Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit
ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit
f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
845d81ca0976c82829addc23e9e8b95885c910ee)
Ivan Pavlov [Thu, 25 Aug 2022 19:39:47 +0000 (22:39 +0300)]
openvpn: explicitly disable engine parameter for openssl variant
Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
is to disable engine support as engine support is deprecated. For ath79 architecture
build with autodetection engine support fails, so explicitly set off for now.
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
62e909e845e25ea87d671358cc8f4724326c7eaf)
Ivan Pavlov [Mon, 6 Jun 2022 05:57:31 +0000 (08:57 +0300)]
openvpn: update to 2.5.7
Added limited support for OpenSSL 3.0
Fixed some bugs
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
45b751dd850b20e791851d116f2f927c3fbe79eb)
Ivan Pavlov [Fri, 18 Mar 2022 05:43:53 +0000 (08:43 +0300)]
openvpn: update to 2.5.6
Maintainer: me / @mkrkn
Compile tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
Run tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547)
several build fixes, refer to https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
172795b8584c43327d320b591ab64647e4b821d4)
Jianhui Zhao [Sun, 22 May 2022 14:01:18 +0000 (22:01 +0800)]
rtty: update to 8.0.1
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit
0ea357c164d4d265d750459de2ad6a63149fe89e)
Stan Grishin [Tue, 4 Oct 2022 03:59:56 +0000 (20:59 -0700)]
Merge pull request #19502 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: allow domains bugfix & canary domains support
Marc Benoit [Mon, 5 Sep 2022 18:52:07 +0000 (14:52 -0400)]
nextdns: initialize nextdns from /etc/uci-defaults
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
(cherry picked from commit
e54247a6fa9c03f286d38460c425d6dbd622b657)
Tianling Shen [Fri, 23 Sep 2022 06:58:22 +0000 (14:58 +0800)]
dnslookup: Update to 1.8.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
671e794db130b1819f041346e8f19ad752f6aa08)
Stan Grishin [Sat, 1 Oct 2022 23:11:28 +0000 (23:11 +0000)]
simple-adblock: allow domains bugfix & canary domains support
* fix bug in download_lists and adb_allow to prevent unintended exclisions from
the block-lists of domains containing allowed domain. Fixes issue:
https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
disabled by default
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9156ef6507f8c3fe6785234dff223bad5b59a78e)
Stan Grishin [Sat, 1 Oct 2022 23:01:43 +0000 (16:01 -0700)]
Merge pull request #19490 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: uci wrappers & iCloud canary domains
Stan Grishin [Sat, 1 Oct 2022 23:01:22 +0000 (16:01 -0700)]
Merge pull request #19469 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: update to 1.9.1-1
Stan Grishin [Thu, 29 Sep 2022 23:58:53 +0000 (23:58 +0000)]
https-dns-proxy: uci wrappers & iCloud canary domains
* switch to using uci wrappers instead of direct uci calls
* add support for iCloud canary domains
https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
749b03ffbffbdf208bd589db6526c939d404ba79)
Rosen Penev [Sun, 18 Sep 2022 00:26:50 +0000 (17:26 -0700)]
bandwidthd: fix format warnings
Should fix crashing errors under musl 1.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e62158b6f8ab3ea2b6869474a36845dc69fbbe02)
Josef Schlehofer [Sun, 25 Sep 2022 10:00:55 +0000 (12:00 +0200)]
unbound: update to version 1.16.3
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204
Refreshed one patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
027533f9a23bbedd0b7c988405a9b5fd433da502)
Stan Grishin [Fri, 23 Sep 2022 20:44:12 +0000 (20:44 +0000)]
simple-adblock: update to 1.9.1-1
* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
for dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
f8c5fd93e7e055e2425729e812fe0d1e4aab8032)
Stan Grishin [Mon, 26 Sep 2022 20:34:50 +0000 (13:34 -0700)]
Merge pull request #19466 from stangri/openwrt-22.03-curl
[22.03] curl: bugfix: github source url
Stan Grishin [Mon, 26 Sep 2022 08:31:56 +0000 (08:31 +0000)]
curl: bugfix: github source url
* fixes https://github.com/openwrt/packages/issues/19456
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
c812153f8d4f73b3f82cb19e3b98c84ca680eecb)
Peter van Dijk [Wed, 21 Sep 2022 10:31:25 +0000 (12:31 +0200)]
pdns-recursor: update to 4.7.3
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
8e234be1e753184f1529af785af96b962e84c40b)
Karl Palsson [Fri, 23 Sep 2022 12:01:25 +0000 (12:01 +0000)]
libs/cjson: bump to 1.7.15
This is a bugfix release.
