Adam Duskett [Thu, 4 Apr 2024 20:31:54 +0000 (14:31 -0600)]
ovpn-dco: bump version to 0.2.
20240320
Fixes builds against kernel 6.6
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Daniel Golle [Thu, 4 Apr 2024 02:36:39 +0000 (03:36 +0100)]
exim: update to 4.97.1
IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.
Upstream changes since version 4.96.2 (bottom up):
JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we did
accept that in (normal) CRLF mode; this has been raised as a possible
attack scenario (under the name "smtp smuggling", CVE-2023-51766).
JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
SMTP connection" log lines.
JH/02 Option default value updates:
- queue_fast_ramp (main) true (was false)
- remote_max_parallel (main) 4 (was 2)
JH/03 Cache static regex pattern compilations, for use by ACLs.
JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/05 Follow symlinks for placing a watch on TLS creds files. This means
(under Linux) we watch the dir containing the final file; previously
it would be the dir with the first symlink. We still do not monitor
the entire path.
JH/06 Check for bad chars in rDNS for sender_host_name. The OpenBSD (at least)
dn_expand() is happy to pass them through.
JH/07 OpenSSL Fix auto-reload of changed server OCSP proof. Previously, if
the file with the proof had an unchanged name, the new proof(s) were
loaded on top of the old ones (and nover used; the old ones were stapled).
JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
more than one message arrived in a single connection a reference from
the earlier message could be re-used. Often a sigsegv resulted.
These variables were introduced in Exim 4.87.
Debug help from Graeme Fowler.
JH/09 Fix ${filter } for conditions that modify $value. Previously the
modified version would be used in construction the result, and a memory
error would occur.
JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
Find and fix by Jasen Betts.
JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
than TLSv1,2, Previously, more-recent versions of OpenSSL were permitting
the systemwide configuration to override the Exim config.
HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
API changes in libopendmarc.
JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
pid 1, in the normal "background daemon" mode, having to drop process-
group leadership also lost track of needing to create listener sockets.
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
a capture group which obtained no text (eg. "(abc)*" matching zero
occurrences) could cause a segfault if the corresponding $<n> was
expanded.
JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
included a close-brace character (eg. it itself used an expansion) an
error occurred.
JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
starting TLS. Previously it was after, meaning that attackers on such
ports had to be screened using the host_reject_connection main config
option. The new sequence aligns better with the STARTTLS behaviour, and
permits defences against crypto-processing load attacks, even though it
is strictly an incompatible change.
Also, avoid sending any SMTP fail response for either the connect ACL
or host_reject_connection, for TLS-on-connect ports.
JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
Previously this was not permitted, but it makes reasonable sense.
While there, restore a restriction on using it from a connect ACL; given
the change JH/16 it could only return false (and before 4.91 was not
permitted).
JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
was exactly sized compared to the log buffer, a crash occurred with the
misleading message "bad memory reference; pool not found".
Found and traced by Jasen Betts.
JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
DNS_NOMATCH.
JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
this always failed, probably leading to the usual downgrade to in-clear
connections.
JH/21 Fix TLSA lookups. Previously dns_again_means_nonexist would affect
SERVFAIL results, which breaks the downgrade resistance of DANE. Change
to not checking that list for these lookups.
JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
closure log lines.
JH/23 Fix crash in string expansions. Previously, if an empty variable was
immediately followed by an expansion operator, a null-indirection read
was done, killing the process.
JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
include an SMTP response string which is longer than that supported
by the delivering transport. Alleviate by wrapping such lines before
column 80.
JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
chars (RFC limit). Previously a limit of 12 items was made, which with
a not-impossible References: in the message being bounced could still
be over-large and get stopped in the transport.
JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
close. Previously a bare socket close was done.
JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
every 1024 days.
JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the
message being considered for delivery was already being handled by
another process, and having an SMTP connection already open, the function
to close it tried to use an uninitialized variable. This would afftect
high-volume sites more, especially when running mailing-list-style loads.
