feed/packages.git
16 months agobanip: release 0.8.9-1
Dirk Brenken [Fri, 7 Jul 2023 16:28:21 +0000 (18:28 +0200)]
banip: release 0.8.9-1

* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
  to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 68cdc3952dd7adf6fb1ed4b8138ec5478ac18b9a)

16 months agodnslookup: Update to 1.9.1
Tianling Shen [Wed, 22 Mar 2023 07:19:24 +0000 (15:19 +0800)]
dnslookup: Update to 1.9.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 65c9414e166c0bf97a47a388ecbd18e93df29fd2)

16 months agoadblock: update to 4.1.5-8
Dirk Brenken [Fri, 30 Jun 2023 05:28:16 +0000 (07:28 +0200)]
adblock: update to 4.1.5-8

* adapt adguard_tracking source changes

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e1fa285f325543cc96dcfe2beb17fe83cc1a76e3)

17 months agobind: bump to 9.18.16
Noah Meyerhans [Mon, 26 Jun 2023 03:02:35 +0000 (20:02 -0700)]
bind: bump to 9.18.16

Fixes CVEs:

- CVE-2023-2828: The overmem cleaning process has been improved, to
  prevent the cache from significantly exceeding the configured
  max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
  triggers a fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for named
  to enter an infinite callback loop and crash due to stack overflow.

The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 9ac79ad46966908d2ceb64c0e0d8a0bff435767a)

17 months agobanip: update 0.8.8-2
Dirk Brenken [Sat, 24 Jun 2023 11:09:40 +0000 (13:09 +0200)]
banip: update 0.8.8-2

* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c3084be415f5c701a319342c85ca626996b5b463)

17 months agobanip: release 0.8.8-1
Dirk Brenken [Wed, 21 Jun 2023 08:53:19 +0000 (10:53 +0200)]
banip: release 0.8.8-1

* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support  concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b9bd6cdb0dcd85b30999b162a06a10c5229908e7)

17 months agobanip: release 0.8.7-1
Dirk Brenken [Mon, 5 Jun 2023 15:20:12 +0000 (17:20 +0200)]
banip: release 0.8.7-1

* Optionally auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the
   monitored suspicious IP, set 'ban_autoblocksubnet' accordingly (disabled by default).
   For more information regarding RDAP see
   https://www.ripe.net/manage-ips-and-asns/db/registration-data-access-protocol-rdap for reference.
* small fixes & cosmetics
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 767d1ec663b980f86f31354ceaee07c6184656eb)

17 months agoc-ares: bump to 1.19.1
Hirokazu MORIKAWA [Thu, 15 Jun 2023 06:49:25 +0000 (15:49 +0900)]
c-ares: bump to 1.19.1

This is a security and bugfix release.

Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation

Fixing libcares.pc
 The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
 and causes build errors with Openwrt packages that use libcares.
 For this reason, libcares.pc was replaced.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 4c4d3b900197785292ef92055effcccd7f3b805b)

17 months agocloudflared: Update to 2023.6.1
Tianling Shen [Wed, 21 Jun 2023 12:47:19 +0000 (20:47 +0800)]
cloudflared: Update to 2023.6.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1aa41e92ac8733be9a25b77eddea7cdac3bedc34)

17 months agov2ray-geodata: Update to latest version
Tianling Shen [Tue, 20 Jun 2023 05:11:16 +0000 (13:11 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e4a22284cb5ddbcaccdea1ad850a573f9d783026)

17 months agoxray-core: update to 1.8.3
Tianling Shen [Tue, 20 Jun 2023 05:11:04 +0000 (13:11 +0800)]
xray-core: update to 1.8.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c912e2bcedfcfb50c1ee02d0fa120f0b0025ac2c)

17 months agocloudflared: Update to 2023.6.0
Tianling Shen [Mon, 19 Jun 2023 06:44:12 +0000 (14:44 +0800)]
cloudflared: Update to 2023.6.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 194cf52a82df2bdf98d52687762287ae689b6fc6)

17 months agocloudflared: support setting tunnel token
Scott McKenzie [Fri, 19 May 2023 17:38:27 +0000 (03:38 +1000)]
cloudflared: support setting tunnel token

Allows user to provide a token for Cloudflare tunnel.
When provided along with credentials, this will take precedence.

Signed-off-by: Scott McKenzie <scott@noizyland.net>
(cherry picked from commit 61106a8df299de5297e816d1f75fbb602382b60c)

17 months agonode: June 20 2023 Security Releases
Hirokazu MORIKAWA [Wed, 21 Jun 2023 02:41:11 +0000 (11:41 +0900)]
node: June 20 2023 Security Releases

Update to v16.20.1

The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)

* OpenSSL Security Releases  (Depends on shared library provided by OpenWrt)
    * OpenSSL security advisory 28th March.
    * OpenSSL security advisory 20th April.
    * OpenSSL security advisory 30th May

* c-ares vulnerabilities:  (Depends on shared library provided by OpenWrt)
    * GHSA-9g78-jv2r-p7vc
    * GHSA-8r8p-23f3-64c2
    * GHSA-54xr-f67r-4pc4
    * GHSA-x6mf-cxr9-8q6v

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
17 months agonmap: fix ncat proxy mode with upstream patches
ValdikSS ValdikSS [Fri, 16 Jun 2023 14:53:08 +0000 (17:53 +0300)]
nmap: fix ncat proxy mode with upstream patches

ncat utility from nmap package has a bug in 7.90 and 7.91 version which
prevent it from working via proxy.

Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
17 months agoMerge pull request #21412 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Tue, 20 Jun 2023 15:58:09 +0000 (09:58 -0600)]
Merge pull request #21412 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: update to 2023-05-25-2

17 months agoMerge pull request #21283 from stangri/openwrt-22.03-curl
Stan Grishin [Tue, 20 Jun 2023 02:59:57 +0000 (20:59 -0600)]
Merge pull request #21283 from stangri/openwrt-22.03-curl

[22.03] curl: update to 8.1.2

17 months agohttps-dns-proxy: update to 2023-05-25-2 21412/head
Stan Grishin [Tue, 20 Jun 2023 02:02:45 +0000 (02:02 +0000)]
https-dns-proxy: update to 2023-05-25-2

bugfix: proper mdns object creation
bugfix: prevent fw errors by allowing custom interfaces in config

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit a31640ac7cfab78c75808e22fc7fc2da48bd8e7f)

17 months agomhz: add new package
Robert Marko [Sat, 17 Jun 2023 06:47:39 +0000 (08:47 +0200)]
mhz: add new package

mhz is a tool for mathematically calculating the current CPU frequency, it
has proven to be a really good help while developing CPU frequency scaling
solutions as it allows to independently prove that scaling actually works.

Now that the author has added a license we can package it for the all to
use.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 89123b308f98de6e6e77a1bf21586c8fafc83413)

17 months agoMerge pull request #21382 from mhei/22.03-php8-update-to-8.1.20
Michael Heimpold [Fri, 16 Jun 2023 06:07:26 +0000 (08:07 +0200)]
Merge pull request #21382 from mhei/22.03-php8-update-to-8.1.20

[22.03] php8: update to 8.1.20

17 months agophp8: update to 8.1.20 21382/head
Michael Heimpold [Thu, 15 Jun 2023 19:24:26 +0000 (21:24 +0200)]
php8: update to 8.1.20

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
17 months agocloudreve: Update to 3.8.0
Tianling Shen [Mon, 12 Jun 2023 19:36:41 +0000 (03:36 +0800)]
cloudreve: Update to 3.8.0

- Fixed packing web frontend assets
- Enabled build for riscv64

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 27e6796a832e76ac4eee30de2347ad47c085c7ed)
[removed unavailable riscv64 from supported arches]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
17 months agodnsproxy: Update to 0.50.2
Tianling Shen [Sun, 11 Jun 2023 16:55:32 +0000 (00:55 +0800)]
dnsproxy: Update to 0.50.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit eda669c819fcd6ea2cf1f50ad3a21ea5b52fdeba)

17 months agoMerge pull request #21346 from jefferyto/python-3.10.12-openwrt-22.03
Tianling Shen [Tue, 13 Jun 2023 03:00:35 +0000 (11:00 +0800)]
Merge pull request #21346 from jefferyto/python-3.10.12-openwrt-22.03

[openwrt-22.03] python3: Update to 3.10.12

17 months agotunneldigger: add package for establishing L2TPv3 tunnels over UDP
Nick Hainke [Thu, 8 Jun 2023 12:34:09 +0000 (14:34 +0200)]
tunneldigger: add package for establishing L2TPv3 tunnels over UDP

In the previous commit we already added tunneldigger-broker. Add the
corresponding client.

This PR is just a refactoring of the already existing opkg package from
wlanslovenija [0].

[0] - https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit bd2b4f311a95b64e019ef29f7c01326a3dfee7d1)

17 months agotunneldigger-broker: add broker for tunneldigger
Nick Hainke [Thu, 8 Jun 2023 10:36:33 +0000 (12:36 +0200)]
tunneldigger-broker: add broker for tunneldigger

In mesh communities, tunneldigger is widely used to create L2TPv3 tunnels
and mesh via them. Since the broker is typically installed on other
distributions, the openwrt broker package has not received any
maintenance in recent years [0]. I  take now care of the further maintaince
of this package. Furthermore, I consulted with the maintainers to ensure
that they were comfortable with the change [1].

This PR is just a refactoring of the already existing opkg package from
wlanslovenija. It fixes config parsing and in general the config, adapts
to the new python syntax and fixes dependency handling.

- [0] https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger-broker
- [1] https://github.com/wlanslovenija/firmware-packages-opkg/issues/24

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 8298ce82346817c09cfb6ace2f991bacf79a6071)

17 months agoMerge pull request #21343 from jefferyto/golang-1.19.10-openwrt-22.03
Tianling Shen [Mon, 12 Jun 2023 10:21:13 +0000 (18:21 +0800)]
Merge pull request #21343 from jefferyto/golang-1.19.10-openwrt-22.03

[openwrt-22.03] golang: Update to 1.19.10

17 months agopython3: Update to 3.10.12 21346/head
Jeffery To [Mon, 12 Jun 2023 07:17:41 +0000 (15:17 +0800)]
python3: Update to 3.10.12

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
17 months agogolang: Update to 1.19.10 21343/head
Jeffery To [Mon, 12 Jun 2023 04:25:43 +0000 (12:25 +0800)]
golang: Update to 1.19.10

Includes fixes for:

* CVE-2023-29402: cmd/go: cgo code injection
* CVE-2023-29403: runtime: unexpected behavior of setuid/setgid binaries
* CVE-2023-29404: cmd/go: improper sanitization of LDFLAGS
* CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
17 months agoavahi: Import patches for security fixes
Hirokazu MORIKAWA [Thu, 8 Jun 2023 05:37:38 +0000 (14:37 +0900)]
avahi: Import patches for security fixes

Imported patches included in debian and other package.

* 200-Fix-NULL-pointer-crashes-from-175.patch
  CVE-2021-3502
   A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

* 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
  CVE-2021-3468
   A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

* 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
   avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly".
Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit.

