Signed-off-by: Olivier Poitrey <rs@nextdns.io>

[21.02] nextdns: Update to version 1.12.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

[21.02] nextdns: Update to version 1.31.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 1e2ba940)

This patche adds the percent evaluation for the bad blocks.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b4e24c12)

This patche change prepares the ubi plugin to add the bad block evaluation in
percent.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 4927b533)

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6e41bf73)

Enables the compiler option that collectd is compiled with
debugging support. This is used at development stages to get
more messages from the collectd during development.

This option is default disabled.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a4f74eb1)

This removes the trailing back slash. This is not needed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 416ba35d)

On my system the attribute DEVTYPE was not set. The plugin could not
read any data and the function call blocked forever on this function and did
not returned. By removing it, all block devices under `/sys/class/block`
were checked.

Block devices that do not support SMART were not evaluated. The
collected displays the following message.

smart plugin: checking SMART status of /dev/loop4.
smart plugin: unable to open /dev/loop4.

If you do not like this message, you could only enable device in the uci that
does support SMART.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 543a2a97)

Switching on compilation for collectd smart plugin.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 092902a8)

This library is required by the smart plugin of the collectd.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 87e52cf1)

* support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain
  clients based on their IP (currently only supported by bind!)
* avoid promiscuous mode in tcpdump setup for adblock reporting
* speed up dns report preparation
* support dns report mailing (/etc/init.d/adblock report mail)
* fix bind autodetection
* update LuCI-frontend (separate PR)
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c531b6da)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 682aebba)

Currently, this package can not be installed while using standard path
of busybox, because binary killall wants to be installed on the same
location as busybox.

Collision:
• /usr/bin/killall: busybox (new-file), psmisc (existing-file)

Many of these binaries, which provides alternatives were moved to
folder /usr/libexec like wget, sed, findutils, less.
So I moved killall to /usr/libexec and others leave in touch and added
ALTERNATIVES for it, because preinstall script is no longer necessary.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d8969e0f)

Upgrade irqbalance to version 1.8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6631cfaa)

[openwrt-21.02] yq: Update to 4.7.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from c4d27271)

HAVE_LIBPCIACCESS that is currently passed through MAKE_VARS to disable
building with libpciaccess can't be set through the environment.
Instead, use CONFIG_CON_PCI, which can be passed through the environment
and will disable libpciaccess.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 52837117)

NLS means Native Language Support and when you have it enabled (it is
not default), clamav can not be compiled as it shows following error:

Package clamav is missing dependencies for the following libraries:
libiconv.so.2

Also, it is required that package libiconv-full is compiled first/before
than clamav and then try to compile clamav.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 87be6ffe)

/etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile
and changes were lost during upgrades.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit b0663e2959ff9dc37d0273aa3240a2ef0ed3c611)

Enable collectd-mod-cpufreq  for rockchip

Signed-off-by: Tomas Lara <tl849670@gmail.com>
(cherry picked from commit 6bd8d29b)

[21.02] ruby: update to 3.0.1

Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.

Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473


Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 57a77386)

Fixes two CVEs:

CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)

OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.

NODEJS_ICU_SMALL is default

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.

To reproduce this bug, perform the following:
  - Install safe-search
  - Perform an OpenWRT firmware upgrade (choose to preserve user settings)
  - Install safe-search again

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 49535edf)

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 5f65d87b)

Signed-off-by: Stan Grishin <stangri@melmac.net>

Signed-off-by: Stan Grishin <stangri@melmac.net>

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ec20e9df)

[21.02] safe-search: check for changed IP addresses weekly

[21.02] net/family-dns: Correct Reference to IPKG_INSTROOT 

IPKG_INSTROOT was misspelled.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 1569131f)

The current default of hourly is too fast. Some services such as
DuckDuckGo return IPs from a pool based on the user's location instead
of a fixed IP address. This change prevents unnecessary writes to the
flash memory by only updating once per week.

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
(cherry picked from commit 7164ccf1)

Unconditionally enable with BUILD_PATENTED.

Simplify configure args.

Add missing PKG_CONFIG_DEPENDS

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3d657736)

This commit adds a number of fixes to the OpenVPN up/down hotplug command
wrapper which currently fails to actually invoke user defined up and down
commands for uci configurations not using external native configurations.

 - Use the `--setenv` to pass the user configured `up` and `down` commands
   as `user_up` and `user_down` environment variables respectively

 - Instead of attempting to scrape the `up` and `down` settings from the
   (possibly generated) native OpenVPN configuration in
   `/etc/hotplug.d/openvpn/01-user`, read them from the respective
   environment variables instead

 - Fix parsing of native configuration values in `get_openvpn_option()`;
   first try to parse a given setting as single quoted value, then as
   double quoted and finally as non-quoted, potentially white-space
   escaped one. This ensures that `up '/bin/foo'` is interpreted as
   `/bin/foo` and not `'/bin/foo'`

Ref: https://forum.openwrt.org/t/openvpn-up-down-configuration-ignored/91126


Supersedes: #15121, #15284
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry-picked from commit 7f065a94)

See https://www.mankier.com/8/openvpn#--server-poll-timeout



Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry-picked from commit 5789faab)