Alexandru Ardelean [Sun, 30 Oct 2022 18:52:57 +0000 (20:52 +0200)]
sudo: bump to version 1.9.12
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
b40372da41303711bcc6c5b7640f7a3c00c47d54)
Rosen Penev [Sat, 9 Jul 2022 05:17:03 +0000 (22:17 -0700)]
sudo: don't build with MIPS16
GCC12 doesn't implement some security flags used by sudo.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
97e986e5eda7de83e0c725586ef00f575d76b8be)
Alexandru Ardelean [Thu, 30 Jun 2022 12:21:44 +0000 (15:21 +0300)]
sudo: bump to verison 1.9.11p3
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
b083d9b82bb89e3f27d3783dddd906f3fabeb693)
Jan Hák [Tue, 19 Sep 2023 08:51:30 +0000 (10:51 +0200)]
knot: update to version 3.3.1
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
2a6dc24882721b6c93623c8d55175de04c76852c)
Lucian Cristian [Thu, 31 Aug 2023 13:06:17 +0000 (13:06 +0000)]
libreswan: update to 4.12
fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
5a1b878010217c0404483099b52e3cd30319ced2)
Lucian Cristian [Tue, 16 May 2023 20:37:12 +0000 (20:37 +0000)]
libreswan: update to 4.11
Fixes https://libreswan.org/security/CVE-2023-30570
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
a5c2eececb64037a96163c62d41135b893f36ba8)
Josef Schlehofer [Sat, 16 Sep 2023 10:36:17 +0000 (12:36 +0200)]
ffmpeg: update to version 5.1.3
Fixes CVEs:
CVE-2022-3964 [1]
CVE-2022-3965 [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-3964
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
87b2a2bb57c42b3c91393a387cd02367e59910f5)
Stan Grishin [Sun, 17 Sep 2023 01:59:27 +0000 (18:59 -0700)]
Merge pull request #22123 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: improve boot up startup
Stan Grishin [Sat, 16 Sep 2023 23:44:31 +0000 (23:44 +0000)]
https-dns-proxy: improve boot up startup
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
22d21e28a79a5246e4f6068cbc0be59e5226c486)
Stan Grishin [Sat, 16 Sep 2023 23:43:18 +0000 (16:43 -0700)]
Merge pull request #22116 from stangri/openwrt-22.03-curl
[22.03] curl: update to version 8.3.0
Josef Schlehofer [Tue, 17 Jan 2023 23:01:42 +0000 (00:01 +0100)]
unbound: update to version 1.17.1
- Refreshed one patch
- Removed deprecated AUTORELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
97e69ec89c8bdb1c6d092eb5e8491467a06a9963)
John Audia [Sun, 25 Sep 2022 12:04:14 +0000 (08:04 -0400)]
ffmpeg: update to 5.1.2
Bump to latest upstream version
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6b71d2fbde0be2f2f332ac542be09e37b3cb3ca9)
John Audia [Wed, 7 Sep 2022 18:30:56 +0000 (14:30 -0400)]
ffmpeg: update to 5.1.1
Bump to latest upstream version
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
73e02994fbd8176b43fe8138fb876329538b611d)
Jeffery To [Thu, 24 Aug 2023 17:13:17 +0000 (01:13 +0800)]
python-sentry-sdk: Update to 1.29.2, update list of dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f279ae9418fff4f83bd16b353ef008e548d82cd7)
Josef Schlehofer [Mon, 4 Sep 2023 09:00:32 +0000 (11:00 +0200)]
treewide: change my no longer used email
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1e1b2051db47a82513f4eb4e9da892207785b7e2)
Josef Schlehofer [Fri, 15 Sep 2023 08:11:51 +0000 (10:11 +0200)]
curl: update to version 8.3.0
Release notes:
https://curl.se/changes.html#8_3_0
Fixes:
CVE-2023-38039 [1]
[1] https://curl.se/docs/CVE-2023-38039.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
07c0a5eab8fe073fabcba999e6176fec93bd696b)
Olivier Poitrey [Thu, 14 Sep 2023 11:56:52 +0000 (11:56 +0000)]
nextdns: Update to version 1.40.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Sibren Vasse [Mon, 31 Jul 2023 09:18:37 +0000 (11:18 +0200)]
openssh: update to 9.3p2
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
731f0d70a8392f1d3abf1877334cfe25c6a0786f)
Darren Tucker [Thu, 11 May 2023 06:33:31 +0000 (16:33 +1000)]
openssh: sftp no longer needs crypto or zlib.