* 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
   This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time.

* 204-Emit-error-if-requested-service-is-not-found.patch
   It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.

* 205-conf-file-line-lengths.patch
   Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024).

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 779af4d40ccdc0f2a798ee6b6849abb37d202f1b)

17 months agonet/acme: Bump acme.sh to v3.0.6
Toke Høiland-Jørgensen [Fri, 9 Jun 2023 13:23:45 +0000 (15:23 +0200)]
net/acme: Bump acme.sh to v3.0.6

Important security fix.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
17 months agocrowdsec: new upstream release version 1.5.2
S. Brusch [Wed, 7 Jun 2023 19:10:03 +0000 (21:10 +0200)]
crowdsec: new upstream release version 1.5.2

Update crowdsec to latest upstream release version 1.5.2

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5

Description: update to latest version of upstream
(cherry picked from commit 1813bf2c6e2f4cbf17af582d1626698fe8da5821)

17 months agocurl: update to 8.1.2 21283/head
Stan Grishin [Mon, 5 Jun 2023 19:35:08 +0000 (19:35 +0000)]
curl: update to 8.1.2

* https://curl.se/changes.html#8_1_2

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 5afd8e088a1ad0b9b1074ac61460101a48e7e551)

17 months agoxfrpc: update to 2.6.633
Dengfeng Liu [Sat, 3 Jun 2023 02:07:44 +0000 (10:07 +0800)]
xfrpc: update to 2.6.633

support socks5

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
17 months agocollectd: enable AllPortsSummary for tcpconns plugin
Maxim Storchak [Fri, 2 Jun 2023 14:53:18 +0000 (17:53 +0300)]
collectd: enable AllPortsSummary for tcpconns plugin

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit 8270bd173ed9e4aa8877bfaa4e23c59223dca9f1)
[remove AUTORELEASE at the same time]

17 months agodnsproxy: Update to 0.49.2
Tianling Shen [Fri, 2 Jun 2023 13:15:04 +0000 (21:15 +0800)]
dnsproxy: Update to 0.49.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d717bace8d2c2040547bbda284fe302af9ccd695)

17 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 1 Jun 2023 08:18:25 +0000 (16:18 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 56de9f91fd1d14be3b3f5497ff21040005fcf12d)

17 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 13 Apr 2023 16:24:35 +0000 (00:24 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b8d737641103452d33047629c0ff2df8851a58aa)

17 months agoyq: Update to 4.34.1
Tianling Shen [Thu, 1 Jun 2023 07:59:28 +0000 (15:59 +0800)]
yq: Update to 4.34.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2ecf76e27dbcc0a5d64db6d9b30269de56b2bd1e)

17 months agov2ray-core: Update to 5.7.0
Tianling Shen [Thu, 1 Jun 2023 07:59:02 +0000 (15:59 +0800)]
v2ray-core: Update to 5.7.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b95ec1db568f776722147b85ee1724b747a6d7d6)

17 months agocloudflared: Update to 2023.5.1
Tianling Shen [Thu, 1 Jun 2023 07:58:36 +0000 (15:58 +0800)]
cloudflared: Update to 2023.5.1

Fixed build issue with Go 1.20.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0625f038b3141666821270232eee032620380668)

17 months agoapfree-wifidog: Update to 6.02.1939
Dengfeng Liu [Sun, 28 May 2023 03:31:37 +0000 (11:31 +0800)]
apfree-wifidog: Update to 6.02.1939

1. support fw4
2. support openssl3.0

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
17 months agoMerge pull request #21204 from stangri/openwrt-22.03-curl-8.1.1
Stan Grishin [Wed, 31 May 2023 17:38:23 +0000 (11:38 -0600)]
Merge pull request #21204 from stangri/openwrt-22.03-curl-8.1.1

[22.03] curl: update to 8.1.1

18 months agolighttpd: update to lighttpd 1.4.71 release hash
Glenn Strauss [Sat, 27 May 2023 22:03:56 +0000 (18:03 -0400)]
lighttpd: update to lighttpd 1.4.71 release hash

remove patches included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 19291ee1951a79776c1b67c10fd67af5d346abc5)

18 months agocurl: update to 8.1.1 21204/head
Stan Grishin [Tue, 23 May 2023 22:26:26 +0000 (22:26 +0000)]
curl: update to 8.1.1

* https://curl.se/changes.html#8_1_1

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit b126e765cc8bc100336ea42fab5f655c0d4c6325)

18 months agoMerge pull request #21156 from jefferyto/python-3.10.11-openwrt-22.03
Alexandru Ardelean [Sat, 27 May 2023 18:16:35 +0000 (21:16 +0300)]
Merge pull request #21156 from jefferyto/python-3.10.11-openwrt-22.03

[openwrt-22.03] python3: Update to 3.10.11, refresh/restore patches; cherry pick fixes

18 months agoMerge pull request #21146 from stangri/openwrt-22.03-curl
Stan Grishin [Sat, 27 May 2023 06:46:07 +0000 (00:46 -0600)]
Merge pull request #21146 from stangri/openwrt-22.03-curl

[22.03] curl: update to 8.1.0

18 months agoMerge pull request #21178 from stangri/openwrt-22.03-https-dns-proxy
Alexandru Ardelean [Sat, 27 May 2023 06:26:54 +0000 (09:26 +0300)]
Merge pull request #21178 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: update to 2023-05-25-1

18 months agohttps-dns-proxy: update to 2023-05-25-1 21178/head
Stan Grishin [Fri, 26 May 2023 08:24:00 +0000 (08:24 +0000)]
https-dns-proxy: update to 2023-05-25-1

* update to a new upstream commit, fixes #19366
* update patches/010-cmakelists-remove-cflags.patch as upstream file was update
* remove patches/020-cmakelists-add-version.patch as version is now set elsewhere
* add patches/020-src-options.c-add-version.patch to set the version information
* adjust PROCD START time to 95

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit eb40aa1b5dc6b5945b8b53cd5a2cc06303a3d9eb)

18 months agopython3: Update to 3.10.11, refresh/restore patches 21156/head
Jeffery To [Thu, 16 Mar 2023 09:46:48 +0000 (17:46 +0800)]
python3: Update to 3.10.11, refresh/restore patches

This also restores (and updates) a patch for pip that was removed
earlier but is still necessary.