Pollution of logs was the major effect, as the other process delivered
the message. Found and partly investigated by Graeme Fowler.
JH/29 Change format of the internal ID used for message identification. The old
version only supported 31 bits for a PID element; the new 64 (on systems
which can use Base-62 encoding, which is all currently supported ones
but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
and must use Base-36). The new ID is 23 characters rather than 16, and is
visible in various places - notably logs, message headers, and spool file
names. Various of the ancillary utilities also have to know the format.
As well as the expanded PID portion, the sub-second part of the time
recorded in the ID is expanded to support finer precision. Theoretically
this permits a receive rate from a single comms channel of better than the
previous 2000/sec.
The major timestamp part of the ID is not changed; at 6 characters it is
usable until about year 3700.
Updating from previously releases is fully supported: old-format spool
files are still usable, and the utilities support both formats. New
message will use the new format. The one hints-DB file type which uses
message-IDs (the transport wait- DB) will be discarded if an old-format ID
is seen; new ones will be built with only new-format IDs.
Optionally, a utility can be used to convert spool files from old to new,
but this is only an efficiency measure not a requirement for operation
Downgrading from new to old requires running a provided utility, having
first stopped all operations. This will convert any spool files from new
back to old (losing time-precision and PID information) and remove any
wait- hints databases.
JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
we treated them as item separators when parsing for a list item, but they
need to be protected by the doublequotes. While there, add handling for
backslashes.
JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
Found and fixed by Jasen Betts. No testcase for this as my usual text
editor insists on emitting only valid UTF-8.
JH/32 Fix "tls_dhparam = none" under GnuTLS. At least with 3.7.9 this gave
a null-indirection SIGSEGV for the receive process.
JH/33 Fix free for live variable $value created by a ${run ...} expansion during
-bh use. Internal checking would spot this and take a panic.
JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
In 4.96 this would expand to empty.
JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
certificate. Find and fix by Andreas Metzler.
JH/36 Add ARC info to DMARC hostory records.
JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
or fakedefer. Previously the sender could discover that the message
had in fact been accepted.
JH/38 Taint-track intermediate values from the peer in multi-stage authentation
sequences. Previously the input was not noted as being tainted; notably
this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
bad coding of authenticators.
JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
krant [Sun, 7 Apr 2024 15:01:18 +0000 (18:01 +0300)]
hwdata: update to 0.381
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
源 文雨 [Sun, 7 Apr 2024 15:37:22 +0000 (15:37 +0000)]
base16384: bump to version 2.3.1
Signed-off-by: 源 文雨 <fumiama@foxmail.com>
Tan Zien [Sat, 6 Apr 2024 15:05:17 +0000 (23:05 +0800)]
glib2: link libiconv when building host pkg
some compile error happens when building.
Linking to libiconv-full fixes this.
refer to: https://github.com/openwrt/openwrt/commit/
63dd14b906e9eb27bc878b95ac6777a3624b1135
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
krant [Sun, 7 Apr 2024 14:17:43 +0000 (17:17 +0300)]
libpng: update to 1.6.43
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Robert Marko [Sat, 6 Apr 2024 10:47:54 +0000 (12:47 +0200)]
treewide: refresh hashes after move to use ZSTD as default
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Hirokazu MORIKAWA [Sun, 7 Apr 2024 02:34:45 +0000 (11:34 +0900)]
node: April 3, 2024 Security Releases
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Josef Schlehofer [Sun, 7 Apr 2024 07:41:44 +0000 (09:41 +0200)]
Merge pull request #23831 from jonasjelonek/croc-9.6.15
croc: update to 9.6.15
Rosen Penev [Fri, 29 Mar 2024 22:29:28 +0000 (15:29 -0700)]
libmad: fix PKG_VERSION after apk change
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jonas Jelonek [Sat, 6 Apr 2024 20:33:58 +0000 (22:33 +0200)]
croc: update to 9.6.15
changelogs:
9.6.13: https://github.com/schollz/croc/releases/tag/v9.6.13
9.6.14: https://github.com/schollz/croc/releases/tag/v9.6.14
9.6.15: https://github.com/schollz/croc/releases/tag/v9.6.15
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Hannu Nyman [Sat, 6 Apr 2024 18:35:15 +0000 (21:35 +0300)]
ttymidi-sysex: refresh dirty patch
CI in PR #23827 noticed a dirty patch in ttymidi-sysex.
