Bump version in config

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ac4870f2)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 101791a2)

[OpenWrt 19.07] python3: Updated to version 3.7.6

[19.07] restic-rest-server: add package

[19.07] restic: add package

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

Signed-off-by: Markus Weippert <markus@gekmihesg.de>

Signed-off-by: Markus Weippert <markus@gekmihesg.de>

Fixes compilation with uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 93d04995)

[19.07] https-dns-proxy: switch to https-dns-proxy package name

msmtp-scripts: [19.07] Remove as abandoning upstream; msmtp-queue works

Fixes
CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351,
CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, and
CVE-2019-19604

And fix deprecated PKG_CPE_ID

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 06d36ca7)

Refresh patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 887b4e90)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 07f62dbe)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit d9bb633a)

drop upstreamed patches

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit af9209fb)

also package libnssckbi.so

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 4ad6e14a)

also refresh patches

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 3bacf6e9)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 80138937)

and clean some comments

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 4da3baea)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 25735197)

usleep is deprecated and is optionally not available with uClibc-ng.

Added PKG_LICENSE_FILES.

Added PKG_CPE_ID for proper CVE tracking.

Other minor cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1f1cec28)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 80c7a5c1)

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 9a4dae73)

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

This fixes:
  - CVE-2019-11046
  - CVE-2019-11044
  - CVE-2019-11045
  - CVE-2019-11050
  - CVE-2019-11047

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit d5c18b1d)

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit dde503da)

Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.

The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.

In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.

Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".

Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "cgi-io",
        "objects": [
            [ "exec", "read" ]
        ]
    }'

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "file",
        "objects": [
            [ "/bin/date", "exec" ],
            [ "/usr/sbin/iptables -n -v -L", "exec" ]
        ]
   }'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b2a890f6)

I am upstream for msmtp-scripts and have decided to abandon the project.  Therefore
remove msmtp-scripts from OpenWrt -- there is already msmtp-queue which is 'good enough'
for the use cases where msmtp-scripts had any relevance.

This backports to 19.07 so that it doesn't become something folks are depending on.
Due to changes in lock behaviour it never worked in 18.04.x, so ditching it now
keeps it from being picked up again by the userbase.

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>

Signed-off-by: Stan Grishin <stangri@melmac.net>

[19.07] libmodbus update to 3.1.6

Also fix the license information: in older versions the test programs
were GPL 3 licensed, but meanwhile it changed to BSD license.
But since this package only packages the library itself, we can
safely focus only on the LGPL here which covers the library itself.

While at, fix a minor nitpick during library symlink installation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 390da391)

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 1ac69ffc)

[openwrt-19.07] haproxy: Update HAProxy to v2.0.11

- Update haproxy download URL and hash
- Remove obsolete patches

Signed-off-by: Christian Lachner <gladiac@gmail.com>

[OpenWRT 19.07] nextdns: update to version 1.3.1

- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
(cherry picked from commit 3763b238)