Fixes: 7a756db00249 ("python3: bump to version 3.10.9")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix hashlib module not compiled for host Python
Jeffery To [Wed, 24 May 2023 07:56:32 +0000 (15:56 +0800)]
python3: Fix hashlib module not compiled for host Python

This updates 026-openssl-feature-flags.patch with a newer version from
OpenBSD[1].

This also adds 029-no-FIPS_mode.patch to patch out a call to
FIPS_mode(). LibreSSL 3.4 does not have a function definition for
FIPS_mode.

[1]: https://github.com/openbsd/ports/blob/26a04435bf2a09dcbe22b718bfee08997617a906/lang/python/3.10/patches/patch-Modules__hashopenssl_c

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix uuid module not compiled for host Python
Jeffery To [Tue, 23 May 2023 11:12:27 +0000 (19:12 +0800)]
python3: Fix uuid module not compiled for host Python

This adds $(STAGING_DIR_HOST)/include/e2fsprogs to HOST_CFLAGS and
HOST_CPPFLAGS so that configure can find uuid/uuid.h.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 44fb4927f11add18baa11617e67c8a697a3f528d,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix multiarch/local paths added when building host Python
Jeffery To [Tue, 23 May 2023 09:49:43 +0000 (17:49 +0800)]
python3: Fix multiarch/local paths added when building host Python

By default, the Python build process will add /usr/local/{lib,include},
and multiarch paths (e.g. /usr/{lib,include}/x86_64-linux-gnu) if
building on Debian/Ubuntu, to its library and includes paths.

006-remove-multi-arch-and-local-paths.patch was added in
84202f17e1aac6faf66b8d186f7c5c62b6f72ffb to stop the Python build
process from adding these paths.

006-remove-multi-arch-and-local-paths.patch was removed in
48277ec9158151763239461c6f60808e38a99c2f.

006-do-not-add-multiarch-paths-when-cross-compiling.patch was added in
0c8b0b0bf727a57b0138a1425d2f32786dddd146 to stop the Python build
process from adding these paths for target Python.

These paths are still added by the Python build process when building
host Python.

This replaces the cross-compiling-only patch with the original patch,
renamed slightly and adapted for Python 3.10.

Fixes: 48277ec91581 ("python3: bump to version 3.8")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f006d0ea23f76a1846c93d0ec3b1ea60ba36d093,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix race condition when doing parallel builds
Jeffery To [Sat, 20 May 2023 11:07:22 +0000 (19:07 +0800)]
python3: Fix race condition when doing parallel builds

When doing parallel builds, host Python can install the python3 symlink
before the Python standard library is installed completely.

When this occurs, it is possible for other packages to detect the
python3 symlink and try to use host Python before it is fully installed.

This adds a patch to make commoninstall (where the standard library is
installed) a prerequisite of bininstall (where the python3 symlink is
installed), so that commoninstall is fully completed before bininstall
begins.

Patch has been submitted upstream:
https://github.com/python/cpython/pull/104693

Fixes: https://github.com/openwrt/packages/issues/19241
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 67e47f11962c4ea0b1b734913f64c32fbba9edf2)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix readelf program name not replaced in _sysconfigdata.py
Jeffery To [Thu, 18 May 2023 09:42:12 +0000 (17:42 +0800)]
python3: Fix readelf program name not replaced in _sysconfigdata.py

The Makefile lines to add READELF to TARGET_CONFIGURE_OPTS was removed
in 4e05541782edeb06b51d691dadf52648df24c940.

Without setting READELF, configure finds the symlink to
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-readelf) instead of
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-muslgnueabi-readelf).

This leads to the symlink name being saved to _sysconfigdata.py, and so
the readelf name is not replaced correctly (in
Py3Package/python3-base/install).

This restores the removed Makefile lines.

Fixes: 4e05541782ed ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e1a95786358c64483fc16d52eac6746267f0abec,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Fix __pycache__ files included in python3-light
Jeffery To [Fri, 12 May 2023 11:40:11 +0000 (19:40 +0800)]
python3: Fix __pycache__ files included in python3-light

003-do-not-run-distutils-tests.patch was removed in
4e05541782edeb06b51d691dadf52648df24c940. This patch stopped "make
install" from, among other things, running compileall.

When this patch was removed, "make install" ran compileall as normal and
created bytecode files in __pycache__ directories. These files were then
packaged in python3-light.

This adds a patch to stop compileall from being run during "make
install".

Fixes: 4e05541782ed ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8a4da017902d21ac6cada21a3bb23caa5b39af0b,
adjusted PKG_RELEASE, refreshed patches)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: Remove --without-pymalloc
Jeffery To [Mon, 8 May 2023 15:42:37 +0000 (23:42 +0800)]
python3: Remove --without-pymalloc

--without-pymalloc was added in 7bf1ae65a89e380ce20ef5ab13b1a7276d6f7047
because leaving it enabled added an "m" flag/suffix to file names.

