Nikos Mavrogiannopoulos [Mon, 13 May 2024 14:06:30 +0000 (16:06 +0200)]
Merge pull request #24109 from nmav/tmp-openconnect-cam-fix
openconnect: introduced URI parameter
Ted Hess [Mon, 13 May 2024 11:33:37 +0000 (07:33 -0400)]
Merge pull request #24126 from neheb/o
pianod: fix mbedtls 3.6 compilation
Stan Grishin [Mon, 13 May 2024 08:57:52 +0000 (01:57 -0700)]
Merge pull request #23982 from stangri/master-unbound
unbound: pull in adblock-fast generated adb_list
Jianhui Zhao [Mon, 13 May 2024 03:04:49 +0000 (11:04 +0800)]
lua-eco: update to 3.5.1
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Rosen Penev [Mon, 13 May 2024 03:37:13 +0000 (20:37 -0700)]
aggregate: fix compilation with GCC 14
Implicit int is now an error.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 13 May 2024 03:34:36 +0000 (20:34 -0700)]
bottlerocket: fix compilation with GCC 14
implicit int errors now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 8 May 2024 21:28:56 +0000 (14:28 -0700)]
pianod: fix mbedtls 3.6 compilation
Just a header is needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Til Kaiser [Thu, 2 May 2024 16:49:57 +0000 (18:49 +0200)]
mstflint: add InstallDev target
This commit adds a missing InstallDev target, which
includes header and library files to use the mtcr library.
Signed-off-by: Til Kaiser <mail@tk154.de>
Til Kaiser [Thu, 2 May 2024 16:45:20 +0000 (18:45 +0200)]
mstflint: make Python dependency optional
This commit adds a configuration symbol for the package
to make Python an optional dependency. If unselected,
Python packages won't be selected, and the Python-dependent
tools msftwreset, mstfwtrace, mstprivhost, mstresourcedump,
and mstresourceparse won't be included in the mstflint package.
Signed-off-by: Til Kaiser <mail@tk154.de>
Til Kaiser [Thu, 2 May 2024 16:40:17 +0000 (18:40 +0200)]
mstflint: update to 4.28.0
Update mstflint to version 4.28.0.
Additionally, switch to the tagged release of the GitHub page.
Signed-off-by: Til Kaiser <mail@tk154.de>
Glenn Strauss [Sun, 12 May 2024 07:11:32 +0000 (03:11 -0400)]
lighttpd: fix missing dependency for OpenSSL crypto library
This change will provide the necessary dependency resolution, fixing:
Package lighttpd is missing dependencies for the following libraries:
libcrypto.so.3
Fixes: #23794
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Petr Štetiar [Wed, 24 Apr 2024 19:28:40 +0000 (19:28 +0000)]
lighttpd: add option to use OpenSSL crypto library
Currently, it is not feasible to configure lighttpd to use OpenSSL as
its internal crypto library. Instead, one must rely on alternative
crypto libraries such as Nettle or mbedTLS. This setup is not ideal in
scenarios where a single crypto library is preferred. To address this
issue, lets propose introducing OpenSSL as an additional configuration
option. Similarly, propose GnuTLS as additional configuration option.
Closes: #24004
Co-developed-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Zephyr Lykos [Thu, 9 May 2024 13:07:32 +0000 (21:07 +0800)]
tailscale: Update to 1.66.1
https://github.com/tailscale/tailscale/releases/v1.66.1
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Jonas Gorski [Sun, 12 May 2024 12:42:22 +0000 (14:42 +0200)]
znc: update to 1.9.0
Update ZNC to 1.9.0 with the following changes:
* drop all patches:
* 101-Reduce_rebuild_time.patch was only applicable for the old
autoconf build, which was dropped in 1.9 and we didn't use anymore
anyway
* 104-disable-empty-modules-check.patch not needed anymore since ZNC
now requires the new corecaps module on startup
* 120-openssl-deprecated.patch was applied upstream
* disable libargon2 support explicitly to avoid non-deterministic builds
if it gets added
* package new module corecaps with znc base, as this is a required
module
* reorder CMAKE_OPTIONS alphabetically
No new modules were introduced or removed besides the new corecaps
module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Seo Suchan [Sat, 11 May 2024 19:20:50 +0000 (04:20 +0900)]
transmission: fix compile with MbedTLS 3.X
Backport pending patch, which was submitted to upstream via GitHub
to use renamed function to compile it against MbedTLS 3.x.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Josef Schlehofer [Sun, 28 Apr 2024 20:32:47 +0000 (22:32 +0200)]
pcre: drop package
This package is no longer actively maintained as it reached
End-of-Life. [1] All new projects should use PCRE2.