OpenSSH 9.1p1 removed remaining dependencies and stopped linking sftp,
sftp-server and scp against libcrypto or libz. This change moves those
package dependencies from the default to those that still need them.
In particular, this will allow sftp-server to be installed for use with
Dropbear without needing to install zlib or openssl.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
(cherry picked from commit
74c4ad2c0c0e2d7c277cda212ffe7027582214e9)
Darren Tucker [Thu, 11 May 2023 06:31:44 +0000 (16:31 +1000)]
openssh: Use CDN first for source downloads.
Also point to https for website.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
(cherry picked from commit
1daddd582f7fec1058ecb2ecf0d66e6a2951f56c)
Glen Huang [Thu, 13 Apr 2023 09:55:02 +0000 (17:55 +0800)]
openssh: preserve authorized_keys
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.
Signed-off-by: Glen Huang <me@glenhuang.com>
(cherry picked from commit
e36a55c9ed293bd608d18918cdda8dceffad9d96)
Sibren Vasse [Fri, 17 Mar 2023 16:19:27 +0000 (17:19 +0100)]
openssh: update to 9.3p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
2c755759dfabf5414f38b12914677c871e744824)
Sibren Vasse [Fri, 3 Feb 2023 13:42:23 +0000 (14:42 +0100)]
openssh: actually build openssh-server-pam with pam support
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
d41e918a36026ef9319084930fa411e81f93ac26)
Sibren Vasse [Thu, 2 Feb 2023 20:52:14 +0000 (21:52 +0100)]
openssh: update to 9.2p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
5c43c1bade7a4cedfb0966e1f1bba2f1bf9c17e4)
Sibren Vasse [Mon, 5 Dec 2022 23:13:13 +0000 (00:13 +0100)]
openssh: update to 9.1p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
ba8cb7c16c45bed6404cac9c76b4959c540d7db6)
Sibren Vasse [Sat, 9 Apr 2022 10:01:44 +0000 (12:01 +0200)]
openssh: update to 9.0p1
Remove upstreamed patches.
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
08b45115d7aa6291de0bb0b885750fa63a3a6e2f)
Rosen Penev [Mon, 19 Sep 2022 02:49:21 +0000 (19:49 -0700)]
glib2: update to 2.74.0
Remove upstreamed patch and delete pointless one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
5d27631d9fbca076eb6377fc8c10f474ce9f4fea)
Rosen Penev [Fri, 15 Jul 2022 20:54:35 +0000 (13:54 -0700)]
glib2: remove libiconv/host build dependency
No longer present. The original reason for having it was an unfortunate
side effect of the way meson uses HOST_LDFLAGS. Since the transistion to
use dependency('iconv'), this is no longer relevant.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
568669dc46e982563eb77b898da7b7cbacd90d85)
Josef Schlehofer [Sun, 3 Sep 2023 08:26:21 +0000 (10:26 +0200)]
syslog-ng: update to version 4.3.1
Makefile changes:
- Since version 4.3.0, there is required to use pcre2 instead of pcre
Reference: https://github.com/syslog-ng/syslog-ng/pull/4537
- Disable c++ support by default to avoid picking libstdcpp dependency
Reference: https://github.com/syslog-ng/syslog-ng/pull/4484
Config changes:
- Bump version in config file
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c43599b0c885bbb3b6aae2cac34aa8d526fb8274)
Tianling Shen [Mon, 11 Sep 2023 01:55:44 +0000 (09:55 +0800)]
Merge pull request #22084 from jefferyto/golang-1.19.13-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.13
Jeffery To [Sun, 10 Sep 2023 20:06:34 +0000 (04:06 +0800)]
golang: Update to 1.19.13
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 5 Sep 2023 04:02:08 +0000 (12:02 +0800)]
python3: Update to 3.10.13
Includes fix for CVE-2023-40217 (Bypass TLS handshake on closed
sockets).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Liangbin Lian [Sat, 2 Sep 2023 03:30:26 +0000 (11:30 +0800)]
transmission: add syscalls to seccomp filter
Add missing syscalls found using `/etc/init.d/transmission trace`.