This flag/suffix was removed in Python 3.8[1], so disabling pymalloc is
no longer necessary.

[1]: https://docs.python.org/3.8/whatsnew/3.8.html#build-and-c-api-changes

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3032e7063f5a215a4a2b15f79be8d54aace6b614,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agopython3: use tools/expat for host build
Rosen Penev [Sun, 25 Sep 2022 05:07:46 +0000 (22:07 -0700)]
python3: use tools/expat for host build

Oversight from when the expat host build was removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d09844e395560a402a7b8c71ac03e0370066ec51)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agocurl: update to 8.1.0 21146/head
Stan Grishin [Tue, 23 May 2023 17:59:55 +0000 (17:59 +0000)]
curl: update to 8.1.0

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit b2904dff93e805c1d72407ff765fe17a68046e86)

18 months agonatmap: add myself to maintainers
Ray Wang [Fri, 19 May 2023 15:16:04 +0000 (23:16 +0800)]
natmap: add myself to maintainers

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit c2ed86d59f876b30cd5cf70e9e416d30c085ffc5)

18 months agonatmap: update to 20230519
Ray Wang [Fri, 19 May 2023 14:53:20 +0000 (22:53 +0800)]
natmap: update to 20230519

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit ad612d813c788a1a2b8bc70f351a168237014f47)

18 months agowsdd2: fix stopping service
Rafał Miłecki [Thu, 11 May 2023 11:27:32 +0000 (13:27 +0200)]
wsdd2: fix stopping service

Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd

This change fixes scenario like:
/etc/init.d/ksmbd stop
/etc/init.d/wsdd2 reload
(previously above wasn't stopping wsdd2)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6020ca52bf5d7b2869ef1ff8a966d15281aa56ab)

18 months agowsdd2: Remove extra comma, which breaks the key-value pair of the '-b' parameter
Li Zhang [Mon, 25 Apr 2022 14:18:31 +0000 (22:18 +0800)]
wsdd2: Remove extra comma, which breaks the key-value pair of the '-b' parameter

Signed-off-by: Li Zhang <starsunyzl@gmail.com>
(cherry picked from commit 5fc06d939fb9a37752b7665eca1355e23aa4e85f)

18 months agolxc: set RUNTIME_PATH define to the /var/run path
Rafał Miłecki [Sat, 8 Apr 2023 16:18:55 +0000 (18:18 +0200)]
lxc: set RUNTIME_PATH define to the /var/run path

The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:

Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container

There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying RUNTIME_PATH define allows using pure "lxc" in
OpenWrt (without the "lxc-auto").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 90fef036fe465262d5915489d45f430b313f22ab)

18 months agolxc: update to 5.0.2
John Audia [Sat, 25 Mar 2023 19:47:26 +0000 (15:47 -0400)]
lxc: update to 5.0.2

Bump to latest upstream release.

Removed upstreamed patches:
001-build-detect-where-struct-mount_attr-is-declared.patch[1]
002-build-detect-sys-pidfd.h-availability.patch[2]
003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch[3]
011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch[4]
012-tree-wide-use-struct-clone_args-directly.patch[5]
013-tree-wide-use-struct-open_how-directly.patch[6]

1. https://github.com/lxc/lxc/commit/b7b269680f4a773a54b274d7fbd1140fc32e1935
2. https://github.com/lxc/lxc/commit/e510d6bd870c15fc509477343cb1268b9726caa6
3. https://github.com/lxc/lxc/commit/02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
4. https://github.com/lxc/lxc/commit/497479ea3b8d13900a8f9427a5ade8a51facd7ab
5. https://github.com/lxc/lxc/commit/c9bca33263ed82190edc77960cdc19c3088167e6
6. https://github.com/lxc/lxc/commit/d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 11cac71248dea0a188cdc86d7b9ca193d5523da0)

18 months agocrowdsec: new upstream release version 1.5.1
S. Brusch [Wed, 17 May 2023 20:09:53 +0000 (22:09 +0200)]
crowdsec: new upstream release version 1.5.1

Update crowdsec to latest upstream release version 1.5.1

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5

Description: update to latest version of upstream

(cherry picked from commit 0c15327f988ce616443c004a40388068ebc69d1b)

18 months agoknot: update to version 3.2.5
Jan Hák [Mon, 13 Feb 2023 14:35:42 +0000 (15:35 +0100)]
knot: update to version 3.2.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 94512aba16e9bf4bc4a6dbc18bf67cbd97e035a6)

18 months agosyslog-ng: update to version 4.1.1
Josef Schlehofer [Sat, 1 Apr 2023 09:15:13 +0000 (11:15 +0200)]
syslog-ng: update to version 4.1.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.1.1

- Updated version in config

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 7de98324c73c8c680d05ef06bf2bf313d54bda83)

18 months agocrowdsec-firewall-bouncer: new upstream release version 0.0.27
S. Brusch [Tue, 16 May 2023 16:18:32 +0000 (18:18 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.27

Update crowdsec-firewall-bouncer to latest upstream release version 0.0.27

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5

(cherry picked from commit fa771eead4472dba3be5f9cb7cd2dd3078745460)

18 months agobanip: update 0.8.6-2
Dirk Brenken [Tue, 16 May 2023 10:27:13 +0000 (12:27 +0200)]
banip: update 0.8.6-2

* fix/rework no-op loop
* small fixes & cosmetics
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cf4ac0301d886b129cd25965bb4796edc2e0327b)

18 months agolighttpd: include mod_h2 in base package
Glenn Strauss [Thu, 11 May 2023 00:52:05 +0000 (20:52 -0400)]
lighttpd: include mod_h2 in base package

The next version of lighttpd will move HTTP/2 support from the lighttpd
base executable into a separate module: mod_h2

Include patch to do so now, and update packaging to handle it.