Full release notes available at: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.15
Signed-off-by: Karl Palsson <karlp@etactica.com>
Karl Palsson [Mon, 19 Sep 2022 14:15:27 +0000 (14:15 +0000)]
pagekite: add patchs for 64bit time
Source: https://github.com/pagekite/libpagekite/pull/78
Signed-off-by: Karl Palsson <karlp@etactica.com>
Karl Palsson [Mon, 19 Sep 2022 11:45:13 +0000 (11:45 +0000)]
mosquitto: bump to 2.0.15
Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/
Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/
2.0.15 is bigger security and bugfix release. 2.0.14 had a couple of
minor changes and was skipped for OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Ptilopsis Leucotis [Sun, 15 May 2022 04:02:40 +0000 (07:02 +0300)]
mosquitto: add missing 'persistence' section in config
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
David Bauer [Fri, 23 Sep 2022 11:15:37 +0000 (13:15 +0200)]
poemgr: update to latest HEAD
8988247 Makefile: Enable warnings as errors (-Werror)
aea39ca Makefile: Respect the CFLAGS and LDFLAGS that have been passed in
189594f poemgr: Fix compiler warnings in poemgr.c
0e1a8cf pd69104: Avoid self-induced pointer casts
2d53298 uswflex: Remove unused variables and declarations
d345441 poemgr: Reorganize poemgr.h to remove forward declarations
df1a7bc contrib: remove unneccessary functions.sh loading
056a6a9 poemgr: Fix name based profile selection
b8f8f23 poemgr: prolong the power budget detection delay
9e8344a poemgr: configure power_budget to override detected limit
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
255c4e6c80ae1f5c00e443eb0b77438ecf78c54c)
Stijn Tintel [Thu, 24 Mar 2022 14:52:30 +0000 (16:52 +0200)]
poemgr: fix conffiles path
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
33927a51c896e459aff4f7f9658da64f7768489a)
Dirk Brenken [Sun, 25 Sep 2022 19:00:00 +0000 (21:00 +0200)]
adblock: update 4.1.4-5
* auto-whitelist ext. dns lookup domain
* add public doh server blocklist source
* whitespace fixes in adblock.sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5603ed923747f7f361be4bf69387317f35f7f548)
James McGuire [Sat, 24 Sep 2022 21:49:21 +0000 (14:49 -0700)]
adblock: add lightswitch05 blocklist source
Signed-off-by: James McGuire <jamesm51@gmail.com>
(cherry picked from commit
b971cdc79b812334f71d0095a938bbc4a784a38f)
Alexander E. Patrakov [Sun, 4 Sep 2022 16:38:58 +0000 (00:38 +0800)]
hping3: add new package
The new package would help measuring one-way delays using ICMP type 13
packets. This is important for various scripts that automatically adjust
CAKE shaper bandwidth based on the observed bufferbloat. They need to
understand whether the delay is on the way up or on the way down, so
that they can adjust the bandwidth of the proper part of the shaper.