fix crash on adding torrent on x86_64 platform
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Moritz Warning [Sun, 27 Aug 2023 21:00:10 +0000 (23:00 +0200)]
zerotier: update to 1.12.1
* split up "fix makefile" patch logical distinct parts
* add libatomic dependency needed for prometheus-cpp-lite-1.0
* refresh patch series
* improve warning message in init script
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
6cf39ba626e35474b5b3c59754610f20c240d202)
Oskari Rauta [Sun, 12 Mar 2023 16:30:35 +0000 (18:30 +0200)]
zerotier: do not allow executable stack
zerotier as default has executable stack.
[ 11.343143] process '/usr/bin/zerotier-one' started with executable stack
executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.
Stack is executable on x86_64, but not on all archs, such as ramips.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
56f30520f2413f9f1434def5b533a265912aea1c)
Moritz Warning [Mon, 13 Mar 2023 18:16:05 +0000 (19:16 +0100)]
zerotier: update to 1.10.4
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
b5cde91594a858b823270e50fed27bb7985ddebe)
Jan Hoffmann [Sat, 19 Aug 2023 22:07:51 +0000 (00:07 +0200)]
vnstat2: update to version 2.11
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit
98719797074637cecdff6a0cdb782a1e807a13e9)
Jan Hoffmann [Sat, 22 Oct 2022 20:33:45 +0000 (22:33 +0200)]
vnstat2: update to version 2.10
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit
4edbd1afe7df62a980c085bef48d0f2df8ec19c7)
Stan Grishin [Mon, 4 Sep 2023 01:03:07 +0000 (18:03 -0700)]
Merge pull request #22018 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: fix dns resolution not working on boot
Stan Grishin [Sun, 3 Sep 2023 20:33:17 +0000 (20:33 +0000)]
https-dns-proxy: fix dns resolution not working on boot
* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9a2c5ae18c5a4bce20d1a8c572d1261b191701dc)
Leon M. Busch-George [Sun, 11 Jun 2023 18:39:06 +0000 (20:39 +0200)]
wget: use pcre2
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit
379946951c22ea774e4e22b4379571da604ded4b)
Josef Schlehofer [Sat, 2 Sep 2023 15:23:37 +0000 (17:23 +0200)]
knot-resolver: update to version 5.7.0
Changelog:
https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a5314681149259827c1eec074ae11fe6b7a80961)
Jan Hák [Tue, 29 Aug 2023 11:36:24 +0000 (13:36 +0200)]
knot: enable QUIC support
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
dea3e7acb6b4ef4b83defc2d40ad4dfeb10d1df4)
Jan Hák [Tue, 29 Aug 2023 09:24:07 +0000 (11:24 +0200)]
knot: update to version 3.3.0
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
e79e4415139fd1bc475200a8e408dce9a7f89dc2)
Jan Hák [Tue, 1 Aug 2023 11:27:00 +0000 (13:27 +0200)]
knot: update to version 3.2.9
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
f6aa1198eb14487d57bb5cb88fcc359376bfd3ed)
Jan Hák [Mon, 26 Jun 2023 11:07:06 +0000 (13:07 +0200)]
knot: update to version 3.2.8
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
9517ef080a88812b96ef55e55ddc83ada0a6a829)
Jan Hák [Wed, 7 Jun 2023 11:23:05 +0000 (13:23 +0200)]
knot: update to version 3.2.7
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
439694a0128739e493d5ff2d20a8cbd4d4ca253e)
Jan Hák [Wed, 12 Apr 2023 09:16:04 +0000 (11:16 +0200)]
