Stan Grishin [Tue, 9 May 2023 01:44:48 +0000 (19:44 -0600)]
Merge pull request #20942 from stangri/master-simple-adblock
simple-adblock: add family to firewall json objects
Stan Grishin [Tue, 9 May 2023 01:41:31 +0000 (19:41 -0600)]
Merge pull request #20930 from stangri/master-pbr
pbr: ipv6 & migration bugfixes
Tianling Shen [Mon, 8 May 2023 10:12:53 +0000 (18:12 +0800)]
Merge pull request #20957 from jefferyto/golang-1.20.4
golang: Update to 1.20.4
Anna Tikhomirova [Wed, 3 May 2023 07:32:22 +0000 (10:32 +0300)]
mwan3: bump PKG_VERSION to 2.11.7
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
Florian Eckert [Thu, 4 May 2023 11:10:38 +0000 (13:10 +0200)]
mwan3: reset score to up+down on connected
Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.
Suggested-by: Anna Tikhomirova <vamp@vampik.ru>
Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 28 Nov 2022 09:13:25 +0000 (10:13 +0100)]
mwan3: refactoring mwan3track action handling
Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Dirk Brenken [Mon, 8 May 2023 07:17:07 +0000 (09:17 +0200)]
banip: release 0.8.5-2
* fixed a log parser regression introduced in latest 0.8.4 update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Michael Heimpold [Mon, 8 May 2023 06:12:17 +0000 (08:12 +0200)]
Merge pull request #20915 from mhei/open-plc-utils-update
open-plc-utils: update to latest upstream version
Jeffery To [Mon, 8 May 2023 04:14:54 +0000 (12:14 +0800)]
golang: Update to 1.20.4
Includes fixes for:
* CVE-2023-24539: html/template: improper sanitization of CSS values
* CVE-2023-24540: html/template: improper handling of JavaScript
whitespace
* CVE-2023-29400: html/template: improper handling of empty HTML
attributes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
S. Brusch [Fri, 5 May 2023 09:43:55 +0000 (11:43 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.26
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.26
John Audia [Sun, 7 May 2023 04:58:25 +0000 (00:58 -0400)]
snort3: update to 3.1.61.0
Upstream bump
Removed upstreamed patch: 900-fix_build_for_archs_contain_plus.patch[1]
1. https://github.com/snort3/snort3/commit/
4de62ca9b9bfea4049ebe373a07076284b121bfe
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
Antonio Flores [Sun, 7 May 2023 03:53:46 +0000 (23:53 -0400)]
gnutls: update to v3.8.0
Fixes: https://github.com/openwrt/openwrt/issues/12542
The detailed list of changes follows:
* Version 3.8.0 (released 2023-02-09)
** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
** libgnutls: C++ library is now header only. All definitions from
gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++
interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
** libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
** libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. To enable back
support for it, supply --enable-heartbeat-support to configure
script.
** libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
** libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
** guile: Guile-bindings removed.
They have been extracted into a separate project to reduce complexity
and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
** minitasn1: Upgraded to libtasn1 version 4.19.
** API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Christian Lachner [Sun, 7 May 2023 08:34:39 +0000 (10:34 +0200)]
haproxy: update to v2.6.13
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.6.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Tianling Shen [Sun, 7 May 2023 09:33:16 +0000 (17:33 +0800)]
cloudflared: Update to 2023.5.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Nick Peng [Sat, 6 May 2023 14:30:24 +0000 (22:30 +0800)]
smartdns: bump to 1.2023.42
Signed-off-by: Nick Peng <pymumu@gmail.com>
Stan Grishin [Sun, 7 May 2023 02:29:53 +0000 (02:29 +0000)]
simple-adblock: add family to firewall json objects
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Dirk Brenken [Sat, 6 May 2023 20:41:56 +0000 (22:41 +0200)]
banip: release 0.8.5-1
* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Hannu Nyman [Sat, 6 May 2023 08:48:26 +0000 (11:48 +0300)]
libxml2: remove - moved to OpenWrt main repo
Remove libxml2 that was moved into the main OpenWrt repo.
Commit in OpenWrt:
9b0b46985c112c664354dc745d8cfb313166744b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Sat, 6 May 2023 08:46:49 +0000 (11:46 +0300)]
gperf: remove - moved to OpenWrt main repo
Remove gperf that was moved into the main OpenWrt repo.
