2108 Commits

Author SHA1 Message Date
Beginner
f681482829
v2ray-plugin: update to 4.36.0 (#6533) 2021-03-15 13:19:54 +08:00
Beginner
54e90134e7
luci-app-jd-dailybonus: Keep up to date from jerrykuku (#6537) 2021-03-15 13:19:30 +08:00
Michael Qu
093f57f1af
uugamebooster: update to 2.7.8 (#6518) 2021-03-14 11:52:19 +08:00
CN_SZTL
f4b1b358fe
rockchip: sync latest codes from ImmortalWrt (#6522)
uboot:
 - immortalwrt/immortalwrt@7a042afdee uboot-rockchip: fix RockPro64 boot from eMMC
 - immortalwrt/immortalwrt@f450acefb0 uboot-rockchip: update to v2021.01
 - immortalwrt/immortalwrt@5cc1d3df78 rockchip: improve support for NanoPi R4S
 - immortalwrt/immortalwrt@83d3fb9634 uboot-rockchip: add NanoPi R4S support
 - immortalwrt/immortalwrt@3d86ffedd7 uboot-rockchip: update to v2020.10
 - immortalwrt/immortalwrt@fe5fa0c7ab Revert "uboot-rockchip: fix nanopi-r2s failed to boot on some sd cards"

target:
 - immortalwrt/immortalwrt@f67522e532 rockchip: add support for Radxa Rock Pi 4
 - immortalwrt/immortalwrt@cd7fd0c77b rockchip: add NanoPi R4S support
 - immortalwrt/immortalwrt@02395293a2 rockchip: fix SUPPORTED_DEVICES for Radxa ROCK Pi 4
 - immortalwrt/immortalwrt@c7b200b8a2 rockchip: re-order patches
 - immortalwrt/immortalwrt@aee038e773 rockchip: refresh Kconfig
 - immortalwrt/immortalwrt@22061b2880 kernel: enable CONFIG_LEDS_TRIGGER_HEARTBEAT
 - immortalwrt/immortalwrt@b1150de9e4 rockchip: add missing Kconfig symbols
 - immortalwrt/immortalwrt@ab28d07c3b treewide: fix spelling 'seperate' -> 'separate'
 - immortalwrt/immortalwrt@6401fca74d rockchip: use native mac address for NanoPi R4S

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2021-03-14 11:52:00 +08:00
CN_SZTL
2607c6cf5c
r8152: introduce r8152/r8153 driver from vendor (#6511)
This is the vendor driver for r8152/r8153 series USB ethernet adapter, it may be
better than the driver from kernel mainline, or be worse. It's depending on your
use-case.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2021-03-11 15:27:27 +08:00
CN_SZTL
80a7e79a7b
mbedtls: fix typo error (#6507)
Fixes: #6505

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2021-03-10 13:39:43 +08:00
Beginner
bd7cdbf39e
v2ray-plugin: update to 4.35.1 (#6494) 2021-03-09 23:14:05 +08:00
bobo liu
b1c6b17bf7
luci-app-frpc: add config field of user (#6496) 2021-03-09 23:13:48 +08:00
CN_SZTL
ef449e470b
mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491)
* mbedtls: update to 2.16.9

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions

A compact patch that provides AES and GCM implementations that utilize the
ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which
is disabled by default as we don't do runtime checking for the feature.
The new implementation lives in armv8ce_aes.c.

Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432
Thanks to Barry O'Rourke and others for that contribtion.

Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM
throughput increases about 4x, while raw AES speed is up to 10x faster.

[updated Makefile to enable this function, adjusted commit message]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

Co-authored-by: Rosen Penev <rosenp@gmail.com>
Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
2021-03-09 23:11:41 +08:00
Beginner
d3d8d0860a
luci-app-jd-dailybonus: add cdn (#6483) 2021-03-07 10:08:58 +08:00
AmadeusGhost
7b6c29773a
v2ray-plugin: update to 4.35.0 (#6470) 2021-03-06 00:27:32 +08:00
Saxon
3dcb5a5c8a
ca-certicficates: Update to version 20210119 (#6456) 2021-03-03 23:09:55 +08:00
CN_SZTL
ec4de4d31c
r8125: bump to 9.005.01 (#6457)
Enabled RSS support for performance.

Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
2021-03-03 23:09:37 +08:00
lean
26721a994c move xray-plugin 2021-03-01 11:08:52 +08:00
quintus
cc06227463
Create 990-not-defined-errors-on-gcc10.patch (#6433)
This patch fixes the following error when we compile with GCC 10.
‘’
‘’openwrt/staging_dir/toolchain-aarch64_generic_gcc-10.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/10.2.0/../../../../aarch64-openwrt-linux-musl/bin/ld: ss_local-http.o:openwrt/build_dir/target-aarch64_generic_musl/shadowsocksr-libev/shadowsocksr-libev-2.5.6-d63ff863800a5645aca4309d5dd5962bd1e95543/src/http.h:32: multiple definition of `http_protocol'; ss_local-local.o:openwrt/build_dir/target-aarch64_generic_musl/shadowsocksr-libev/shadowsocksr-libev-2.5.6-d63ff863800a5645aca4309d5dd5962bd1e95543/src/http.h:32: first defined here

openwrt/staging_dir/toolchain-aarch64_generic_gcc-10.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/10.2.0/../../../../aarch64-openwrt-linux-musl/bin/ld: ss_local-tls.o:openwrt/build_dir/target-aarch64_generic_musl/shadowsocksr-libev/shadowsocksr-libev-2.5.6-d63ff863800a5645aca4309d5dd5962bd1e95543/src/tls.h:31: multiple definition of `tls_protocol'; ss_local-local.o:openwrt/build_dir/target-aarch64_generic_musl/shadowsocksr-libev/shadowsocksr-libev-2.5.6-d63ff863800a5645aca4309d5dd5962bd1e95543/src/tls.h:31: first defined here‘’
‘’
2021-02-25 15:45:34 +08:00
AmadeusGhost
29cba8c5c1
bcm27xx: sync upstream source code (#6435) 2021-02-25 15:44:46 +08:00
Beginner
bdb5fa60ef
File organization (#6356) 2021-02-23 12:01:11 +08:00
Beginner
a5169dbd05
luci-app-jd-dailybonus: Keep up to date from jerrykuku (#6416) 2021-02-23 11:55:03 +08:00
Veoco
ef97f2a247
Revert "luci-app-ipsec-vpnd: add strongswan-mod-kernel-libipsec" (#6331) 2021-02-21 12:35:50 +08:00
Beginner
1160ce1e00
Add xray-plugin from Tianling Shen (#6407) 2021-02-21 12:30:47 +08:00
Chuck
e17961f67e
optimize the performance of obtaining CPU temperature (#6398)
Preformance Test (on NanoPi R2s, repeat 1000 times):

old command:

temp="$(awk "BEGIN{printf (\"%.1f\n\",$(cat /sys/class/thermal/thermal_zone0/temp)/1000) }")°C"

```
real    0m 9.20s
user    0m 3.29s
sys     0m 6.24s
```

new command:

temp="$(awk '{ printf("%.1f °C", $0 / 1000) }' /sys/class/thermal/thermal_zone0/temp)"

```
real    0m 5.57s
user    0m 1.78s
sys     0m 3.97s
```

Signed-off-by: Chuck <fanck0605@qq.com>
2021-02-21 12:27:55 +08:00
Chuck
aaba169f2f
optimize the performance of obtaining CPU usage (#6399)
Preformance Test (on NanoPi R2s, repeat 1000 times):

old command

cpu_usage=$(expr 100 - $(cat /tmp/top_tmp | grep 'CPU:' | awk -F '%' '{print$4}' | awk -F ' ' '{print$2}'))

```
real    0m 14.25s
user    0m 7.96s
sys     0m 20.33s
```

new command

cpu_usage=$(cat /tmp/top_tmp | awk '/^CPU/ { printf("%d%%", 100 - $8) }')

```
real    0m 6.91s
user    0m 4.29s
sys     0m 6.06s
```

