feed/packages.git
20 months agosing-box: add necessary dependencies and cleanup Makefile
Van Waholtz [Sun, 5 Mar 2023 12:31:39 +0000 (20:31 +0800)]
sing-box: add necessary dependencies and cleanup Makefile

1. Add `kmod-inet-diag` as a dependency since it is needed for https://sing-box.sagernet.org/configuration/dns/rule/#process_name
2. Remove redundant `default n` (https://github.com/openwrt/openwrt/commit/8bc72ea7be3976711dacc09f0fdab061d6e5152a)

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
20 months agohaproxy: update to v2.6.9
Christian Lachner [Sat, 18 Feb 2023 06:50:27 +0000 (07:50 +0100)]
haproxy: update to v2.6.9

- Update haproxy download URL and hash
- This release fixes a critial flaw known as CVE-2023-25725. See:
  http://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8

Signed-off-by: Christian Lachner <gladiac@gmail.com>
20 months agoMerge pull request #20570 from pprindeville/isc-dhcp-allow-no-default-route
Philip Prindeville [Sun, 5 Mar 2023 01:08:07 +0000 (18:08 -0700)]
Merge pull request #20570 from pprindeville/isc-dhcp-allow-no-default-route

isc-dhcp: allow no default route

20 months agonetbird: new package
Oskari Rauta [Thu, 2 Feb 2023 13:06:08 +0000 (13:06 +0000)]
netbird: new package

Netbird is similar vpn service as tailscale and zerotier.

Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
20 months agoopen-vm-tools: update to 12.1.5
Oskari Rauta [Wed, 22 Feb 2023 17:19:19 +0000 (17:19 +0000)]
open-vm-tools: update to 12.1.5

added also --disable-glibc-check to configure args to allow building
on hosts that use musl.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
20 months agoacme: fix incompatibilty with image builder
Glen Huang [Fri, 3 Mar 2023 03:08:32 +0000 (11:08 +0800)]
acme: fix incompatibilty with image builder

Signed-off-by: Glen Huang <i@glenhuang.com>
20 months agoMerge pull request #20563 from paper42/clamav-0.104.4
Josef Schlehofer [Fri, 3 Mar 2023 06:55:05 +0000 (07:55 +0100)]
Merge pull request #20563 from paper42/clamav-0.104.4

clamav: update to 0.104.4

20 months agov2raya: drop wrong patches
Tianling Shen [Fri, 3 Mar 2023 03:52:58 +0000 (11:52 +0800)]
v2raya: drop wrong patches

These patches should not be backported to OpenWrt, otherwise tproxy
won't work for devices connected to br-lan (bypassed by the fw rules).

We have introduced a new compile-time flag for new version (which
is not released yet), but it's unnecessray to backport redudant
patches as here is still at the old version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agoyq: Update to 4.31.2
Tianling Shen [Fri, 3 Mar 2023 03:58:41 +0000 (11:58 +0800)]
yq: Update to 4.31.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agocloudflared: Update to 2023.3.0
Tianling Shen [Fri, 3 Mar 2023 03:58:33 +0000 (11:58 +0800)]
cloudflared: Update to 2023.3.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agoisc-dhcp: allow suppression of default gateway 20570/head
Philip Prindeville [Mon, 27 Feb 2023 00:49:13 +0000 (17:49 -0700)]
isc-dhcp: allow suppression of default gateway

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
20 months agoisc-dhcp: make indent consistent in config
Philip Prindeville [Mon, 27 Feb 2023 00:38:36 +0000 (17:38 -0700)]
isc-dhcp: make indent consistent in config

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
20 months agoacme: merge cli into init script
Glen Huang [Tue, 28 Feb 2023 11:19:19 +0000 (19:19 +0800)]
acme: merge cli into init script

Signed-off-by: Glen Huang <i@glenhuang.com>
20 months agoqemu: update to 7.2.0
Vladimir Ermakov [Sat, 28 May 2022 15:33:35 +0000 (18:33 +0300)]
qemu: update to 7.2.0

drop disas and bios patches
refresh patches

qemu: vhost-scsi does not exist, drop unsupported vhost options

qemu: disable VDUSE by default

qemu: slirp and vnc-png option gone

Note: libpng still needed if vnc enabled.

