Patches allow lesser depencies, like bash and several python modules.
Added functions script that suites nicely for OpenWRT, it's more
clear than original and a lot shorter. Also information that is
put to system log, is more informative now. I also added init
script.

Signed-off-by: Oskari Rauta <[email protected]>

Major changes are:
  clean-up codes using checkpatch --strict option.
  fix several warning and build failure from linux-next.
  change the minimum supported kernel version to v5.4.
  use xarray for tree connect list.
  fix reviews from lkml.

Signed-off-by: Rosen Penev <[email protected]>

MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.

Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.

Signed-off-by: Kirill Nikolaev <[email protected]>

Major changes are:
  disable symlink by default.
  remove smack inherit leftovers.
  Enable guest access on IPC$ share by default.

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Jan Pavlinec <[email protected]>

Adds modules for BLISS signature scheme, NTRU and New Hope key
exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD,
ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE
XOF, and the Number Theoretic Transform library.

Signed-off-by: Derek Yerger <[email protected]>

Signed-off-by: Jianhui Zhao <[email protected]>

Instead of just appending the driver serial including the '0x' prefix,
use '-' prefix instead to make it more readable.

Signed-off-by: Daniel Golle <[email protected]>

Signed-off-by: Dirk Brenken <[email protected]>

This was probably a work-around for an issue with dependencies which
was fixed by
openwrt/openwrt@988ed00

Remove it as all other packages with `-selinux` variants do provide
a non-SELinux-variant without any suffix and that works now, see
procd vs. procd-selinux
busybox vs. busybox-selinux

Signed-off-by: Daniel Golle <[email protected]>

uvol is a wrapper-script which allows automated handling of storage
volumes. uvol currently comes with backend support for LVM2 and UBI,
covering practically all options for storage large enough to be
managed (NAND, SPI-NAND, eMMC, SATA, NVME, virtio-blk, ...).

Signed-off-by: Daniel Golle <[email protected]>

Fixes: 312594f ("uvol: add new package")
Signed-off-by: Daniel Golle <[email protected]>

This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.

To reproduce this bug, perform the following:
  - Install safe-search
  - Perform an OpenWRT firmware upgrade (choose to preserve user settings)
  - Install safe-search again

Signed-off-by: Gregory L. Dietsche <[email protected]>

modbus-utils was not intended to be added at this stage. Remove it.

Fixes: 312594f ("uvol: add new package")
Signed-off-by: Daniel Golle <[email protected]>

Fix post-merge comments in #15316 and update source.

Signed-off-by: Daniel Golle <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Gerbera stupidly uses taglib-config to find the paths. Fix them to avoid
adding /usr/lib

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Stan Grishin <[email protected]>

 * use lvm --reportformat json
 * add 'list' and 'align' commands
 * add help output

Signed-off-by: Daniel Golle <[email protected]>

THe current CI uses both CircleCI and GitHub Action CI, but not Travis.

Signed-off-by: Paul Spooren <[email protected]>

Signed-off-by: Stan Grishin <[email protected]>

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <[email protected]>

Signed-off-by: Robin Rainton <[email protected]>

The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead.  Otherwise a circular
dependency is created.

Signed-off-by: Eneas U de Queiroz <[email protected]>

The package needs libseccomp, which does not currently support arc.
In order to avoid a circular dependency, we must avoid arc here as well.

Signed-off-by: Eneas U de Queiroz <[email protected]>

This reverts commit b29e609.

Adding DEPENDS+=@!arc will cause a circular dependency, because some
packages select libseccomp based on a build option.

Commit e29483d ("libseccomp: workaround a recursive dependency") added
a workaround that was not properly documented, so I'll explain here.

The problem arises when libseccomp is selected depending on some config
option:

define Pakcage/foo
  DEPENDS=+FOO_SECCOMP:libseccomp

Even if the condition is correctly defined, excluding arc, such as:

define Package/foo/config
  config FOO_SECCOMP
    depends on !arc

the config generator will parse libseccomp's DEPENDS variable and
generate menuconfig statements like these:

config PACKAGE_foo
   select PACKAGE_libseccomp if FOO_SECCOMP
   depends on !FOO_SECCOMP || !arc

The last condition is always true because FOO_SECCOMP will always be
be false when arc is true.  The config generator is not able to
simplify/optimize the condition.

The circular dependecy occurs because FOO_SECCOMP depends on
PACKAGE_foo, and the redundant, always true line will make PACKAGE_foo
depend on FOO_SECCOMP.

As a workaround, we can add the 'depends on !arc' line to
Package/libseccomp/config, outside of the DEPENDS variable, so that the
redundant depends line line does not get generated.

Signed-off-by: Eneas U de Queiroz <[email protected]>
Cc: Daniel Golle <[email protected]>

April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)

OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.