HTTP/2 support is enabled by default since lighttpd 1.4.59, but if
HTTP/2 support is explicitly disabled in the configuration, then mod_h2
will not be loaded, thereby reducing lighttpd memory use.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit f4152fccadc021b016b341526ddf83ddcf593ca1)

18 months agolighttpd: update to lighttpd 1.4.70 release hash
Glenn Strauss [Thu, 11 May 2023 00:49:24 +0000 (20:49 -0400)]
lighttpd: update to lighttpd 1.4.70 release hash

remove patches included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 0d5b110077d4c51a12d797a844495ce63071a205)

18 months agolighttpd: adjust packages for built-in modules
Glenn Strauss [Wed, 12 Apr 2023 17:15:49 +0000 (13:15 -0400)]
lighttpd: adjust packages for built-in modules

(.so is no longer built, but package still contains config files)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 7fda9563de92e58f0ae5c388e66de1d66e3df7f0)

18 months agolighttpd: fix package DEPENDS syntax
Glenn Strauss [Fri, 14 Apr 2023 19:19:36 +0000 (15:19 -0400)]
lighttpd: fix package DEPENDS syntax

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Co-authored-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ae5135a9139425455e39b1030928786b5c0e37a9)

18 months agopigeonhole: update to version 0.5.20
Daniel Golle [Mon, 8 May 2023 11:22:01 +0000 (13:22 +0200)]
pigeonhole: update to version 0.5.20

v0.5.20 2022-12-12  Aki Tuomi <aki.tuomi@open-xchange.com>

    * No changes - release done to keep version numbers synced.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 470c63d1c120dd31f5357391f142b932bce3d789)

18 months agopigeonhole: update to 0.5.19
W. Michael Petullo [Tue, 20 Dec 2022 02:14:46 +0000 (20:14 -0600)]
pigeonhole: update to 0.5.19

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 7316c741777b3c468bef80840facaf42912ed9c8)

18 months agodovecot: update to version 2.3.20
Daniel Golle [Mon, 8 May 2023 11:21:36 +0000 (13:21 +0200)]
dovecot: update to version 2.3.20

v2.3.20 2022-12-22  Aki Tuomi <aki.tuomi@open-xchange.com>

    + Add dsync_features=no-header-hashes. When this setting is enabled and
      one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
      fallback to using header hashes. Instead, dsync assumes that all mails
      with identical IMAP UIDs contains the same mail contents. This can
      significantly improve dsync performance with some IMAP servers that
      don't support caching Date/Message-ID headers.
    + lua: HTTP client has more settings now, see
      https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
    + replicator: "doveadm replicator status" command now outputs when the
      next sync is expected for the user.
    - LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
      recovery was not optimal.
    - auth: Assert crash would occur when iterating multiple userdb
      backends.
    - director: Logging into director using master user with
      auth_master_user_separator character redirected user to a wrong
      backend, unless master_user_separator setting was also set to the same
      value. Merged these into auth_master_user_separator.
    - dsync: Couldn't always fix folder GUID conflicts automatically with
      Maildir format. This resulted in replication repeatedly failing
      with "Remote lost mailbox GUID".
    - dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
      resulting in "Remote lost mailbox GUID" errors.
    - dsync: INBOX was created too early with namespace prefix=INBOX/,
      resulting a GUID conflict. This may have been resolved automatically,
      but not always.
    - dsync: v2.3.18 regression: Wrong imapc password with dsync caused
      Panic: file lib-event.c: line 506 (event_pop_global):
      assertion failed: (event == current_global_event)
    - imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
      configured did not return correct (private) unseen counts.
    - lib-dict: Process would crash when committing data to redis without
      dict proxy.
    - lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH.
Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
      assertion failed: (data != NULL). v2.3.13 regression.
    - lib-storage: mail_attribute_dict with dict-sql failed when it tried to
      lookup empty dict keys.
    - lib: ioloop-kqueue was missing include breaking some BSD builds.
    - lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
      processes, because it expected "dns-client" socket to exist in the
      current directory.
    - oauth2: Using %{oauth2:name} variables could cause useless
      introspections.
    - pop3: Sending POP3 command with ':' character caused an assert-crash.
      v2.3.18 regression.
    - replicator: Replication queue had various issues, potentially causing
      replication requests to become stuck.
    - stats: Invalid Prometheus label names were created with specific
      histogram group_by configurations. Prometheus rejected these labels.

v2.3.19.1 2022-06-14  Aki Tuomi <aki.tuomi@open-xchange.com>

    - doveadm deduplicate: Non-duplicate mails were deleted.
      v2.3.19 regression.
    - auth: Crash would occur when iterating multiple backends.
Fixes: Panic: file userdb-blocking.c:
      line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)