Link: https://github.com/openwrt/packages/pull/18623
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
(squash commits)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
20 months agonfs-kernel-server: update to v2.6.2
Oskari Rauta [Wed, 22 Feb 2023 16:38:26 +0000 (16:38 +0000)]
nfs-kernel-server: update to v2.6.2

Also added patch that is from alpine's same package to assist building on musl.
Hostpkg build on musl also kept failing, so I added few more overrides, which
made it work perfectly.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
20 months agolua-eco: update to 2.0.0
Jianhui Zhao [Mon, 27 Feb 2023 15:02:44 +0000 (23:02 +0800)]
lua-eco: update to 2.0.0

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
20 months agocloudflared: Update to 2023.2.2
Tianling Shen [Wed, 1 Mar 2023 08:41:48 +0000 (16:41 +0800)]
cloudflared: Update to 2023.2.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agosed: remove old libpcre dependency
Alan Swanson [Tue, 28 Feb 2023 09:45:37 +0000 (09:45 +0000)]
sed: remove old libpcre dependency

Signed-off-by: Alan Swanson <reiver@improbability.net>
20 months agopodman: update to v4.4.2
Oskari Rauta [Mon, 27 Feb 2023 15:15:09 +0000 (15:15 +0000)]
podman: update to v4.4.2

Security:
 - This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Bugfixes:
 - Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).
 - Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.
 - Fixed a race condition in Podman's signal proxy.

Misc:
 - Updated the containers/image library to v5.24.1.

Patch also refreshed

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoMerge pull request #20467 from tobiaspc/njalla
Florian Eckert [Mon, 27 Feb 2023 08:09:27 +0000 (09:09 +0100)]
Merge pull request #20467 from tobiaspc/njalla

ddns-scripts: Add njal.la provider

21 months agoMerge pull request #20540 from stangri/master-curl
Stan Grishin [Mon, 27 Feb 2023 06:32:08 +0000 (23:32 -0700)]
Merge pull request #20540 from stangri/master-curl

curl: update to 7.88.1

21 months agonode: bump to v18.14.2
Hirokazu MORIKAWA [Thu, 23 Feb 2023 02:29:42 +0000 (11:29 +0900)]
node: bump to v18.14.2

Update to v18.14.2
Support for OpenSSL v3.0.x

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
21 months agoi2pd: update to version 2.46.1
Daniel Bermond [Sun, 19 Feb 2023 14:02:43 +0000 (11:02 -0300)]
i2pd: update to version 2.46.1

Maintainer   : @yangfl (David Yang)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-01262c921c)
Run tested   : r7800 OpenWrt git master (r22104-01262c921c)

Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
21 months agoperl-www-curl: add patch to ensure compatibility with curl 7.88 20540/head
Stan Grishin [Sat, 25 Feb 2023 21:59:21 +0000 (21:59 +0000)]
perl-www-curl: add patch to ensure compatibility with curl 7.88

Patch comes from
https://github.com/openwrt/packages/pull/20540#issuecomment-1439537287

Fixes:
/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include/curl/curl.h:2515:3: note: declared here
 2515 |   CURLFORM_CONTENTTYPE     CURL_DEPRECATED(7.56.0, "Use curl_mime_type()"),
      |   ^~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:347: Curl.o] Error 1

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agocrowdsec: update to 1.4.6
S. Brusch [Sat, 25 Feb 2023 16:53:18 +0000 (17:53 +0100)]
crowdsec: update to 1.4.6
Update crowdsec to latest upstream release version 1.4.6

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3

21 months agobanip: update 0.8.1-2
Dirk Brenken [Sun, 26 Feb 2023 07:16:15 +0000 (08:16 +0100)]
banip: update 0.8.1-2

* add oisdbig as new feed
* LuCI frontend preparation:
  - the json feed file points always to /etc/banip/banip.feeds (and is no longer compressed)
  - supply country list in /etc/banip/banip.countries
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agogst1-libav: bump to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:09:50 +0000 (10:09 +0100)]
gst1-libav: bump to 1.20.5