Signed-off-by: Hirokazu MORIKAWA <[email protected]>

Features:

- Add profile filter to docker-compose config

- Add a depends_on condition to wait for successful service completion

Miscellaneous:

- Add image scan message on build

- Update warning message for --no-ansi to mention --ansi never as alternative

- Bump docker-py to 5.0.0

- Bump PyYAML to 5.4.1

- Bump python-dotenv to 0.17.0

Signed-off-by: Javier Marcet <[email protected]>

Breaking changes:

- Remove support for Python 2.7

- Make Python 3.6 the minimum version supported

Features:

- Add limit parameter to image search endpoint

Bugfixes:

- Fix KeyError exception on secret create

- Verify TLS keys loaded from docker contexts

- Update PORT_SPEC regex to allow square brackets for IPv6 addresses

- Fix containers and images documentation examples

Signed-off-by: Javier Marcet <[email protected]>

Update copyright

Signed-off-by: Josef Schlehofer <[email protected]>

Signed-off-by: Josef Schlehofer <[email protected]>

Signed-off-by: Alexandru Ardelean <[email protected]>

Remove upstream backport.

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Enable collectd-mod-cpufreq  for rockchip

Signed-off-by: Tomas Lara <[email protected]>

Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.

Fixes: #11455
Fixes: openwrt/luci#4473
Signed-off-by: Jo-Philipp Wich <[email protected]>

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <[email protected]>

Fixes two CVEs:

CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

Signed-off-by: Luiz Angelo Daros de Luca <[email protected]>

Signed-off-by: Jan Pavlinec <[email protected]>

Removed two now pointless patches as they were added as options.

Switch to AUTORELEASE for simplicity.

Update MESON_ARGS.

Signed-off-by: Rosen Penev <[email protected]>

Add patch fixing compilation without deprecated OpenSSL APIs.

Fix installation. This never worked as the section was misnamed.

Updated tool names.

Signed-off-by: Rosen Penev <[email protected]>

Fix compilation without deprecated OpenSSL APIs.

Backport upstream patch to fix stdout.

Signed-off-by: Rosen Penev <[email protected]>

A subshell caused by $(...) can't persistently modify globals as a
side-effect.

Signed-off-by: Philip Prindeville <[email protected]>

Signed-off-by: Philip Prindeville <[email protected]>

chacha20policy1305 is also an AEAD cipher, and hence does not
permit a hash algorithm.

Fixes issue #15397.

Signed-off-by: Philip Prindeville <[email protected]>

Meson update makes this error now.

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Rosen Penev <[email protected]>

Switch to compiling with CMake. Faster.

Signed-off-by: Rosen Penev <[email protected]>

Fixes: #15370

This is inspired from:
   https://github.com/wlanslovenija/firmware-packages-opkg/blob/330bc94dccd16a3e92ac2fdde08c81a598e12f94/lang/python-greenlet/Makefile

The `PKG_USE_MIPS16:=0` is not taken into consideration when building
Python modules. That's because the sysconfig is used.

This is only an issue with greenlet (on MIPS) so far.

One option is to do `PKG_USE_MIPS16:=0` in the core Python package.
But, since we know that the `wlanslovenija` group has successfully used
greenlet on MIPS with this construct, we might as well adopt it until GCC10
becomes the main compiler.

As noted here:
  #15370 (comment)
GCC10 doesn't have this problem.

Signed-off-by: Alexandru Ardelean <[email protected]>

Signed-off-by: Alexander Ryzhov <[email protected]>

Simplify CMake section.

Fix pkgconfig paths.

Signed-off-by: Rosen Penev <[email protected]>

This enables tools again which has been disabled in commit
498506a ("libupnp: update to 1.14.5"). Disabling tools leads to the
header upnptools.h not being installed into /usr/include. But e.g. mpd-full
depends on this header.

Fixes: 498506a ("libupnp: update to 1.14.5")
Signed-off-by: Alexander Egorenkov <[email protected]>

Bugs:

- Fix for invalid handler warning on Windows builds

- Fix config hash to trigger container recreation on IPC mode updates

- Fix conversion map for placement.max_replicas_per_node

- Remove extra scan suggestion on build

Signed-off-by: Javier Marcet <[email protected]>

libseccomp can't be built on ARC, so we must disable the option here as
well.  A different fix was first proposed by @zxlhhyccc in #15377.

Fixes: #15313

Signed-off-by: Eneas U de Queiroz <[email protected]>

Make sure filesystem is ready when volume becomes available.
Use 'write-once' as initial state for read-only volumes, only allow
writing to volumes in that state and transision to 'read-only' once
write has completed.
Also fix a typo which prevented 'list' command from working with LVM.

Signed-off-by: Daniel Golle <[email protected]>

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <[email protected]>

Switch to AUTORELEASE for simplicity.

Use autotools build.

Remove upstream patch.

Minor cleanups for consistency between packages.

Signed-off-by: Rosen Penev <[email protected]>

Switch to AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Jan Pavlinec <[email protected]>

/etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile
and changes were lost during upgrades.

Signed-off-by: Luiz Angelo Daros de Luca <[email protected]>

Signed-off-by: Philip Prindeville <[email protected]>

NLS means Native Language Support and when you have it enabled (it is
not default), clamav can not be compiled as it shows following error:

Package clamav is missing dependencies for the following libraries:
libiconv.so.2

Also, it is required that package libiconv-full is compiled first/before
than clamav and then try to compile clamav.

