Rosen Penev
252e383428
Merge pull request #13967 from neheb/npupnp
upmpdcli updates
4 years ago
Rosen Penev
884ed82b88
Merge pull request #13961 from neheb/sshfs2
sshfs: update to 3.7.1
4 years ago
Rosen Penev
c564409971
Merge pull request #13964 from neheb/lxc2
lxc: update to 4.0.5
4 years ago
Rosen Penev
85e2775989
Merge pull request #13963 from neheb/memcached2
memcached: update to 1.6.8
4 years ago
Daniel Golle
a6d99126a8
gnupg2: package gnupg2-dirmngr
dirmngr is needed to download keys from keyservers.
That being a useful thing, let's package dirmngr.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
Rosen Penev
45dd9c223e
Merge pull request #13965 from neheb/canut
canutils: update to 2020.11.0
4 years ago
Rosen Penev
155ba290ff
Merge pull request #13958 from flyn-org/snort
snort: update to 2.9.16.1
4 years ago
Rosen Penev
9a7efa6808
Merge pull request #13959 from flyn-org/snort3
Snort3 updates
4 years ago
Rosen Penev
129c790082
upmpdcli: update to 1.5.0
Add missing header for musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
099e9a31ca
libupnpp: update to 0.20.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
fcc209bacd
libnpupnp: update to 4.0.14
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
66191f481e
canutils: update to 2020.11.0
Renamed j* tools to their new versions.
Remove upstreamed patches.
Add missing time.h header.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
cbe4b726da
lxc: update to 4.0.5
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
c1fe3ecdc2
memcached: update to 1.6.8
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
ef388ff1f3
miniupnpc: update to 2.2.0
Remove CMAKE_INSTALL. No need for it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
Rosen Penev
dd14c769eb
sshfs: update to 3.7.1
Remove unnecessary patch. The issue was with fuse3.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
W. Michael Petullo
a896d5db15
snort3: update to 3.0.3-1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
840e8c7b13
libdaq: update to 3.0.0-beta1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
Karl Palsson
bc5d02e242
pagekitec: update to latest
Fixes for status files not being written, seen on OpenWrt
Fixes for compiler warnings, seen on OpenWrt
Full changelog: https://github.com/pagekite/libpagekite/compare/v0.91.200718...v0.91.201110
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
4 years ago
Karl Palsson
3aa2dbc441
c-ares: update to latest for security fixes
Four fixes tagged as security, full changelog at https://c-ares.haxx.se/changelog.html#1_17_0
Includes fix for CVE-2020-8277
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
4 years ago
Michael Heimpold
a1afbc7154
open-plc-utils: update to latest upstream version
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
4 years ago
Rosen Penev
a172e52eaf
Merge pull request #13957 from flyn-org/php7-pecl-krb5
php7-pecl-krb5: update to 1.1.4
4 years ago
Rosen Penev
5a5ab311d9
Merge pull request #13953 from flyn-org/openldap
openldap: update to 2.4.56
4 years ago
Rosen Penev
75d0562aef
Merge pull request #13948 from flyn-org/gstreamer
GStreamer updates
4 years ago
Rosen Penev
bcca53519e
Merge pull request #13956 from flyn-org/nfdump
nfdump: update to 1.6.21
4 years ago
Rosen Penev
c173480b75
Merge pull request #13950 from flyn-org/dmapd
dmapd: update 0.0.86
4 years ago
Rosen Penev
563977ac17
Merge pull request #13952 from flyn-org/krb5
krb5: update to 1.18.3
4 years ago
Rosen Penev
b60be7becf
Merge pull request #13949 from flyn-org/vips
vips: update to 8.10.2
4 years ago
W. Michael Petullo
f1a67441dc
snort: update to 2.9.16.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
206fa85928
php7-pecl-krb5: update to 1.1.4
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
a034111490
libgcrypt: update to 1.8.7
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
f530dcc1ea
libgpg-error: update to 1.39
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
3ab163df36
nfdump: update to 1.6.21
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
0660b2805a
openldap: update to 2.4.56
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
9689533481
krb5: update to 1.18.3
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
1379e452bc
dmapd: update 0.0.86
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
74e30ea924
vips: update to 8.10.2
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
8f412485e6
gst1-plugins-ugly: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
948f254e9d
gst1-libav: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
d3f549b3f3
gst1-plugins-bad: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
c4c2ef3319
gst1-plugins-good: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
549d37d216
gst1-plugins-base: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
W. Michael Petullo
08773852a1
gstreamer1: update to 1.18.1
Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years ago
Daniel Golle
75cb9949b7
podman: ship storage.conf and use runc by default for now
Ship podman with defaults more coherent with user expectations and
more likely to work out-of-the-box.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
Florian Eckert
6df16e50fb
docker-ce: update PKG_RELEASE version
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago
Florian Eckert
96a11a9c02
docker-ce: do not delete generated iptables by docker-ce
Deleting rules that docker has created is error-prone, because with
every update docker we have to check if anything has changed.
Cleaning up the firewall rules is part of the docker and should and must be
cleaned up and handeled by them when the service is terminated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago
Florian Eckert
19fc933330
docker-ce: add device option to expand interface blocking
If docker-ce handles the firewall and fw3 is not envolved because the
rules get not proceed, then not only docker0 should be handled but also
other interfaces and therefore other docker networks.
This commit extends the handling and introduces a new uci option
`device` in the docker config firewall section. This can be used to specify
which device is allowed to access the container. Up to now only docker0
is covert.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago
Florian Eckert
7c9ed12fa1
docker-ce: remove not applicable uciupdate
As the protocol is set to none, this makes no sense here, as it cannot
be controlled and thus processed by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago
Florian Eckert
f12071add9
docker-ce: set proto for docker bridge device to none
Set proto from `static` to `none`. This makes it clear that this
interface is not handled by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago
Florian Eckert
1af5593568
docker-ce: make docker-ce firewall handling configurable
Openwrt has a own firewall service called fw3, that supports firewall zones.
Docker can bypass the handling of the zone rules in openwrt via custom
tables. These are "always" processed before the openwrt firewall.
Which is prone to errors!
Since not everyone is aware that the firewall of openwrt will
not be passed. And this is a security problem because a mapped port is
visible on all interfaces and so also on the WAN side.
If the firewall handling in docker is switched off, then the port in
fw3 must be explicitly released and it cannot happen that the
port is accidentally exported to the outside world via the interfaces on
the WAN zone.
So all rules for the containers should and so must be made in fw3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years ago