Commit in OpenWrt:
2070a2ca27bdb2b1e4e1587274e192e42f247516
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Christian Marangi [Fri, 5 May 2023 12:29:16 +0000 (14:29 +0200)]
nginx: fix compilation error for nginx-full
Fix compilation error for stream module not converted to use the PACKAGE
config flag and a missing required dependency for the DAV ext module.
Drop additional config for STREAM module since they are now included and
built by default.
Fixes: 65a676ed56fb ("nginx: introduce support for dynamic modules")
Fixes: #20906
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tianling Shen [Sat, 6 May 2023 12:28:23 +0000 (20:28 +0800)]
Merge pull request #20925 from jefferyto/python-hatchling-1.14.1
python-hatchling: Update to 1.14.1
Robert Högberg [Thu, 4 May 2023 07:25:57 +0000 (09:25 +0200)]
rtl_433: update to 22.11
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
Glen Huang [Thu, 4 May 2023 09:27:52 +0000 (17:27 +0800)]
uwsgi: make LuCI work
LuCI is no longer powered by lua, but ucode
Signed-off-by: Glen Huang <me@glenhuang.com>
Stan Grishin [Fri, 5 May 2023 01:48:27 +0000 (01:48 +0000)]
pbr: ipv6 & migration bugfixes
* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Fri, 5 May 2023 01:41:14 +0000 (19:41 -0600)]
Merge pull request #20912 from stangri/master-pbr
pbr: update to 1.1.1-1
Dirk Brenken [Thu, 4 May 2023 20:40:48 +0000 (22:40 +0200)]
banip: update 0.8.4-5
* fix remaining small issues
* standardize log wording
* polished up for branch 23.x
Signed-off-by: Dirk Brenken <dev@brenken.org>
Dirk Brenken [Thu, 4 May 2023 10:07:09 +0000 (12:07 +0200)]
banip: update 0.8.4-4
* add housekeeping to the autoallow function, only the current uplink will be held
* fix small issues
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Anna Tikhomirova [Wed, 3 May 2023 07:32:22 +0000 (10:32 +0300)]
mwan3: bump PKG_VERSION to 2.11.6
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
Anna Tikhomirova [Fri, 28 Apr 2023 20:12:37 +0000 (23:12 +0300)]
mwan3: fix addition of routes to mwan3_connected ipset
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Anna Tikhomirova [Wed, 3 May 2023 06:40:34 +0000 (09:40 +0300)]
mwan3: bump PKG_VERSION to 2.11.5
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
Anna Tikhomirova [Fri, 28 Apr 2023 20:33:39 +0000 (23:33 +0300)]
mwan3: fix addition of iptables rules for mwan3 sticky rules
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
* Quoting function arguments
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Jeffery To [Thu, 4 May 2023 06:10:43 +0000 (14:10 +0800)]
python-hatchling: Update to 1.14.1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Zephyr Lykos [Tue, 2 May 2023 10:14:54 +0000 (18:14 +0800)]
tailscale: update to 1.40.0
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Dirk Brenken [Tue, 2 May 2023 19:41:37 +0000 (21:41 +0200)]
banip: update 0.8.4-3
* add the option 'ban_autoallowuplink' to limit the uplink autoallow function: 'subnet' (default), 'ip' or 'disable'
Signed-off-by: Dirk Brenken <dev@brenken.org>
Tianling Shen [Tue, 2 May 2023 13:40:18 +0000 (21:40 +0800)]
sqlite3: Update to 3.41.2
Fixes: CVE-2021-20227
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Stan Grishin [Tue, 2 May 2023 01:35:55 +0000 (19:35 -0600)]
Merge pull request #20768 from stangri/master-simple-adblock
simple-adblock: implement curl_additional_param compressed_cache_dir
Michael Heimpold [Mon, 1 May 2023 18:18:52 +0000 (20:18 +0200)]
open-plc-utils: update to latest upstream version
This adds support for QCA7006AQ chipset identification.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Van Waholtz [Mon, 1 May 2023 11:04:24 +0000 (19:04 +0800)]
sing-box: update to 1.2.6
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Van Waholtz [Mon, 1 May 2023 11:04:24 +0000 (19:04 +0800)]
CI: Enable runtime_test for mips_24kc
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Javier Marcet [Wed, 8 Feb 2023 13:40:10 +0000 (14:40 +0100)]
sedutil: Add new package
The Drive Trust Alliance Self Encrypting Drive Utility
Signed-off-by: Javier Marcet <javier@marcet.info>
Gerard Ryan [Sat, 29 Apr 2023 06:25:49 +0000 (16:25 +1000)]
cache-domains: added pre-test.sh CI step
Some packages variants have conflicting dependencies with the
base packages and the CI test will fail to install before anything
can be done by the packages to setup the system for install.