Signed-off-by: Chuck <fanck0605@qq.com>
2021-02-21 12:26:19 +08:00
AmadeusGhost
7436d6866f
openssl: bump to 1.1.1j (#6410)
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-21 12:25:02 +08:00
AmadeusGhost
73fdfdf6aa
v2ray-plugin: fix build with goproxy (#6391) 2021-02-17 23:47:14 +08:00
fliaping
91efc63019
fix ddns(dnspod) update I pv6和ipv4 (#6383)
1. 当一个域名同时有A记录和AAAA记录时,在不需要更新时去更新,接口返回错误导致的脚本挂掉的问题,
接口报错信息:Error message:[记录已经存在,无需再次添加]
2. 文案明显错误修改
2021-02-16 23:01:40 +08:00
AmadeusGhost
db3ec85639
goproxy: replace unavailable goproxy.io (#6371)
The currently used goproxy.io will redirect to proxy.golang.com.cn
and cause compilation failure.
2021-02-15 18:02:53 +08:00
acooler15
22cfbe7faa
add function extra_command (#6357) 2021-02-11 09:19:12 +08:00
小离
e922f4a778
luci-app-jd-dailybonus: Keep up to date from jerrykuku (#6350)
Fix issues:
- Fix permission denied
- Fix html tag mismatch in openwrt theme
2021-02-11 09:18:04 +08:00
然后七年
51a94cb899
Remove V2Ray: Xray-core will provide (#6327) 2021-02-08 17:17:00 +08:00
AmadeusGhost
5b1838d04d
kernel: bump 5.4 to 5.4.95 (#6340) 2021-02-08 17:13:28 +08:00
Mattraks
fbdca3d67e
microsocks:bump to 1.0.2 (#6320)
https://github.com/rofl0r/microsocks/releases/tag/v1.0.2
2021-02-04 16:27:47 +08:00
Mattraks
e33b848bb2
ipt2socks:bump to 1.1.3 (#6317)
https://github.com/zfl9/ipt2socks/releases/tag/v1.1.3
2021-02-03 12:40:47 +08:00
lean
9bc05c5ce3 Version update to R21.2.1 2021-02-01 11:22:35 +08:00
ricksuzade-maker
b61d7f5d5b
Bump npc to 0.26.9 (#6279)
Bump npc to the newest version
2021-02-01 11:16:48 +08:00
ricksuzade-maker
3da0060131
Bump wireguard to 1.0.20210124 (#6285) 2021-02-01 11:16:20 +08:00
pupie
96f26d716a
Add scramble option in options file. (#6287) 2021-01-31 14:49:19 +08:00
Beginner
4244e635c6
luci-app-jd-dailybonus: Keep up to date from jerrykuku (#6296) 2021-01-31 14:48:32 +08:00
xiaobaishu1
7daf3edcec
Update Makefile (#6290)
切换到正式版本
2021-01-31 14:48:11 +08:00
AmadeusGhost
b95ffef87f
Revert "dnsmasq: force sync with official code" (#6266)
Fixes: 9170d18d0da78b7e70b9f45d0bf7771feee90a25 ("dnsmasq: Update to 2.84test3")
2021-01-27 17:12:30 +08:00
EnnawYang
6ee0262477
luci-app-jd-dailybonus: merge upstream code (#6262) 2021-01-26 18:38:53 +08:00
Beginner
9170d18d0d
dnsmasq: Update to 2.84test3 (#6259) 2021-01-26 18:38:30 +08:00
Beginner
1de5883783
luci-app-jd-dailybonus: update v1.0.3 from jerrykuku (#6255) 2021-01-26 00:17:05 +08:00
Beginner
434b834160
luci-app-jd-dailybonus: Keep up to date from jerrykuku (#6253)
* luci-app-jd-dailybonus: Keep up to date from jerrykuku

* luci-app-jd-dailybonus: Keep up to date from jerrykuku
2021-01-25 22:32:23 +08:00
eSir
b927a69df8
Upgrade OpenVPN to 2.5.0 & Add xorpatch as a scramble option (#6249) 2021-01-25 16:33:40 +08:00
xiaobaishu1
e780247bf7
Update DNSMASQ (#6250) 2021-01-25 16:31:52 +08:00
EnnawYang
3a50f6d523
luci-app-jd-dailybonus:bump to v1.0.2 (#6247) 2021-01-25 09:54:03 +08:00
AmadeusGhost
1c271cdd2c
dnsmasq: Update to version 2.83 (#6245)
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-25 01:37:23 +08:00
big fox tail
d3d861a729
random generate openvpn cert at first run (#6207) 2021-01-24 20:30:53 +08:00
lean
0ef46ab96b move xray to feeds 2021-01-23 19:29:53 +08:00
Beginner
dbc39c527b
Xray : Update V1.2.3 (#6232) 2021-01-23 19:23:31 +08:00