idevicerestore: update to 2020-04-20
23f85f8fa idevicerestore: update to 2020-02-17
cb2d40346 idevicerestore: Update to 2019-12-26
202469750 idevicerestore: Add package
646461e2b libirecovery: update to official tarball
4f3b1aa38 libirecovery: fix version
e871dcf6b libirecovery: Update to 1.0.0
4175b8074 libirecovery: Add package
7707d2d78 haproxy: Update HAProxy to v2.0.20
8cc7aef3c nextdns: Update to version 1.9.6
67a324b5e syslog-ng: update to version 3.30.1
9e29bd4de https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support
6d2ea90c3 haveged: update to 1.9.14
64b8dade4 usbmuxd: update to 1.1.1
42f227066 usbmuxd: enable systemd support
13485a4e5 usbmuxd: Update to 2020-01-20
c5aae4a76 usbmuxd: Update to latest master
0d0820d43 usbmuxd: Update to latest git version
46ecb7d58 imobiledevice: backport iOS 14 backup patch.
c71f4a82e libimobiledevice: update to 1.3.0
2ca8db427 libimobiledevice: update to 2020-02-19
2e2775dbc libimobiledevice: Update to 2020-01-20
cbda7d908 libimobiledevice: Update to latest master
f988eff7a libimobiledevice: Update to 2019-11-29
b856f627b libusbmuxd: update to 2.0.2
d59f1c90d libusbmuxd: Several fixes
a17c2aec3 libusbmuxd: Update to 2.0.1
5fc564827 libplist: add missing pkgconfig files in libplist 2.2
7660f6fa2 libplist: update to 2.2.0
8c28123e7 libplist: Several fixes
a60434422 libplist: Update to 2.1.0
3645d2876 libplist: Switch to normal releases
cafbae712 php7: drop patch for openssl deprecated API (fixes #14357)
4d1e525fc netdata: update to version 1.28.0
0563feebc adblock: backport fixes
40c1005f2 htop: update to 3.0.4-1
6bd3f5c37 mwan3: use ping -I for ipv6 after tunnel kernel fix
2a7bbad22 noddos: remove
182264c5b ulogd: Add back autoreconf
6106d1f28 ulogd2: Build IPFIX module
c8730e951 ulogd2: Backport upstream patches
5845691cb net: ulogd2: add myself as maintainer
df1c29679 nut: fix _ handling
e04535e99 qemu: bump PKG_RELEASE
3eb2e140e simple-adblock: config update
dc529c8cd wsdd2: update to git 2020-11-19
adb214338 samba4: update to 4.11.17
304888a37 htop: update to 3.0.3-1
0266f31c9 htop: update to 3.0.2-1
391267fc9 qemu: add patch for qga guest-shutdown command
4626c3bd6 utils/lcd4linux: fix package source
dc015ffe2 simple-adblock: bugfix - config update
9ca6bdaa0 https-dns-proxy: update binary to 2020-08-21
13d999882 zerotier: add patch to avoid including sys/auxv.h
061f81ff6 miniupnpd: Don't override ipv6_listening_ip

81266d9001 openssl: bump to 1.1.1k
6165bb0d60 openssl: sync package download URLs with master
c336db7a78 mbedtls: update to 2.16.10
616fff2a94 mwlwifi: add PKG_FLAGS:=nonshared
dce6b118eb scripts: bundle-libraries.sh: fix broken SDK compiler
afdd5dcd0d build: reduce number of files passed to ipk-remove
1fcd833c9a build: call ipkg-remove using xargs if #args>=512
33df82be36 build: package-ipkg: avoid calling wildcard twice
3402334413 kernel: bump 4.14 to 4.14.224
55e9d87754 kernel: bump 4.14 to 4.14.223
c64742a96e wolfssl: bump to v4.7.0-stable
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
0a08a9a2b4 build: fix checks for GCC11
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
b4a4d04b91 kernel: bump 4.14 to 4.14.222
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1

Fixes: CVE-2021-3450, CVE-2021-3449, CVE-2021-3336, CVE-2021-27803

End the process after one result in case -l is not given
and destination address is unicast.
Reduces singleshot execution time from timeout seconds to around 150ms.

resolves #2184

No package uses l2tp_ip.

3822f44013cc tunneldigger: remove unneeded kmod-l2tp-ip dependency
95c805c863cd tunneldigger: update to latest upstream (#238)

Upstream removed the factory images for the Archer C20 v1 as they
potentially brick the device. Remove them from Gluon to avoid build
failures on the next OpenWrt 19.07 bump.

Signed-off-by: David Bauer <mail@david-bauer.net>

e26b474 Merge pull request #644 from ecsv/batadv-for-19.07
369908c alfred: Start up alfred without valid interfaces
97e7600 alfred: Fix procd process handling for disable state
0a3432d Merge pull request #636 from ecsv/batadv-for-19.07
596dc84 batman-adv: Merge bugfixes from 2021.0
862a2df batctl: Merge bugfixes from 2021.0

6aef4bc7c3 lantiq: fritz7320: enable USB power supply
6bf5bfc19f openssl: bump to 1.1.1j
f44153038e OpenWrt v19.07.7: revert to branch defaults
d5ae565873 OpenWrt v19.07.7: adjust config defaults
c4a6851c72 kernel: bump 4.14 to 4.14.221
f8b849103d ramips: ethernet: Disable TSO support to improve stability

ubuntu-latest is now assigned to Ubuntu 20.04. As we use custom apt
sources for 18.04, pin to this version for now to fix the CI.