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379
V2: refreshed patches
Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
(cherry picked from commit
688a5413d087a4f8f70d523b189875831d6e39c4)
Michael Heimpold [Sun, 25 Sep 2022 08:22:17 +0000 (10:22 +0200)]
Merge pull request #19438 from mhei/22.03-squid-libxml2-backport
[22.03] squid: fix compilation with libxml (fixes #19099)
Daniel Golle [Sun, 25 Sep 2022 00:28:43 +0000 (01:28 +0100)]
snowflake: run snowflake-proxy with procd-ujail
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
0f3d48a3784fb495ffdfe4a83f540ad42fab89df)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Daniel Golle [Sat, 24 Sep 2022 02:03:22 +0000 (03:03 +0100)]
snowflake: add package
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cf120a7effd5d13a7f705b5eb9d22410b73d71f3)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Michael Heimpold [Thu, 25 Aug 2022 06:20:45 +0000 (08:20 +0200)]
squid: fix compilation with libxml (fixes #19099)
Add a patch which removes a call in Libxml2Parser.cc to 'xmlSetFeature'.
This function belongs to the 'depreciated' API part and is not
available in OpenWrt builds.
According to my understanding, this call can be removed safely since
it disables the feature "substitute entities" which is disabled by default.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
3ec47dc85cc4b191be1b2fee3195680343f770e1)
Martin Hübner [Tue, 2 Aug 2022 12:42:06 +0000 (14:42 +0200)]
gatling: add package gatling
Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
(cherry picked from commit
83ff83e32055dc50b01fffe7bae9ea113655756b)
Tianling Shen [Mon, 19 Sep 2022 02:42:57 +0000 (10:42 +0800)]
gg: Update to 0.2.11
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2a0ee392aea2a2cc1434c64c0af60be427e2786c)
Tianling Shen [Mon, 19 Sep 2022 02:33:32 +0000 (10:33 +0800)]
yq: Update to 4.27.5
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
fca4f1b8301917cb4eb64d0f5e9bfb4836d3d8e8)
Tianling Shen [Mon, 19 Sep 2022 02:45:48 +0000 (10:45 +0800)]
xray-core: Update to 1.6.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a0126b15c58f7527ed21dbcb659d51072ad1f5fc)
[Update geodata to latest version, based on
f8c25627ebe1d9]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glenn Strauss [Sun, 18 Sep 2022 07:02:40 +0000 (03:02 -0400)]
lighttpd: update to lighttpd 1.4.67 release hash
* update to lighttpd 1.4.67 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
f750089d26422557280ddfda1788f2491d15f701)
Rosen Penev [Thu, 22 Sep 2022 23:04:25 +0000 (16:04 -0700)]
tang: update directory
There's no more cache.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b847cfb93f89114d7a714b57af67198abadf9fa4)
Rosen Penev [Thu, 22 Sep 2022 23:02:24 +0000 (16:02 -0700)]
Revert "jose: remove libjose"
This reverts commit
02d6c8346cfae7c2de456800a862a7dd90782858.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
09781a8a65fa6624db55867f6918e9b4c03d7a32)
Rosen Penev [Thu, 22 Sep 2022 23:02:05 +0000 (16:02 -0700)]
Revert "jose: fix static library usage"
This reverts commit