OpenWrt wants to be minimalistic and we migrated many packages
from PCRE to PCRE2 huge thanks belong to @Ansuel (Christian Marangi),
who worked with several open-source projects to migrate it to PCRE2 [2].
This means that on routers, we don't need to have installed two libraries
(pcre and pcre2) side by side.
[1] https://www.pcre.org/
[2] https://github.com/openwrt/packages/issues/22006
Fixes: https://github.com/openwrt/packages/issues/22006
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Javier Marcet [Thu, 9 May 2024 17:20:45 +0000 (19:20 +0200)]
python-jsonschema: Update to 4.22.0
Release notes:
https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst#v4220
Signed-off-by: Javier Marcet <javier@marcet.info>
TeleostNaCl Dai [Sat, 11 May 2024 04:20:31 +0000 (12:20 +0800)]
speedtest-go: update to 1.7.5
Update speedtest-go version to 1.7.5
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>
Jonas Jelonek [Wed, 8 May 2024 09:19:07 +0000 (11:19 +0200)]
eza: update to 0.18.15
Release notes:
0.18.13: https://github.com/eza-community/eza/releases/tag/v0.18.13
0.18.14: https://github.com/eza-community/eza/releases/tag/v0.18.14
0.18.15: https://github.com/eza-community/eza/releases/tag/v0.18.15
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Álvaro Fernández Rojas [Thu, 9 May 2024 23:09:00 +0000 (01:09 +0200)]
bcm27xx-eeprom: update to v2024.04.20-2712
This update contains multiple BCM2712 improvements and also some minor
improvements for BCM2711.
From now on, only the latest version from default will be copied. There are too
many versions right now and the package can't be installed without expanding
the rootfs if all versions are copied.
Full changelog:
https://github.com/raspberrypi/rpi-eeprom/compare/v.2024.01.05-2712...v2024.04.20-2712
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Michael Heimpold [Fri, 10 May 2024 08:30:19 +0000 (10:30 +0200)]
Merge pull request #24104 from nxhack/icu_75_1
icu: bump to 75.1
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:18:44 +0000 (21:18 +0200)]
openconnect: introduced URI parameter
This allows specifying a camouflage string in ocserv.
Fixes: #23364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:52:59 +0000 (21:52 +0200)]
Merge pull request #24108 from nmav/tmp-openconnect-fixes
openconnect: backport fix for anyconnect compatibility
Michael Heimpold [Thu, 9 May 2024 19:23:29 +0000 (21:23 +0200)]
Merge pull request #24103 from nxhack/php8-intl-icu75
php8: Support for icu 75
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:00:31 +0000 (21:00 +0200)]
openconnect: backport fix for anyconnect compatibility
Fixes: #21135
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Christian Marangi [Thu, 9 May 2024 17:29:36 +0000 (19:29 +0200)]
nginx: drop deprecated luci.module in module.d
Since we moved to automatic loading of dynamic modules, we need to drop
the previous include luci.module or we end up with nginx failing to
start for old configurations.
Fixes: caffa410ed70 ("nginx: autoload dynamic modules")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 9 May 2024 17:17:38 +0000 (19:17 +0200)]
nginx-util: fix SEGFAULT from regex_search
In converting nginx-util to PCRE2, it was wrongly dropped saving the
results of the regex match causing segmentation fault when used.
Add the missing code to correctly store the vector of the results from
the regex.