Refresh the patch.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Andrea Pesaresi [Sat, 6 Apr 2024 12:18:32 +0000 (14:18 +0200)]
ksmbd-tools: update to version 3.5.2
Major changes are:
- Add durable handles parameter to ksmbd.conf.
- Add payload_sz in ksmbd_share_config_response to validate ipc
response.
- Fix UAF and cleanups.
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 15:01:10 +0000 (17:01 +0200)]
nginx: add patch to fix compilation error on mips targets
Add patch to fix compilation error on mips targets. This was triggered
after enabling LTO. It was discovered that -fPIC is enabled on building
dynamic modules in CFLAGS but was missing on linking them. This patch
adds the missing -fPIC also on linking.
Fixes: 3b13b08ad98d ("nginx: Fix compilation with LTO")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 14:56:14 +0000 (16:56 +0200)]
nginx: drop redundant --with-cc-opt configure arg
Drop redundant --with-cc-opt configure arg to mute warning of
cc1: note: someone does not honour COPTS correctly, passed 2 times.
CFLAGS are already parsed and correctly applied without this option and
adding it just makes the CFLAGS appended twice.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fabian Lipken [Thu, 4 Apr 2024 14:06:15 +0000 (16:06 +0200)]
fx: update to 34.0.0
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Adam Duskett [Wed, 3 Apr 2024 19:13:17 +0000 (13:13 -0600)]
libs/xr_usb_serial_common: fix 6.6 kernel compile
Upstream: submitted
https://github.com/kasbert/epsolar-tracer/pull/61
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
源 文雨 [Fri, 5 Apr 2024 14:34:36 +0000 (14:34 +0000)]
base16384: bump to version 2.3.0
Signed-off-by: 源 文雨 <fumiama@foxmail.com>
Adam Duskett [Wed, 3 Apr 2024 20:19:00 +0000 (14:19 -0600)]
dmx_usb_module: fix 6.6 kernel compile
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Philip Prindeville [Thu, 4 Apr 2024 20:29:06 +0000 (14:29 -0600)]
clixon: Update to 7.0.1
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Edmunt Pienkowsky [Fri, 23 Feb 2024 09:45:48 +0000 (10:45 +0100)]
collectd: enable statsd plugin
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts
Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.
Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stan Grishin [Thu, 4 Apr 2024 15:12:24 +0000 (08:12 -0700)]
Merge pull request #23787 from stangri/master-curl
curl: update to 8.7.1
Tianling Shen [Thu, 4 Apr 2024 04:17:22 +0000 (12:17 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Thu, 4 Apr 2024 04:16:29 +0000 (12:16 +0800)]
v2ray-geodata: use APK compatible version schema
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Philip Prindeville [Tue, 2 Apr 2024 19:03:53 +0000 (13:03 -0600)]
strongswan: Backport upstream fix for RNG definition conflict
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Daniel Golle [Thu, 4 Apr 2024 02:35:48 +0000 (03:35 +0100)]
libcurl-gnutls: update to verison 8.7.1
See https://curl.se/changes.html#8_7_1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 4 Apr 2024 02:01:39 +0000 (03:01 +0100)]
cryptsetup: update to version 2.7.1
The most notable change is the introduction of (optional) support for
hardware OPAL disk encryption. However, as this requires Linux 6.4 or
later, support for OPAL is implicitely disabled until targets used for
the package build have been updated to Linux 6.6.