This change adds a pre-test.sh that runs before the install so things
like the default libustream variant can be swapped out as shown in the
updated cache-domains.
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Philip Prindeville [Thu, 20 Apr 2023 00:32:54 +0000 (18:32 -0600)]
kea: procd_close_instance doesn't take a parameter
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Wed, 19 Apr 2023 00:21:29 +0000 (18:21 -0600)]
kea: Update to 2.2.0
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Andre Heider [Tue, 21 Feb 2023 14:54:16 +0000 (15:54 +0100)]
getdns: fix compilation with OPENSSL_NO_DEPRECATED
SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().
Use the latter since the return value is explicitely X509_free()ed
here, see [0].
[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html
Signed-off-by: Andre Heider <a.heider@gmail.com>
Jeffery To [Fri, 14 Apr 2023 08:09:36 +0000 (16:09 +0800)]
python-hatchling: Update to 1.14.0
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Fri, 14 Apr 2023 08:03:02 +0000 (16:03 +0800)]
python-trove-classifiers: Add new host-only package
From the README:
Canonical source for classifiers on PyPI.
Classifiers categorize projects per PEP 301. Use this package to
validate classifiers in packages for PyPI upload or download.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Fri, 14 Apr 2023 07:57:46 +0000 (15:57 +0800)]
python-calver: Add new host-only package
From the README:
The calver package is a setuptools extension for automatically defining
your Python package version as a calendar version.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Erik Karlsson [Wed, 12 Apr 2023 16:09:07 +0000 (18:09 +0200)]
openssh: add respawn and reloading via signal
Configure the openssh server to respawn. Reload by sending SIGHUP
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
Hannu Nyman [Sun, 30 Apr 2023 07:50:56 +0000 (10:50 +0300)]
zoneinfo: adjust to current timezone data file structure
Tweak the package to better match the current file structure in the
upstream time zone database. Add missing aliases. Make some clarifications
* Combine -northmerica and -southamerica into -america, as all
current official America/xxx definitions were already in -northamerica
and only the unofficial/deprecated Brazil/xxx, Chile and Argentina were
in -southamerica. (Confusingly America/Sao_Paulo was in northamerica,
while Brazil was in southamerica.)
* Add PROVIDES for the old package names
* Add missing top-level dir country/nation alias links.
* Define Eire in -europe instead of -core.
* Rename -india to -indian, as it contains the Indian ocean islands
instead of the actual Asia/Kolkata zone for the mainland India.
* Add PROVIDES for the old package name
* Add 'Ocean' to all ocean zone titles.
* Make all zoneinfo-packages depend on zoneinfo-core, so that zone.tab,
the UTC based definitions and the still existing short zone codes are
always available.
* Clarify menuconfig menu as "Time Zone info"
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Glenn Strauss [Sun, 30 Apr 2023 08:11:01 +0000 (04:11 -0400)]
lighttpd: build fixes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Stan Grishin [Mon, 1 May 2023 00:44:34 +0000 (00:44 +0000)]
pbr: update to 1.1.1-1
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Javier Marcet [Sun, 23 Apr 2023 13:25:36 +0000 (15:25 +0200)]
samba4: decouple quotas from vfs option
Signed-off-by: Javier Marcet <javier@marcet.info>
Stepan Henek [Thu, 27 Apr 2023 13:02:18 +0000 (15:02 +0200)]
python-eventlet: bump to version 0.33.3
old eventlet is not working well with python3.10
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
Tom Stöveken [Thu, 27 Apr 2023 16:33:41 +0000 (18:33 +0200)]
restic: update to 0.15.2
Maintainer: Tom Stöveken <tom@naaa.de>
Compile tested: SDK for OpenWrt 22.03.4
Run tested: x86/64 @ Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 22.03.4
Description:
Updated to version 0.15.2
Signed-off-by: Tom Stöveken <tom@naaa.de>
Dirk Brenken [Fri, 28 Apr 2023 10:07:06 +0000 (12:07 +0200)]
banip: update 0.8.4-2
* fix domain lookup function (parse banIP config vars)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Nick Hainke [Tue, 25 Apr 2023 21:37:11 +0000 (23:37 +0200)]
libreswan: update to 4.10
Release Notes:
https://github.com/libreswan/libreswan/releases/tag/v4.10
Fixes: CVE-2023-23009
Signed-off-by: Nick Hainke <vincent@systemli.org>
Christian Marangi [Thu, 20 Apr 2023 19:11:11 +0000 (21:11 +0200)]
nginx: rename nginx-all-module to nginx-full
Rename nginx-all-module to nginx-full to follow pattern used by other
package and other projects.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 20 Apr 2023 12:17:20 +0000 (14:17 +0200)]
nginx: update to 1.24.0 and update headers-more module
Update nginx to 1.24.0 and update headers-more module to fix compilation
error.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 20 Apr 2023 11:50:21 +0000 (13:50 +0200)]
nginx: update lua module to latest openresty version
Update lua module to latest openrestry version. Additional config are
required to correctly use it.