knot: update to version 3.2.6
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
bb946a19cd3203e288f99db666e123c92f7e3d0d)
Tianling Shen [Tue, 7 Mar 2023 02:52:37 +0000 (10:52 +0800)]
tmate: fix build against msgpack-c 6.0
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=
f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
928710813baba4f6f5130d936f0cab44c0033b90)
Tianling Shen [Tue, 7 Mar 2023 02:50:02 +0000 (10:50 +0800)]
msgpack-c: Update to 6.0.0
Removed 010-no-gtest.patch as upstream no longer detects it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
394cc366b3210924ed270c3745d37a7be3d1965b)
Tianling Shen [Tue, 7 Mar 2023 07:44:29 +0000 (15:44 +0800)]
tmate-ssh-server: fix build against msgpack-c 6.0
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=
f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c49a1dad52f6556757dc93f787c84cac76629435)
Nikos Mavrogiannopoulos [Thu, 31 Aug 2023 16:45:20 +0000 (18:45 +0200)]
tang: do not require bash and curl (backport from 23.05)
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Wed, 30 Aug 2023 07:10:27 +0000 (09:10 +0200)]
tang: corrected hash for v14
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Ray Wang [Mon, 21 Aug 2023 15:27:30 +0000 (23:27 +0800)]
natmap: update to
20230820
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
d5b99f9e8a0958be7f8eef66515bd98e4a7b4d96)
Nikos Mavrogiannopoulos [Mon, 28 Aug 2023 16:36:16 +0000 (18:36 +0200)]
tang: updated to v14
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Thu, 1 Jun 2023 07:18:43 +0000 (09:18 +0200)]
tang: create user tang
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Tue, 26 Apr 2022 07:50:08 +0000 (09:50 +0200)]
tang: use sbin instead of libexec
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Sun, 7 May 2023 11:35:14 +0000 (13:35 +0200)]
tang: remove post-installation key generation
The keys will be generated on startup.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Wed, 12 Apr 2023 18:19:10 +0000 (20:19 +0200)]
tang: updated to version 12
This version enables standalone operation.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Jo-Philipp Wich [Fri, 25 Aug 2023 08:41:59 +0000 (10:41 +0200)]
strongswan: fix compilation against updated WolfSSL 5.6.3
After OpenWrt base updated WolfSSL to version 5.6.3, the strongswan wolfssl
plugin fails to compile due to a header conflict.
The error reported by the builders is:
In file included from .../usr/include/wolfssl/openssl/asn1.h:27,
from .../usr/include/wolfssl/ssl.h:4123,
from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
../../../../src/libstrongswan/asn1/asn1.h:43:9: error: 'WOLFSSL_ASN1_STRING' redeclared as different kind of symbol
43 | ASN1_UTF8STRING = 0x0C,
| ^~~~~~~~~~~~~~~
In file included from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
.../usr/include/wolfssl/ssl.h:212:41: note: previous declaration of 'WOLFSSL_ASN1_STRING' with type 'WOLFSSL_ASN1_STRING'
212 | typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
| ^~~~~~~~~~~~~~~~~~~
make[9]: *** [Makefile:621: wolfssl_ec_private_key.lo] Error 1
Solve this issue by adding a local path that remaps `ASN1_UTF8STRING`
during wolfssl header inclusion, like it is done already for other
conflicting defines.