See release notes for 2.7.0 and 2.7.1 for more details:
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.1-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 4 Apr 2024 01:59:17 +0000 (02:59 +0100)]
lvm2: update to LVM2 2.03.17 and libdm Version 1.02.187
LVM2 Version 2.03.17 - 10th November 2022
=========================================
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
DM Version 1.02.187 - 10th November 2022
========================================
Add DM_REPORT_GROUP_JSON_STD for more JSON standard compliant output format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Timothy M. Ace [Mon, 1 Apr 2024 13:54:44 +0000 (09:54 -0400)]
python-orjson: update to version 3.10.0
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
Ivan Pavlov [Wed, 3 Apr 2024 18:57:40 +0000 (21:57 +0300)]
apcupsd: fix gcc 13 compliation error
On GCC13 build fails:
toolchain-mipsel_24kc_gcc-13.2.0_musl/lib/libsupc++.a(eh_alloc.o): in function `std::__sv_check(unsigned int, unsigned int, char const*)':
toolchain-mipsel_24kc_gcc-13.2.0_musl/gcc-13.2.0-final/mipsel-openwrt-linux-musl/libstdc++-v3/include/string_view:73:
undefined reference to `std::__throw_out_of_range_fmt(char const*, ...)'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:33: apcupsd] Error 1
Workaround found at https://lore.kernel.org/buildroot/87wmsbk386.fsf@48ers.dk/T/
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Hannu Nyman [Wed, 3 Apr 2024 17:29:56 +0000 (20:29 +0300)]
nlbwmon: Fix PKG_MIRROR_HASH after APK changes
Adjust PKG_MIRROR_HASH to the filename logic change due to
APK preparations.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Wed, 3 Apr 2024 17:20:15 +0000 (20:20 +0300)]
cgi-io: Fix PKG_MIRROR_HASH after APK changes
Adjust PKG_MIRROR_HASH to the filename change due to
APK preparations.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Robert Marko [Tue, 2 Apr 2024 13:14:03 +0000 (15:14 +0200)]
mdio-tools: use commit hash as the source version
In light of the recent XZ events, it seems that using the tag as the
source version reference is not ideal as it can be updated by the upstream
lets switch to using the full commit hash as the source.
This also should fix the APK semantic versioning by setting PKG_VERSION as
well updating the PKG_MIRROR_HASH which got broken by recent APK changes.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Remy D. Farley [Wed, 10 Jan 2024 17:25:32 +0000 (17:25 +0000)]
yggdrasil: move `yggdrasil-jumper` setup/shutdown logic to `netifd`
Signed-off-by: Remy D. Farley <one-d-wide@protonmail.com>
William Fleurant [Wed, 20 Dec 2023 18:00:01 +0000 (19:00 +0100)]
yggdrasil-jumper: add multiple ygg support
Signed-off-by: William Fleurant <meshnet@protonmail.com>
William Fleurant [Wed, 29 Nov 2023 20:24:29 +0000 (21:24 +0100)]
yggdrasil-jumper: initial commit builds
mips32/xiaomi-4c target bins
stun-tcp ............ 1.7M
yggdrasil-jumper .... 2.3M
Signed-off-by: William Fleurant <meshnet@protonmail.com>
Josef Schlehofer [Mon, 1 Apr 2024 13:08:01 +0000 (15:08 +0200)]
Merge pull request #22599 from vooon/add-net-wgsd
wgsd: add package
Josef Schlehofer [Mon, 1 Apr 2024 12:26:22 +0000 (14:26 +0200)]
Merge pull request #23792 from jmarcet/luajit2
luajit2: update to v2.1-
20240314
Javier Marcet [Mon, 1 Apr 2024 08:45:52 +0000 (10:45 +0200)]
luajit2: update to v2.1-
20240314
Signed-off-by: Javier Marcet <javier@marcet.info>
Tianling Shen [Mon, 1 Apr 2024 07:59:40 +0000 (15:59 +0800)]
xray-core: Update to 1.8.10
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 1 Apr 2024 07:59:34 +0000 (15:59 +0800)]