fec1aa6dfb mt76: update to the latest version
224fa47bf9 ramips: mark toggle input on EX6150 as a switch
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
cf5e5204d9 bcm63xx: sprom: override the PCI device ID
4465b44fc1 kernel: bump 4.14 to 4.14.219
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
ab9cb390be hostapd: fix P2P group information processing vulnerability
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
312c05611b kernel: bump 4.14 to 4.14.218
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
2044c01de8 wolfssl: Update to v4.6.0-stable
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box

a7a207e18b mt76: update to the latest version
1ce5008597 wireguard: Fix compile with kernel 4.14.217
2ecb22dc51 kernel: bump 4.14 to 4.14.217
11f4918ebb dnsmasq: backport fixes
9999c87d3a netifd: fix IPv6 routing loop on point-to-point links
250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links
d816c6cd31 kernel: bump 4.14 to 4.14.216
c21d59dc11 imagebuilder: pass IB=1 on checking requirements

kernel: bridge: Fix a deadlock when enabling multicast snooping

[ Upstream commit 851d0a73c90e6c8c63fef106c6c1e73df7e05d9d ]

From: Joseph Huang <Joseph.Huang@garmin.com>

When enabling multicast snooping, bridge module deadlocks on multicast_lock
if 1) IPv6 is enabled, and 2) there is an existing querier on the same L2
network.

The deadlock was caused by the following sequence: While holding the lock,
br_multicast_open calls br_multicast_join_snoopers, which eventually causes
IP stack to (attempt to) send out a Listener Report (in igmp6_join_group).
Since the destination Ethernet address is a multicast address, br_dev_xmit
feeds the packet back to the bridge via br_multicast_rcv, which in turn
calls br_multicast_add_group, which then deadlocks on multicast_lock.

The fix is to move the call br_multicast_join_snoopers outside of the
critical section. This works since br_multicast_join_snoopers only deals
with IP and does not modify any multicast data structures of the bridge,
so there's no need to hold the lock.

Steps to reproduce:
1. sysctl net.ipv6.conf.all.force_mld_version=1
2. have another querier
3. ip link set dev bridge type bridge mcast_snooping 0 && \
   ip link set dev bridge type bridge mcast_snooping 1 < deadlock >

A typical call trace looks like the following:

[  936.251495]  _raw_spin_lock+0x5c/0x68
[  936.255221]  br_multicast_add_group+0x40/0x170 [bridge]
[  936.260491]  br_multicast_rcv+0x7ac/0xe30 [bridge]
[  936.265322]  br_dev_xmit+0x140/0x368 [bridge]
[  936.269689]  dev_hard_start_xmit+0x94/0x158
[  936.273876]  __dev_queue_xmit+0x5ac/0x7f8
[  936.277890]  dev_queue_xmit+0x10/0x18
[  936.281563]  neigh_resolve_output+0xec/0x198
[  936.285845]  ip6_finish_output2+0x240/0x710
[  936.290039]  __ip6_finish_output+0x130/0x170
[  936.294318]  ip6_output+0x6c/0x1c8
[  936.297731]  NF_HOOK.constprop.0+0xd8/0xe8
[  936.301834]  igmp6_send+0x358/0x558
[  936.305326]  igmp6_join_group.part.0+0x30/0xf0
[  936.309774]  igmp6_group_added+0xfc/0x110
[  936.313787]  __ipv6_dev_mc_inc+0x1a4/0x290
[  936.317885]  ipv6_dev_mc_inc+0x10/0x18
[  936.321677]  br_multicast_open+0xbc/0x110 [bridge]
[  936.326506]  br_multicast_toggle+0xec/0x140 [bridge]

Fixes: 4effd28c1245 ("bridge: join all-snoopers multicast address")
Signed-off-by: Joseph Huang <Joseph.Huang@garmin.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20201204235628.50653-1-Joseph.Huang@garmin.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[linus.luessing@c0d3.blue: backported to 4.4]

6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults
b12284a14c OpenWrt v19.07.6: adjust config defaults
8055e38794 dnsmasq: Backport some security updates
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download
e30d3ea95f mbedtls: update to 2.16.9
c7b9c85819 kernel: bump 4.14 to 4.14.215
c9388fa986 kernel: bump 4.14 to 4.14.214
e290024717 glibc: update to latest 2.27 commit
2c37993c8a build/prereq: merge ifndef IB block together
79b1fa1702 build, imagebuilder: Do not require compilers
58138df2d5 build, imagebuilder: Do not require libncurses-dev
42e478eb0d build/json: add filesystem information

ipq40xx: Add support for Plasma Cloud PA1200 and PA2200

This device is a dual 5GHz device. It is recommended to manually change the
radio of the first device to the lower 5GHz channels and the second radio
to the upper 5GHz channels

ath79: Add support for Plasma Cloud PA300(E)

gluon-respondd: fix crash on 64bit archs (+ one unrelated issue)

Fixes warnings about implicit pointer-to-int and int-to-pointer casts.

Fixes: 59a4cd63 ("gluon-respondd: expose OWE clients in nodeinfo")

Fixes respondd on 64bit archs, as gluonutil_get_primary_domain() was
assumed to return int without the prototype.

Fixes: bcf57467 ("libgluonutil: implement gluonutil_get_primary_domain()")

This adds the OpenWrt label-mac device selection as the most preferred
fallback.

While this is only used on OpenWrt 19.07 for backports, we can also use
the label-mac device when backporting device support. This way, we have
to deal with less device-sepcific code downstream.

Signed-off-by: David Bauer <mail@david-bauer.net>

actions: run tasks based on set of modified paths