Fixes: b738e42c4de8 ("nginx-util: move to pcre2")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tianling Shen [Sat, 4 May 2024 08:14:59 +0000 (16:14 +0800)]
golang: Enable loongarch64 for Go compiler and packages
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Thu, 9 May 2024 08:15:08 +0000 (16:15 +0800)]
v2ray-core: update to 5.16.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Hirokazu MORIKAWA [Thu, 9 May 2024 03:19:56 +0000 (12:19 +0900)]
icu: bump to 75.1
Unicode® ICU 75 updates to CLDR 45 (beta blog) locale data with new locales and various additions and corrections. C++ code now requires C++17 and is being made more robust.
The CLDR MessageFormat 2.0 specification is now in technology preview, together with a corresponding update of the ICU4J (Java) tech preview and a new ICU4C (C++) tech preview.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Hirokazu MORIKAWA [Thu, 9 May 2024 02:43:21 +0000 (11:43 +0900)]
php8: Support for icu 75
Preparing to update icu4c to 75.
Created a patch for build errors in php-intl.
```
In file included from /mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/unistr.h:39,
from ext/intl/intl_convertcpp.h:22,
from ext/intl/intl_convertcpp.cpp:17:
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:29: error: 'enable_if_t' in namespace 'std' does not name a template type
133 | typename = std::enable_if_t<
| ^~~~~~~~~~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:24: note: 'std::enable_if_t' is only available from C++14 onwards
133 | typename = std::enable_if_t<
| ^~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:40: error: expected '>' before '<' token
133 | typename = std::enable_if_t<
| ^
```
The FreeBSD ports patch was used as a reference.
https://github.com/freebsd/freebsd-ports/commit/
e680bd98d34a86302db434c5be23d0cf9d23df23
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Michel Promonet [Mon, 6 May 2024 16:21:21 +0000 (18:21 +0200)]
v4l2rtspserver: update to v0.3.10
Signed-off-by: Michel Promonet <michel.promonet@free.fr>
Florian Eckert [Tue, 16 Apr 2024 07:11:11 +0000 (09:11 +0200)]
keepalived: add patch to remove log message on json output
The 'luci-app-keepalived' uses the status json output to parse this
information for the status page. The problem is that when the LuCI
status page is open in the browser, the query is logged every 3 second into
the syslog. This is not needed and can therefore be removed.
This patch was already merged upstream:
https://github.com/acassen/keepalived/commit/
6cce75f4eb65551a61d2e4ba775637b288c1d592
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Wed, 8 May 2024 06:18:05 +0000 (08:18 +0200)]
net-tools: Revert "net-tools: add netstat utiltiy"
This reverts commit
d932a867e9445a54e49ecbff4e07bb2d1d0197be as this
changes has not been reviewed and must be reverted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Moritz Warning [Mon, 6 May 2024 20:50:36 +0000 (22:50 +0200)]
zerotier: update to 1.14.0
Includes refreshed patches.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Florian Eckert [Tue, 7 May 2024 11:55:36 +0000 (13:55 +0200)]
Merge pull request #24088 from TDT-AG/pr/
20240506-net-tools
net-tools: add netstat utiltiy
Florian Eckert [Tue, 7 May 2024 11:14:49 +0000 (13:14 +0200)]
Merge pull request #24089 from TDT-AG/pr/
20240506-stunnel
stunnel: update to version 5.72
Philip Prindeville [Mon, 6 May 2024 20:14:55 +0000 (14:14 -0600)]
strongswan: Add missing declarations in swanctl
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Sean Khan [Wed, 24 Apr 2024 22:02:02 +0000 (18:02 -0400)]
nginx: QUIC: Fix SSL 3.0 deprecated function
`EVP_CIPHER_CTX_cipher()` function was deprecated in OpenSSL 3.0.
As per OpenSSL's recommendation (https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_get0_cipher.html)
switch to using `EVP_CIPHER_CTX_get0_cipher()` instead.