v2.3.19 2022-05-10  Aki Tuomi <aki.tuomi@open-xchange.com>

    + Added mail_user_session_finished event, which is emitted when the mail
      user session is finished (e.g. imap, pop3, lmtp). It also includes
      fields with some process statistics information.
      See https://doc.dovecot.org/admin_manual/list_of_events/ for more
      information.
    + Added process_shutdown_filter setting. When an event matches the filter,
      the process will be shutdown after the current connection(s) have
      finished. This is intended to reduce memory usage of long-running imap
      processes that keep a lot of memory allocated instead of freeing it to
      the OS.
    + auth: Add cache hit indicator to auth passdb/userdb finished events.
      See https://doc.dovecot.org/admin_manual/list_of_events/ for more
      information.
    + doveadm deduplicate: Performance is improved significantly.
    + imapc: COPY commands were sent one mail at a time to the remote IMAP
      server. Now the copying is buffered, so multiple mails can be copied
      with a single COPY command.
    + lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
      https://doc.dovecot.org/admin_manual/lua/ for more information.
    - auth: Cache lookup would use incorrect cache key after username change.
    - auth: Improve handling unexpected LDAP connection errors/hangs.
      Try to fix up these cases by reconnecting to the LDAP server and
      aborting LDAP requests earlier.
    - auth: Process crashed if userdb iteration was attempted while auth-workers
      were already full handling auth requests.
    - auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
      introspection requests.
    - dict: Timeouts may have been leaked at deinit.
    - director: Ring may have become unstable if a backend's tag was changed.
      It could also have caused director process to crash.
    - doveadm kick: Numeric parameter was treated as IP address.
    - doveadm: Proxying can panic when flushing print output. Fixes
      Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
      (ioloop == current_ioloop).
    - doveadm sync: BROKENCHAR was wrongly changed to '_' character when
      migrating mailboxes. This was set by default to %, so any mailbox
      names containing % characters were modified to "_25".
    - imapc: Copying or moving mails with doveadm to an imapc mailbox could
      have produced "Error: Syncing mailbox '[...]' failed" Errors. The
      operation itself succeeded but attempting to sync the destination
      mailbox failed.
    - imapc: Prevent index log synchronization errors when two or more imapc
      sessions are adding messages to the same mailbox index files, i.e.
      INDEX=MEMORY is not used.
    - indexer: Process was slowly leaking memory for each indexing request.
    - lib-fts: fts header filters caused binary content to be sent to the
      indexer with non-default configuration.
    - doveadm-server: Process could hang in some situations when printing
      output to TCP client, e.g. when printing doveadm sync state.
    - lib-index: dovecot.index.log files were often read and parsed entirely,
      rather than only the parts that were actually necessary. This mainly
      increased CPU usage.
    - lmtp-proxy: Session ID forwarding would cause same session IDs being
      used when delivering same mail to multiple backends.
    - log: Log prefix update may have been lost if log process was busy.
      This could have caused log prefixes to be empty or in some cases
      reused between sessions, i.e. log lines could have been logged for the
      wrong user/session.
    - mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
      Panic: Module context mail_crypt_user_module missing.
    - mail_crypt: When LMTP was delivering mails to both recipients with mail
      encryption enabled and not enabled, the non-encrypted recipients may
      have gotten mails encrypted anyway. This happened when the first
      recipient was encrypted (mail_crypt_save_version=2) and the 2nd
      recipient was not encrypted (mail_crypt_save_version=0).
    - pop3: Session would crash if empty line was sent.
    - stats: HTTP server leaked memory.
    - submission-login: Long credentials, such as OAUTH2 tokens, were refused
      during SASL interactive due to submission server applying line length
      limits.
    - submission-login: When proxying to remote host, authentication was not
      using interactive SASL when logging in using long credentials such as
      OAUTH2 tokens. This caused authentication to fail due to line length
      constraints in SMTP protocol.
    - submission: Terminating the client connection with QUIT command after
      mail transaction is started with MAIL command and before it is
      finished with DATA/BDAT can cause a segfault crash.
    - virtual: doveadm search queries with mailbox-guid as the only parameter
      crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
      assertion failed: (result != 0)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a1648fbd1cbecd2e1b60af05049d2769e9210d0e)

18 months agodovecot: Fix iconv macro is missing compile error
Juan del Bosque [Fri, 14 Apr 2023 07:48:22 +0000 (09:48 +0200)]
dovecot: Fix iconv macro is missing compile error

Fix a Dovecot compile error when building with no other packages than
the default in master build, because iconv macro is missing.

Fixes: #20677
Signed-off-by: Juan del Bosque <juan@web64.pro>
(cherry picked from commit 96145db78af6afa27d8fa857d2af384b1c623259)

18 months agoMerge pull request #20992 from stangri/openwrt-22.03-pbr
Stan Grishin [Sun, 14 May 2023 14:55:50 +0000 (08:55 -0600)]
Merge pull request #20992 from stangri/openwrt-22.03-pbr

[22.03] pbr: bugfix: create IPv6 routes

18 months agopython-eventlet: bump to version 0.33.3
Stepan Henek [Thu, 27 Apr 2023 13:02:18 +0000 (15:02 +0200)]
python-eventlet: bump to version 0.33.3