- avdec_h265: Fix endless renegotiation with alternate interlacing
- avviddec: Avoid flushing on framerate changes

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agogst1-plugins-ugly: bump to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:09:25 +0000 (10:09 +0100)]
gst1-plugins-ugly: bump to 1.20.5

No actual changes

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agogst1-plugins-bad: bump to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:08:50 +0000 (10:08 +0100)]
gst1-plugins-bad: bump to 1.20.5

- aesdec: Fix padding removal for per-buffer-padding=FALSE
- aesdec test failing in gst-plugins-bad
- alphacombine: Add missing query handler for gaps
- avfdeviceprovider: do not leak the properties
- avfvideosrc: Report latency when doing screen capture
- d3d11screencapturesrc: Specify PAR 1/1 to template caps
- d3d11videosink: Fixing focus lost on desktop layout change
- d3d11videosink: Call ShowWindow() from window thread
- d3d11videosink: Fix deadlock when parent window is busy
- d3d11videosink: Always clear back buffer on resize
- decklink: reset calculation of time_mapping to fix clipping HDMI video
- directshow: Fix build error with glib 2.75 and newer
- dvbsubenc: Forward GAP events as-is if we wouldn't produce an end packet and...
- dvbsubenc: Write Display Definition Segment if a non-default width/height is used
- h265decoder: Do not abort when failed to prepare ref pic set
- h264parser: Fix a typo in pred_weight_table parsing.
- mediafoundation, d3d11: Fix memory leak and make leak tracer happy
- mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
- mpegts: Check continuity counter on section streams
- mpegts: Revert "mpegtspacketizer: memcmp potentially seen_before data"
- mpegtspacketizer: memcmp potentially seen_before data
- mpegtsdemux: Always clear packetizer on DISCONT push mode
- srt: various fixes - improve stats and error handling
- rtmp2: Improve error messages
- rtmp2sink: Correctly return GST_FLOW_ERROR on error
- vulkan: Fix static linking on macOS
- webrtcbin: also add rtcp-fb ccm fir for video mlines by default
- webrtc/nice: fix small leak of split strings

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agogst1-plugins-good: bump to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:08:01 +0000 (10:08 +0100)]
gst1-plugins-good: bump to 1.20.5

- flacparse: Fix handling of headers advertising 32bps
- qt5: deactivate context if fill_info fails
- qt5: initialize GError properly in gst_qt_get_gl_wrapcontext()
- qtdemux: check return value from gst_structure_get in PIFF box
- qtdemux: use unsigned int types to store result of QT_UINT32
- qtmux: Prefill mode fixes
- oss4: Fix debug category initialization
- multiudpsink: allow binding to IPv6 address
- rtpjitterbuffer tests: Cast drop-messages-interval type properly (fixing it on 32-bit architectures)
- rtspsrc: fix seek event leaks
- rtspsrc: Don't replace 404 errors with "no auth protocol found"
- rtspsrc: Only EOS on timeout if all streams are timed out/EOS
- rtspsrc: Fix usage of IPv6 connections in SETUP
- splitmuxsrc: don't queue data on unlinked pads
- v4l2: Fix SIGSEGV on 'change state' during 'format change'
- v4l2videodec: Fix activation of internal pool
- wavparse: Avoid occasional crash due to referencing freed buffer.
- wavparse: Fix crash that occurs in push mode when header chunks are corrupted in certain ways.

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agogst1-plugins-base: bump to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:07:19 +0000 (10:07 +0100)]
gst1-plugins-base: bump to 1.20.5

- audioconvert, audioresample, audiofilter: fix divide by 0 for input buffer without caps
- cdparanoia: Ignore compiler warning coming from the cdparanoia header
- oggdemux, parsebin: More leak fixes
- opengl: fix automatic dispmanx detection for rpi4
- opengl: Fix usage of eglCreate/DestroyImage
- opengl: Fix static linking on macOS
- opusdec: Various channel-related fixes
- textrender: Negotiate caps on a GAP event if none were negotiated yet
- textrender: Don't blindly forward all events and don't blindly forward all events
- timeoverlay: fix pad leak
- oggdemux: Don't leak incoming EOS event
- subparse: Fix non-closed tag handling.
- videodecoder: Only post latency message if it changed
- videoscale: buffer meta handling fixes (NULL-terminate array of valid meta tags)
- videosink: Don't return unknown end-time from get_times()
- Bump core requirement in 1.20 branch to 1.20.4