Ref: https://forum.openwrt.org/t/x/169580
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Karl Palsson [Thu, 17 Aug 2023 21:59:08 +0000 (21:59 +0000)]
net/mosquitto: bump to 2.0.17
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes #2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes #2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Perry Melange [Sun, 6 Aug 2023 15:05:41 +0000 (17:05 +0200)]
tunneldigger-broker: update to v0.4.0
Include new hook script to build
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit
93a102e21a8a80bf98957531c96ac06474ac089f)
Perry Melange [Thu, 17 Aug 2023 20:45:19 +0000 (22:45 +0200)]
tunneldigger-broker: add rate-limit hook
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit
0d1085fe9eae61d96ae69c80d3e44a9f36e21cb7)
Perry Melange [Sat, 29 Jul 2023 19:50:28 +0000 (21:50 +0200)]
tunneldigger-broker: add option to isolate bridge ports
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit
49cdf15da458c384d6c0cd19b228e2d84ba205f4)
Perry Melange [Sat, 29 Jul 2023 19:35:46 +0000 (21:35 +0200)]
tunneldigger-broker: update lib functions
Use config_foreach instead of config_cb
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit
ab2b1ade2792c4218725ff5f0851141197ac0188)
Perry Melange [Thu, 17 Aug 2023 20:46:11 +0000 (22:46 +0200)]
tunneldigger-broker: update config file and init for v0.4.0
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit
99dfea773019fc8fb194a22e7beba4e94ed8df66)
Stan Grishin [Wed, 16 Aug 2023 20:42:42 +0000 (13:42 -0700)]
Merge pull request #21829 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: bugfixes for uci_load_validate
Stan Grishin [Tue, 15 Aug 2023 16:31:21 +0000 (16:31 +0000)]
simple-adblock: bugfixes for uci_load_validate
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
ad8aa084c18af6fd878e578453d7077deb5c223e)
Michael Heimpold [Tue, 15 Aug 2023 05:40:12 +0000 (07:40 +0200)]
Merge pull request #21818 from mhei/22.03-php8-update-to-8.1.22
[22.03] php8: update to 8.1.22
Michael Heimpold [Sun, 13 Aug 2023 09:41:56 +0000 (11:41 +0200)]
php8: update to 8.1.22
This fixes:
- CVE-2023-3823
- CVE-2023-3824
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Hirokazu MORIKAWA [Thu, 10 Aug 2023 05:23:46 +0000 (14:23 +0900)]
node: August 2023 Security Releases
Update to v16.20.2
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 14th July.
* OpenSSL security advisory 19th July.
* OpenSSL security advisory 31st July
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Stan Grishin [Tue, 8 Aug 2023 20:15:40 +0000 (13:15 -0700)]
Merge pull request #21762 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: force_dns_port validation bugfix
Stan Grishin [Tue, 8 Aug 2023 20:15:23 +0000 (13:15 -0700)]
Merge pull request #21694 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.2.1
Stan Grishin [Tue, 8 Aug 2023 09:28:31 +0000 (09:28 +0000)]
simple-adblock: force_dns_port validation bugfix
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
173d163f0935bd21e667fcd9a895718112d71718)
Tianling Shen [Sun, 6 Aug 2023 01:38:03 +0000 (09:38 +0800)]
v2fly-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1003f84ead4ccd1b99c07392ad7542debe82e332)
Tianling Shen [Sun, 6 Aug 2023 01:38:02 +0000 (09:38 +0800)]
v2raya: Update to 2.1.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4faa0e88fe78deaa9d4c4f8149f9f6f1dcbba8a0)
Tianling Shen [Sun, 6 Aug 2023 01:38:02 +0000 (09:38 +0800)]
cloudreve: Update to 3.8.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d1f4f875fa14fffc268fcd9167f2b6f284a7620e)
R4SAS I2P [Sat, 5 Aug 2023 20:13:21 +0000 (20:13 +0000)]
i2pd: update to version 2.48.0
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit
d7b0d3f83d61ce117db0a3e5899624e77a4f5555)
Tianling Shen [Mon, 7 Aug 2023 00:40:23 +0000 (08:40 +0800)]
Merge pull request #21740 from jefferyto/golang-1.19.12-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.12
Jeffery To [Sun, 6 Aug 2023 18:43:20 +0000 (02:43 +0800)]
golang: Update to 1.19.12
Includes fix for CVE-2023-29409 (crypto/tls: verifying certificate
chains containing large RSA keys is slow).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Stan Grishin [Mon, 31 Jul 2023 04:11:02 +0000 (04:11 +0000)]
