Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.

Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>

unixodbc: Update to 2.3.7

apr: Update to 1.6.5

haproxy: Update HAProxy to v1.8.14

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

Signed-off-by: Peter Wagner <tripolar@gmx.at>

libs/sqlite: Update to 3.24.0

libftdi1: Fix compilation with cmake 3.12

bonnie++ 1.97.3

* Update nano editor to 3.1
* Apply a post-release upstream patch to fix compilation

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

krb5: fix keyutils dependency

syslog-ng: update to 3.17.2

- Update haproxy download URL and hash
- Removed all obsolete patches
- This fixes CVE-2018-14645 (See: https://nvd.nist.gov/vuln/detail/CVE-2018-14645)

Signed-off-by: Christian Lachner <gladiac@gmail.com>

Signed-off-by: W. Michael Petullo <mike@flyn.org>

aria2: handle check_certificate=false config option

net/keepalived: update to version 2.0.7 and enable ipvs support

mwan3: optimize the process of copying routing tables

stubby: add missing dependency on ca-certificates

python-pcapy: Update to 0.11.4

Signed-off-by: Peter Wagner <tripolar@gmx.at>

Signed-off-by: Peter Wagner <tripolar@gmx.at>

Signed-off-by: Ted Hess <thess@kitschensync.net>

- The original copy process is to delete all routing tables first,
   then add new routing table. This process is too slow and very dirty.
 - We use grep to identify the changes and apply them.
 - ignore ipv6 unreachable routes
 - update version number

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>

boost: Fix mips32r1 cpu builds (exclude Boost.fiber)

Signed-off-by: Ted Hess <thess@kitschensync.net>

jool: Update to 3.5.7 and switch to tarballs

chrony: update to 3.4

Signed-off-by: Waldemar Konik <informatyk74@interia.pl>

geth: Update to 1.8.15

Thanks to @jow- for pointing out the mistake.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>

Closes #6513

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>

libpng: Update to l.6.35

Signed-off-by: Rosen Penev <rosenp@gmail.com>

syslog-ng: disable tests as Travis is timing out

boost: Package Makefile Revision

Boost.Fiber is now disabled for Targets which use mips32 or mips64 cpu type.

This commit fixes issue [1]

[1]: https://github.com/openwrt/packages/issues/6987

Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>

Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>

Should be faster.

Rearranged Makefile slightly for consistency with other packages.

Version 3.5.6 and above are relicensed to GPL-2.0.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

cshark: update to latest git HEAD

Signed-off-by: Peter Wagner <tripolar@gmx.at>

Signed-off-by: Peter Wagner <tripolar@gmx.at>