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agogstreamer: Update to 1.20.5
Koen Vandeputte [Mon, 13 Feb 2023 09:06:27 +0000 (10:06 +0100)]
gstreamer: Update to 1.20.5

- allocator: Copy allocator name in gst_allocator_register()
- miniobject: support higher refcount values
- pads: Fix non-serialized sticky event push, e.g. instant change rate events
- padtemplate: Fix annotations
- systemclock: Use futex_time64 syscall on x32 and other platforms that always...
- Fix build of 1.20 branch with Meson 0.64.1 for those who have hotdoc installed on their system.
- meson: fix check for pthread_setname_np()
- -Wimplicit-function-declaration in pthread_setname_np check (missing GNUSOURCE)
- gst-inspect: Don't leak list
- concat: Properly propagate EOS seqnum
- fakesrc: avoid time overflow with datarate

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
21 months agocurl: update to 7.88.1
Stan Grishin [Mon, 20 Feb 2023 22:26:04 +0000 (22:26 +0000)]
curl: update to 7.88.1

* https://curl.se/changes.html#7_88_1

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agoddns-scripts: Add njal.la provider 20467/head
Tobias Hilbig [Wed, 8 Feb 2023 16:18:37 +0000 (17:18 +0100)]
ddns-scripts: Add njal.la provider

Add njal.la provider. Use the key as password. Username is not needed.

Signed-off-by: Tobias Hilbig <web.tobias@hilbig-ffb.de>
21 months agobanip: release 0.8.1-1
Dirk Brenken [Sat, 25 Feb 2023 08:33:50 +0000 (09:33 +0100)]
banip: release 0.8.1-1

* add missing wan-forward chain (incl. report/mail adaption)
* changed options:
  - old: ban_blockforward, new: ban_blockforwardwan and ban_blockforwardlan
  - old: ban_logforward, new: ban_logforwardwan and ban_logforwardlan
* add missing dhcp(v6) rules/exceptions
* update readme

Previously run tested by certain forum users (and by me).

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agodos2unix: Update to 7.4.4
Tianling Shen [Sat, 25 Feb 2023 03:09:57 +0000 (11:09 +0800)]
dos2unix: Update to 7.4.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agouacme: update to 1.7.4
Lucian Cristian [Mon, 20 Feb 2023 15:13:57 +0000 (15:13 +0000)]
uacme: update to 1.7.4

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
21 months agofrr: update to 8.4.2 branch
Lucian Cristian [Sun, 12 Feb 2023 13:43:57 +0000 (13:43 +0000)]
frr: update to 8.4.2 branch

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
21 months agogddrescue: update to 1.27
Lucian Cristian [Mon, 20 Feb 2023 14:54:20 +0000 (14:54 +0000)]
gddrescue: update to 1.27

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
21 months agolibdrm: update to 2.4.115
Lucian Cristian [Mon, 20 Feb 2023 14:58:09 +0000 (14:58 +0000)]
libdrm: update to 2.4.115

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
21 months agotor: update to version 0.4.7.13
Daniel Bermond [Sun, 19 Feb 2023 14:20:37 +0000 (11:20 -0300)]
tor: update to version 0.4.7.13

Maintainers  : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-01262c921c)
Run tested   : r7800 OpenWrt git master (r22104-01262c921c)

Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
21 months agolibtirpc: update to v1.3.3
Oskari Rauta [Wed, 22 Feb 2023 16:29:50 +0000 (16:29 +0000)]
libtirpc: update to v1.3.3

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agominiflux: update to 2.0.42
Michal Vasilek [Wed, 15 Feb 2023 17:59:04 +0000 (18:59 +0100)]
miniflux: update to 2.0.42

add BASE_URL to the init script, this is useful when running in a
subpath and not directly on the root of a domain

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agoAdGuardHome: update to v0.107.24
Zuev Aleksandr [Thu, 16 Feb 2023 18:18:35 +0000 (22:18 +0400)]
AdGuardHome: update to v0.107.24