yq: Update to 4.43.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 1 Apr 2024 07:59:24 +0000 (15:59 +0800)]
alist: Update to 3.33.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Jianhui Zhao [Sat, 30 Mar 2024 07:07:25 +0000 (15:07 +0800)]
lua-eco: update to 3.3.0
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Rui Salvaterra [Sun, 31 Mar 2024 21:28:06 +0000 (22:28 +0100)]
Merge pull request #23789 from rsalvaterra/tor-bump
tor: update to 0.4.8.10 stable
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Stan Grishin [Sun, 31 Mar 2024 16:36:19 +0000 (16:36 +0000)]
curl: update to 8.7.1
* update to 8.7.1: https://curl.se/changes.html#8_7_1
* use the new --disable-docs flag for configure
* update 200-no_docs_tests.patch
* switch to APK-compatible revision
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Etienne Champetier [Sun, 31 Mar 2024 13:58:26 +0000 (09:58 -0400)]
Merge pull request #23704 from graysky2/htop
htop: build with CONFIG_HTOP_LMSENSORS=y
John Audia [Thu, 21 Mar 2024 09:48:18 +0000 (05:48 -0400)]
htop: build with CONFIG_HTOP_LMSENSORS=y
Default CONFIG_HTOP_LMSENSORS to y so users just need to install
libsensors, no need to build your own, but no need to pay the
size price when you don't use it. Closes #23700.
Signed-off-by: John Audia <therealgraysky@proton.me>
Josef Schlehofer [Sun, 31 Mar 2024 13:24:12 +0000 (15:24 +0200)]
Merge pull request #23777 from jmarcet/docker-compose
docker-compose: Update to version 2.26.1
Javier Marcet [Sat, 30 Mar 2024 15:59:10 +0000 (16:59 +0100)]
docker-compose: add PKG_NAME to PKG_SOURCE
Before this change, the tarball was downloaded as vVERSION.tar.gz.
For example, it was v2.26.1.tar.gz and that file was put into the dl folder
within the OpenWrt build system.
After this change, the tarball is properly downloaded as NAME-vVERSION.tar.gz.
In this case, it will look like this: docker-compose-v.2.26.1.tar.gz
The advantages of using this:
- Users, developers will know that what they downloaded (it has name and version)
- The tarball will not be overwritten by another package with the same version.
Signed-off-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added commit message]
Javier Marcet [Fri, 29 Mar 2024 16:32:00 +0000 (17:32 +0100)]
docker-compose: Update to version 2.26.1
Release notes:
https://github.com/docker/compose/releases/tag/v2.26.1
Signed-off-by: Javier Marcet <javier@marcet.info>
Andrea Pesaresi [Sat, 30 Mar 2024 08:41:35 +0000 (09:41 +0100)]
kmsbd-tools: switch to use tagged release
Instead of checking Git sources, we will use now tagged releases.
This solve the strange version 0~3.5.1-r1, now will be 3.5.2-r2
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
jiangslee [Fri, 29 Mar 2024 02:08:55 +0000 (10:08 +0800)]
netbird: update to 0.26.6
Signed-off-by: jiangslee <jiangsili@qq.com>
Zephyr Lykos [Tue, 26 Mar 2024 21:23:17 +0000 (05:23 +0800)]
tailscale: Update to 1.62.1
https://github.com/tailscale/tailscale/releases/tag/v1.62.1
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Stan Grishin [Fri, 29 Mar 2024 20:56:56 +0000 (14:56 -0600)]
Merge pull request #23743 from stangri/master-nghttp3
nghttp3: update to 1.2.0
Stan Grishin [Fri, 29 Mar 2024 20:55:35 +0000 (14:55 -0600)]
Merge pull request #23744 from stangri/master-ngtcp2
ngtcp2: update to 1.4.0
Petr Štetiar [Fri, 29 Mar 2024 17:31:17 +0000 (17:31 +0000)]
Revert "tools/xz: update to 5.6.1" (CVE-2024-3094)
This reverts commit
714c91d1a63f29650abaa9cf69ffa47cf2c70297 as probably
the upstream xz repository and the xz tarballs have been backdoored.