old eventlet is not working well with python3.10

```
root@turris:~# python3
Python 3.10.9 (main, Feb  9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
  File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```

see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1

Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
(cherry picked from commit eb7275402e6559514e2322a1ef2dabaf7147153b)

18 months agoMerge pull request #21004 from mhei/libxml2-update-to-2.10.4
Michael Heimpold [Sun, 14 May 2023 07:41:19 +0000 (09:41 +0200)]
Merge pull request #21004 from mhei/libxml2-update-to-2.10.4

[22.03] libxml2: update to 2.10.4

18 months agolibxml2: update to 2.10.4 21004/head
Michael Heimpold [Sat, 13 May 2023 07:40:02 +0000 (09:40 +0200)]
libxml2: update to 2.10.4

This fixes:
    - CVE-2023-29469
    - CVE-2023-28484

Full changelog:
https://download.gnome.org/sources/libxml2/2.10/libxml2-2.10.4.news

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
18 months ago banip: release 0.8.6-1
Dirk Brenken [Fri, 12 May 2023 20:30:29 +0000 (22:30 +0200)]
 banip: release 0.8.6-1

* made the fetch utility function/autodetection more bullet proof
* no longer add suspicious IPs to the local blocklist when the nft set timeout has been set
* restructure internal functions & small fixes

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4920d96df0271bd77af5409e54dd93708535ff92)

18 months agopbr: bugfix: create IPv6 routes 20992/head
Stan Grishin [Thu, 11 May 2023 23:06:20 +0000 (23:06 +0000)]
pbr: bugfix: create IPv6 routes

* add missing space in str_contains
* unquote variable to make sure IPv6 rotues are added
* add IPv6 routes display to status output in nft mode

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 643e501c8d0209dbbc683447b4df0c4b2b9aed08)

18 months agolibreswan: update to 4.10
Nick Hainke [Tue, 25 Apr 2023 21:37:11 +0000 (23:37 +0200)]
libreswan: update to 4.10

Release Notes:
https://github.com/libreswan/libreswan/releases/tag/v4.10

Fixes: CVE-2023-23009
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 130e63931fe99b1e47989bb708543c5ebc12152a)

18 months agolibreswan: update to 4.9
Lucian Cristian [Thu, 20 Oct 2022 12:13:55 +0000 (12:13 +0000)]
libreswan: update to 4.9

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit a707fcc88da8ee5adcb4619aab4180e18eac5645)

18 months agocrowdsec-firewall-bouncer: new upstream release version 0.0.26
S. Brusch [Fri, 5 May 2023 09:43:55 +0000 (11:43 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.26

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5

Update crowdsec-firewall-bouncer to latest upstream release version 0.0.26

(cherry picked from commit 05bc30fbb2636e8ef12326847f07cc3d788dbf4a)

18 months agoMerge pull request #20945 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Tue, 9 May 2023 01:45:04 +0000 (19:45 -0600)]
Merge pull request #20945 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: fixes/improvements

18 months agoMerge pull request #20943 from stangri/openwrt-22.03-simple-adblock
Stan Grishin [Tue, 9 May 2023 01:44:53 +0000 (19:44 -0600)]
Merge pull request #20943 from stangri/openwrt-22.03-simple-adblock

[22.03] simple-adblock: add family to firewall json objects

18 months agoMerge pull request #20931 from stangri/openwrt-22.03-pbr
Stan Grishin [Tue, 9 May 2023 01:41:36 +0000 (19:41 -0600)]
Merge pull request #20931 from stangri/openwrt-22.03-pbr

[22.03] pbr: ipv6 & migration bugfixes

18 months agogolang: Update to 1.19.9 20936/head
Jeffery To [Mon, 8 May 2023 04:47:55 +0000 (12:47 +0800)]
golang: Update to 1.19.9

Includes fixes for:
* CVE-2023-24539: html/template: improper sanitization of CSS values
* CVE-2023-24540: html/template: improper handling of JavaScript
  whitespace
* CVE-2023-29400: html/template: improper handling of empty HTML
  attributes

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agomwan3: bump PKG_VERSION to 2.11.7
Anna Tikhomirova [Wed, 3 May 2023 07:32:22 +0000 (10:32 +0300)]
mwan3: bump PKG_VERSION to 2.11.7

Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
(cherry picked from commit bc2c6e63ee9f999afe6d507288840d1779cf8a17)

18 months agomwan3: reset score to up+down on connected
Florian Eckert [Thu, 4 May 2023 11:10:38 +0000 (13:10 +0200)]
mwan3: reset score to up+down on connected

Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.

Suggested-by: Anna Tikhomirova <vamp@vampik.ru>
Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5f0461be8b149aeb5732481d38c9d69650996f8c)

18 months agomwan3: refactoring mwan3track action handling
Florian Eckert [Mon, 28 Nov 2022 09:13:25 +0000 (10:13 +0100)]
mwan3: refactoring mwan3track action handling

Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 1f6bd672fecd1ffc9f6b1fea152edc62bcdca026)

18 months ago banip: release 0.8.5-2
Dirk Brenken [Mon, 8 May 2023 07:17:07 +0000 (09:17 +0200)]
 banip: release 0.8.5-2

* fixed a log parser regression introduced in latest 0.8.4 update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit f3054a90ea75dbe94c68716d1e316daa70c184b1)

18 months ago banip: release 0.8.5-1
Dirk Brenken [Sat, 6 May 2023 20:41:56 +0000 (22:41 +0200)]
 banip: release 0.8.5-1

* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7ac5f0a3d9505ee11393c6673d9ece663d8c1b60)

18 months agocloudflared: Update to 2023.5.0
Tianling Shen [Sun, 7 May 2023 09:33:16 +0000 (17:33 +0800)]
cloudflared: Update to 2023.5.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 4bd7befa6aaa812701ed4e66bb0fd6cd847f5401)

18 months agohttps-dns-proxy: fixes/improvements 20945/head
Stan Grishin [Sun, 7 May 2023 02:55:34 +0000 (02:55 +0000)]
https-dns-proxy: fixes/improvements

* use shared memory to store output data
* add family option to firewall json objects, due to reports that IPv6 hijacking
  doesn't work without explicit family declaration

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 25801ddf7435e535fc0684911abdf6022549409f)

18 months agosimple-adblock: add family to firewall json objects 20943/head
Stan Grishin [Sun, 7 May 2023 02:29:53 +0000 (02:29 +0000)]
simple-adblock: add family to firewall json objects

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0b84504670465876c8469da7dfb42f27d34db501)

18 months agopbr: ipv6 & migration bugfixes 20931/head
Stan Grishin [Fri, 5 May 2023 01:48:27 +0000 (01:48 +0000)]
pbr: ipv6 & migration bugfixes

* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit c2739705b98ebe37bb43f1650745c5e2336f163a)