Switch it to luajit from liblua as this is what is currently supported
for the module since plain lua support was dropped from the module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Fri, 8 Oct 2021 23:18:41 +0000 (01:18 +0200)]
nginx: introduce support for dynamic modules
Start building sub package that provide dynamic modules.
Each module needs to be loaded using load_modules.
Refer to nginx documentation on how to use this.
This should result in lower memory usage as only used module are loaded.
Also fix the uci-default scripts to add the required ubus module for
luci module.
-fvisibility=hidden is needed to be dropped to correctly support loading
dynamic modules.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 20 Apr 2023 10:59:08 +0000 (12:59 +0200)]
nginx-util: add support for loading dynamic module in uci template
Add support for loading dynamic module in uci template by adding .module
file in module.d directory.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Glen Huang [Wed, 26 Apr 2023 11:46:46 +0000 (19:46 +0800)]
acme: remove redundant postinst
opkg runs uci-defaults if a package installs one, in acme-common's case
that's identical to postinst.
prerm shouldn't be run a image builder, so it's unnecessary to check
IPKG_INSTROOT
Signed-off-by: Glen Huang <me@glenhuang.com>
Nick Hainke [Wed, 26 Apr 2023 06:21:25 +0000 (08:21 +0200)]
iperf3: update to 3.13
Release Notes:
https://software.es.net/iperf/news.html#iperf-3-13-released
Signed-off-by: Nick Hainke <vincent@systemli.org>
Tianling Shen [Wed, 26 Apr 2023 00:00:10 +0000 (08:00 +0800)]
pcre2: only build static library for host
Fix potential linking issue:
```
/mnt/snapshot/staging_dir/hostpkg/bin/swig: error while loading shared
libraries: libpcre2-8.so.0: cannot open shared object file:
No such file or directory
error: command '/mnt/snapshot/staging_dir/hostpkg/bin/swig' failed with
exit code 127
```
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Wed, 26 Apr 2023 03:35:19 +0000 (11:35 +0800)]
librespeed-go: update file permissions for ujail
This fixes "permission denied" error when access files as a normal user.
Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Nick Hainke [Wed, 26 Apr 2023 06:10:38 +0000 (08:10 +0200)]
iperf: update to 2.1.9
Changelog can be found here:
https://sourceforge.net/projects/iperf2/files/
Signed-off-by: Nick Hainke <vincent@systemli.org>
Nick Hainke [Tue, 25 Apr 2023 21:30:11 +0000 (23:30 +0200)]
gzip: update to 1.12
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2022-04/msg00003.html
Fixes: CVE-2022-1271
Signed-off-by: Nick Hainke <vincent@systemli.org>
Nick Hainke [Thu, 6 Apr 2023 06:23:52 +0000 (08:23 +0200)]
kmod: update to 30
Release Notes:
- https://github.com/kmod-project/kmod/releases/tag/v28
- https://github.com/kmod-project/kmod/releases/tag/v29
- https://github.com/kmod-project/kmod/releases/tag/v30
Signed-off-by: Nick Hainke <vincent@systemli.org>
Luiz Angelo Daros de Luca [Tue, 25 Apr 2023 16:48:22 +0000 (13:48 -0300)]
yaml: only build static library
Do not build shared libraries to avoid host programs to dynamic link
libraries at non-standard paths.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Luiz Angelo Daros de Luca [Mon, 24 Apr 2023 20:06:13 +0000 (17:06 -0300)]
ruby: statically link extensions into host ruby
Ruby uses extensions (.so files) that might also depend on other
libraries. When the linker builds an executable, it will refer to the
path it found the library, including those in the stagging dir. However,
when it links a shared library (like ruby exts), it will let that
dependency to be resolved at runtime.
