Breaking changes:

- Remove support for Python 2.7

- Make Python 3.6 the minimum version supported

Features:

- Add limit parameter to image search endpoint

Bugfixes:

- Fix KeyError exception on secret create

- Verify TLS keys loaded from docker contexts

- Update PORT_SPEC regex to allow square brackets for IPv6 addresses

- Fix containers and images documentation examples

Signed-off-by: Javier Marcet <javier@marcet.info>

Features:

- Add profile filter to docker-compose config

- Add a depends_on condition to wait for successful service completion

Miscellaneous:

- Add image scan message on build

- Update warning message for --no-ansi to mention --ansi never as alternative

- Bump docker-py to 5.0.0

- Bump PyYAML to 5.4.1

- Bump python-dotenv to 0.17.0

Signed-off-by: Javier Marcet <javier@marcet.info>

April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)

OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

libseccomp,crun: Fix circular deps

This reverts commit b29e6097.

Adding DEPENDS+=@!arc will cause a circular dependency, because some
packages select libseccomp based on a build option.

Commit e29483d7 ("libseccomp: workaround a recursive dependency") added
a workaround that was not properly documented, so I'll explain here.

The problem arises when libseccomp is selected depending on some config
option:

define Pakcage/foo
  DEPENDS=+FOO_SECCOMP:libseccomp

Even if the condition is correctly defined, excluding arc, such as:

define Package/foo/config
  config FOO_SECCOMP
    depends on !arc

the config generator will parse libseccomp's DEPENDS variable and
generate menuconfig statements like these:

config PACKAGE_foo
   select PACKAGE_libseccomp if FOO_SECCOMP
   depends on !FOO_SECCOMP || !arc

The last condition is always true because FOO_SECCOMP will always be
be false when arc is true.  The config generator is not able to
simplify/optimize the condition.

The circular dependecy occurs because FOO_SECCOMP depends on
PACKAGE_foo, and the redundant, always true line will make PACKAGE_foo
depend on FOO_SECCOMP.

As a workaround, we can add the 'depends on !arc' line to
Package/libseccomp/config, outside of the DEPENDS variable, so that the
redundant depends line line does not get generated.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>

The package needs libseccomp, which does not currently support arc.
In order to avoid a circular dependency, we must avoid arc here as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

strongswan: libnttft must not select strongswan

Signed-off-by: Robin Rainton <robin@rainton.com>

Fix log spam:
daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This is caused by a non existant /proc/sysvipc/shm because of the
CONFIG_PROC_STRIPPED option that is enabled by default in the kernel
generic target config

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>

Signed-off-by: Stan Grishin <stangri@melmac.net>

THe current CI uses both CircleCI and GitHub Action CI, but not Travis.

Signed-off-by: Paul Spooren <mail@aparcar.org>

 * use lvm --reportformat json
 * add 'list' and 'align' commands
 * add help output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Signed-off-by: Stan Grishin <stangri@melmac.net>

Gerbera stupidly uses taglib-config to find the paths. Fix them to avoid
adding /usr/lib

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Fix post-merge comments in #15316 and update source.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

modbus-utils was not intended to be added at this stage. Remove it.

Fixes: 312594f8 ("uvol: add new package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.

To reproduce this bug, perform the following:
  - Install safe-search
  - Perform an OpenWRT firmware upgrade (choose to preserve user settings)
  - Install safe-search again

Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>

Fixes: 312594f8 ("uvol: add new package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

uvol is a wrapper-script which allows automated handling of storage
volumes. uvol currently comes with backend support for LVM2 and UBI,
covering practically all options for storage large enough to be
managed (NAND, SPI-NAND, eMMC, SATA, NVME, virtio-blk, ...).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

This was probably a work-around for an issue with dependencies which
was fixed by
https://github.com/openwrt/openwrt/commit/988ed0080284903d1fe4851c5ae8f1238bc61da2



Remove it as all other packages with `-selinux` variants do provide
a non-SELinux-variant without any suffix and that works now, see
procd vs. procd-selinux
busybox vs. busybox-selinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead.  Otherwise a circular
dependency is created.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Signed-off-by: Dirk Brenken <dev@brenken.org>

Instead of just appending the driver serial including the '0x' prefix,
use '-' prefix instead to make it more readable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>

strongswan: add more crypto plugins

knot-resolver: update to version 5.3.1

Major changes are:
  disable symlink by default.
  remove smack inherit leftovers.
  Enable guest access on IPC$ share by default.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.

Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.

Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>

Major changes are:
  clean-up codes using checkpatch --strict option.
  fix several warning and build failure from linux-next.
  change the minimum supported kernel version to v5.4.
  use xarray for tree connect list.
  fix reviews from lkml.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Remove getrescources call because it is no longer
required.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

collectd: add bad blocks percent calculation for ubi plugin

zeroconf: update to version 0.29.0

youtube-dl: update to version 2021.4.7

Unconditionally enable with BUILD_PATENTED.

Simplify configure args.

Add missing PKG_CONFIG_DEPENDS

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Faster to compile.

Add license information.

Several cleanups for consistency between packages.

Small patch fix now that uClibc-ng is gone.

Signed-off-by: Rosen Penev <rosenp@gmail.com>