With this change and recent commit to nginx-util #23935. We should now
be able to build nginx + modules with fully compliant calls to OpenSSL
3.0+ with legacy features disabled.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/packages/pull/24005
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Nikos Mavrogiannopoulos [Mon, 6 May 2024 20:21:25 +0000 (22:21 +0200)]
Merge pull request #24092 from nmav/tmp-fix-ocserv-ipcalc
ocserv: set ipcalc explicitly
Nikos Mavrogiannopoulos [Mon, 6 May 2024 19:51:39 +0000 (21:51 +0200)]
ocserv: set ipcalc explicitly
This is a mandatory tool for the test suite, but we do not run it.
Fixes compilation.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Sergey Ponomarev [Sun, 3 Dec 2023 16:14:42 +0000 (18:14 +0200)]
openssh-keygen: Make ssh-keygen as an alternative to dropbearkey
The DropBear's dropbearkey tool is compatible with OpenSSH
ssh-keygen.
It was set by default as the /usr/bin/ssh-keygen program since
the PR https://github.com/openwrt/openwrt/pull/14174
Now if a user need for a full ssh-keygen the openssh-keygen package
should substitute it gracefully as an alternative.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/packages/pull/22861
[ wrap to 80 columns ]
Link: https://github.com/openwrt/packages/pull/22861
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Florian Eckert [Tue, 13 Feb 2024 11:30:54 +0000 (12:30 +0100)]
stunnel: update to version 5.72
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Tue, 16 Apr 2024 07:09:31 +0000 (09:09 +0200)]
net-tools: add netstat utiltiy
Some user may want or need the full fuctionality of the netstat tool.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 6 May 2024 09:17:18 +0000 (11:17 +0200)]
atlas-probe: fix version for APK
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 6 May 2024 09:16:17 +0000 (11:16 +0200)]
faad2: fix version for APK
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Mon, 6 May 2024 08:27:33 +0000 (10:27 +0200)]
zlog: fix version for APK
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Nikos Mavrogiannopoulos [Mon, 6 May 2024 06:30:19 +0000 (08:30 +0200)]
ocserv: updated to 1.3.0
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
TeleostNaCl Dai [Mon, 6 May 2024 04:40:01 +0000 (12:40 +0800)]
speedtest-go: update to 1.7.0
Update speedtest-go version to 1.7.0
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>
Dirk Brenken [Sun, 5 May 2024 19:57:28 +0000 (21:57 +0200)]
banip: update 0.9.5-5
* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Christian Marangi [Thu, 11 Apr 2024 15:07:36 +0000 (17:07 +0200)]
libs: glib2: fix provided pkg-config and always use host tools
For the InstallDev target, the pkg-config should point to the glib2 host
tools for glib_compile_resources, gdbus_codegen, glib_genmarshal and
glib_mkenums instead of pointing to the targets ones as they are
unusable by the host machine (due to crosscompiling)
Fix the pkg-config to reference the host tools by replaying the entry
and use the prefix_hostpkg variable provided by our pkg-config.
Link: https://github.com/openwrt/packages/pull/23881
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Michael Heimpold [Sun, 5 May 2024 14:17:16 +0000 (16:17 +0200)]
Merge pull request #24081 from mhei/fix-buildbots-for-gensio
gensio: add patch with workaround for buildbots (refs #24047)
Tianling Shen [Sat, 4 May 2024 10:39:44 +0000 (18:39 +0800)]
rust: Update to 1.78.0
- Switch back to .gz tarball
- Replace local bootstrap cache hack with upstreamed option
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Michael Heimpold [Sat, 4 May 2024 19:54:50 +0000 (21:54 +0200)]
gensio: add patch with workaround for buildbots (refs #24047)
This should solve the issue found on the buildbots:
-snip-
...
checking consistency of all components of python development environment... yes
./configure: line 24172: test: =: unary operator expected
checking for pam_start in -lpam... (cached) no
...
-snap-
For still unknown reason, AX_PYTHON_DEVEL from the included
m4 file is not used which would set the variable the correct way.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jianhui Zhao [Sat, 4 May 2024 12:32:04 +0000 (20:32 +0800)]
rtty: update to 8.1.2
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Jianhui Zhao [Sat, 4 May 2024 12:00:54 +0000 (20:00 +0800)]
lua-eco: update to 3.5.0
MQTT code refactoring has been done since 3.5.0 that
mqtt.so no longer exists.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Federico Capoano [Tue, 19 Mar 2024 13:52:31 +0000 (10:52 -0300)]
flashrom: strip leading whitespace from PROGRAMMER_ARGS
Newer version of meson do not allow empty arguments.