c61b70918b6c10f6fd726b098474736a7e0ae9cd.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f5d3b820c529de94f2a55e078e8f5f2ff87755e9)
Michal Vasilek [Thu, 22 Sep 2022 17:47:41 +0000 (19:47 +0200)]
knot-resolver: update to 5.5.3
* fixes CVE-2022-40188
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
5d2fd886930a95d14df02ca8fbaf6f3814df3c01)
Tianling Shen [Sat, 3 Sep 2022 09:34:58 +0000 (17:34 +0800)]
libtorrent-rasterbar: Update to 2.0.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c741bf64cdac2ac1059c0e545e1afd842820c8c1)
Michael Heimpold [Wed, 21 Sep 2022 15:25:12 +0000 (17:25 +0200)]
Merge pull request #19418 from mhei/22.03-libxml2-update-2.10.2
[22.03] libxml2: update to 2.10.2
Stan Grishin [Tue, 20 Sep 2022 22:04:44 +0000 (15:04 -0700)]
Merge pull request #19381 from stangri/openwrt-22.03-curl
[22.03] curl: update to 7.85.0
Hannu Nyman [Tue, 20 Sep 2022 19:27:30 +0000 (22:27 +0300)]
Merge pull request #19415 from G-M0N3Y-2503/docker-update-22.03
[22.03] Docker: Update to v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:45:06 +0000 (20:45 +1000)]
dockerd: Update to v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:44:44 +0000 (20:44 +1000)]
docker: Update to v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:41:21 +0000 (20:41 +1000)]
libnetwork: Update to
0dde5c8 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:38:17 +0000 (20:38 +1000)]
containerd: Update to v1.6.8 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Tue, 20 Sep 2022 10:37:08 +0000 (20:37 +1000)]
runc: Update to v1.1.4 for Docker v20.10.18
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Michael Heimpold [Mon, 29 Aug 2022 21:26:20 +0000 (23:26 +0200)]
libxml2: update to 2.10.2
This fixes:
- CVE-2022-2309
Release Notes:
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.1
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.2
Also drop removed docbook compile switch.
Disable PKG_FIXUP to allow backporting.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
dc21121cf9c1c51649f0ffdaffd26326e53b4f45)
Michael Heimpold [Tue, 20 Sep 2022 05:51:48 +0000 (07:51 +0200)]
Merge pull request #19412 from mhei/22.03-php-8.1.10
[22.03] php8: update to 8.1.10
Michael Heimpold [Tue, 6 Sep 2022 19:47:30 +0000 (21:47 +0200)]
php8: update to 8.1.10
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit
026a672ad10898705f57f421ad09cf083bdfec13)
Rosen Penev [Sat, 17 Sep 2022 22:22:53 +0000 (15:22 -0700)]
jose: fix static library usage
When libjose is built statically, it must use --whole-archive as it uses
GCC's constructor attribute to initialize itself.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
c61b70918b6c10f6fd726b098474736a7e0ae9cd)
Dirk Brenken [Sun, 18 Sep 2022 07:09:07 +0000 (09:09 +0200)]
adblock: update 4.1.4-3
* unbound: fix domain search regression
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
e80d0236e3219ba95febdf4854b2c122e0150dd2)
Eneas U de Queiroz [Tue, 5 Apr 2022 14:50:46 +0000 (11:50 -0300)]
uacme: add libev dependency to uacme-ualpn
The dependency has a PACKAGE_uacme-ualpn condition so that libev won't
be unnecessarily built if uacme-ualpn is not selected.