Signed-off-by: Zuev Aleksandr <A.Zuev@stdev.su>
21 months agomsgpack-c: Update to 5.0.0
Tianling Shen [Fri, 24 Feb 2023 02:36:35 +0000 (10:36 +0800)]
msgpack-c: Update to 5.0.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agoMerge pull request #20529 from braewoods/master
Florian Eckert [Fri, 24 Feb 2023 06:58:22 +0000 (07:58 +0100)]
Merge pull request #20529 from braewoods/master

ddns-scripts: enable IPv6 for easydns.com

21 months agoclamav: update to 0.104.4 20563/head
Michal Vasilek [Thu, 23 Feb 2023 16:27:33 +0000 (17:27 +0100)]
clamav: update to 0.104.4

* remove upstreamed 100-cmake-fix-findcurses.patch

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agoMerge pull request #20560 from turris-cz/antfs-drop
Eneas U de Queiroz [Thu, 23 Feb 2023 13:21:23 +0000 (10:21 -0300)]
Merge pull request #20560 from turris-cz/antfs-drop

Remove package: kmod-fs-antfs and its dependency antfs-mount

21 months agoantfs-mount: drop 20560/head
Josef Schlehofer [Thu, 23 Feb 2023 06:56:04 +0000 (07:56 +0100)]
antfs-mount: drop

Since kernel module was dropped, check the reasons why it was removed in
the commit 42a4fbe4a4fda8b61a1cec0762957872511f6527 ("
antfs: drop this kernel package"), then this package should be removed,
too as the dependency was removed and without it, it is not useful

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
21 months agozerotier: update to 1.10.3
Moritz Warning [Wed, 22 Feb 2023 21:48:00 +0000 (22:48 +0100)]
zerotier: update to 1.10.3

Signed-off-by: Moritz Warning <moritzwarning@web.de>
21 months agoantfs: drop this kernel package
Josef Schlehofer [Thu, 23 Feb 2023 06:52:01 +0000 (07:52 +0100)]
antfs: drop this kernel package

Reasons to remove this package:

1. It is not available for Linux kernel 5.15 and onwards.
2. It seems that it is not maintained as the original repository was
   done in 2018 and then the forked repository was done to have this
merged only to OpenWrt.
3. Anyone can use ntfs-3g (fuse) or ntfs3 from Paragon, which has been
   available since Linux kernel 5.15
4. Nobody said why this package was necessary or required to be added
   here or what was the difference between driver(s) in the Linux kernel and
this package.
5. No project home page, no documentation, only source code provided by
   AVM

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
21 months agoMerge pull request #20554 from stangri/master-https-dns-proxy
Stan Grishin [Thu, 23 Feb 2023 04:47:39 +0000 (21:47 -0700)]
Merge pull request #20554 from stangri/master-https-dns-proxy

https-dns-proxy: 2022-10-15-11 update

21 months agoddns-scripts: enable IPv6 for easydns.com 20529/head
James Buren [Mon, 20 Feb 2023 11:51:46 +0000 (05:51 -0600)]
ddns-scripts: enable IPv6 for easydns.com

easydns.com has supported IPv6 for awhile now using
the same update URL as IPv4. This duplicates the IPv4
entry for IPv6 to enable support for it.

Signed-off-by: James Buren <braewoods+mgh@braewoods.net>
21 months agogit: update to 2.34.7
Michal Vasilek [Thu, 16 Feb 2023 09:20:13 +0000 (10:20 +0100)]
git: update to 2.34.7

Fixes CVE-2023-22490, CVE-2023-23946

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agohttps-dns-proxy: 2022-10-15-11 update 20554/head
Stan Grishin [Wed, 22 Feb 2023 20:35:59 +0000 (20:35 +0000)]
https-dns-proxy: 2022-10-15-11 update

* config file update
* introduce boot() function

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agogolang: Update to 1.19.6
Tianling Shen [Tue, 21 Feb 2023 04:48:00 +0000 (12:48 +0800)]
golang: Update to 1.19.6

go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agobanip: update 0.8.0-4
Dirk Brenken [Tue, 21 Feb 2023 20:42:24 +0000 (21:42 +0100)]
banip: update 0.8.0-4