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
Thibaut VARÈNE [Fri, 3 May 2024 14:57:38 +0000 (16:57 +0200)]
uspot: update to Git HEAD (2024-05-03)
5e2d15a110bb treewide: remove tip_mode
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
ef0f5291365b uspot/uspotfilter: implement disconnect_delay
92d3356d3fb3 update README
Update the package Makefile to reflect the changes from the following
above-listed commit:
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0
Update nano editor to version 8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Tianling Shen [Fri, 3 May 2024 05:54:50 +0000 (13:54 +0800)]
v2ray-core: Update to 5.16.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 3 May 2024 05:54:44 +0000 (13:54 +0800)]
alist: Update to 3.34.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 3 May 2024 05:54:32 +0000 (13:54 +0800)]
dnsproxy: Update to 0.71.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
TeleostNaCl Dai [Fri, 26 Apr 2024 07:59:12 +0000 (15:59 +0800)]
speedtest-go: add new package
This is a Command Line Interface (CLI) and pure Go API to
test internet speed using speedtest.net. Its upstream is
https://github.com/showwin/speedtest-go
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>
Tianling Shen [Fri, 3 May 2024 05:45:10 +0000 (13:45 +0800)]
Merge pull request #24064 from G-M0N3Y-2503/docker-update
Docker: Update to 26.1.0
Tianling Shen [Fri, 3 May 2024 05:42:40 +0000 (13:42 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 3 May 2024 05:42:35 +0000 (13:42 +0800)]
xray-core: Update to 1.8.11
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Gerard Ryan [Wed, 1 May 2024 11:51:07 +0000 (21:51 +1000)]
docker: Update to 26.1.0
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Wed, 1 May 2024 11:50:47 +0000 (21:50 +1000)]
dockerd: Update to 26.1.0
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Wed, 1 May 2024 11:50:08 +0000 (21:50 +1000)]
containerd: Update to 1.7.15
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Pascal Ernster [Wed, 1 May 2024 17:49:31 +0000 (19:49 +0200)]
gnutls: Update to version 3.8.5
All patches automatically refreshed.
The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
A vulnerability was found that the deterministic ECDSA code leaks
bit-length of random nonce which allows for full recovery of the
private key used after observing a few hundreds to a few thousands of
signatures on known messages, due to the application of lattice
techniques.
The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
When validating a certificate chain with more then 16 certificates
GnuTLS applications crash with an assertion failure.
The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).
Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:
- Version 3.8.5 (released 2024-04-04)
- libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
- libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
- libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
- build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of `nettle_rsa_compute_root_tr()`.
- API and ABI modifications:
- `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
- libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a `gnutls_x509_spki_t` object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
- libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
- libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
- libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
- build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
- API and ABI modifications:
- `gnutls_x509_spki_get_rsa_oaep_params`: New function.
- `gnutls_x509_spki_set_rsa_oaep_params`: New function.
- `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Olivier Poitrey [Mon, 29 Apr 2024 21:54:20 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Dirk Brenken [Wed, 1 May 2024 13:02:44 +0000 (15:02 +0200)]
banip: update 0.9.5-4
* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
John Audia [Sat, 20 Apr 2024 17:39:33 +0000 (13:39 -0400)]
hyperscan: fix broken build w/ external toolchain
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431
Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Georgi Valkov [Tue, 30 Apr 2024 14:37:11 +0000 (17:37 +0300)]
frr: fix host build error on macOS
Fixes:
lib/command_graph.c:16:1: error: argument to 'section' attribute is not valid for this target: mach-o section specifier requires a segment and section separated by a comma DEFINE_MTYPE_STATIC(LIB, CMD_TOKENS, "Command Tokens"); ^
./lib/memory.h:139:2: note: expanded from macro 'DEFINE_MTYPE_STATIC'
DEFINE_MTYPE_ATTR(group, name, static, desc) \
^
./lib/memory.h:109:26: note: expanded from macro 'DEFINE_MTYPE_ATTR'
__attribute__((section(".data.mtypes"))) = { { \
[1] https://github.com/FRRouting/frr/pull/6032
[2] https://github.com/FRRouting/frr/pull/15890
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Tue, 23 Apr 2024 23:38:31 +0000 (02:38 +0300)]
libideviceactivation: add package from git
Manage the activation of Apple iOS devices
There have been no releases since 2020-06-16.