Remove PKG_USE_MIPS16:=0, as it is not necessary when not using the
libev that is bundled with uacme.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
1642b68d4583c45e87b9628a38ae039e23617e0d)
Olivier Poitrey [Sat, 2 Apr 2022 20:59:21 +0000 (20:59 +0000)]
nextdns: Update to version 1.37.11
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
(cherry picked from commit
b665a6d6836a4a1dbbb6a6e4289e73b2d8363973)
Michal Vasilek [Fri, 16 Sep 2022 10:48:19 +0000 (12:48 +0200)]
python-flask-socketio: update to 5.3.1
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
7fd9d010a29173705241e2ade2172a28429234ca)
Stan Grishin [Thu, 15 Sep 2022 20:51:07 +0000 (20:51 +0000)]
curl: update to 7.85.0
* https://curl.se/changes.html#7_85_0
* add GitHub to PKG_SOURCE_URL
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
03a32717bc15d8dd0c99e200dd64ae0bbd558c35)
Dirk Brenken [Sun, 11 Sep 2022 10:45:51 +0000 (12:45 +0200)]
adblock: update 4.1.4-2
* some more cleanups, forgotten with the last update
* optimized unbound syntax ('always_nxdomain' & 'always_transparent')
* optimized oisd download sources (use wilcard variants which are much smaller)
* removed superfluous version information/function
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
54f493ed9d283620d8bbf468df5c024eed383dbb)
Dirk Brenken [Sat, 10 Sep 2022 16:42:14 +0000 (18:42 +0200)]
adblock: update 4.1.4
* dnsmasq upstream has changed the code for domain handling
and recommends the 'local' syntax for large blocklists
* remove pipefail command, see #19043 for reference
* removed the unused 'adb_dnsinotify' parameter
* removed the 'adb_maxqueue' parameter,
the queue size will be automatically set by the number of cpu cores
* various cleanups, mostly shellcheck related
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
254b3d9380425841347ac4988defa6f035c8ca8a)
Michal Vasilek [Wed, 7 Sep 2022 12:52:32 +0000 (14:52 +0200)]
yt-dlp: update to 2022.9.1
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
b1031b07a220b919beaebe80484cb63182ee6094)
Jan Hák [Tue, 13 Sep 2022 12:46:11 +0000 (14:46 +0200)]
knot: update to version 3.2.1
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
023df0992a8b3fff97eb9dd8c36708114ac0f1a7)
Šimon Bořek [Mon, 27 Jun 2022 12:49:05 +0000 (14:49 +0200)]
python3: backport and fix target musl libc detection
Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.
Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.
See included patches for more detailed descriptions.
Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.
[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
992fcd1bd8770bb44a56bc4173ac3befe0fa16ef)
Stan Grishin [Tue, 13 Sep 2022 00:56:34 +0000 (03:56 +0300)]
Merge pull request #19350 from stangri/openwrt-22.03-aria2
[22.03] aria2: Fix aria2.init start issue
Naraku J [Fri, 8 Apr 2022 08:10:55 +0000 (10:10 +0200)]
aria2: Fix aria2.init start issue
Re-mount '$config_file' inside the '$config_dir' will cause aria2 process unable to start.
Signed-off-by: Naraku J <74468372+Narakuku@users.noreply.github.com>
(cherry picked from commit
3eba8468e1e93e5f66df20aa3f8ebe5d3f1cffea)
Rafał Miłecki [Wed, 10 Aug 2022 12:23:44 +0000 (14:23 +0200)]
ksmbd-tools: add package with hotplug.d script for auto sharing
One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.
This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/
It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.
A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit
ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
d0406d4c956e92f979802640832180eedd1a6efe)
Rafał Miłecki [Wed, 10 Aug 2022 12:23:40 +0000 (14:23 +0200)]
ksmbd-tools: append config from /var/run/config/ for runtime shares
Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots
With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.
Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.
Identical feature was added to samba36 in the OpenWrt commit
5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
c9cba619898d7bf87fc8277e57b473923d912c32)
Tianling Shen [Thu, 8 Sep 2022 02:34:26 +0000 (10:34 +0800)]
cloudflared: Update to 2022.9.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2bad3b604ac8574b3585412206e1d6a7b83fcafc)
John Audia [Wed, 20 Jul 2022 11:17:42 +0000 (07:17 -0400)]
lxc: update to 5.0.1
Bump to latest and update Makefile to use meson which is upstream's standard.
Deleted unneeded 010-Remove-distro-check.patch (reference to configure).