* remove bogus log limit

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agoMerge pull request #20480 from gstrauss/lighttpd-1.4.69
Eneas U de Queiroz [Tue, 21 Feb 2023 20:14:40 +0000 (17:14 -0300)]
Merge pull request #20480 from gstrauss/lighttpd-1.4.69

lighttpd: update to lighttpd 1.4.69 release hash

21 months agobanip: update 0.8.0-3
Dirk Brenken [Tue, 21 Feb 2023 17:43:17 +0000 (18:43 +0100)]
banip: update 0.8.0-3

* properly initialize the 'proto' variable in the log service

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agoyq: Update to 4.31.1
Tianling Shen [Tue, 21 Feb 2023 07:57:46 +0000 (15:57 +0800)]
yq: Update to 4.31.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agodnsproxy: Update to 0.48.0
Tianling Shen [Tue, 21 Feb 2023 07:57:38 +0000 (15:57 +0800)]
dnsproxy: Update to 0.48.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agov2ray-core: Update to 5.4.0
Tianling Shen [Tue, 21 Feb 2023 07:57:28 +0000 (15:57 +0800)]
v2ray-core: Update to 5.4.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agonss: update to 3.88.1
Lucian Cristian [Mon, 20 Feb 2023 15:02:05 +0000 (15:02 +0000)]
nss: update to 3.88.1

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
21 months agobanip: update 0.8.0-2
Dirk Brenken [Mon, 20 Feb 2023 18:17:16 +0000 (19:17 +0100)]
banip: update 0.8.0-2

* fix a potential race condition during initial startup (after flash) which leads to a "disabled" service

Signed-off-by: Dirk Brenken <dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agoMerge pull request #20475 from cotequeiroz/openssl3
Eneas U de Queiroz [Mon, 20 Feb 2023 15:07:16 +0000 (12:07 -0300)]
Merge pull request #20475 from cotequeiroz/openssl3

treewide: prepare packages for OpenSSL 3.0 update

21 months agoknot: update to version 3.2.5
Jan Hák [Mon, 13 Feb 2023 14:35:42 +0000 (15:35 +0100)]
knot: update to version 3.2.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
21 months agoMerge pull request #20484 from salim-b/patch-1
Eneas U de Queiroz [Mon, 20 Feb 2023 12:44:53 +0000 (09:44 -0300)]
Merge pull request #20484 from salim-b/patch-1

transmission: retrieve boolean config opts using `config_get_bool`

21 months agoMerge pull request #20525 from nxhack/node_16191
Eneas U de Queiroz [Mon, 20 Feb 2023 12:38:07 +0000 (09:38 -0300)]
Merge pull request #20525 from nxhack/node_16191

node: bump to v16.19.1

21 months agolighttpd: update to lighttpd 1.4.69 release hash 20480/head
Glenn Strauss [Sun, 12 Feb 2023 05:29:06 +0000 (00:29 -0500)]
lighttpd: update to lighttpd 1.4.69 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
21 months agolighttpd: remove patch included upstream
Glenn Strauss [Sat, 21 Jan 2023 01:13:39 +0000 (20:13 -0500)]
lighttpd: remove patch included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
21 months agolighttpd: add lighttpd-mod-webdav_min package
Glenn Strauss [Sat, 21 Jan 2023 01:07:36 +0000 (20:07 -0500)]
lighttpd: add lighttpd-mod-webdav_min package

add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav

lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
21 months agoMerge pull request #20520 from commodo/django1
Alexandru Ardelean [Mon, 20 Feb 2023 09:10:55 +0000 (11:10 +0200)]
Merge pull request #20520 from commodo/django1

django: bump to version 4.1.7

21 months agoMerge pull request #20532 from stangri/master-simple-adblock
Stan Grishin [Mon, 20 Feb 2023 02:52:47 +0000 (19:52 -0700)]
Merge pull request #20532 from stangri/master-simple-adblock

simple-adblock: bugfix: ensure directory for jsonFile is created

21 months agoMerge pull request #20521 from mhei/libgpiod-update-1.6.4
Michael Heimpold [Sun, 19 Feb 2023 21:16:46 +0000 (22:16 +0100)]
Merge pull request #20521 from mhei/libgpiod-update-1.6.4

libgpiod: update to 1.6.4

21 months agosimple-adblock: bugfix: ensure directory for jsonFile is created 20532/head
Stan Grishin [Sun, 19 Feb 2023 20:22:32 +0000 (20:22 +0000)]
simple-adblock: bugfix: ensure directory for jsonFile is created