Use the latest git
6925d58ef7994168fb9585aa6f48421149982329
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Tue, 23 Apr 2024 22:24:11 +0000 (01:24 +0300)]
ideviceinstaller: add package from git
Manage apps and app archives on iOS devices
There have been no releases since 2020-06-16.
Use the latest git
22872c3571b8d2646a9fbb74ec1d7e186941053d
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Tue, 23 Apr 2024 21:25:30 +0000 (00:25 +0300)]
ifuse: add package from git
Fuse filesystem access to iOS devices
There have been no releases since 2020-06-16.
Use the latest git
814a0e38050850937debd697fcfe6eca3de1b66f
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Tue, 23 Apr 2024 19:00:49 +0000 (22:00 +0300)]
idevicerestore: update to the latest git version
There have been no releases since 2020-06-16.
Update to the latest git
6d40d0ab626eb0ffee4f005b7fdc915bc561deb9
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Tue, 23 Apr 2024 17:34:29 +0000 (20:34 +0300)]
libirecovery: update to 1.2.0
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Mon, 22 Apr 2024 12:07:12 +0000 (15:07 +0300)]
usbmuxd: update to the latest git version
There have been no releases since 2020-06-16.
Update to the latest git
360619c5f721f93f0b9d8af1a2df0b926fbcf281
Fix: --version did not print the version.
[1] changes to mode 3 CDC NCM by default. Revert back to mode 1:
Originally mode 1 was used, where a tethered iPhone appears as an
Ethernet interface, handled by the ipheth driver. This has been the
default for many years and is known to work on iPhone 3G, 4S, 7 Plus,
11 and newer. Since [2] ipheth supports CDC NCM in mode 1, and
configures the iPhone to use it.
In mode 3, the Ethernet interface is handled by kmod-usb-net-cdc-ncm.
This driver has better performance, but now the iPhone does not
provide DHCP or Internet connectivity, so we should revert to mode 1.
Analysing the network traffic, shows that both the iPhone and OpenWRT
are DHCP clients. The iPhone does not act as a DHCP server. I can set
a static IP on OpenWRT and lease 172.20.10.1 to the iPhone. Then I can
ping the iPhone and I have IPv4 connectivity. However the iPhone does
not provide Internet connectivity to OpenWRT. Maybe in mode 3, the
iPhone is a client meant to receive Internet over USB and therefore
it is not a gateway?
Attempts to switch old iPhones, such as 3G and 4S to mode 3 fail.
They remain in mode 1 and work correctly using the ipheth driver.
Comparison, tested on iPhone 7 Plus and 11
- mode 1 eth0 kmod-usb-net-ipheth 264 Mbit/s DHCP server, Internet
- mode 3 usb0 kmod-usb-net-cdc-ncm 304 Mbit/s DHCP client, no Internet
[1] https://github.com/libimobiledevice/usbmuxd/commit/
c7a0dd9b82633ea347497626282e3051a469ef50
[2] https://github.com/openwrt/openwrt/commit/
680f8738d02a1876ae4cd11aacf9cd56e520fadf
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Mon, 22 Apr 2024 11:52:22 +0000 (14:52 +0300)]
libimobiledevice: update to the latest git version
There have been no releases since 2020-06-16.