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
d957a2293b2a21b1edca1aa92e141bad8292251a)
Josef Schlehofer [Wed, 7 Sep 2022 10:00:59 +0000 (12:00 +0200)]
syslog-ng: update to version 3.38.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1
- Update the configuration file to use version 4.0 as mentioned in the
release notes to try the latest changes
Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
34b7af9e0859418bb85e7d3ca131101dd912ae53)
Jo-Philipp Wich [Tue, 6 Sep 2022 17:42:18 +0000 (19:42 +0200)]
miniupnpd: rework firewall4 integration
- Bump to the latest Git version in order to increase the package version
for simpler opkg upgrade of the broken version
- (Re-)Introduce PKG_RELEASE into the package, omitting it may lead to
opkg segmentation faults under certain circumstances
- Utilize automatic include hooks to drop the isolated miniupnpd table
in favor to chains within the main inet fw4 table, otherwise PCP is
unreliable as the upnp table might accept traffic which is later
rejected by fw4
- Install a fw4 script hook to restart miniupnpd on fw4 restarts and
reloads in order to repopulate the upnp chains with forward rules
- Register the used miniupnpd configuration file and the firewall uci
configuration as change sources, otherwise `/etc/init.d/miniupnpd reload`
has no effect if the firewall or upnpd config was changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
3c6ff6c6c9175b53453825e47f674af4881c2bc1)
Tiago Gaspar [Tue, 16 Aug 2022 21:35:11 +0000 (22:35 +0100)]
miniupnpd: update and fix nftables variant
Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit
651a578cac6168566cf727d6b82ce819e41bbbbe)
Tianling Shen [Sat, 3 Sep 2022 09:12:36 +0000 (17:12 +0800)]
dnslookup: Update to 1.7.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
982903e0a36b857ad356e0922f013348235c4d9e)
Tianling Shen [Sat, 3 Sep 2022 09:17:22 +0000 (17:17 +0800)]
dnsproxy: Update to 0.44.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2acf2d920ff53e6ec82adca35940578d8b6876e3)
Tianling Shen [Sat, 3 Sep 2022 09:14:43 +0000 (17:14 +0800)]
cloudflared: Update to 2022.8.4
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
529164d054971925d4f7a2f4159db169c130e68e)
Alexandru Ardelean [Mon, 4 Jul 2022 09:56:43 +0000 (12:56 +0300)]
pillow: bump to version 9.2.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ed8420cd976e1a443f783c5ea8ce76097e870702)
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Alexandru Ardelean [Fri, 3 Jun 2022 07:11:11 +0000 (10:11 +0300)]
pillow: bump to version 9.1.1
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
e65d9825417005cf026a2637d862fefcecae841d)
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Alexandru Ardelean [Fri, 15 Apr 2022 06:51:43 +0000 (09:51 +0300)]
pillow: bump to version 9.1.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
2c2a8990bb20949c24976caf6aa4ea5c23b0304b)
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Tianling Shen [Tue, 30 Aug 2022 06:45:46 +0000 (14:45 +0800)]
gg: Update to 0.2.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a6c043c296fdbda69608ca7cb647e0e1a77b0eb0)
Tianling Shen [Tue, 30 Aug 2022 06:49:28 +0000 (14:49 +0800)]
xray-core: Update to 1.5.10
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ddd4082d30f843e522fc69ecaa5e91d6bb65365c)
Tianling Shen [Tue, 30 Aug 2022 06:48:07 +0000 (14:48 +0800)]
yq: Update to 4.27.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
90a76f6467c85157fabf1b614958f873b2169690)
Daniel Golle [Sun, 14 Aug 2022 18:51:37 +0000 (20:51 +0200)]
uvol: fix autopart handling double/float number
Consider only integer part of free space in megabytes when
deciding the boundaries of the to be created partition.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
f50a289e515fcdc49da5c19d58ed3af54c640cd4)
Fabian Lipken [Tue, 23 Aug 2022 11:43:01 +0000 (13:43 +0200)]