Signed-off-by: Josef Schlehofer <[email protected]>

Signed-off-by: Josef Schlehofer <[email protected]>

Signed-off-by: Philip Prindeville <[email protected]>

HAVE_LIBPCIACCESS that is currently passed through MAKE_VARS to disable
building with libpciaccess can't be set through the environment.
Instead, use CONFIG_CON_PCI, which can be passed through the environment
and will disable libpciaccess.

Signed-off-by: Eneas U de Queiroz <[email protected]>

Signed-off-by: Jan Pavlinec <[email protected]>

Signed-off-by: Jan Pavlinec <[email protected]>

Microsoft Windows, Xbox and possibly other operating systems do not
support IGDv2. With IGDv2 enabled, they send a HTTP GET request for
rootDesc.xml and WANIPCn.xml, and then nothing happens. The Microsoft
implementation probably doesn't like the WANIPCn.xml response and
decides UPnP is not available. When miniupnpd is built without IGDv2
support, after the 2 HTTP GET requests, there is a HTTP POST request to
/ctl/IPConn, and miniupnpd configures the port forward as expected.

The runtime option force_igd_desc_v1=yes (UCI: igvd1) does not solve
this problem. It's possible this was enough in earlier miniupnpd
versions, but it does not fix the problem the current version.

Since we are a modern distro, we want to support the latest and
greatest, so we should default to IGDv2 enabled. Introducing a
menuconfig option to disable IGDv2 would only help people who build
their own images, so offer a separate package variant for IGDv1.

Signed-off-by: Stijn Tintel <[email protected]>

* support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain
  clients based on their IP (currently only supported by bind!)
* avoid promiscuous mode in tcpdump setup for adblock reporting
* speed up dns report preparation
* support dns report mailing (/etc/init.d/adblock report mail)
* fix bind autodetection
* update LuCI-frontend (separate PR)
* update readme

Signed-off-by: Dirk Brenken <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Emmit ubus events when volumes come up/down.
Make sure volume state is always well defined by introducing
additional state 'write-prepare' (wp) during mkfs.
Add init scripts to bring up volumes at boot.

Signed-off-by: Daniel Golle <[email protected]>

Upgrade irqbalance to version 1.8.0

Signed-off-by: Hannu Nyman <[email protected]>

Currently, this package can not be installed while using standard path
of busybox, because binary killall wants to be installed on the same
location as busybox.

Collision:
• /usr/bin/killall: busybox (new-file), psmisc (existing-file)

Many of these binaries, which provides alternatives were moved to
folder /usr/libexec like wget, sed, findutils, less.
So I moved killall to /usr/libexec and others leave in touch and added
ALTERNATIVES for it, because preinstall script is no longer necessary.

Signed-off-by: Josef Schlehofer <[email protected]>

Signed-off-by: Philip Prindeville <[email protected]>

Signed-off-by: Olivier Poitrey <[email protected]>

Signed-off-by: Olivier Poitrey <[email protected]>

Signed-off-by: Olivier Poitrey <[email protected]>

Otherwise, Package/Configure won't find distutils module from python3/host

Signed-off-by: Alexander Ryzhov <[email protected]>

This commit is largely based on the work from Daniel Dickinson in
PR #2096 which was never merged. I tweaked it in a number of ways.
All bugs with this package are mine, not his.

Signed-off-by: Aaron Curley <[email protected]>

Signed-off-by: Jakov Petrina <[email protected]>

This is a single C file. Don't bother using the Makefile.

Signed-off-by: Rosen Penev <[email protected]>

Signed-off-by: Oskari Rauta <[email protected]>

This commit updates boost to version 1.76.0

There are no new libraries in this version

More info about Boost 1.76.0 can be found at the usual place [1].

Note: This package update includes a fix merged to Boost.Fiber in [2]
which did not make into this version but it will be present in the next
one. For now, the patch is needed, but it will be removed in version
1.77.0

[1]: https://www.boost.org/users/history/version_1_76_0.html
[2]: boostorg/fiber#276

Signed-off-by: Carlos Miguel Ferreira <[email protected]>

 - Add support for AppArmor
 - Gracefully stop containers and pods on shutdown

I found out that If you change location of containers to persistent storage instead of tmpfs, starting them will fail unless they have been stopped. If this is the case that reboot has occurred before pods and containers have been stopped, they cannot be started, they have to be removed and re-created. Change in initscript tries to avoid that. Even if containers are running at tmpfs, this won't hurt. Still, if something happens and system hangs/reboots/etc, script won't save you from that. It's just a attempt to make things better.
I also enabled AppArmor support for future possibilities.

Signed-off-by: Oskari Rauta <[email protected]>

Signed-off-by: Olivier Poitrey <[email protected]>

Signed-off-by: Sibren Vasse <[email protected]>

Signed-off-by: Oskari Rauta <[email protected]>

Signed-off-by: Florian Eckert <[email protected]>

Signed-off-by: Gerard Ryan <[email protected]>

Signed-off-by: Gerard Ryan <[email protected]>