References: https://www.openwall.com/lists/oss-security/2024/03/29/4
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Philip Prindeville [Thu, 28 Mar 2024 16:57:09 +0000 (10:57 -0600)]
perl-text-csv_xs: Update to 1.53
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jonas Jelonek [Wed, 27 Mar 2024 13:54:02 +0000 (14:54 +0100)]
eza: update to 0.18.9
Release notes:
0.18.8 - https://github.com/eza-community/eza/releases/tag/v0.18.8
0.18.9 - https://github.com/eza-community/eza/releases/tag/v0.18.9
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Philip Prindeville [Wed, 27 Mar 2024 23:57:52 +0000 (17:57 -0600)]
strongswan: drop unneeded sleep patch
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Wed, 27 Mar 2024 20:03:00 +0000 (14:03 -0600)]
strongswan: backport upstream MUSL fix for farp_spoofer.c
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Tue, 26 Mar 2024 00:25:31 +0000 (18:25 -0600)]
strongswan: backport upstream MUSL fix for pf_handler.c
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Mon, 25 Mar 2024 23:13:13 +0000 (17:13 -0600)]
strongswan: simplify MUSL patch
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Mon, 25 Mar 2024 00:20:59 +0000 (18:20 -0600)]
strongswan: Update to 5.9.14
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Thibaut VARÈNE [Mon, 25 Mar 2024 10:33:51 +0000 (11:33 +0100)]
uspot: update to Git HEAD (2024-03-25)
56eebdad085e uspot: wrap spotfilter device under tip_mode
1a96d57e5fe0 uspot: client_enable() wrap spotfilter data in tip_mode
fe12f9a7abde uspot: clear ratelimit state on startup/shutdown
976badc4d0b6 update README
53b8cb88a94a Makefile: require minimum ucode version
ff6163190d5a uspot/portal: report client_enable() failure
8601d9199233 include sample radcli dictionaries
c670f6c4b48f update README
094f0df88150 uspot: work around ucode#191 missing in 23.05
Update the package Makefile to reflect the changes from the following
above-listed commit:
53b8cb88a94a Makefile: require minimum ucode version
Fixes: https://github.com/f00b4r0/uspot/issues/4
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Jan Klos [Mon, 18 Mar 2024 16:53:02 +0000 (17:53 +0100)]
nginx: update to 1.25.4
Signed-off-by: Jan Klos <jan@klos.xyz>
krant [Sun, 24 Mar 2024 09:47:43 +0000 (11:47 +0200)]
rust: update to 1.77.0
- Restore patch hunk mis-deleted in
dccb910
- Refresh patches
- Remove --enable-missing-tools configure option deleted in the upstream
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Peca Nesovanovic [Wed, 20 Mar 2024 20:21:36 +0000 (21:21 +0100)]
p910nd: fix running multiple instances
Compile tested: (ramips, rb760igs, 23.05 snapshot)
Run tested: (ramips, rb760igs, 23.05 snapshot, tests done)
Description:
In case we have multiple device defined in /etc/config/p910nd then init script will try to start multiple instance with same instance name
drop instance name as resolution
tested on 23.05 snapshot with 2 USB printers
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
Philip Prindeville [Mon, 25 Mar 2024 00:48:12 +0000 (18:48 -0600)]
clixon: Update to 7.0.0
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
brvphoenix [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: update to 1.8.10
Signed-off-by: brvphoenix <brvphoenix@gmail.com>
brvphoenix [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: restart if the specified interfaces start up
Signed-off-by: brvphoenix <brvphoenix@gmail.com>
Oskari Rauta [Mon, 25 Mar 2024 07:28:07 +0000 (09:28 +0200)]
podman: update to v5.0.0
Major version update to podman
- Obsolete patch removed
- patch 010-do-not-build-docs.patch refreshed
Changelog: https://github.com/containers/podman/releases/tag/v5.0.0
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Mon, 25 Mar 2024 07:21:14 +0000 (09:21 +0200)]
lsd: update to v1.1.1
Changes:
- hex color parser for themes
- adds truncate option