python-pycares: add new package
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit
90ef79afd8c4ad73b3c8a20539eaab66d4b372c2)
Hirokazu MORIKAWA [Tue, 23 Aug 2022 02:44:16 +0000 (11:44 +0900)]
node: bump to v16.17.0
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
841b38f37a5e3f9ad1812aaae1688dcba69e1fe5)
Philip Prindeville [Wed, 1 Jun 2022 00:41:28 +0000 (18:41 -0600)]
strongswan: add kernel module dependency on chapoly
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
6a30ed6fbd5aa625221607b215521fbec1f06677)
Daniel Bermond [Mon, 22 Aug 2022 16:59:08 +0000 (13:59 -0300)]
i2pd: update to version 2.43.0
Maintainer : @yangfl (David Yang)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (commit
a434795809)
Run tested : r7800 OpenWrt git master (commit
a434795809)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
(cherry picked from commit
58b3857a5a8a2e66ac514be6af485b693e936ca5)
R4SAS I2P [Sat, 28 May 2022 17:41:49 +0000 (20:41 +0300)]
i2pd: Update package
* Update to 2.42.1
* Replace spaces with tabulation in init file
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit
bdd8ab6faf1ade127765f2629ffc955595967510)
Vladimir Ulrich [Fri, 26 Aug 2022 20:16:37 +0000 (23:16 +0300)]
zoneinfo: updated to the latest release
Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit
89c2fa9d9b5cd8f6e1cf9859965de04b3707fa5a)
Vladimir Ulrich [Sun, 14 Aug 2022 23:00:53 +0000 (02:00 +0300)]
zoneinfo: updated to the latest release
Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit
cb5bf2b007940c14825dc734814bfe5ceae5b09f)
Stan Grishin [Fri, 26 Aug 2022 19:52:35 +0000 (22:52 +0300)]
Merge pull request #19262 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: bugfix for allow command
Stan Grishin [Fri, 26 Aug 2022 18:43:45 +0000 (18:43 +0000)]
simple-adblock: bugfix for allow command
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
717499e62b59e0a03b9550de56cadc6885b05b2d)
Tianling Shen [Sun, 21 Aug 2022 19:15:47 +0000 (03:15 +0800)]
perl-ack: Update to 3.6.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d04fefc2b718d526a06ab3895e885475a16a1e12)
Petr Štetiar [Tue, 9 Aug 2022 08:28:43 +0000 (10:28 +0200)]
syslog-ng: fix OOM issues by adding support for logrotate
With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.
This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.
So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
660fa63faf2881d69f903a589568b72fbd4d61f5)
Josef Schlehofer [Thu, 25 Aug 2022 14:45:53 +0000 (16:45 +0200)]
python-uci: update to version 0.9.0
- Release notes:
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.9.0
- Update copyright while at it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e340fe8a124d1dcda2768ce3dfbcbaaf30fac44e)
Tianling Shen [Fri, 5 Aug 2022 13:58:06 +0000 (21:58 +0800)]
v2raya: Update to 1.5.9.1698.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
3c43f65ae90fd7de6a5bb91d1560917db1b281dd)
Toke Høiland-Jørgensen [Wed, 24 Aug 2022 14:11:53 +0000 (16:11 +0200)]
sqm-scripts: Bump to v1.5.2
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
(cherry picked from commit
a69e80648ad0e78a1bb87d752ff31f1ab5d298c4)
Alexandru Ardelean [Wed, 24 Aug 2022 09:28:16 +0000 (12:28 +0300)]
Merge pull request #19224 from commodo/django-22.03
[22.03] django: bump to version 4.0.7
Karel Kočí [Mon, 22 Aug 2022 12:31:21 +0000 (14:31 +0200)]
vim: variants conflict with each other
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit
46c058468aeaf7747c2e94e579020aa7f595c649)
Josef Schlehofer [Mon, 22 Aug 2022 12:58:19 +0000 (14:58 +0200)]
libgd: add conflicts to each other
The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
42b36b7180a1859502d72a42dcd6e9ef80519c55)
Peter van Dijk [Tue, 23 Aug 2022 10:40:46 +0000 (12:40 +0200)]
pdns-recursor: update to 4.7.2
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
0e660c9f501e3dde48bb7c4ead37ced7120542af)