During host and target build, ruby build script runs ruby scripts. When
it loads a ext that depends on another library, it will, by default,
look for the system libraries to satisfy that, breaking the build when
it fails. Setting LD_LIBRARY_PATH to the stagging lib dir is a valid
workaround.
Ruby can also be built statically linking all exts into ruby executable.
That will make the linker point to the stagging library path, fixing the
issue. It was used in the past but, at some point, ruby broke it. Now it
is working as expected.
Closes #20839
While at it, clean up excluded extensions not used by host ruby.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Jeffery To [Tue, 18 Apr 2023 09:18:06 +0000 (17:18 +0800)]
python: Update find stdlib script
This updates the python3-find-stdlib-depends.sh script for these
changes:
* The gdbm (dbm.gnu) package was merged into the dbm package in
78f6c2c5ad2fd3de8a33a1cddb02204177cf60ad.
* The uuid module was split into a separate package in
4e05541782edeb06b51d691dadf52648df24c940.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 17 Apr 2023 12:46:40 +0000 (20:46 +0800)]
python-idna: Update to 3.4
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 17 Apr 2023 09:00:16 +0000 (17:00 +0800)]
python-zope-interface: Update to 6.0, refresh patch
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 24 Apr 2023 06:10:19 +0000 (14:10 +0800)]
python-pyasn1: Update to 0.5.0
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Glen Huang [Thu, 13 Apr 2023 09:55:02 +0000 (17:55 +0800)]
openssh: preserve authorized_keys
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.
Signed-off-by: Glen Huang <me@glenhuang.com>
Philip Prindeville [Mon, 24 Apr 2023 17:49:52 +0000 (11:49 -0600)]
Merge pull request #20836 from hgl/strongswan-deps
strongswan: add missing PKG_MOD_AVAILABLE
Glen Huang [Tue, 18 Apr 2023 13:11:37 +0000 (21:11 +0800)]
strongswan: add missing PKG_MOD_AVAILABLE
Without these charon will warn with messages like:
plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available
plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available
Signed-off-by: Glen Huang <me@glenhuang.com>
Philip Prindeville [Mon, 24 Apr 2023 14:34:55 +0000 (08:34 -0600)]
Merge pull request #20832 from hgl/strongswan
strongswan: enable nonce unconditionally
Glen Huang [Tue, 18 Apr 2023 09:59:46 +0000 (17:59 +0800)]
strongswan: enable nonce unconditionally
Without nonce, charon won't start, so it's not an optional plugin. I
asked one of the strongSwan maintainers (ecdsa), and he confirmed this:
> It definitely has to be enabled unconditionally. The only other
> provider for the NONCE_GEN plugin feature is in charon-tkm, so
> completely irrelevant on OpenWrt
Signed-off-by: Glen Huang <me@glenhuang.com>
John Audia [Sat, 22 Apr 2023 12:05:57 +0000 (08:05 -0400)]
snort3: update to 3.1.60.0
Upstream bump
Signed-off-by: John Audia <therealgraysky@proton.me>
Dirk Brenken [Sun, 23 Apr 2023 20:03:09 +0000 (22:03 +0200)]
banip: release 0.8.4-1
* add support for a custom feeds file (/etc/banip/banip.custom.feeds). Add new or edit existing banIP feeds on your own with the integrated custom feed editor (LuCI-component
* add a new option 'ban_blockpolicy' to overrule the default bblock policy (block all chains), see readme for details
* change the feed file format and add a new ipthreat feed, see readme
* refine (debug) logging
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Vladimir Ermakov [Thu, 20 Apr 2023 12:26:50 +0000 (14:26 +0200)]
qemu: add zstd option
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
Vladimir Ermakov [Thu, 20 Apr 2023 10:23:19 +0000 (12:23 +0200)]
qemu: update to 8.0.0
- Update version to 8.0.0
- Refresh patches
- Update configure opttions to disable libdw
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
Andrew Sim [Sun, 23 Apr 2023 05:15:45 +0000 (07:15 +0200)]
ksmbd-tools: update to 3.4.8 release
Changelog: https://github.com/cifsd-team/ksmbd-tools/releases/tag/3.4.8
Maintainer: nobody
Compile tested: Mediatek filogic, Asus TUF AX4200, lastest master
Run tested: Mediatek filogic, Asus TUF AX4200, lastest master