Update to the latest git
5f083426b4ede24b2576f3a56eaf8ac3632c02f7
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Mon, 22 Apr 2024 11:34:05 +0000 (14:34 +0300)]
libusbmuxd: update to 2.1.0
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Mon, 22 Apr 2024 11:29:10 +0000 (14:29 +0300)]
libimobiledevice-glue: add package 1.2.0
A library with common code used by the libimobiledevice project.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Georgi Valkov [Mon, 22 Apr 2024 11:10:56 +0000 (14:10 +0300)]
libplist: update to 2.4.0
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Vladimir Ermakov [Wed, 24 Apr 2024 10:57:36 +0000 (12:57 +0200)]
qemu: update to 9.0.0
- update version: 9.0.0
- refresh patches
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
Yegor Yefremov [Tue, 30 Apr 2024 07:02:36 +0000 (09:02 +0200)]
ser2net: update to 4.6.2
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Yegor Yefremov [Tue, 30 Apr 2024 07:01:47 +0000 (09:01 +0200)]
gensio: update to 2.8.4
Remove the upstreamed patches.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
John Audia [Tue, 30 Apr 2024 18:27:05 +0000 (14:27 -0400)]
ncdu: update to 1.20
Upstream bump
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Peter van Dijk [Wed, 24 Apr 2024 13:53:04 +0000 (15:53 +0200)]
pdns-recursor: update to 5.0.4, fixes CVE-2024-25583
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Emily H. [Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)]
dnsproxy: add three new features
This commit adds the following features:
1. UCI support for local DNS over HTTPS/TLS/QUIC server.
2. UCI support for using private reverse DNS.
3. procd jail with CAP_NET_BIND_SERVICE, allowing
dnsproxy to serve on standard ports directly.
Signed-off-by: Emily H. <battery_tag708@simplelogin.com>
Josef Schlehofer [Fri, 26 Apr 2024 13:35:52 +0000 (15:35 +0200)]
msmtp: update to version 1.8.25
Release notes:
https://marlam.de/msmtp/news/msmtp-1-8-25/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5
Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
brvphoenix [Mon, 29 Apr 2024 09:08:50 +0000 (17:08 +0800)]
sing-box: update to 1.8.12
Signed-off-by: brvphoenix <brvphoenix@gmail.com>
Paul Spooren [Wed, 20 Mar 2024 23:03:43 +0000 (00:03 +0100)]
apk: move package to core
This will become part of openwrt.git and used within the build system.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Florian Eckert [Mon, 29 Apr 2024 05:59:47 +0000 (07:59 +0200)]
Merge pull request #23901 from M95D/m95d-audit2
audit: move from packages to openwrt
Stan Grishin [Mon, 29 Apr 2024 00:35:30 +0000 (17:35 -0700)]
Merge pull request #24034 from rs/nextdns-1.43.1-master
nextdns: Update to version 1.43.1
Christian Marangi [Sun, 28 Apr 2024 10:33:19 +0000 (12:33 +0200)]
nmap: add patch fixing compilation error with no OpenSSL DTLS
Add patch fixing compilation error with no OpenSSL DTLS support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Josef Schlehofer [Sat, 27 Apr 2024 10:19:45 +0000 (12:19 +0200)]
nmap: update to version 7.95
- Remove patch 010-Build-based-on-OpenSSL-version.patch
since it was backported and now it is included in 7.95 release
- Patch 030-ncat-drop-ca-bundle.patch was refreshed
Release notes:
https://nmap.org/changelog.html#7.95
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Christian Marangi [Wed, 25 Oct 2023 03:51:57 +0000 (05:51 +0200)]
nmap: use git as source and bump to PCRE2 support commit
Use git as source and bump version to PCRE2 support commit.
Move nmap to PCRE2 library as PCRE is EOL and won't receive any security
update in the future.
Patch 001-Use-correct-HAVE_-macros-for-Lua-5.4.-Fixes-2648.patch has
been merged upstream and can be dropped.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Wed, 25 Oct 2023 03:41:55 +0000 (05:41 +0200)]
nmap: bump to version 7.94
Bump to version 7.94.
Nmap now require lua 5.4.
Patch 020-Python3-port-of-ndiff.patch has been merged upstream and can
be dropped.
Patch 001-Use-correct-HAVE_-macros-for-Lua-5.4.-Fixes-2648.patch is now
required to fix a problem with header inclusion for lua 5.4.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>