- adds --literal flag
- adds disable option for permission
- upgrades many included sub modules/crates
- Fixes literal flags not regocnized
- adds and improves icons
Full changelogs:
- v1.1.0: https://github.com/lsd-rs/lsd/releases/tag/v1.1.0
- v1.1.1: https://github.com/lsd-rs/lsd/releases/tag/v1.1.1
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Philip Prindeville [Mon, 25 Mar 2024 00:38:32 +0000 (18:38 -0600)]
cligen: Update to 7.0.0
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Sun, 24 Mar 2024 23:41:26 +0000 (17:41 -0600)]
perl-cgi: Update to 4.64
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Josef Schlehofer [Wed, 6 Mar 2024 08:11:59 +0000 (09:11 +0100)]
psmisc: update to version 23.7
Release notes:
https://gitlab.com/psmisc/psmisc/-/compare/v23.4...v23.7?from_project_id=334185&straight=false
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Mon, 25 Mar 2024 09:32:49 +0000 (09:32 +0000)]
ngtcp2: update to 1.4.0
* update PKG_RELEASE to be apk-compatible
* update PKG_SOURCE/PKG_SOURCE_URL so that it builds
* drop dependency on libopenssl as other SSL libs start to support HTTP/3
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Mon, 25 Mar 2024 09:28:24 +0000 (09:28 +0000)]
nghttp3: update to 1.2.0
* update PKG_RELEASE to be apk-compatible
* update PKG_SOURCE/PKG_SOURCE_URL so that it builds
Signed-off-by: Stan Grishin <stangri@melmac.ca>
krant [Sat, 23 Mar 2024 09:40:34 +0000 (11:40 +0200)]
opus: revert to autotools
Latest update in
6c3db5d has switched build system to Meson,
which is broken on several non-SIMD platforms. Turns out,
Meson support is not yet stable enough in the upstream,
so we revert to autotools and drop meson-related patch.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Hannu Nyman [Sun, 24 Mar 2024 18:39:05 +0000 (20:39 +0200)]
irqbalance: update to version 1.9.4
Update irqbalance to version 1.9.4.
* refresh version in meson patch
* remove EINVAL handling patch as upstream seems to have silenced
the log spam for unmanageable IRQs
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Michael Heimpold [Sun, 24 Mar 2024 15:56:08 +0000 (16:56 +0100)]
Merge pull request #23681 from jummo/add_ddns_servercow
ddns-scripts: Add servercow.de as DDNS provider
Stan Grishin [Sun, 24 Mar 2024 13:55:05 +0000 (07:55 -0600)]
Merge pull request #23716 from stangri/master-https-dns-proxy
https-dns-proxy: prepare migration to APK
Stan Grishin [Sun, 24 Mar 2024 13:08:57 +0000 (07:08 -0600)]
Merge pull request #23717 from stangri/master-adblock-fast
adblock-fast: prepare migration to APK
Stan Grishin [Sun, 24 Mar 2024 13:07:26 +0000 (07:07 -0600)]
Merge pull request #23715 from stangri/master-nebula
nebula: prepare migration to APK
Stan Grishin [Sun, 24 Mar 2024 13:06:32 +0000 (07:06 -0600)]
Merge pull request #23714 from stangri/master-pbr
pbr: prepare migration to APK
Stan Grishin [Sat, 23 Mar 2024 01:02:32 +0000 (01:02 +0000)]
https-dns-proxy: prepare migration to APK
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Josef Schlehofer [Wed, 6 Mar 2024 07:31:43 +0000 (08:31 +0100)]
nnn: update to version 4.9
- Release notes:
https://github.com/jarun/nnn/compare/v4.4...v4.9
- Refresh patch to fix offset
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Hrusecky [Tue, 13 Feb 2024 13:17:31 +0000 (14:17 +0100)]
knot-resolver: Update to version 5.7.1
- Fixes CVE-2023-50868 and CVE-2023-50387
- Also, the resolver has not been called 'Knot DNS Resolver' for quite
some time, so fix that, too.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Šimon Bořek [Fri, 6 May 2022 11:18:08 +0000 (13:18 +0200)]
knot-resolver: enable dnstap module build by default
'dnstap' module will be built but not loaded by default at runtime
(configuration must be provided for it to be loaded). It is still possible to
disable dnstap build manually using menuconfig.