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
Kirill Fertikov [Fri, 21 Apr 2023 19:48:21 +0000 (00:48 +0500)]
shadowsocks-libev: ACL support
Link: https://github.com/openwrt/packages/pull/20647
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
[indentation fix]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Philip Prindeville [Sun, 23 Apr 2023 04:58:28 +0000 (22:58 -0600)]
Merge pull request #20857 from pprindeville/strongswan-drop-local_gateway
strongswan: local_gateway unused in swanctl.init
Philip Prindeville [Fri, 21 Apr 2023 18:02:28 +0000 (12:02 -0600)]
strongswan: local_gateway unused in swanctl.init
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Javier Marcet [Sat, 22 Apr 2023 08:46:19 +0000 (10:46 +0200)]
docker-compose: Update to version 2.17.3
Signed-off-by: Javier Marcet <javier@marcet.info>
Tianling Shen [Fri, 21 Apr 2023 23:36:39 +0000 (07:36 +0800)]
Merge pull request #20845 from jefferyto/ci-local-feed
CI: Add local feed for CI-built packages
Paul Fertser [Fri, 21 Apr 2023 16:32:27 +0000 (16:32 +0000)]
treewide: remove AUTORELEASE
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index
57d7995d4fa8..
f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Hirokazu MORIKAWA [Sat, 15 Apr 2023 12:56:03 +0000 (21:56 +0900)]
icu: bump to 73.1
Description:
It updates to CLDR 43 locale data with various additions and corrections.
ICU 73 improves Japanese and Korean short-text line breaking, reduces C++ memory use in date formatting, and promotes the Java person name formatter from tech preview to draft.
ICU 73 and CLDR 43 are minor releases, mostly focused on bug fixes and small enhancements. (The fall CLDR/ICU releases will update to Unicode 15.1 which is planned for September.)
ICU 73 updates to the time zone data version 2023c (2023-mar). Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Luca Barbato [Thu, 20 Apr 2023 18:52:32 +0000 (18:52 +0000)]
rust: update to 1.69.0
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Christian Marangi [Thu, 20 Apr 2023 05:43:53 +0000 (07:43 +0200)]
nginx: split DAV_EXT from standard nginx DAV config
Split DAV_EXT from standard nginx DAV config as additional WebDAV
methods are provided by an external module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Florian Eckert [Thu, 20 Apr 2023 06:16:34 +0000 (08:16 +0200)]
Merge pull request #20846 from johnfzc/sscep-license
scep: fix license
Peter van Dijk [Wed, 29 Mar 2023 13:09:20 +0000 (15:09 +0200)]
pdns-recursor: update to 4.8.4
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Peter van Dijk [Mon, 17 Apr 2023 08:24:04 +0000 (10:24 +0200)]
pdns: update to 4.7.4
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Josef Schlehofer [Wed, 19 Apr 2023 15:55:05 +0000 (17:55 +0200)]
Merge pull request #20824 from jefferyto/newt-0.52.23
newt: Update to 0.52.23
John Marrett [Wed, 19 Apr 2023 12:52:04 +0000 (08:52 -0400)]
scep: fix license
Signed-off-by: John Marrett <johnf@zioncluster.ca>
Jeffery To [Wed, 22 Mar 2023 07:46:13 +0000 (15:46 +0800)]
CI: Add local feed for CI-built packages
To test each package, the CI-built target package (ipk) file is
installed, but currently the target package's dependencies are installed
from the standard opkg feeds.
There are cases when the CI-built target packages should be
installed/tested together:
* If a pull request contains several new packages that depend on each
other, the test step will fail as the new dependencies cannot be found
in the current packages feed.
* If a pull request upgrades a source package that builds several target
packages that depend on each other, the test step may fail due to the
version/ABI mismatch between a newer target package and the older
dependencies installed from the packages feed.
This sets up a local feed for the CI-built packages so that dependencies
are also installed from the same set of packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Glenn Strauss [Wed, 12 Apr 2023 17:15:49 +0000 (13:15 -0400)]
lighttpd: adjust packages for built-in modules
(.so is no longer built, but package still contains config files)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
projects / feed / packages.git / log