curl: update to 8.2.1
* https://curl.se/changes.html#8_2_1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
82dbc1c4d519c3ec93220247f3ffb2ac354c89fd)
Stan Grishin [Tue, 1 Aug 2023 05:28:17 +0000 (22:28 -0700)]
Merge pull request #21639 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.2.0
Hirokazu MORIKAWA [Thu, 27 Jul 2023 01:39:44 +0000 (10:39 +0900)]
mg: bump to 7.3
Description:
Sync to OpenBSD 7.3
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
e25f57b60273a6fa4515367e82b379c09c483e55)
Stan Grishin [Sun, 23 Jul 2023 15:52:57 +0000 (08:52 -0700)]
Merge pull request #21632 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: improve CLI messaging
Stan Grishin [Sun, 23 Jul 2023 15:48:18 +0000 (15:48 +0000)]
curl: update to 8.2.0
* https://curl.se/changes.html#8_2_0
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
a276cebd9ee8bd5f63b9693fb885529f951375b8)
Stan Grishin [Sun, 23 Jul 2023 15:14:15 +0000 (08:14 -0700)]
Merge pull request #21629 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: dnsmasq access bugfix & misc improvements
Stan Grishin [Sun, 23 Jul 2023 05:22:04 +0000 (05:22 +0000)]
https-dns-proxy: improve CLI messaging
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
649fbcf9fcab34df3d39b0642cd5b566eefb569e)
Stan Grishin [Sun, 23 Jul 2023 05:06:40 +0000 (05:06 +0000)]
simple-adblock: dnsmasq access bugfix & misc improvements
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
dea274cc333ab99e42b569bf412c23e0dfd8a87a)
Tianling Shen [Fri, 21 Jul 2023 19:01:19 +0000 (03:01 +0800)]
rclone: Update to 1.63.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
34d1c310b36ce0473a457ee1f82414ff994cd92c)
Tianling Shen [Wed, 19 Jul 2023 07:46:15 +0000 (15:46 +0800)]
dnsproxy: Update to 0.52.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
dc3af571d7c7328d3013b52812bc9e22d14676df)
Tianling Shen [Wed, 19 Jul 2023 07:46:07 +0000 (15:46 +0800)]
cloudflared: Update to 2023.7.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
498343e2c0b21383c9ebb77fbfd1b6a0dbe1acf6)
Nick Hainke [Tue, 27 Jun 2023 07:58:08 +0000 (09:58 +0200)]
snowflake: update to 2.6.0
Tor projects tries to migrate away from git.torproject.org [0,1]. We
need to adjust PKG_SOURCE and GO_PKG name. Further, we need to backport
patches to fix compiling on riscv64, so add:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Changelog:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/
2fa8fd9188078eaa169f1edd16815deae4004c6c
[0] - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
[1] - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/
82cc0f38f73c4ca4e12d22173562a092ebd4dea0
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
0281f7594b31a5a947c26b895343daedc8a808e8)
Tianling Shen [Mon, 17 Jul 2023 13:18:42 +0000 (21:18 +0800)]
Merge pull request #21591 from jefferyto/golang-1.19.11-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.11
Jeffery To [Mon, 17 Jul 2023 07:32:40 +0000 (15:32 +0800)]
golang: Update to 1.19.11
Includes fix for CVE-2023-29406 (net/http: insufficient sanitization of
Host header).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Dirk Brenken [Sun, 16 Jul 2023 05:32:24 +0000 (07:32 +0200)]
banip: release 0.9.0-1
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
1c14eb6d8ced8bc49825bc109984a8b6715c1a08)
Tianling Shen [Fri, 14 Jul 2023 06:13:46 +0000 (14:13 +0800)]
yq: Update to 4.34.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1cb2590c1743eeb4c357b1f0d7e3fb47b3640ae6)
Tianling Shen [Fri, 14 Jul 2023 06:13:35 +0000 (14:13 +0800)]
cloudflared: Update to 2023.7.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5e0c715a51cd146867d0ca9efd5158307410f042)
Michael Heimpold [Fri, 14 Jul 2023 05:57:36 +0000 (07:57 +0200)]
Merge pull request #21559 from mhei/22.03-php8-update-to-8.1.21
[22.03] php8: update to 8.1.21
Michael Heimpold [Wed, 12 Jul 2023 20:53:59 +0000 (22:53 +0200)]
php8: update to 8.1.21
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Tue, 4 Jul 2023 08:04:54 +0000 (16:04 +0800)]
rclone: Update to 1.63.0
While at it fixed a typo error of license files variable.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
952844c976bae289c603f9c93662a08f6ff49290)
projects / feed / packages.git / log