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agoMerge pull request #20523 from stangri/master-simple-adblock
Stan Grishin [Sun, 19 Feb 2023 20:21:28 +0000 (13:21 -0700)]
Merge pull request #20523 from stangri/master-simple-adblock

simple-adblock: implement procd_boot_wan_timeout support

21 months agosimple-adblock: implement procd_boot_wan_timeout support 20523/head
Stan Grishin [Sun, 19 Feb 2023 05:09:32 +0000 (05:09 +0000)]
simple-adblock: implement procd_boot_wan_timeout support

* implement procd_boot_wan_timeout support
* update config with oisd ABPlus and domains lists

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agoMerge pull request #20511 from stangri/master-simple-adblock
Stan Grishin [Sun, 19 Feb 2023 05:04:19 +0000 (22:04 -0700)]
Merge pull request #20511 from stangri/master-simple-adblock

simple-adblock: update to 1.9.4-1

21 months agolibgpiod: update to 1.6.4 20521/head
Michael Heimpold [Sat, 18 Feb 2023 21:18:07 +0000 (22:18 +0100)]
libgpiod: update to 1.6.4

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agoMerge pull request #20491 from dibdot/banIP
Dirk Brenken [Sat, 18 Feb 2023 20:14:56 +0000 (21:14 +0100)]
Merge pull request #20491 from dibdot/banIP

banip: release 0.8.0 (nft rewrite)

21 months agobanip: release 0.8.0 (nft rewrite) 20491/head
Dirk Brenken [Mon, 13 Feb 2023 16:56:57 +0000 (17:56 +0100)]
banip: release 0.8.0 (nft rewrite)

- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agoadblock: update 4.1.5-6
Dirk Brenken [Sat, 18 Feb 2023 19:17:34 +0000 (20:17 +0100)]
adblock: update 4.1.5-6

* adapted changed oisd downloads (again), fixed #20516

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agodjango: bump to version 4.1.7 20520/head
Alexandru Ardelean [Fri, 17 Feb 2023 17:32:46 +0000 (19:32 +0200)]
django: bump to version 4.1.7

Fixes:
   https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
21 months agokcptun: update to version 20230207
Dengfeng Liu [Tue, 14 Feb 2023 05:45:21 +0000 (05:45 +0000)]
kcptun: update to version 20230207

add support for port-range dailer, port-range listener

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
21 months agopodman: update 4.4.1
Oskari Rauta [Mon, 13 Feb 2023 17:45:32 +0000 (17:45 +0000)]
podman: update 4.4.1

patch refreshed.

Changes
 - Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
 - Documented journald identifiers used in the journald backend for the podman events command.

Bugfixes
 - Fixed a bug where the default handling of pids-limit was incorrect.
 - Fixed a bug where parallel calls to make docs crashed (#17322).
 - Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agonode: bump to v16.19.1 20525/head
Hirokazu MORIKAWA [Fri, 17 Feb 2023 02:51:35 +0000 (11:51 +0900)]
node: bump to v16.19.1

Thursday February 16 2023 Security Releases

Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
21 months agosimple-adblock: update to 1.9.4-1 20511/head
Stan Grishin [Thu, 16 Feb 2023 22:59:10 +0000 (22:59 +0000)]
simple-adblock: update to 1.9.4-1

* update default config for new oisd.nl lists
* conf.update file to migrate oisd.nl lists to the new format
* introduce AdBlockPlus lists support (new oisd.nl format)
* longer wait for WAN up/gateway detection
* make load_environemnt only execute once to suppress duplicate
  warnings/errors

PS. While I was testing this, oisd.nl has brought back the old domains
    lists as well, so this version supports both as I'm unclear as to
    why the "big" ABPlus list is only 6.2Mb where as the "big" domains
    list is whopping 19.9Mb.