"The dnstap module supports logging DNS requests and responses to a unix socket
in dnstap format using fstrm framing library. This logging is useful if you need
effectively log all DNS traffic."[^1]
Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are
available from OpenWrt packages, have uncomplicated manifests and
while 'protobuf-c' doesn't have a maintainer since spring 2020, all the
packages (including 'protobuf-c') seem to be maintained - the last
updates of all of them in autumn 2021.
As stated by Vladimír Čunát from Knot Resolver team they build dnstap
while packaging for majority of standard Linux distributions.
Therefore this change brings us closer to expected default.
[^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Šimon Bořek [Thu, 5 May 2022 15:53:30 +0000 (17:53 +0200)]
knot-resolver: do not overwrite -Ddnstap=enabled configuration
It was possible to enable dnstap in menuconfig, but the configuration
only added dependencies while leaving dnstap module build disabled.
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Hauke Mehrtens [Sat, 23 Mar 2024 18:22:13 +0000 (19:22 +0100)]
snort3: Fix compilation with GCC 13
This fixes a compile problem with GCC 13.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 23 Mar 2024 17:02:12 +0000 (18:02 +0100)]
gost_engine: Update to version 3.0.3
This version contains minor bugfixes.
It fixes a compile problem with GCC 13.
Changes: https://github.com/gost-engine/engine/compare/v3.0.1...v3.0.3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
krant [Sun, 25 Feb 2024 20:33:06 +0000 (22:33 +0200)]
imagemagick: update to 7.1.1.29
- Don't ignore version suffix (upstream 7.1.1-29 becomes 7.1.1.29)
- Avoid superfluous libstdcpp dependency
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 24 Mar 2024 02:21:01 +0000 (04:21 +0200)]
giflib: update to 5.2.2
Drop upstreamed CVE patches.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Ivan Pavlov [Fri, 22 Mar 2024 05:47:29 +0000 (08:47 +0300)]
openvpn: update to 2.6.10
This is a bugfix release containing several security fixes specific to the Windows platform.
Bug fixes
---------
- Windows: if the win-dco driver is used (default) and the GUI requests
use of a proxy server, the connection would fail. Disable DCO in
this case.
- Compression: minor bugfix in checking option consistency vs. compiled-in
algorithm support
- systemd unit files: remove obsolete syslog.target
Security fixes
--------------
- CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
- CVE-2024-24974: Windows: disallow access to the interactive service
pipe from remote computers.
- CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via
a malicious plugin.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Javier Marcet [Sat, 23 Mar 2024 10:08:46 +0000 (11:08 +0100)]
docker-compose: Update to version 2.26.0
Signed-off-by: Javier Marcet <javier@marcet.info>
jiangslee [Tue, 19 Mar 2024 07:15:40 +0000 (15:15 +0800)]
netbird: update to 0.26.3
Signed-off-by: jiangslee <jiangsili@qq.com>
Zephyr Lykos [Fri, 16 Feb 2024 02:09:05 +0000 (10:09 +0800)]
tailscale: Update to 1.62.0
https://github.com/tailscale/tailscale/releases/tag/v1.62.0
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Stan Grishin [Sat, 23 Mar 2024 01:03:22 +0000 (01:03 +0000)]
pbr: prepare migration to APK
* remove dependencies/references to opkg
* simplify wan/wan6 discovery
Signed-off-by: Stan Grishin <stangri@melmac.ca>