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agoapfree-wifidog: add support for OpenSSL 3.0 20475/head
Eneas U de Queiroz [Thu, 9 Feb 2023 14:33:24 +0000 (11:33 -0300)]
apfree-wifidog: add support for OpenSSL 3.0

This adds an upstream commit to allow building with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agolibuhttpd: allow building with OpenSSL 3.0
Eneas U de Queiroz [Thu, 9 Feb 2023 14:25:47 +0000 (11:25 -0300)]
libuhttpd: allow building with OpenSSL 3.0

Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agoboinc: Add compatibility with OpenSSL 3.0
Eneas U de Queiroz [Thu, 9 Feb 2023 15:03:32 +0000 (12:03 -0300)]
boinc: Add compatibility with OpenSSL 3.0

This adds a patch from upstream allowing to build with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agoumurmur: fix compilation with OpenSSL 3.0
Eneas U de Queiroz [Thu, 9 Feb 2023 18:15:21 +0000 (15:15 -0300)]
umurmur: fix compilation with OpenSSL 3.0

Remove a call to CRYPTO_mem_ctrl(), which is used only for debugging,

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agosquid: bump to release 5.7
Eneas U de Queiroz [Thu, 9 Feb 2023 18:05:30 +0000 (15:05 -0300)]
squid: bump to release 5.7

This is the latest version and brings compatibility with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agonsd: bump to 4.6.1
Eneas U de Queiroz [Thu, 9 Feb 2023 16:40:16 +0000 (13:40 -0300)]
nsd: bump to 4.6.1

This version adds compatibility with OpenSSL 3.0.

There's a patch, submitted upstream, to fix building without SSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agonginx-util: allow building with OpenSSL 3.0
Eneas U de Queiroz [Thu, 9 Feb 2023 14:25:47 +0000 (11:25 -0300)]
nginx-util: allow building with OpenSSL 3.0

Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agogost_engine: add version 3.0.0.1
Eneas U de Queiroz [Thu, 9 Feb 2023 13:52:59 +0000 (10:52 -0300)]
gost_engine: add version 3.0.0.1

With OpenSSL soon to be updated to 3.0, the gost engine will have to be
bumped as well.  Gost 3.0.0.1 will not build with OpenSSL 1.1.

To avoid disruption, this commit detects the OpenSSL version from
ENGINES_DIR in include/openssl-engin, and sets the package version
accordingly.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
21 months agocloudreve: Update to 3.7.1 20503/head
Tianling Shen [Sat, 11 Feb 2023 22:43:33 +0000 (06:43 +0800)]
cloudreve: Update to 3.7.1

Dropped architectures that are no longer supported by upstream.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agogg: Update to 0.2.18
Tianling Shen [Thu, 16 Feb 2023 03:24:46 +0000 (11:24 +0800)]
gg: Update to 0.2.18

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agodnsproxy: Update to 0.47.0
Tianling Shen [Thu, 16 Feb 2023 03:24:29 +0000 (11:24 +0800)]
dnsproxy: Update to 0.47.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agoconmon: update to 2.1.6
Oskari Rauta [Mon, 13 Feb 2023 17:36:31 +0000 (17:36 +0000)]
conmon: update to 2.1.6

Bug fixes
 - Fix OOM watcher for cgroupv2 oom_kill events

Misc
 - Use --detach instead of -d
 - ctrl: drop fifo perms to 0660

[Release notes](https://github.com/containers/conmon/releases/tag/v2.1.6)

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoirqbalance: Add upstream fix for AARCH64 irq name parsing
Hannu Nyman [Wed, 15 Feb 2023 21:07:53 +0000 (23:07 +0200)]
irqbalance: Add upstream fix for AARCH64 irq name parsing

Add upstream fix for AARCH64 irq name parsing.

> On arm64 SoCs like TI's K3 SoC and few other SoCs,
> IRQ names don't get parsed correct due to which they
> end up being classified into wrong class. Fix this by
> considering last token to contain IRQ name always.

The fix seems to enable e.g. RT3200 to notice a few more
interrupts and start balancing them.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>